Digital and E signature

A digital signature is a cryptographic technique used to validate the

authenticity and integrity of digital messages, documents, or
software. It provides a way for the recipient to verify that the sender
is who they claim to be and that the content has not been altered
since it was signed.
Section 2(1)(p) of the Information Technology Act, 2000 (India):
"Digital Signature" means authentication of any electronic record by
a subscriber by means of an electronic method or procedure in
accordance with the provisions of Section 3.

VALIDITY OF DIGITAL SIGNATURE

· The Information Technology Act, 2000 defines digital signature

as “authentication of any electronic record by a subscriber by means
of an electronic method or procedure in accordance with the
provisions of section 3[1]”. To ensure the security and authenticity
of documents filed electronically, the Information Technology Act,
2000 contains provisions for the use of digital signatures on those
documents.

· Section 5 of the IT Act gives legal recognition to digital

signatures based on asymmetric cryptosystems.

· Each Digital Signature is enabled using a Digital Signature

Certificate and contains a unique private and public key pair that
serves as the identity of an individual.

· Certification Agencies are appointed by the office of the

Controller of Certifying Authority (CCA) to issue Digital Signature
Certificate (DSC) as per Sec 35 of IT Act, 2000.

How it is created:

Digital signatures are created using asymmetric cryptography, also

known as public-key cryptography. The process involves generating a
pair of cryptographic keys: a private key and a public key. The private
key is kept secret and known only to the signer, while the public key
is shared with others. The digital signature is created by applying a
mathematical algorithm to the content being signed and the signer's
private key.

How it works:

When a digital signature is created, it is attached to the digital

document or message. To verify the signature, the recipient uses the
signer's public key to decrypt the signature and compare it to a
computed value based on the original content. If the two values
match, the signature is considered valid, indicating that the
document has not been altered and was indeed signed by the holder
of the private key.
Who gives Digital signature:

Digital signatures are typically issued by a trusted third-party

organization known as a Certificate Authority (CA). These entities
verify the identity of individuals or organizations applying for digital
signatures and issue digital certificates, which contain the public key
and other identifying information.

Section 24(1) of the Information Technology (Certifying Authorities)

Rules, 2000 (India): No person shall issue a Digital Signature
Certificate unless he has been granted a license to do so by the
Controller.

Procedure for issuance of DSC:

Section 35. Certifying authority to issue [electronic signature]

Certificate. –

(1) Any person may make an application to the Certifying Authority

for the issue of a [electronic signature] Certificate in such form as
may be prescribed by the Central Government.

(2) Every such application shall be accompanied by such fee not

exceeding twenty-five thousand rupees as may be prescribed by the
Central Government, to be paid to the Certifying Authority: Provided
that while prescribing fees under sub-section (2) different fees may
 be prescribed for different classes of applicants.

(3) Every such application shall be accompanied by a certification

practice statement or where there is no such statement, a statement
containing such particulars, as may be specified by regulations.

(4) On receipt of an application under sub-section (1), the Certifying

Authority may, after consideration of the certification practice
statement or the other statement under sub-section (3) and after
making such enquiries as it may deem fit, grant the [electronic
signature] Certificate or for reasons to be recorded in writing, reject
the application:

[Provided] that no application shall be rejected unless the applicant

has been given a reasonable opportunity of showing cause against
the proposed rejection.
Information Technology (Certifying Authorities) Rules, 2000

Section 23. Digital Signature Certificate.— The Certifying Authority

shall, for issuing the Digital Signature Certificates, while complying
with the provisions of section 35 of the Act, also comply with the
following, namely:- (a) the Digital Signature Certificate shall be issued
only after a Digital Signature Certificate application in the form
provided by the Certifying Authority has been submitted by the
subscriber to the Certifying Authority and the same has been
approved by it: Provided that the application Form contains, inter
alia, the particulars given in the modal Form given in Schedule-IV;
(b) no interim Digital Signature Certificate shall be issued;

(c) the Digital Signature Certificate shall be generated by the

Certifying Authority upon receipt of an authorised and validated
request for:- (i) new Digital Signature Certificates; (ii) Digital Signature
Certificates renewal;

(d) the Digital Signature Certificate must contain or incorporate, by

reference such information, as is sufficient to locate or identify one or
more repositories in which revocation or suspension of the Digital
Signature Certificate will be listed, if the Digital Signature Certificate
is suspended or revoked;

