First thing to know is that a digital signature is not a scanned copy of signature. It is a set of algorithm used to lock the signed document in such way that any alteration in the document after signing will either delete the signature or corrupt the document to make it unusable.
A digital signature establishes the identity of the person signing the document and also verifies the authenticity of the document.
Digital Signatures are issued in a token. The person owning the DSC must carry the token with himself for signing the documents. The statutory forms and online contracts where digital signatures are to be used are usually optimised to attach the digital signature. It can also be attached to documents like word, excel, pdf, ppt etc.
When the token is attached to the computer the DSC is placed in the internet explorer browser of the computer. When the space provided for attaching DSC is selected, it gives the option to select the DSC, picking the list of DSC from such explorer. On entering the correct password when prompted, the DSC gets affixed to the document. After signing, if someone wants to change the document, the DSC gets removed or deleted such that the authenticity of the signer remains unadulterated.
A digital signature usually has the following chain:
CCA India – CA – Sub-CA – Signer
CCA India is Controller of Certifying Authority, it controls the certifying authority (CA) and also regulates the CA in accordance with the provision of the IT Act 2000.
CA is the certifying authority that issues the digital signatures to the persons after verifying the identity and status of the person. The CA maintains the list of digital signatures issued, cancelled, replaced or revoked to all persons.
Sub CA is a subordinate of CA having similar functions as that of CA.
Signer is the person who owns the Digital Signature.
In order to place the digital signature properly, a digital signature must contain the entire chain of certificates.
Digital Signatures are of following types:
Based on Class: Class II & Class III
Based on Validity: 1 year & 2 year
Based on Signing Authority : Organization & Individual
Based on Usage: Signing & Encryption
If you are using the digital signature for signing a document which can be viewed by any person, you should use signing Class II DSC only, For Example: Income Tax, Company Filing, Form Signing etc. But if you are using the digital signature for sending data not to be viewed by public, you should use Class III signing + encryption such as online bidding, online tender contracts etc.
If you are signing a document on behalf of an organization, you must obtain organization DSC otherwise you should obtain individual DSC.
When a token containing DSC is attached to the computer, the following checks needs to be done: