What is a Digital Signature?

Definition1

 According to the Section 2(1)(p) of the Information technology (IT) act, 2000,
A digital signature is basically a way to ensure that an electronic document (e-mail,
spreadsheet, text file, etc.) is authentic.

 A valid digital signature gives a recipient reason to believe that the message was
created by a known sender (authentication), that the sender cannot deny having sent
the message (non-repudiation), and that the message was not altered in transit
(integrity).
 Digital signatures are often used to implement electronic signatures, a broader term
that refers to any electronic data that carries the intent of a signature,[2] but not all
electronic signatures use digital signatures.

 Digital seals and signatures are equivalent to handwritten signatures and stamped
seals.

A digital signature serves Three purposes:

1) Authentication, of the sender as well as the message sent.

2) Non-Repudiation, i.e. the sender cannot deny of sending the message later on.

3) Integrity of the digital signature, which ensures that the message was not altered
during the transit.

History of Digital signature.2

 In 1976, Whitfield Diffie and Martin Hellman first described the notion of a digital
signature scheme, although they only conjectured that such schemes existed based on
functions that are trapdoor one-way permutations.

 Ronald Rivest, Adi Shamir, and Len Adleman invented the RSA algorithm, which
could be used to produce primitive digital signatures,

1
Anonymous
2
https://en.wikipedia.org/wiki/Digital_signature#History
  The first widely marketed software package to offer digital signature was Lotus
Notes 1.0, released in 1989, which used the RSA algorithm.

 In 1984, Shafi Goldwasser, Silvio Micali, and Ronald Rivest became the first to
rigorously define the security requirements of digital signature schemes.

 They described a hierarchy of attack models for signature schemes, and also presented
the GMR signature scheme, the first that could be proved to prevent even an
existential forgery against a chosen message attack which is the currently accepted
security definition for signature schemes.

How do digital signatures work?

 Digital signatures are based on public key cryptography, also known as asymmetric
cryptography( Two keys Encryption and decryption method).

 Using a public key algorithm, such as RSA, one can generate two keys that are
mathematically linked: one private and one public.

 Digital signatures work because public key cryptography depends on two mutually
authenticating cryptographic keys.

Method of sending and receiving an Encrypted message with digital

signature.

 The individual who is creating the digital signature sends or tells the location of the
public key to the receiver and keeps the private key with him.

Note – (The Public key is Public to everyone).

 After creating the message to be send to the receiver, the sender generates a ‘Digest’
by ‘Hashing’ the message using some ‘Hash Logarithm’.

 The sender then encrypts the digest with his Private key.

 This Encrypted digest is the ‘Digital Signature’ for the message.

 The sender now sends both the message and the digital signature to the receiver.
(Note- The message is not encrypted, but the digital signature is as it authorizes the
message as well as the sender.)
  Now the receiver will decrypt the Digital Signature using the Public key provided by
the Sender of the message and will know the digest.

 If the receiver cannot decrypt the digital signature, then the receiver will come to
know that the message did not arrive from the known receiver.

 Once the receiver decrypts the digital signature, he will use the same Hash Algorithm
the sender used on the message.

 If the digest thus created by the receiver matches the digest sent by the sender then the
Sender as well as the message is authenticated (This is known as checking the
Integrity of the message).

 If suppose the person (A) who has the public key wants to send a message to the one
(B) who has the private key, then A would simply encrypt the message using the Public
key and B receiving such message would simply decrypt the message using his own
private key.

Note – (The Public Key and Private key are both Mathematically connected.)

Digital signature technology requires all the parties to trust that the individual creating the
signature has been able to keep their own private key a secret. If someone else has access to the
sender’s private key, that party could create fraudulent digital signatures in the name of the
private key holder.

How Does a Digital Signature fail?

 During the transfer of the message in the process as stated above, if suppose a Hacker
intercepts the message before it was sent to the true receiver of the message, he can
throw away the message.

 Then he would create his own encrypted message using his own created private key
and inform the location of his own PUBLIC KEY.

 Here comes the problem for the Receiver to identify the Authenticity of the message.

Note – (Digital signature itself does not verify the True identity of the sender and the public
key).

Here comes the role of Digital Certificate:

 What is a Digital Certificate?
(Chapter VII – Section 35 – 39 of IT act, 2000)3

 A Digital Signature Certificate(DSC) are electronic credentials issued by a Third party.

 It not only verifies the identity of the true owner but also verifies that the owner owns the public
key.

 How does DSC work:

 In the above process the sender of the message will not reveal his public key on
a central site.

 Bur instead will attach his DSC with the public key and send it to the true
receiver of the message along with the Digitally signed message.

A digital signature certificate (DSC) contains information about the User’s name, Pin code,
country, owner public key and its expiration date, email address, date of issuance of certificate
and name of the certifying authority.

 Once the receiver checks the DSC, and since he trusts the Third party, he would also trust
the Digital Certificate.

 Here the receiver knows and has a clarity that the encrypted message and the public key
has been sent by the known sender.

Certifying Authority to issue a Digital Certificate

(Section 35 of IT act, 2000)4

i. Any person may make an application to the Certifying Authority for the issue of a
Digital Signature Certificate in such form as may be prescribed by the Central
Government.

3
Information Technology Act (IT),2000
4
Information Technology (IT) Act, 2000
 ii. Every such application shall be accompanied by such fee not exceeding twenty-five
thousand rupees as may be prescribed by the Central Government, to be paid to the
Certifying Authority:

1. Provided that no Digital Signature Certificate shall be granted unless the Certifying
Authority is satisfied that-

a) the applicant holds the private key corresponding to the public key to be listed in the
Digital Signature Certificate;

b) the applicant holds a private key, which is capable of creating a digital signature;

c) the public key to be listed in the certificate can be used to verify a digital signature
affixed by the private key held by the applicant:

2. Provided further that no application shall be rejected unless the applicant has been
given a reasonable opportunity of showing cause against the proposed rejection.

