1. What is DSC?
A Digital Signature Certificate, like hand written
signature, establishes the identity of the sender filing
the documents through internet which sender can not
revoke or deny. Accordingly, Digital Signature
Certificate is a digital equivalent of a hand written
signature which has an extra data attached
electronically to any message or a document. Digital
Signature also ensures that no alterations are made to
the data once the document has been digitally signed. A
DSC is normally valid for 1 or 2 years, after which it
can be renewed.
A Digital Signature is a method of verifying the
authenticity of an electronic document. Digital
signatures are going to play an important role in our
lives with the gradual electronization of records and
documents.
The IT Act has given legal recognition to digital
signature meaning, thereby, that legally it has the same
value as handwritten or signed signatures affixed to a
document for its verification.
The Information Technology Act, 2000 provides the
required legal sanctity to the digital signatures based
on asymmetric cryptosystems. The digital signatures are
now accepted at par with handwritten signatures and the
electronic documents that have been digitally signed are
treated at par with paper documents.
2. WHO NEEDS A DIGITAL SIGNATURE CERTIFICATE ?
Under MCA21 Every person who is required to sign manual
documents and returns filed with ROC is required to
obtain a Digital Signature Certificate (DSC).
Accordingly following have to obtain Digital Signature
Certificate:
1. Directors
2. Auditors
3. Company Secretary - Whether in practice or in job.
4. Bank Officials - for Registration and Satisfaction of
Charges
5. Other Authorized Signatories.
3. TYPES OF DIGITAL SIGNATURE CERTIFICATE
?
There are 3 types of Digital Signature Certificates,
having different security levels, namely :- Class-1,
Class-2 , Class-3.
For filing documents under MCA21, a Class-2 Digital
Signature Certificate issued by a Licensed Registration
Authority is required. We also offer Class 1 and 3
besides Class 2 certificates.
4. Why USB e-token? A Digital Signature certificate
(DSC) is kept in internet explorer of computer system
(PC) but keeping DSC on your computer system has
following draw backs :-
a) It can be misused by anyone who is having access to
your computer system.
b) DSC is lost if computer system is formatted or
internet explorer is changed.
Accordingly, safe and proper method is to keep DSC on
e-token, a small USB port devise, which is password
protected. The said e-token is a small hardware device
and can be plugged to USB port of any system to
digitally sign the documents and when not in use can be
kept in safe custody.
5. Why Digital Signatures?
Ministry of Company Affairs, Government of India (GoI)
has initiated MCA21 program, for easy and secure access
to its services in a manner that best suits the
businesses and citizens. MCA21 is envisioned to provide
anytime and anywhere services to businesses. It is a
pioneering program being the first mission mode
e-governance project being undertaken in the country.
This program builds on the GoI vision to introduce a
Service Oriented Approach in the design and delivery of
Government services, establish a healthy business
ecosystem and make the country globally competitive.
The MCA21 application is designed to support Class 2 & 3
Digital Signature Certificates (DSC) issued by licensed
Certifying Authority under Controller of Certifying
Authorities, GoI.
Those individuals recommended and forwarded by Superior
Authority or those who approach any RA office operating
under CA with proper certification from Chartered
Accountant/Cost Accountant can avail our certification
services for obtaining digital certificate.
TOP
6. What is a Digital Signature Certificate?
Digital signature certificates (DSC) are the digital
equivalent (that is electronic format) of physical or
paper certificates. Examples of physical certificates
are drivers' licenses, passports or membership cards.
Certificates serve as a proof of identity of an
individual for a certain purpose; for example a driver's
license identifies someone who can legally drive in a
particular country. Likewise, a digital certificate can
be presented electronically to prove your identity, to
access information or services on the Internet or to
sign certain documents digitally.
7. Why is Digital Signature Certificate (DSC)
required?
Like physical documents are signed manually, electronic
documents, for example e-forms are required to be signed
digitally through Digital Signature Certificate. As per
MCA21 project of ministry of company affairs all the
company forms have to be filed electronically.
8. Who issues the Digital Signature Certificate?
A licensed Certifying Authority (CA) issues the digital
signature. Certifying Authority (CA) means a person who
has been granted a licence to issue a digital signature
certificate under Section 24 of the Indian IT-Act 2000.
