DSC for Organisational person
Whether Digital Signature certificate & signing keys of an employee can be retained by organisation upon the subscribers exiting the organisation?
No. The Digital Signature Certificate should be revoked and keys should be destroyed by the subscriber.
Whether Document Signer Certificate can be treated as organisational certificate?
The document signer certificate is issued for use with the software of an organisation for automated authenticated response. Document signer certificate is not a replacement for the signature of the authorised signatory of the organisation.
Digital Signatures are available in different Classes where as individual's ink signature is unique? How an organisation decides the appropriate signature for their application?
Organisation has to see assurance levels of DSC as indicated by its class. If organization is not competent to decide the Class of the DSC required for their application, a Risk Analysis may be carried out through empanelled auditors of Cert-IN or CCA and a recommendation may be obtained.
Whether users of an organisation can store their signature creation key of Class 2 and Class 3 DSCs in HSM?
No. The keys corresponding to Class 2 and Class 3 certificates are to be mandatorily stored in FIPS 140-2 level 2 validated crypto Token which is in the custody of the subscriber. The requirements for the storage of key pairs of subscribers are not in full compliance when using HSM for Class 2 and Class 3 certificates. However only a single user can store his/her keys in HSM.