All you want to know about Digital Signature

By Subodh Asthana - June 21, 2019

Image Source: https://bit.ly/2L7HCUY

This article has been written by Aparajita Balaji, a student of Vivekananda Institute Of Professional Studies,
affiliated to Guru Gobind Singh Indraprastha University, Delhi, and Hemal Shah, pursuing a Diploma in
Advanced Contract Drafting, Negotiation and Dispute Resolution from Lawsikho. In this article, she has
discussed the entire concept related to the digital signature in India. The difference between Digital
Signature and Electronic Signature as well as the Digital Signature Certificate.

Table of Contents
 1. Introduction
2. Electronic signature
3. Concept of Digital Signature
4. Basic difference between digital signature and electronic signature- layman’s terms
4.1. UNCITRAL Model Law on electronic signatures 2001
5. Digital Signature and Electronic Signature as defined under the Law
5.1. Electronic Signature
5.2. Types of electronic signature
5.2.1. Unsecured Signature
5.2.2. Secured Signature
6. Digital Signature
6.1. Usage of Digital Signature
7. Difference between Electronic Signature and Digital Signature
7.1. Features of Digital Signature
7.2. Authentication using Digital Signature
7.2.1. Asymmetric Encryption
7.2.2. Symmetric Encryption
7.3. Benefits of Digital Signature
7.4. Process followed for the creation of digital signature
7.5. Verification of Digital Signature
7.6. Problems With Digital Signature
8. Digital Signature Certificate (DSC)
9. Introduction
10. Who needs a DSC?
10.1. Elements of Digital Certificate
10.2. Types of Certificate
10.3. Validity
11. DSC under the Information Technology Act, 2000
12. Legal Approach and Digital Signature
13. Conclusion
14. References

Introduction
The introduction of signatures has provided a definite identity to the individuals and allowed the
corporate sector and other individuals to function in a manner faster, keeping pace with the ongoing
technology. The signatures have by far played a huge role in individual’s decision making and enabling
consent at a much larger value. In olden times, every individual or the authorised signatory had to go
through the document entirely and then provide his assent. This created enough hurdles amongst the
organisations to keep up with the pace of the signatory and revolve around his/her timeline. Authorised
Signatory may not be at a particular place and still allow his assent. Technology has duly provided his
boon.

In advancement of the growing industrial era, the United Nations in 1998 made an observation that
increasing transactions in cyberspace over the recent years made it very necessary to have a legal
framework dealing with e-signatures. It was the stringent laws for e-signature and the development of
cyber laws were seen as the need of the hour.
Electronic signature
Electronic Signature provides an electronic representation of the individual’s identity that provides the
proof of consent and assents to the facts of the given signature. In toto, it’s an approval from the
signatory that he assents to the written format of the same electronically. It is important to ensure that it
is coming from the authorised signatory and has made no modifications to the document.

The European Union Regulation 910/214 defines and regulates electronic signature as “in electronic form
which is attached to or logically associated with other data in electronic form and used by the signatory to
sign”.[1]

Concept of Digital Signature

A signature is a symbolic and essential representation of one’s identity. Signature of a person holds a very
significant place in the field of law as well as while carrying out transactions. When a person signs a
particular document, it means that such a person has read the whole document carefully, has verified the
facts and is aware of the contents of the document and therefore is giving his assent to the best of his
knowledge.

Under the contract law also, signature holds a vital position as it is considered as a sign of acceptance of
an offer. The Conventional form of signatures has evolved a lot due to technological advancement. With
the increased usage of online transactions and e-mails, the risk of the data being hacked has also
increased. Hence, the concept of online signatures has become relatively important.

Basic difference between digital signature and

electronic signature- layman’s terms
Electronic Signature is more of an assent on the given document without asserting the validity of the
contents of the same. It could also refer to the image affixed in the document as simple as an Image to
asset the given content or to display that the given party has given their consent to the same. It can be
easily tampered or easily misconfigured as compared to the digital signature. Electronic signatures
cannot easily be verified with regards to the time and place, there can be certain instances where
someone else may affix the signature on the given documents and still can’t be traced. In addition, Audit
Logs are not easily applied to electronic signatures.[2]

Digital signatures on the other end are more safeguarded and cannot be easily tampered with. In case
there are any changes made to the document and are sent back to the original signee, the digital
signature shows as invalid signature. As compared to the electronic signature, the individual has a
separate passkey that is passed only from the signee to the original recipient. The signatures provide the
time and stamp which is very essential to prove in the court of law in case there is a dispute between the
parties. It discloses the identity of the individuals and provides a definite identity which is very vague as
compared to Electronic Signature.

