INTODUCTION

In the traditional times, seals, stamps, or physical signatures were a few tools that were used
to create the authenticity of a legal paper or document of contract, for us it is the digital
signature as a tool of validity in the virtual world. A signature defines as a representation of
the identity of a person to the document which owes legal responsibility discharging out of it.
Today's world demands a flexible and responsive solution where the role of
the Digital Signature comes into place. It establishes a link between the subscribers
of digital signs that want to be authenticated by affixing a sign.
For e.g. - A, a company has its business partners based abroad and whenever they need to
counter sign a document it will end up taking weeks to get the paperwork done physically
which will be waste of time, but if the companies used Digital signature it will be a deal in a
matter of minutes, the transaction is completely paperless. Thus in order to achieve such
authentication and security of e-transactions, this mechanism was introduced by the
Information Technology Act of 2000.
A digital signature just like a handwritten signature binds a person or entity to electronic data.
The digital signature is a combination of public key and public key via a hashing process that
produces a series of encryption on one side and decryption on the other side to verify a
report A public key is like an email and a private key is like a password to that email
id. Digital signature has its focuses on the technological aspect which helps achieve the
reputation, validity, and verification of electronic records. It is basically a software
distribution that includes different contact details and in order to verify the process of
encryption and decryption are constituted which results in the validity of a document. In the
end, that signature is certified by the Certifying Authority of the Government.

GENERAL HISTORY:
E-authentication is allowed in India by passing the Information technology act 2000. The
digital signatures are treated with the same legal value with the handwritten signatures and
the electronic documents that have been digitally signed as same legal values as a regular
paper documents. Information technology act based on asymmetric crypto system provides
the required legal value to the digital signatures. The Controller of Certifying Authorities
(CCA) was appointed by the central government to issue e-authentication certificates. The
CCA is providing certificates since November 1, 2000 aiming to promote the growth of E-
Commerce and E- Governance. (IT Act, 2000)
DEFINITION OF DIGITAL SIGNATURE

Section 2(1)(p): According to Section 2(1)(p), Digital signature means ‘authentication of

any electronic record using an electronic method or procedure in accordance with the
provisions of Section 3‘.
Further, authentication is a process for confirming the identity of a person or proving the
integrity of information. Authenticating messages involves determining the source of the
message and verifying that is has not been altered or modified in transit.
According to the Information Technology Act, 2000, digital signatures mean authentication
of any electronic record by a subscriber by means of an electronic method or procedure in
accordance with the provisions of section. Further, the IT Act, 2000 deals with digital
signatures under Sections 2, 3, and 15.

THE OBJECTIVES OF DIGITAL SIGNATURE

a. To create authenticity of the originator

b. To create authenticity of the document - so that any recipient will not be in position to
modify, change, alter, or tamper with the document created by originator.

TECHNOLOGY BEHIND DIGITAL SIGNATURES

A digital signature is not a digitised image of a handwritten signature. It is a block of data at
the end of an electronic message that attests to the authenticity of the said message. Digital
signatures are an actual transformation of an electronic message using public key
cryptography.
function (algorithm).
It requires a key pair (private key for encryption and public key for decryption) and a hash
Basically, a digital signature is a two-way process, involving two parties: the signer (creator
of the digital signature) and the recipient (verifier of the digital signature). A digital signature
is complete, if and only if, the recipient successfully verifies it.

CREATING A DIGITAL SIGNATURE

Step 1: Signer demarcates what is to be signed. The delimited information to be signed is
termed the "message."
Step 2: A hash function in the signer's software computes a hash result (message digest or
digital fingerprint) unique to the message.
Step 3: The signer's software then transforms (encrypts) the hash result into a digital
signature using the signer's private key. The resulting digital signature is thus unique to both
the message and the private key used to create it.
Step 4: The digital signature (a digitally signed hash result of the message) is attached to its
message and stored or transmitted with its message. Since a digital signature is unique to its
message, it is useful if it maintains a reliable association with its message.

VERIFYING A DIGITAL SIGNATURE

Recipient
Step 1: receives digital signature and the message
Step 2: applies signer's public key on the digital signature Step 3: recovers the hash result
from the digital signature
Step 4: computes a new hash result of the original message by means of the same hash
function used by the signer to create the digital signature
Step 5: compares the hash results recovered in Step 3 and Step 4
If the hash result computed by the verifier is identical to the hash result extracted from the
digital signature during the verification process, it indicates that the message remained
unaltered. If they are not equal, it would mean that the message either originated elsewhere or
was altered after it was signed, and the recipient can reject the message.
Verification is a two-prong process: one, to verify whether the signer's private key was used
to digitally sign the message and two, whether the newly computed hash result matches the
original hash result which was recovered from the digital signature during the verification
process.
The processes of creating and verifying a digital signature provide a high level of assurance
that the digital signature is genuinely the signer's. These processes grant legal sanctity to
digital signatures.