The list of licensed CAs along with their contact
information is available on www.mca.gov.in . You can
obtained your DSC from us.
9. What are the different types of Digital Signature
Certificates?
Class 1: These certificates do not hold any legal
validity as the validation process is based only on a
valid e-mail ID and involves no direct verification.
Class 2: Here, the identity of a person is verified
against a trusted, pre-verified database.
Class 3: This is the highest level where the person
needs to present himself or herself in front of a
Registration Authority (RA) and prove his/ her identity.
Who can have digital signature certificate?
Any person can apply to the certifying authority for
issue of a DSC in the prescribed form, paying Rs 25,000.
While prescribing, the government can differentiate the
fee structure for different classes of applicants. The
applicant shall also enclose a certification practice
statement and in the absence of such a statement,
particulars, as prescribed by regulations, have to be
given.
10. How is the DSC issued?
The certifying authority, on receipt of the application,
after due consideration of the certification statement
and other particulars and enquiry, can grant the DSC.
Discretion is vested with the certifying authority to
reject any application. Reasons should be recorded in
case of rejection.
11. Are any conditions imposed for issue of the DSC?
For issuing the DSC, the certifying authority should
take into consideration the following points:
*The applicant holds the private key corresponding to
the public key to be listed in the DSC.
*The applicant holds the private key, which is capable
of creating a digital signature.
*The public key to be listed in the certificate can be
used to verify a digital signature affixed by private
key held by the applicant.
12. What type of Digital Signature Certificate (DSC)
is to be obtained for e-filing on the MCA Portal?
DSC of Class 2 and Class 3 category issued by a licensed
Certifying Authority (CA) needs to be obtained for
e-filing on the MCA Portal.
13. Is Director Identification Number (DIN) a
pre-requisite to apply for DSC?
No.
14. What is the cost of obtaining a Digital Signature
Certificate?
The cost of obtaining a digital signature certificate
may vary as there are many entities issuing DSCs and
their charges may differ.
15. How much time do CAs take to issue a DSC?
The time taken by CAs to issue a DSC may vary from seven
to ten days.
TOP
16. What is the validity period of a Digital
Signature Certificate?
The Certifying Authorities are authorized to issue a
Digital Signature Certificate with a validity of at
least one year.
17. What is the legal status of a Digital Signature?
Digital Signatures are legally admissible as per IT ACT
2000.
18. How can I carry a Digital Signatures Certificate
to the Physical Front Office (PFO)?
You can store your Digital Signature in a Pen Drive/
Removable Media to carry the same to the PFO for
digitally signing the e-forms.
19. How is a Digital Signature affixed to an e-form?
Click the Digital Signature field in the e-form. The
system will prompt you to sign the e-form through a
digital signature that is stored on your Pen Drive/ CD.
20. Is a company required to obtain a Digital
Signature Certificate in its own name for e-filing?
Digital Signature Certificate (DSC) is not required by
Companies but by individuals. For example the Director
or the Company Secretary, signing on behalf of the
Company requires a DSC.
21. Can I do e-filing of documents if I do not
possess a DSC?
No. it is mandatory to have a valid digital signature
certificate for e-filing the forms on MCA portal.
22. Are multiple DSCs required for professionals
rendering services to different companies?
No. A DSC is unique to each individual. If a
professional has obtained a DSC, he/ she can use the
same DSC for e-filing of forms for multiple companies,
provided he/ she has been authorized to do so by the
respective companies.
23. Is the Company Secretary in whole-time employment
required to obtain a DSC?
Yes. If the Company Secretary is an authorized
signatory, he/ she is required to obtain a DSC.
24. What safety precautions should one take while
using a Digital Signature?
You should keep the media carrying your digital
signature safely and not disclose your password to
anybody.
25. What if somebody gains possession of my digital
signature?
Digital Signatures are password protected and cannot be
copied from a digitally signed document.
TOP
26. What is the difference between a Digital Sign on
a CD or on a USB token?
There is no difference between the two signatures. Only
the media differs.
27. What is better? A CD or a USB token?
Both have their own advantages and disadvantages. It all
depends upon the comfort level of subscriber and his
intended usage of the same. Both require passwords for
usage. Also see
General FAQs contains information on Public Key
Infrastructure (PKI), Cryptography, Digital Signature
Certificates and Digital Signature technology.
