Cyber Law Guru
Bridging the Education Gap
|
Chairman |
|
Contact |
37, Ujvala
20th Main
B S K Stage I
Bangalore 560050
|
Associates |
|
Status |
Division
of
Ujvala Consultants Pvt Ltd
|
Search in Naavi network |
Cyber Law Guru is meant for education of Netizens and answering all questions on Cyber Law. The answers are based on the best available resources and provided for academic purpose. They are not meant to be legal advise.
| Previous |
| Sl No | Q/A |
FAQ-5 (Digital Signature Issues) |
|
1 |
Question | What is Digital Signature? |
| Answer |
Digital Signature has come to the legal dictionary in India through the
ITA 2000. It is the method of authentication of an electronic document as
per the provisions of ITA 2000 using Asymmetric Crypto System and Hashing. It can be defined as follows:
It must be remembered that this definition is derived from the Indian ITA 2000 and appropirate in the Cyber Law Context in India. As is the practice in IT, the term may also be used in different context to mean any "Foot Print" in a digital world. |
|
| 2 | Question | What are the Characteristics of a Valid digital signature in India? |
| Answer | For a digital signature to be valid in India, the digital certificate has to be issued by a valid Certifying authority who is licensed by the Controller of Certifying authorities (CCA). List of licensed Certifying authorities for the time being is available at the website of the CCA. | |
| 3 | Question | What is a Digital Certificate? |
| Answer |
Digital Certificate is the document issued by a Certifying Authority to certify that a certain person holds a certain private key and that the Certifying authority confirms that he also holds the corresponding private key. It is an electronic document and contains several other essential particulars such as the serial number, identification of the hashing and encryption algorithms used in the signing and verification process. The identity of the person may be given both in terms of a "Name" and the "E Mail Address". There will also be a validity period for the certificate. | |
| 4 | Question | What is an "Electronic Signature"? |
| Answer |
"Electronic Signature" was introduced in ITA 2008 as an alternative system of authentication to the Digital Signature system which is based on PKI (Public Key Infrastructure) technology. As and when appropriate technology is available for authentication of an electronic document Government may consider notification of such technology and provide recognition in law through a Gazette Notification. | |
| 5 | Question | What is the Benefit of "Digital Signature" |
| Answer |
When a document is digitally signed, the recipient can verify who has signed and also ensure that no change has been made to the document after it was signed. Thus "Identity" and "Data Integrity" is verified by the use of Digital signatures. It therefore incorporates a "non repudiable" nature to the document where by the document can be trusted and the signer cannot repudiate that either he has not signed the document or that the contents have been altered after his signature. If both the sender and receiver of a message have digital signatures, then they can use each other's public key for encryption of the document in transit. This provides a "One to One Confidentiality" to the communication over otherwise insecure networks. (P.S: Please donot use the addressee's public key for encryption if you think he is using such class of digital signature where the private key is stored in a hardware token such as a cryptographic key". (called "Secured Digital Signature" under iTA 2000). | |
| 6 | Question | What is "Secured Digital Signature"? |
| Answer |
Under ITA 2000, a provision was made where by Government can declare a
"Security Procedure" where by electronic documents can be secured. A
provision was also added simultaneously in the Indian Evidence Act to give a
higher evidentiary weightage to the "Secured Electronic Documents" when the
documents are presented in a Court of law. As a part of this security procedure, Government has notified that if the digital signature issue process ensures that the pair of public and private keys are generated in a removable hardware token under the control of the applicant of a digital signature certificate, private key is always stored in such an external removable hardware token which the user can carry on his physical person away from the computer device, then such a system is recognized as a "Secured Digital Signature". To use such system one needs a "Cryptographic Key" or a "Smart Card" which has a running software inside the device which enables
In such systems the private key cannot come out of the hardware token at any point of time and the necessary software needs to be installed in the hardware token. There are international standards which have also been recognized in India. | |
| Question | How is the reliability of Digital Signatures ensured? | |
| Answer |
Government of India has adopted SHA1 and SHA 2 as standards for the hashing algorithms to be used in digital signatures . Originally MD5 was also an approved algorithm but it has since been deleted from the accepted standard. For encryption RSA algorithm is adopted as standards. For hardware tokens to be used FIPS 140-2 standard is approved. The standards are periodically reviewed by CCA. The standards are approved by the International scientific community for their reliability in the necessary operation. |
| Previous |
To Be Continued..
Send your query if any to naavi [at] naavi.org