VALIDITY OF DIGITAL SIGNATURE

The Act has set forth the objective to provide legal recognition for transactions carried out by
means of electronic data interchange. At the same time, the authentication, integration and
non-repudiation of electronic record is equally important. But more important than anything
else is to provide a provision that would create a sense of responsible and assurance about the
mechanism. The genuineness and of medium is equally important than creation of medium,
and the information technology in general and digital signature in particular has attempted to
bring authentication in this medium.
Therefore, it was important that not only the affixing of ‘digital signature’ would make
important, but it is also necessary to give equal force to the electronic record created by
digital signature which in traditional medium has for attested and signed document. To
ensure the security and authenticity of documents filed electronically, the Information
Technology Act, 2000 contains provisions for the use of digital signatures on those
documents.
 Section 5 of the IT Act gives legal recognition to digital signatures based on asymmetric
cryptosystems.
 Each Digital Signature is enabled using a Digital Signature Certificate and contains a unique
private and public key pair that serves as the identity of an individual.
 Certification Agencies are appointed by the office of the Controller of Certifying Authority
(CCA) to issue Digital Signature Certificate (DSC) as per Sec 35 of IT Act, 2000.

ROLE OF CERTIFYING AUTHORITIES

As per Section 3 of The Information Technology Act, 2000 provides the required legal
sanctity to the digital signatures based on asymmetric cryptosystems. The digital signatures
are now accepted at par with handwritten signatures and the electronic documents that have
been digitally signed are treated at par with paper documents.
The IT Act provides for the Controller of Certifying Authorities(CCA) to license and regulate
the working of Certifying Authorities. The Certifying Authorities (CAs) issue digital
signature certificates for users' electronic authentication.
The Controller of Certifying Authorities (CCA) has been appointed by the Central
Government under section 17 of the Act for purposes of the IT Act. The Office of the CCA
came into existence on November 1, 2000. It aims at promoting the growth of E-Commerce
and E-Governance through the wide use of digital signatures.
The Controller of Certifying Authorities (CCA) has established the Root Certifying Authority
(RCAI) of India under section 18(b) of the IT Act to digitally sign the public keys of
Certifying Authorities (CA) in the country. The RCAI is operated as per the standards laid
down under the Act.
The CCA certifies the public keys of CAs using its own private key, which enables users in
the cyberspace to verify that a given certificate is issued by a licensed CA. For this purpose it
operates, the Root Certifying Authority of India(RCAI). The CCA also maintains the Repository of
Digital Certificates, which contains all the certificates issued to the CAs in the country.
Process of obtaining Digital signature certificate
1. Subscriber applies to Certifying Authority (CA) for Digital Signature Certificate.
2. CA verifies identity of Subscriber and issues Digital Signature Certificate.
3. CA forwards Digital Signature Certificate to Repository maintained by the Controller.

LANDMARK JUDGMENTS:
1. In the case of Trimex International FZE Ltd. vs. Vedanta Aluminum Ltd. and Ors. (2010),
the Delhi High Court emphasized the importance of digital signatures in electronic
transactions. The court held that digital signatures, when used in compliance with the
provisions of the Information Technology Act, 2000, carry the same legal validity as
handwritten signatures. This ruling underscored the significance of digital signatures in
ensuring the authenticity and integrity of electronic documents and transactions.
2. In Shamsher Singh & Ors. v. State of Punjab (1974), the Supreme Court of India
held that a signature affixed by a rubber stamp would be considered a valid signature
if it is intended to authenticate the document in question. This ruling highlights the
principle that the validity of a signature depends on the intention of the signatory to
authenticate the document.
3. In the case of State of Maharashtra v. Dr. Praful B. Desai (2003) the Supreme Court
of India upheld the validity of digital signatures and electronic records under the
Information Technology Act, 2000. The court emphasized the importance of digital
signatures in facilitating electronic transactions and recognized them as legally valid
means of authentication. This judgment played a significant role in establishing the
legal framework for electronic commerce in India and set a precedent for the
acceptance of digital signatures in legal proceedings.

4. E-Aadhaar Case - The issue relates to a password-protected copy of Aadhaar which is signed
electronically by the competent authority of the Unique Identification Authority of India,
UIDAI. The project was initiated in 2009 by the Central Government addressing the issue of
leakages in various government welfare schemes and welfares like Voter ID, Ration Card,
and Driving licenses which sapped bureaucratic corruption and red tape using two bases of
information; Biometric information and Demographic information. Parliament even enacted
laws in 2016 Aadhaar Targeted Delivery of Financial and Other Subsidies Benefits and
amendment of section 139AA under Services the Act and Finance Act of 2017. The court
ruled in the majority of the provisions under the Acts as constitutional according to Article
21 of the Constitution.