Digital Signature Certificates: An Introduction
28. What are Digital Signature Certificates?
Digital Signature Certificates are the digital
equivalent (i.e. electronic format) of physical or paper
certificates. Examples of physical certificates are
driver's licenses, passports or membership cards.
Certificates serve as identity of an individual for a
certain purpose, e.g. a driver's license identifies
someone who can legally drive in a particular country.
Likewise, a Digital Signature Certificate can be
presented electronically to prove your identity or your
right to access information or services on the Internet.
29. Why should I trust a Digital Signature
Certificate's contents?
The same reason you trust what is stated in a driver's
license: endorsement by the relevant authority
(Department of Transport) in the form of a difficult to
forge signature or stamp of approval. Digital Signature
Certificates are endorsed in a similar manner by a
trusted authority empowered by law to issue them,
appropriately known as the Certifying Authority or CA.
The CA is responsible for vetting all applications for
Digital Signature Certificates, and once satisfied,
"stamps" its difficult to forge digital signature on all
the Digital Signature Certificates it issues, attesting
to their validity.
30. What can I use Digital Signature Certificates
for?
Three uses are outlined here. Your Digital Signature
Certificate could be used to allow you to access
membership-based web sites automatically without
entering a user name and password. It can allow others
to verify your "signed" e-mail or other electronic
documents, assuring your intended reader(s) that you are
the genuine author of the documents, and that the
content has not been corrupted or tampered with in any
way. Finally, Digital Signature Certificates enables
others to send private messages to you: anyone else who
gets his/her hands on a message meant for you will not
be able to read it.
31. How important is the use of Digital Signature
Certificates to me?
Digital Signature Certificates and the CA are just two
elements of the Public Key Infrastructure (PKI), an
overall Internet security system. Once the PKI is
operational, everyone who has a Digital Signature
Certificate can be traced and held accountable for their
actions. Consequently, uses for the Internet, which
could not be fully realized before, will finally take
off: electronic banking and commerce (funds transfer,
buying and paying on-line), on-line transactions with
government agencies (applying for and renewing ICs,
licenses, paying fines and bills), and on-line
transactions between businesses. The day when the only
way to do some of these transactions is through the
Internet may not be too far off. Everyone who wants to
be part of it will need Digital Signature Certificates.
32. What different kinds of Digital Signature
Certificates are there?
Digital Signature Certificates can be categorized into
Server certificates and Personal certificates. The
differences lie in the information they contain and who
they identify.
33. What are personal certificates?
Personal certificates serve to identify a person. It
follows that the contents of this type of certificate
include the full name and personal particulars of an
individual. Among other uses of personal certificates
some are: Secure e-mail correspondence, and Enhanced
access control to sensitive or valuable information.
34. What are server certificates?
Server certificates identify a server (computer). Hence,
instead of a name of a person, server certificates
contain the host name. Server certificates are used to
ensure that on-line transactions are secure. PKI
Related: Terms Explained
35. What do you mean by the Public Key Infrastructure
(PKI)?
The PKI is the overall system of identifying parties on
the Internet using their certificates. It is headed by a
Certifying Authority that is responsible for issuing and
verifying the validity of the Digital Signature
Certificates.
TOP
36. What is Cryptography?
Cryptography is the science of enabling secure
communications between a sender and one or more
recipients. This is achieved by the sender scrambling a
message (with a computer program and a secret key) and
leaving the recipient to unscramble the message (with
the same computer program and a key, which may or may
not be the same as the sender's key).
There are two types of cryptography: Secret/Symmetric
Key Cryptography and Public Key Cryptography
The emphasis of cryptography is on data confidentiality,
data integrity, sender authentication, and
non-repudiation of origin/data accountability.
37. What is a key?
Physical keys are used for locking and unlocking. In
cryptography, the equivalent functions are encryption
and decryption. A key in this case is an algorithmic
pattern or rule(s) to render the message unreadable.
Below is a simple example of how key is used in a
symmetric cryptography.
Plain text: transfer rupees five thousand
Key: forward shift all letters by 1 position, i.e. a
becomes b, b becomes c, etc
Ciphered text (after encryption): usbtgfs svqfet gjwf
uipvtboe
To decipher text:backward shift all letters by 1
position, giving: transfer rupees five thousand
In practice the key has to be much more complicated than
this.
