Digital Signature

Whether CAs will have information on the signature carried out by subscribers?

CAs will not have any information on the signatures applied by the subscribers after the issuance of DSC. The application owners or subscribers themselves can keep records of the signature affixed by them.

Whether Aadhaar eKYC based authentication can be treated as signature of individual?

Aadhaar eKYC based authentication provides the electronic identity of an individual at a particular point of time. It cannot be used at later point of time to authenticate documents or transactions, whereas the Digital Signature provides the electronic authentication of individual and bind it to the documents or transactions being signed. The intention of signatory for a particular transaction or document can be conveyed in a verifiable form at any point of time in the future only by using electronic signature. Such Digital signature applied by individuals can be verified independently using software. As per IT Act, the electronic records need to be authenticated by using Electronic Signature.

Whether my signature will be valid after the expiry of certificate?

Signatures are to be verified with respect to signature affixing time. If the certificate is valid at the time of signature, the signature is deemed to be valid.

Is there a "Specimen Digital Signature" like paper signature?

No. The Digital signature changes with content of the message.

Whether it is possible to sign an electronic record without the knowledge of a signer?

It depends upon the how the subscriber has kept his private keys. If private key is not stored securely, then it can be misused to sign an electronic record without the knowledge of the owner of the private key.

In paper world, date and the place where the paper has been signed is recorded and court proceedings are followed on that basis. What mechanism is being followed for dispute settlements in the case of digital signatures?

Under the IT Act, 2000 Digital Signatures are at par with hand written signatures. Therefore, similar court proceedings will be followed. The requirements of recording of date and time can be addressed through Time Stamping.

What are the signature types allowed as per the existing standards?

  • RSA Signature Algorithms with SHA2 Hashing Algorithms
  • ECDSA Signature Algorithms with SHA2 Hashing Algorithms and NIST Curve p-256. (For details ref Digital Signature (End entity rules) 2015 and also Interoperability Guidelines for DSC (CCA-IOG))