2. What is Digital Signature ?
A digital signature is exactly what it sounds like a modern alternative to signing documents
with paper and pen.
A signature is the writing or otherwise affixing a person's name or a mark to represent his name
by himself or his authority with the intention of authenticating a document as being that of, or as
binding on, the person whose name or mark is so written or affixed.
A digital signature or digital signature scheme is a mathematical scheme for demonstrating
the authenticity of a digital message or document. A valid digital signature gives a recipient
reason to believe that the message was created by a known sender, and that it was not
altered in transit. Digital signatures are based on public key encryption. It uses prime
numbers like 2,3.5.7,9,11 and so on which can be divided only by itself or by 1 and is
incapable of division by other numbers. We have unlimited prime numbers and in DS we use
the multiples of prime numbers.
3. Encryption – Process of converting electronic data into another form, called ciphertext, which
cannot be easily understood by anyone except the authorized parties. This assures data security.
Decryption– Process of translating code to data.
● The message is encrypted at the sender’s side using various encryption algorithms and
decrypted at the receiver’s end with the help of the decryption algorithms.
● When some message is to be kept secure like username, password, etc., encryption and
decryption techniques are used to assure data security.
Digital Certificates and Digital Signatures involves Asymmetric encryption
4. Asymmetric Encryption
Asymmetric Cryptography is also known as public-key cryptography. It uses public and private keys for
the encryption and decryption od message. One key in the pair which can be shared with everyone is
called the public key. The other key in the pair which is kept secret and is only known by the owner is
called the private key.
Public Key
Private Key
5. Public key– Key which is known to everyone. Ex-public key of A is 7, this information is known to
everyone.
Private key– Key which is only known to the person who’s private key it is.
Authentication-Authentication is any process by which a system verifies the identity of a user who
wishes to access it.
Non- repudiation– Non-repudiation is a way to guarantee that the sender of a message cannot
later deny having sent the message and that the recipient cannot deny having received the
message.
Integrity– to ensure that the message was not altered during the transmission.
Message digest -The representation of text in the form of a single string of digits, created using a
formula called a one way hash function. Encrypting a message digest with a private key creates a
digital signature which is an electronic means of authentication..
6. How Digital Signature Work ?
The functioning of DS is based on the system of public key cryptography. Public-key
cryptography refers to a cryptographic system requiring two separate keys, one of which is
secret and one of which is public. Although different, the two parts of the key pair are
mathematically linked. One key locks or encrypts the plain text, and the other unlocks or
decrypts the cipher text. Neither key can perform both functions. One of these keys is published
or public, while the other is kept private.
Key encryption allows more than just privacy. It can also assure the recipient of the authenticity
of a document because a private key can be used to encode a message that only a public key
can decode. If I have information I want to sign before sending it to you, my computer uses my
private key to encipher it. Now the message can be read only if my public key-which you and
everyone else know-is used to decipher it. This message is veritably from me because no one
else has the private key that could have encrypted it in this way.
8. Assurances about digital signatures
1. Authenticity: The identity of the signer is verified.
2. Integration: Since the content was digitally signed, it hasn’t been altered or interfered with.
3. Non-repudiation: demonstrates the source of the signed content to all parties. The act of a
signer denying any affiliation with the signed material is known as repudiation.
4. Notarization: Under some conditions, a signature in a Microsoft Word, Microsoft Excel, or
Microsoft PowerPoint document that has been time-stamped by a secure time-stamp server is
equivalent to a notarization.
x
9. Benefits of Digital Signatures
● Legal documents and contracts: Digital signatures are legally binding. This makes them ideal for any
legal document that requires a signature authenticated by one or more parties and guarantees that the
record has not been altered.
● Sales contracts: Digital signing of contracts and sales contracts authenticates the identity of the seller
and the buyer, and both parties can be sure that the signatures are legally binding and that the terms of
the agreement have not been changed.
● Financial Documents: Finance departments digitally sign invoices so customers can trust that the
payment request is from the right seller, not from a bad actor trying to trick the buyer into sending
payments to a fraudulent account.
● Health Data: In the healthcare industry, privacy is paramount for both patient records and research data.
Digital signatures ensure that this confidential information was not modified when it was transmitted
between the consenting parties.
10. Electronic signature and digital signature
● The term electronic signature™ is very wide and digital signature™ is only one of the many kinds of electronic
signatures one can envisage.
● The term electronic signature is defined under section 2(a) of the IT Act 2000 (as inserted by Information Technology
Amendment Act 2008 (ITAA) as follows: Electronic signature means authentication of any electronic record by a
subscriber by means of the electronic technique specified in the second schedule and includes digital signature. The
expression digital signature™ is defined under section 2(p) as follows: Digital signature means authentication of any
electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions
of section 3.