38. What is secret/symmetric cryptography?
Secret key (symmetric/conventional) cryptography is a
system based on the sender and receiver of a message
knowing and using the same secret key to encrypt and
decrypt their messages. One weakness of this system is
that the sender and receiver must trust some
communications channel to transmit the secret key to
prevent from disclosure.
Example: You use a strongbox to send a valuable gift to
your friend, locking it with a key. No one can get to
the gift without the key, including your friend. Your
lock uses a symmetric key: the same key used to lock the
box must be used to unlock it. Problem: you must find
some method to deliver the key safely to your friend.
39. What is public/asymmetric key cryptography?
Public key (asymmetric) cryptography is a system based
on pairs of keys called public key and private key. The
public key is published while the private key is kept
secret with the owner. The need for a sender and a
receiver to share a secret key and trust some
communications channel is eliminated. This concept was
introduced in 1976 by Whitfield Diffie and Martin
Hellman.
Example: In order to get around the problem introduced
in the above example of symmetric key cryptography, a
new kind of lock must be created which requires two keys
to operate, say A and B. If A is used to lock, B must be
used to unlock, and vice versa - this is known as an
asymmetric key system. To send a gift to a distant
friend, first request your friend's (empty) strongbox,
equipped with this new lock and one of his/her keys. We
will call this the public key, to differentiate from the
other (private) key that never leaves him/her. Put your
gift in her box and lock it with his/her public key.
Send him/her the box. Only he/she will be able to unlock
the box and get the gift.
40. What is encryption?
Encryption is the transformation of information from
readable form into some unreadable form.
TOP
41. What is decryption?
Decryption is the reverse of encryption; it's the
transformation of encrypted data back into some
intelligible form.
42. What is data confidentiality?
Data confidentiality refers to a situation in which a
message is inaccessible to others except the intended
recipient(s). Encryption and decryption ensure
confidentiality.
43. What is data integrity?
If a message received is the same as that which was sent
- i.e. it is unaltered during transmission - data
integrity is said to have been achieved. This can be
verified using a message digest attached to the message,
which acts as the digital fingerprint of the message.
44. What is sender authentication?
It's a process to ensure that a message does not
originate from someone other than its purported sender.
Sender authentication is achieved through two related
mechanisms: digital signature and Digital Signature
Certificate.
45. What is non-repudiation of origin/data
accountability?
Data accountability refers to the availability of proof
that message exchange actually took place. The sender
would not be able to deny it. This is also accomplished
through digital signatures.
46. What is a message digest?
Message digest, also known as the hash of a message, is
a small piece of data that results from performing a
particular mathematical calculation (hashing function)
on the message during encryption. Two properties of
message digests to note: (i) a small alteration in the
original message would cause a big change in the message
digest; (ii) derivation of the original message is not
possible from the message digest. It acts as a
"fingerprint" of the message and is used to ensure data
integrity.
47. What exactly is a digital signature?
Just as a handwritten signature is affixed to a printed
letter for verification that the letter originated from
its purported sender, digital signature performs the
same task for an electronic message. A digital signature
is an encrypted version of a message digest, attached
together with a message.
A secure digital signature system consists of two parts:
1. A method of signing a document such that forgery is
detected, and
2. A method of verifying that a signature was actually
generated by whomever it represents
48. Public key vs. secret key: which cryptography
system is better?
A combination of both. The action of encrypting
information with public-key cryptography is
significantly slower than encrypting with a secret key.
However the drawback of the secret-key system is that,
secret keys must be transmitted either manually or
through a communication channel, and there may be a
chance that others can discover the secret keys during
transmission. This is not a problem with public-key
cryptography, as private keys never need to be
transmitted or revealed to anyone. Each user has sole
responsibility for protecting his or her private key.
So, in practice public-key cryptography is used with
secret-key cryptography to get the best of both worlds.
A system that uses public-key cryptography first
generates a secret key and uses the secret key to
encrypt the message. Public-key cryptography key is then
used to encrypt the secret key, which then is attached
to the secret key-encrypted message.
49. What information do Digital Signature
Certificates contain?
One of the most popular standards for Digital Signature
Certificate is X.509v3. An X.509v3 certificate typically
contains the following information
50. What are the functions of a Digital Signature
Certificate?
