Digital Signatures provide a viable solution for creating legally enforceable electronic records, closing the gap in going fully paperless by completely eliminating the need to print documents for signing. Digital signatures enable the replacement of slow and expensive paper-based approval processes with fast, low-cost, and fully digital ones. The purpose of a digital signature is the same as that of a handwritten signature. Instead of using pen and paper, a digital signature uses digital keys (public-key cryptography). Like the pen and paper method, a digital signature attaches the identity of the signer to the document and records a binding commitment to the document. However, unlike a handwritten signature, it is considered impossible to forge a digital signature the way a written signature might be. In addition, the digital signature assures that any changes made to the data that has been signed cannot go undetected. Digital signatures are easily transportable, cannot be imitated by someone else and can be automatically time-stamped. A digital signature can be used with any kind of message, whether it is encrypted or plain text. Thus Digital Signatures provide the following three features:-
- Authentication – Digital signatures are used to authenticate the source of messages. The ownership of a digital signature key is bound to a specific user and thus a valid signature shows that the message was sent by that user.
- Integrity – In many scenarios, the sender and receiver of a message need assurance that the message has not been altered during transmission. Digital Signatures provide this feature by using cryptographic message digest functions.
- Non Repudiation – Digital signatures ensure that the sender who has signed the information cannot at a later time deny having signed it.
A handwritten signature scanned and digitally attached with a document does not qualify as a Digital Signature. An ink signature can be easily replicated from one document to another by copying the image manually or electronically. Digital Signatures cryptographically bind an electronic identity to an electronic document and the digital signature cannot be copied to another document. Digital Signature under the IT Act, 2000 Digital signature means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 3.
Section 3 deals with the conditions subject to which an electronic record may be authenticated by means of affixing digital signature which is created in two definite steps.
First, the electronic record is converted into a message digest by using a mathematical function known as ‘Hash function’ which digitally freezes the electronic record thus ensuring the integrity of the content of the intended communication contained in the electronic record. Any tampering with the contents of the electronic record will immediately invalidate the digital signature.
Secondly, the identity of the person affixing the digital signature is authenticated through the use of a private key which attaches itself to the message digest and which can be verified by anybody who has the public key corresponding to such private key. This will enable anybody to verify whether the electronic record is retained intact or has been tampered with since it was so fixed with the digital signature. It will also enable a person who has a public key to identify the originator of the message.
‘Hash function’ means an algorithm mapping or translation of one sequence of bits into another, generally smaller, set known as “Hash Result” such that an electronic record yields the same hash result every time the algorithm is executed with the same electronic record as its input making it computationally infeasible to derive or reconstruct the original electronic record from the hash result produced by the algorithm; that two electronic records can produce the same hash result using the algorithm.
Digital signatures are a means to ensure validity of electronic transactions however who guarantees about the authenticity that such signatures are indeed valid or not false. In order that the keys be secure the parties must have a high degree of confidence in the public and private keys issued. Digital Signature is not like our handwritten signature. It is a jumble of letters and digits. It looks something like this. —–
oDnj7awl7BwSBeW4MSG7/3NS7oZyD/AWO1Uy2ydYD4UQt/w3d6D2Ilv3L8EOr5K8Gpe5Z K5CLV+zBKwGY47n6Bpi9JCYXz5YwXj4JxTT+y8=gy5N —–
END SIGNATURE ——
Electronic signature has also been dealt with under Section 3A of the IT Act, 2000. A subscriber can authenticate any electronic record by such electronic signature or electronic authentication technique which is considered reliable and may be specified in the Second Schedule.
Any electronic signature or electronic authentication technique will be considered reliable if-
- the signature creation data or the authentication data are, within the context in which they are used, linked to the signatory or , as the case may be, the authenticator and of no other person;
- the signature creation data or the authentication data were, at the time of signing, under the control of the signatory or, as the case may be, the authenticator and of no other person;
- any alteration to the electronic signature made after affixing such signature is detectable;
- any alteration to the information made after its authentication by electronic signature is detectable; and 34 (e) it fulfills such other conditions which may be prescribed. An electronic signature will be deemed to be a secure electronic signature if- (i) the signature creation data, at the time of affixing signature, was under the exclusive control of signatory and no other person; and (ii) the signature creation data was stored and affixed in such exclusive manner as may be prescribed. (Sec.15)
An Amendment to the IT Act in 2008 introduced the term electronic signatures. The implication of this Amendment is that it has helped to broaden the scope of the IT Act to include new techniques as and when technology becomes available for signing electronic records apart from Digital Signatures.