To know more about Digital Signature please visit

UNCITRAL Model Law on electronic signatures 2001

The purpose of UNCITRAL Model Law on Electronic Signatures 2001 provides the following statement
which signifies the importance of electronic signature.

“The increased use of electronic authentication techniques as substitutes for handwritten signatures and
other traditional authentication procedures has suggested the need for a specific legal framework to
reduce uncertainty as to the legal effect that may result from the use of such modern techniques (which
may be referred to generally as “electronic signatures”). The risk that diverging legislative approaches be
taken in various countries with respect to electronic signatures calls for uniform legislative provisions to
establish the basic rules of what is inherently an international phenomenon, where legal harmony as well
as technical interoperability is a desirable objective.”[3]

Click Here
Digital Signature and Electronic Signature as defined
under the Law

Electronic Signature

Sec 2 (ta) of Information Technology Act 2000 had defines electronic signature as:

“Authentication of any electronic record by a subscriber by means of the electronic technique specified in
the second schedule and includes digital signature.”

The definition of electronic signature includes digital signature and other electronic techniques which
may be specified in the second schedule of the Act, thus an electronic signature means authentication of
an electronic record by a subscriber by means of electronic techniques. The adoption of ‘electronic
signature’ has made the Act technological neutral as it recognizes both the digital signature method
based on cryptography technique and electronic signature using other technologies.[4]

Types of electronic signature

Unsecured Signature

Since Electronic Signature is more of an unsecured type of signature, there are affixations that are
marked in the end for reference. However, as stated earlier, they can be easily tampered and not provide
much of the focus on the authenticity of the Identity. Following are the types of Electronic Signature:

1) Email Signature– Just merely typing one’s name or symbol in the end of an email or sending a
message on letterhead, they can easily be forged by anyone else.

2) Web Based Signature– In many organizations, the Company dons many hats with regards to activities
conducted in the Organizations, this may make the organization fall for Web-based clickwrap contracts in
which the acceptance is made merely by clicking a single button. Such signatures bind the party even if
they were conned fraudulently.[5]

The advancement of growing online transactions has caused variety of cyber crime to take place right
from the deceptiveness to hidden identity. It is for this reason that Digital Signature is taken as a more
stringent form of signature and to protect the identity of the sender. There are more advanced ways to
curb the menace caused in Electronic Signatures as well.

Secured Signature

This includes the signatures which are digitally secured and also which have more legal weightage.
Digital Signature

According to section 2(1)(p) of the Information Technology Act, 2000 digital signature means the
authentication of any electronic record by a person who has subscribed for the digital signature in
accordance to the procedure mentioned under section 3 of the same act.

Section 5 of the Information Technology Act, 2000 gives legal recognition to digital signatures.

Usage of Digital Signature

1) Personal Use- It is at the liberty of the individual to use the signature personally without creating the
hassle to personally be at the given place.

2) Business– Professions such as Architecture, Construction and Engineering Companies require to sign
the tenders, market procurements or even biddings, Digital signature can prove to be a great way to
provide the assent.

3) Return filing for GST– GST filing and E-filing causes the individuals to compulsory opt for Digital
Signatures.

4) Filing for Income Tax– Some corporations require the business to file the tax all over India, thus saving
the light of the day.

5) For ROC E-filing– Filing with registrar of Companies and filing for various documents has caused
enough leverage for individuals to opt for Digital Signature.
Difference between Electronic Signature and Digital
Signature
S.No Electronic Signature Digital Signature

It has been defined under Section 2(1)(ta) It has been defined under Section 2(1)(p) of the
of the Information Technology Act, 2000. Information Technology Act, 2000.

It is technologically neutral, ie. no specific

It follows a technology-specific approach such as
2. technological process is to be followed to
usage of hash functions etc.
create an electronic signature.

It uses public key cryptography system to sign up

It can be created by using various for a particular message which requires a pair of
3. available technologies like attaching a keys ie. a private key for encryption and a public
picture of your signature. key for decryption, computed by using a hash
function.

It can be in the form of a name typed at

It involves the usage of Cryptographic system of
the end of an email, a digital version of a
4. constructing the signature with a two-way
handwritten signature in the form of an
protection system.
attachment, a code or even a fingerprint.