Typically certificates are used to generate confidence
in the legitimacy of a public key. In addition to
verifying a signature, verifying the signer's
certificate increase the confidence of the receiver in
ensuring that attempted forgery or impersonation has not
occurred.
Digital Signature Certificates can be used as to verify
someone's (or some company's) identity. It can be used
in a variety of ways including to control access on web
sites, to create virtual private networks, to secure
e-mail, and to guarantee the authenticity of downloaded
software.
Examples:
1. A corporation can grant/deny access to the employees,
customers, suppliers and other business partners to
sensitive network resources on the corporate intranet by
using the Digital Signature Certificate.
2. A web-based merchant can install the Digital
Signature Certificate to its web server. A customer
shopping at this site will be able to verify
(authenticate) the identity of the web server and the
content provided by the merchant. Without this
authentication, the shopper would not be able to trust
the merchant with sensitive information like credit card
number.
TOP
51. What is a Certifying Authority (CA)?
A CA is a trusted third party willing to verify the ID
of entities and their association with a given key, and
later issue certificates attesting to that identity. In
the passport analogy, the CA is similar to the Ministry
of external affairs, which verifies your identification,
creates a recognized and trusted document which
certifies who you are, and issues the document to you.
A CA can be within the organization itself or outside
organization depending on the purpose of the
certificates. A company may issue certificates to its
employees for reason that only its employees can access
to the company database but an internet user might
request for a certificate from a well-known and trusted
CA in order for him to do on-line transaction securely.
52. How are Digital Signature Certificates issued?
Figure illustrates the certificate request and issuance
process by a CA:
The certificate applicant must generate his/her own key
pair and send the public key to the CA with some proof
of his/her identification.
The CA will put the public key in a new certificate,
digitally sign the certificate using its private key and
then send the certificate to the applicant.
Note: The CA will check the certificate applicant's
identification before it generates the certificate and
signs the request. Different CAs may issue certificates
with varying levels of identification requirements. One
CA may insist on seeing the Identity card, another may
want a signed letter authorizing certification from
anyone requesting a certificate.
53. How do Digital Signature Certificates work in
e-mail correspondence?
Suppose Sender wants to send a signed data/message to
the recipient. He creates a message digest (which serves
as a "digital fingerprint") by using a hash function on
the message. Sender then encrypts the data/message
digest with his own private key. This encrypted message
digest is called a Digital Signature and is attached to
sender's original message, resulting in a signed
data/message. The sender sends his signed data/message
to the recipient.
When the recipient receives the signed data/message, he
detaches sender's digital signature from the
data/message and decrypts the signature with the
sender's public key, thus revealing the message digest.
The data/message part will have to be re-hashed by the
recipient to get the message digest. The recipient then
compares this result to the message digest he receives
from the sender. If they are exactly equal, the
recipient can be confident that the message has come
from the sender and has not changed since he signed it.
If the message digests are not equal, the message may
not have come from the sender of the data/message, or
was altered by someone, or was accidentally corrupted
after it was signed.
54. How do Digital Signature Certificates work in a
web site?
When a certificate is installed in a web server, it
allows users to check the server's authenticity (server
authentication), ensures that the server is operated by
an organization with the right to use the name
associated with the server's Digital Signature
Certificate. This safeguard's users from trusting
unauthorized sites.
A secure web server can control access and check the
identity of a client by referring to the client
certificate (client authentication), this eliminates the
use of password dialogs that restrict access to
particular users.
The phenomenon that allows the identities of both the
server and client to be authenticated through exchange
and verification of their Digital Signature Certificate
is called mutual server-client authentication. The
technology to ensure mutual server-client authentication
is Secure Sockets Layer (SSL) encryption scheme.
1. The user visits a secure web site.
2. The server asserts its site identity by sending its
server certificate to the client (browser)
3. The user verifies the server authenticity to ensure
that it is an exact site the user is visiting.
4. The server requests a client certificate from the
client.
5. The user selects an appropriate certificate to
present.
6. The server verifies the client authenticity to ensure
that it is an authorized user.
7. When authentication is complete, the client sends the
server a session key encrypted using the server's public
key.
8. A secure channel is established between the client
and server with the following three fundamental security
services.
TOPKnow in Details about :
Class 2 Digital
Signature |
Class 3 Digital Signature |
DGFT Digital
Signature
|
