| Sl No |
Q/A |
FAQ-6 (Electronic Signature) |
|
1 |
Question |
What is an Electronic Signature?.. |
| |
Answer |
Electronic Signature is a term introduced in ITA 2008
(amended version of ITA 2000 after the amendments of Information
Technology Amendment Act 2008) as a method of authentication of
electronic documents and includes the "Digital Signature" as defined
under Section 3 of ITA 2000. |
| 2 |
Question |
How is Electronic Signature
different from Digital Signature? |
| |
Answer |
Digital Signature was defined as a method of
authentication using "Hashing Algorithm" and "Asymmetric Crypto System".
Electronic Signature is considered "Technology Neutral" since it does
not restrict itself to PKI based digital signature system. But it
includes digital signature system and opens doors for new technology
where any electronic document can be linked to the authenticator and
incorporates a feature that the authentication gets cancelled if the
document is changed. It was introduced through Section 3A of ITA 2008. |
| 3 |
Question |
What is e-Sign? |
| |
Answer |
e-Sign is one of the notified system of electronic
signature under Section 3A of ITA 2008. It uses an online, realtime
application for digital certificate to be sent to the Certifying authority
which issues a one time use digital certificate that can be used to
digitally sign an electronic document. The application of the subscriber is
verified for KYC using the Aadhaar eKYC system. |
| 4 |
Question |
Where is the Private Key of an e-Sign? |
| |
Answer |
Private Key of the e-Sign was originally indicated as to
be created in a hardware security module (HSM) of the Certifying Authority.
This was however not in complete agreement with the law and hence was
removed by an amendment. It is not clear however whether the systems being
used now continue to use the online HSM for generating and storing the
private key. It is any way programmed to be destroyed after 30 minutes.
Hence it is used only once and destroyed soon after. |
| 5 |
Question |
How long is an e-Sign valid? |
| |
Answer |
30 minutes or for single use whichever is earlier |
| 6 |
Question |
Can we verify e-Sign validity? |
| |
Answer |
Digital Certificate of an e-Sign shows as "Expired"
immediately after it is used once. Hence if the recipient of an e-signed
document tries to verify the signature, he may get a notification that the
signature certificate is expired. |
| |
Question |
|
| |
Answer |
|
To Be Continued..