It is less authentic as compared to the It has more authenticity as compared to the

5.
digital signature. electronic signature.

6. It is verified through the signer’s identity. It has a certificate-based digital 10 verification.

7. It is used for verifying a document. It is used as a means for securing a document.

8. It has no expiration or validity period. It is valid up to a maximum of three years.

9. It is easily vulnerable to tampering. It is more secure and highly reliable.

Features of Digital Signature

The authenticity of the sender

The person who receives the electronic message or document is able to realise who is the sender of the
message. The digital signature makes it possible to verify the name of the person signing the message
digitally.

The integrity of the message

The receiver of the electronic message is able to determine whether he/she has received the original
document or whether the document has been altered before the receipt or not.

Non- Repudiation

The sender of the message cannot refute the contents of the electronic message and cannot deny that
he/she had never sent the message.
Authentication using Digital Signature

The authentication of the electronic record is done by creating a digital signature which is a mathematical
function of the message content. Such signatures are created and verified by Cryptography, which is a
branch of applied mathematics. It is used to secure the confidentiality and authentication of the data by
replacing it with a transformed version that can be reconverted to reveal the original data only to
someone who has the proper key.

A key is a sequence of symbols that controls the operation of a cryptographic transformation.

It involves two processes which are as follows.

1. Encryption: The process of transforming the plain message into a cipher text.

2. Decryption: The reversal of Cipher text into the original message.

Asymmetric Encryption

Can only be decrypted using a publicly available key known as the ‘Public Key’ provided by the sender.
The procedure has been under Section 2(1)(f) of the Information Technology Act, 2000. Under this
system, there is a pair of keys, a private key known only to the sender and a public key known only to the
receivers.

The message is encrypted by the private key of the sender, on the contrary, decryption can be done by
anyone who is having the public key. It depicts the authenticity of the sender. It is also known as the
‘principle of irreversibility’ ie. the public key of the sender is known to many users, but they do not have
access to the private key of the sender which bars them from forging the digital signature.

Symmetric Encryption

There is only a single key known to both the sender and the receiver. Under this system, the secret key or
the private key is known to the sender and the legitimate user. This secret key is used for both encryption
and decryption of the message.

The only drawback of this symmetric encryption is that as the number of pairs of users increases, it
becomes difficult to keep track of the secret keys used.

Benefits of Digital Signature

Authenticity.

Non-deviability.

Message cannot be altered in between the transmission.

Process followed for the creation of digital signature

Digital signatures are becoming very popular in the whole world. Countries that approve the use of digital
signatures have a structure that governs the acquisition and use of the digital signature. Even so,
regardless of the country that you come from, the way of acquisition is standard. Digital signatures are
created and issued by qualified individuals. For anyone to get a valid digital certificate, they must get it
from a certifying authority (CA).

The Certifying Authority (CA) is a kind of Trust Service Provider, and it is a third-party organization that is
trusted and accepted in a country. It has the power of issuing the citizens with digital signatures. These
CAs have rules and regulations that they have to keep and be governed by.

Firstly a person needs to get a Digital Signature Certificate from the Certifying Authorities. After that, the
following process is followed:

1. The original message of the sender is demarcated in order to get the message digest, with the help of
the hash function.

2. Then the private key is used to encrypt the message digest.

3. The encrypted message digest becomes the digital signature by using the signature function.

4. The digital signature is then attached to the original data

5. Two things are transmitted to the recipient:

The Original message

The digital signature

Rule 4 of the Information Technology(Certifying Authorities) Rules, 2000, explains the procedure of
digital signature as:

To sign an electronic record or any other item of information, the signer first applies the hash function
in the signer’s software. A hash function is a function which is used to map data of arbitrary size onto
data of a fixed size. The values returned by a hash function are called hash values, hash codes,
digests, or simply hashes

The hash function computes a hash result of standard length, which is unique to the electronic record.

The signer’s software transforms the hash result into a Digital Signature using the signer’s private key.

The resulting Digital Signature is unique to both electronic record and private key which is used to
create it.

The Digital Signature is attached to its electronic record and stored or transmitted with its electronic
record.
Verification of Digital Signature

The recipient receives the original message and the digital signature. After this, there are two steps which
need to be followed:

A new message digest is recovered from the original message by applying the hash result.