● Therefore electronic signature is a wider term and digital signature is one kind of an electronic signature under the IT
Act 2000.Thus if you simply write your name and say œI sign•
that will be sufficient to constitute electronic signature
but obviously it is not at all safe or secure. The person can always say that some other person typed his name in the
document without his consent or knowledge. Here, the digital signature plays an important role as the same is
secure and the person cannot be allowed to deny that he did not sign
11. Electronic signatures include any electronic authentication techniques or procedures specified in the
Second Schedule. At present, the Second Schedule specifies the following:
● biometric and One-Time-Password (OTP) based Aadhaar e-KYC (Know Your Customer). An
example of this is also known as Aadhaar e-Sign (eSign);
● other e-KYC services apart from online Aadhaar e-KYC. These include Offline Aadhaar e-KYC,
Organizational eKYC or Banking eKYC. You can find the Identity Verification Guidelines issued by
Controller of Certifying Authority (CCA) for details regarding the various forms of identity
verification used forms of user identification for generation of digital signature certificates; and
● e-authentication technique and procedure for creating and accessing subscriber's signature key
facilitated by trusted third parties,
as electronic authentication techniques and procedures. A trusted third party will be a certifying authority
(CA) licensed under the IT Act.
12. Prohibited Documents
The documents or transactions that cannot be entered into by using an electronic signature are:
● Negotiable instrument such as promissory notes or bills of exchange other than a check;
● Power-of-attorney;
● Trust deeds;
● Will and any other testamentary disposition by whatever name called; and
● Any contract for the sale or conveyance of immovable property or any interest in such property.
Further, documents to be notarized are generally required to be physically signed before the Notary
Public. Documents requiring registration are also to be physically signed before the concerned
registrar.
13. Digital Signature Certificate (DSc)
Digital Certificates serve as an identity of an individual for a certain purpose, e.g. a driving license
identifies someone who can legally drive in a particular country. Likewise, a Digital Certificate can be
presented electronically to prove your identity or your right to access information or services on the
Internet. Digital Certificates are the digital equivalents (i.e. electronic format) of physical or paper
Certificates like your driving license, passport or membership cards
Digital Signaure Certifictes are issued by CA( Certifying Authority ) In accordance with Information
technology Act,2000.
● Sify Safescrypt - CA which provides USB based DSC tokens.
● eMudhra - is a popular CA, providing various types of digital certificates. Also, provides eSign.
● Adobe Sign - Adobe provides eSign as an electronic signature solution. Please do note that this is a
paid service and the signing process available within Acrobat Reader as default is not eSign.
● Digio - offers solutions such as Aadhaar eSign, USB based DSC token. They also provide
automated digital KYC and documenting solutions for businesses which lets you order and attach e-
stamps.
● SignDesk - provides business documentation workflow using eSign. API integration is also offered.
14. Who needs a DSC?
1. A vendor and a bidder
2. A Chartered Accountant
3. Banks
4. Director of a company
5. A Company Secretary
6. Other Authorized Signatories
Elements of Digital
Certificate
1. Owner’s public key.
2. Owners name.
3. The expiration date of Public Key.
4. Name of the issuer.
5. Serial Number of the certificate.
6. A digital signature of the user.
15. Section 3
Section 3 of the Evidence Act 1872 provides for interpretation or definition of certain words or expressions used in
the Act. The said section was amended to include electronic records also in the definition of the term œevidence•
16. As per Section 47A of the Indian Evidence Act 1872, the opinion of the Certifying Authority (a highly regulated entity
which issues electronic signature certificates) is a relevant fact for the Court to make an opinion as to the electronic
signature of any person. Certifying Authorities maintain full transactional logs to assist and certify any transactions
carried out through them for adjudication purposes. Therefore, in the unlikely event that an electronic signature is ever
questioned in Court, there is a standing help in the form of a regulated neutral entity that can vouch for it.
Additionally, the signature certificate, its properties and details such as the name of the signer etc. can be viewed by
anyone in the PDF reader itself.
17. Section 67A states that if a signer uses a secure electronic signature to execute a document then it will be
presumed that such eSign belonged to the signer herself and not to any other person. This means that for
non secure eSigns, the affixture of the electronic signature must be proven to have been done by the signer.
But for secure electronic signatures - this burden of proof is not required. Therefore, someone who has
signed using a secure electronic signature later cannot refute his signature. This Section is the legal
recognition of the ability of eSigns to meet the “authentication” goal of the signing process.
Aadhaar eSign, DSC Tokens and PAN eSign qualify as secure electronic signatures under the Evidence Act and
the IT Act.
18. Section 73A
Section 73A has been newly inserted to provide that the court may direct the
concerned person or Certifying Authorities (CA) to ascertain whether DS is
that of the person by whom it is purported to have been affixed. It may also
direct any other person to apply the public key listed in the electronic Signature
Certificate and verify the electronic signature purported to have been affixed
by that person.
19. Section 85A says that an agreement which has been executed using electronic signatures
will be presumed to have been concluded between the parties and attained finality.
