Introduction about Digital Signature and Digital Certificate with details of companies providing digital signature solutions in India

India is one of the select bands of nations that have the Digital Signature Legislation in place. Information Technology Act, 2000 and Indian Evidence Act grants digital signatures that have been issued by a licensed Certifying Authority (Like TCS, ncode, emudhra, Sify, mtnl) in India the same status as a physical signature. Digital signatures solutions is deployed via the Public Key Infrastructure (PKI) technology

About Digital Signature

A digital signature is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and possibly to ensure that the original content of the message or document that has been sent is unchanged. Digital signatures cannot be imitated by someone else, and can be automatically time-stamped. The ability to ensure that the original signed message arrived means that the sender cannot easily repudiate it later. A digital signature can be used with any kind of message, whether it is encrypted or not, simply so that the receiver can be sure of the sender's identity and that the message arrived intact.

About Digital Certificate

A digital certificate is an electronic "credit card" that establishes your credentials when doing business or other transactions on the Web. It is issued by a certification authority (CA). In India licensed CAs providing digital signature solutions are – Tata Consultancy Services Ltd, (n)Code Solutions Ltd., (A division of Gujarat Narmada Valley Fertilisers Company Ltd.), e-Mudhra CA, Safescrypt, Institute for Development & Research in Banking Technology (IDRBT), MTNL and National Informatics Centre, Customs & Central Excise.

Contents of Digital Signature

Digital Signature contains your name, a serial number, expiration dates, a copy of the certificate holder's public key (used for encrypting messages and digital signatures), and the digital signature of the certificate-issuing authority and the digital signature of comptroller of certifying authority of India who have granted license to certifying authority to issue legally valid digital signature in India so that a recipient can verify that the certificate is real. A digital certificate contains the digital signature of the certificate-issuing authority so that anyone can verify that the certificate is real.

Interoperability Guidelines for Digital Signature Certificates issued under Information Technology Act
More about digital signature

CCA has pre defined the content of Digital Signature issued by the licensed CA in India to provide uniform digital signature solutions.

Following are the mandatory fields that are include in the Digital Signature Certificates
  1. Field Name: Version : Describes the version of certificate format adopted
  2. Serial Number: Number allocated to a certificate by the issuer CA, unique for a given issuer CA
  3. Signature: Issuer signature algorithm identifier
  4. Issuer: Uniquely Identifies the Certifying Authority issuing the certificate
  5. Validity: Time interval during which the CA warrants that it will maintain information about the status of the certificate (hence certificate is valid)
  6. Subject: The subject field associates an entity (named in the field) with the public key in the certificate
  7. Subject Public Key Info: Contains the public key algorithm for the subject public key being certified. Also contains the subject public key and the parameters
  8. Signature Algorithm: Issuer signature algorithm identifier
  9. Signature Value: This field contains the signature on the certificate
  10. Authority Key Identifier: The authority key identifier extension provides means of identifying the public key corresponding to signing key used (by CA) to sign the certificate
  11. Subject Key Identifier: The subject key identifier extension provides means of identifying certificates that contain a particular key when the subject has multiple certificates with multiple keys
  12. Key Usage: Key Usage field defines the cryptographic purpose of the key contained in the certificate
  13. Certificate Policies: Contains policy information terms in the form of OIDs and qualifiers
  14. Std. Extension: CRL Distribution Point: The CRL distribution points extension identifies the location and method by which CRL information can be obtained
  15. Pvt. Internet Extension: Authority Information Access: The extension provides information for accessing information and services of the issuer