Crime relating to Digital Signature5

Not only in India, but also in various parts of the world various crimes relating to Digital signature are
reported.

These crimes and there are discussed in India according to the Information technology Act, 2000.

The Crimes relating to Digital Signature and their punishments are as follows:

1. Misrepresentation:

According to section 71 of the IT Act:

Whoever makes any misrepresentation to, or suppresses any material fact from, the Controller or the
Certifying Authority for obtaining any licence or Digital Signature Certificate, as the case may be, shall
be punished with imprisonment for a term which may extend to two years, or with fine which may extend
to one lakh rupees, or with both.

5
IT Act,2000
 This section applies to:

1. A person, who, for obtaining a digital signature certificate-

a. makes a misrepresentation to the Certifying Authority,

b. suppresses any material fact from the Certifying Authority.

2. A person obtaining a license to operate as a Certifying Authority-

a. makes a misrepresentation to the Controller,

b. suppresses any material fact from the Controller.

2. False Certificates:

According to section 73 of the IT Act:

(1) No person shall publish a Digital Signature Certificate or otherwise make it

available to any other person with the knowledge that –

(a) the Certifying Authority listed in the certificate has not issued it; or

(b) the subscriber listed in the certificate has not accepted it; or

(c) the certificate has been revoked or suspended,

unless such publication is for the purpose of verifying a digital signature created prior to
such suspension or revocation.

(2) Any person who contravenes the provisions of sub-section (1) shall be punished with
imprisonment for a term which may extend to two years, or with fine which may extend
to one lakh rupees, or with both.

3. Fraudulent Use

According to section 74 of the IT Act:

Whoever knowingly creates, publishes or otherwise makes available a Digital Signature

Certificate for any fraudulent or unlawful purpose shall be punished with imprisonment for a
term which may extend to two years, or with fine which may extend to one lakh rupees, or with
both.
Note - Creating a digital signature certificate is technologically not a very difficult task. All
that is needed is a computer running the Windows 2003 Server operating system and having
Certificate Services installed. This makes it easy for criminals to create and publish digital
signature certificates for fraudulent and unlawful purposes.

Digital Signature - Advantages and Disadvantages

Advantages6
• Time saving: Transaction using Digital Signature is time saving. Because documents sent
by the sender are auto verified. And hence recipients do not need to spend their time on manual
verification.

• Money saving: In previous days, transactions were performed manually that takes much time
and manpower. Thus, it was cost effective. But nowadays, every transaction is happening by
means of internet and digital signature that is cost saving.

• Enhance security: It provides better security in the transaction. Any unauthorized person
cannot do fraudulence in transaction.

• Legal: It is 100% legal because it is issued by the government authorized certifying authority.

• Easy status tracking: You can easily track status of the documents on which digital signature
is applied.

• Undeniable: if you have signed a document digitally, then you cannot deny.

• Non- repudiation: It is not possible to copy or change the documents signed digitally.

• Time stamped: when a document is get signed, date and time is automatically stamped on it.

Disadvantages7

 Software: Software is one of the main issues while using a digital signature certificate
(DSC). Before using it you must have to install all the required soft wares.

 Weak Laws: The weak laws regarding cyber security which might cause any unnecessary
hassles in case of a court case and that both parties have to purchase the certificates for
the digital signature in order to use it instead of the one-party courier charge.

6
digitalsignaturescertificates.wordpress.com
7
digitalsignaturescertificates.wordpress.com
  Risk of Hacking: As seen above, there is huge risk of hacking in digital signature process
by replacement of the original sent document by the sender with a fake one along with its
fake public key to the receiver.

We can thus conclude from the above thesis that by taking proper security measures and
also by issuing a ‘Legal digital signature certificate’ by a ‘Legal certifying authority’, digital
signatures advantages may over power its disadvantages.

Digital certificate issuing Authorities in India8

A licensed Certifying Authority (CA) issues the Digital signature. At present the following
organisations are authorized Certifying Authorities under CCA, Government of India.

1. NIC (For Government Departments/ Undertakings only).

2. (n)Code Solutions CA(GNFC).
3. Safescript.
4. TCS.
5. MTNL.
6. Customs & Central Exercise.
7. e-Mudhra.
8. IDRBT.
The respective website addresses of those CAs are provided below:
a. http://nicca.nic.in
b. www.ncodesolutions.com
c. www.safescrypt.com
d. www.tcs-ca.tcs.co.in
e. www.mtnltrustline.com
f. www.icert.gov.in
g. www.e-mudhra.com

8
wbcomtax.gov.in
 Conclusion

 Digital signature is nowadays more secure and safe then hand signatures.

 Digital signature is based on the principles of Authenticity, Non – Repudiation, and

integrity.

 Digital signature is non-deniable by the signer and thus cannot create any legal issues.

 Digital signature along with the Digital certificate is a proof of the Genuity of the sender
of the document as well as the document itself.

 Even though Digital signature is chargeable to be made but is more secure and safe as
compared to hand signature which has a risk of being forged.

 The only problem faced by Digital signature nowadays is lack of proper laws to govern it.

 The Information technology act,2000 needs to bring certain amendments in the act by
adding more stringent laws, as due to advance technologies there is a risk of more advance
crime.

 To conclude, I would simply like to say that with the Advancement of technology ‘Digital
signature’ should be given more Importance and should be protected by the laws by
regulars Amendments in the said acts.

The end….
Cyber law Project

Digital Signature

By – B. Mohit Narayan.
Class – NLC IV.
Roll No – 41.
M.P. Law college, Aurangabad