Section 85A thus lends certainty as to the finality of the terms and conditions agreed
between parties to the agreement.
It is the onus of the one instituting the suit to provide evidence against.
20.
21. So what does Section 85B say?
Clause (1) states that in proceedings involving a secure electronic record, it will be presumed that the secure
electronic record has not been altered since the time it was executed by a secure digital signature. The ability
of Section 3 Digital Signatures and Schedule II eSigns to ensure integrity of the signed document is not just
technologically assured, but now it is also legally recognised.
Clause (2) of Section 85B states that wherever there is a secure electronic signature, the Court will presume
that it was affixed by the signer with the intention of signing or approving the electronic record.
The effect of Section 85B(2) is that no party to an agreement, in case they use a secure electronic signature
to execute the document, can later claim that they did not know what they were signing. Intention of the
signer to approve the contents of the signed document is legally presumed, by virtue of this section. This
section reinforces the ability of secure electronic signatures to meet the end goals of the signing process,
especially “integrity” and “non-repudiation”.
22. Section 85C states that the details mentioned in the Electronic Signature Certificate, such
as name of the signer, email ID and time of signing will be presumed to be true. This helps
in establishing the identity of the person who signed the document.
23. Section 90A applies to electronic records that are five or more years old. If such electronic records contain an
electronic signature, then the Court will presume that it was affixed by the person whose electronic signature it
purports, or appears, to be. Section 90A is similar to Section 67A of the Evidence Act, to the extent that the identity
of the signer is presumed and need not be proven.
24. State Bank of India vs Ajay Kumar Sood | 2022 LiveLaw (SC) 710
The court also emphasized the importance of making judgments accessible to persons from all
sections of society, especially persons with disability. It made the following observations:
1. All judicial institutions must ensure that the judgments and orders being published by them do
not carry improperly placed watermarks as they end up making the documents
inaccessible for persons with visual disability who use screen readers to access them.
2. Courts and tribunals must also ensure that the version of the judgments and orders uploaded
is accessible and signed using digital signatures. They should not be scanned versions of
printed copies.
3. The practice of printing and scanning documents is a futile and time-consuming process
which does not serve any purpose. The practice should be eradicated from the litigation
process as it tends to make documents as well as the process inaccessible for an entire
gamut of citizens
25. Applications
1. E-Aadhar & Its Application
2. E-Pan
3. E- Filling of Income Tax Returns
4. GST Registration
5. ROC (Registrar of Companies & Ministry of corporate Affairs compliance)
6. EPFO Digital Signature
7. Trademark & Patent Filling
8. E- Tendering
9. E- Procurement
10. E- Signing
11. E- KYC
26. Punishments under IPC
Section 463: Making a false document:
● Where there are reasons to believe that any person who has either fraudulently or
dishonestly made, signed, sealed, executed, transmitted a document or electronic
record or its part thereof affixed with electronic signature.
● Secondly, who without lawful authority, alters any document or an electronic record
or materially its part thereof, executed or affixed with electronic signature either by
himself or by any other person, whether such person is alive or dead at the time of
such alteration.
● Thirdly, who dishonestly or fraudulently causes any person to sign, seal, execute or
alter a document or an electronic record or to affix his or her electronic signature on
any electronic record knowing that such person:
The punishment for making a false document (forgery) under Section 465, IPC, 1860 is imprisonment
of a term which may extend to two years, or with fine, or with both.
27. Section 66C: Punishment for identity theft
It states that any person who, fraudulently or dishonestly makes use of
1. The electronic signature;
2. Password; or
3. Any other unique identification feature of any other person;
Shall be punished with imprisonment for a term which may extend to three years and shall be
liable to fine which may extend to Rupees one lakh.
28. Section 71: Penalty for misrepresentation
It states that any person who misrepresents or suppresses any material fact from
the Controller or the Certifying Authority so as to obtain any licence or electronic
signature certificate, as the case may be, shall be punished with imprisonment for
a term which may extend to two years, or with fine which may extend to Rupees
one lakh, or with both.
29. Section 73: Penalty for publishing electronic signature certificate
false in certain particulars
It states that no person shall publish any electronic signature certificate or make it available to
any other person having the knowledge that–
(a) The Certifying Authority listed in the certificate has not issued it; or
(b) The subscriber listed in the certificate has not accepted it; or
(c) The certificate has either been revoked or suspended, until & unless such publication is for the
purpose of verifying an electronic signature created prior to such revocation or suspension.
● Any person who contravenes the above provisions shall be punished with imprisonment
for a term which may extend to two years, or with fine which may extend to Rupees one
lakh, or with both.
30. Section 74: Publication for Fraudulent purpose
It states that any person who knowingly creates, publishes or makes available any
electronic signature certificate for any
1. Fraudulent; or
2. Unlawful purpose;
shall be punished with imprisonment for a term which may extend to two years, or with
fine which may extend to Rupees one lakh, or with both.