The signer’s public key is applied to the digital signature received by the recipient and another
message digest is recovered as the outcome of it.

If both the message digests are identical, it means that the message is not altered.

Rule 5 of the Information Technology (Certifying Authorities) Rules, 2000, explains the method of
verification of digital signature as:

The verification of a Digital Signature shall be accomplished by computing a new hash result of the
original electronic record by means of a hash function which is used to create a Digital Signature and by
using the public key and the new hash result.

Problems With Digital Signature

It functions online. Therefore, it has to be either purchased or downloaded

It lacks trust and authenticity

Digital Signature Certificate (DSC)

Introduction
1. A method to prove the authenticity of an electronic document.

2. It can be presented electronically to prove the identity, to access information or sign certain
documents digitally.

3. The Central Government has appointed a Controller of Certifying Authorities who grants a license to
the Certifying Authorities to issue digital signature certificates to the subscriber.

Who needs a DSC?

1. A vendor and a bidder

2. A Chartered Accountant

3. Banks

4. Director of a company

5. A Company Secretary

6. Other Authorized Signatories

Elements of Digital Certificate

1. Owner’s public key.

2. Owners name.

3. The expiration date of Public Key.

4. Name of the issuer.

5. Serial Number of the certificate.

6. A digital signature of the user.

Types of Certificate

1. Only Sign– It could only be used for signing a document. It is widely used in signing PDF Files for the
purpose of filing Tax Returns for usage as an attachment for Ministry Of Corporate Affairs or other
government websites

2. Encrypt– It is used to encrypt a particular document. It is popularly used in tender portals to help a
company encrypt a document before uploading it.

3. Sign along with Encryption– It is used for both signing and encrypting a particular document.

Validity

The DSC is valid up to a maximum period of three years.

DSC under the Information Technology Act, 2000

Section 35: Any person who wishes to get a Digital Signature Certificate may file an application to the
certifying authority for issuance of the Electronic Certificate along with the submission of the required
amount of fees not exceeding Rs. 25,000, including a statement of certification practice or stating
such particulars as prescribed.

Section 36: Representations upon issuance of the DSC.

Section 37: Suspension in public interest, not more than 15 days, unless given the opportunity to
present the case.

Section 38: Revocation on death or request of a subscriber, dissolution of a company or a firm.

Legal Approach and Digital Signature
The provisions of Information Technology Act, 2000 are based on the UNCITRAL’s Model Law on E-
Commerce.

The Model Law is based on the minimalist neutral approach ie. with the changes in technology the law
will remain neutral, as technology is dynamic in nature and comes in the public domain with a lot of
advancement with the passage of time, and it will not be feasible for the legislators to keep on
changing the laws dealing with the technology.

According to Article 7 of the UNCITRAL model, there ought to be a signature of a person while
contracting using the electronic means, for which any technology can be used. It has to be ensured
that the sender can be identified and he has given his consent to the message.

The same ‘technology neutrality’ approach has also been ratified by the Amendment Act, 2008 of the
Information technology Act, 2000, with the insertion of Section 3A.

Conclusion
With the advancement in technology, the usage of the digital signature in place of the conventional
signature has widely increased. The Information Technology Act, 2000 talks widely about the concept of
Digital Signature, the authorities who have been given the power of issuing the digital signature certificate
and the circumstances which require affixation of the digital signature.

References
Law And Technology by Niharika Vij, Universal Law Publication House, Second Edition-2017

http://www.legalserviceindia.com/article/l212-Digital-Signatures.html

http://www.mca.gov.in/MinistryV2/digitalsignaturecertificate.html

http://corporatelawreporter.com/2014/05/02/digital-signature-work-relevance-companies-act-2013/

[1] https://blog.signaturit.com/en/what-is-an-electronic-signature- (2019)

[2]
https://www.approveme.com/e-signature/difference-between-digital-signature-and-electronic-
signature/

[3] http://www.legalservicesindia.com/article/1827/Electronic-Signature:-Legal-and-Technical-aspect.html

[4] http://www.legalservicesindia.com/article/1827/Electronic-Signature:-Legal-and-Technical-aspect.html

[5]
https://blog.ipleaders.in/digital-electronic-signature/

Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a
part of their coursework and develop themselves in real-life practical skills.
LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various
opportunities. You can click on this link and join:

https://t.me/lawyerscommunity

Follow us on Instagram and subscribe to our YouTube channel for more amazing legal content.