(e) the subscriber identity verification method employed for issuance

of Digital Signature Certificate shall be specified in the Certification
Practice Statement and shall be subject to the approval of the
Controller during the application for a licence;

(f) where the Digital Signature Certificate is issued to a person

(referred to in this clause as a New Digital Signature Certificate) on
the basis of another valid Digital Signature Certificate held by the
said person (referred in this clause as an Originating Digital Signature
Certificate) and subsequently the originating Digital Signature
Certificate has been suspended or revoked, the Certifying Authority
that issued the new Digital Signature Certificate shall conduct
investigations to determine whether it is necessary to suspend or
revoke the new Digital Signature Certificate;

(g) the Certifying Authority shall provide a reasonable opportunity for

the subscriber to verify the contents of the Digital Signature
Certificate before it is accepted;

(h) if the subscriber accepts the issued Digital Signature Certificate,

the Certifying Authority shall publish a signed copy of the Digital
Signature Certificate in a repository;

(i) where the Digital Signature Certificate has been issued by the
licensed Certifying Authority and accepted by the subscriber, and the
Certifying Authority comes to know of any fact, or otherwise, that
affects the validity or reliability of such Digital Signature Certificate, it
shall notify the same to the subscriber immediately;

(j) all Digital Signature Certificates shall be issued with a designated

expiry date.[2]

Validity of DSC: The DSCs are typically issued with one year validity
and two-year validity. These are renewable on expiry of the period of
initial issue.

Classes of DSC: There are mainly three classes of Digital Signature

Certificate
 i. Class 1 Certificate: issued to individuals/private
subscribers. These certificates confirm that user's name (or alias) and
E-mail address form an unambiguous subject within the Certifying
Authorities database.

ii. Class 2 Certificate: issued for both business personnel

and private individuals use. These certificates confirm that the
information in the application provided by the subscriber does not
conflict with the information in well-recognized consumer databases.

iii. Class 3 Certificate: issued to individuals as well as

organizations. As these are high assurance certificates, primarily
intended for e-commerce applications, they shall be issued to
individuals only on their personal (physical) appearance before the
Certifying Authorities.

Documents On Which eSign Is Invalid

According to Section 1(4) of the IT Act, 2000 shall not apply to

documents or transactions specified in the First Schedule. Thus,
digital signature does not apply to the documents contained in the
first schedule. The documents covered under the First Schedule are
as follows:

1. A negotiable instrument (other than a cheque) as defined in

section 13 of the Negotiable Instrument Act, 1881 (26 of 1881).

2. A power-of-attorney as defined in section 1A of the Powers-of-

Attorney Act, 1882 (7 of 1882).

3. A trust as defined in section 3 of the Indian Trust Act, 1882 (2 of

1882).

4. A will as define in clause (h) of section 2 of the Indian Succession

Act, 1925 (39 of 1925), including any other testamentary disposition
by whatever name called.

5. Any contract for the sale or conveyance of immovable property or

any interest in such property

Public key:

A public key is a cryptographic key that is shared publicly and used to

verify digital signatures or encrypt data. It is part of a key pair
generated in asymmetric cryptography, where the public key is
derived from the private key. The public key is used by others to
encrypt messages intended for the holder of the corresponding
private key or to verify digital signatures created with that private
key.

Empanelled-digital signature:
An empanelled digital signature refers to a digital signature issued by
a Certificate Authority (CA) that has been approved or accredited by
a government or regulatory authority. These empanelled CAs meet
specific criteria and standards set by the governing body and are
authorized to issue digital certificates for use in various applications,
including government transactions, legal documents, and financial
transactions.

Landmark Judgments:

One of the landmark judgments related to digital signatures is the

case of State of Maharashtra v. Dr. Praful B. Desai (2003). In this case,
the Supreme Court of India upheld the validity of digital signatures
and electronic records under the Information Technology Act, 2000.
The court emphasized the importance of digital signatures in
facilitating electronic transactions and recognized them as legally
valid means of authentication. This judgment played a significant role
in establishing the legal framework for electronic commerce in India
and set a precedent for the acceptance of digital signatures in legal
proceedings

In the case of Trimex International FZE Ltd. vs. Vedanta Aluminum

Ltd. and Ors. (2010), the Delhi High Court emphasized the
importance of digital signatures in electronic transactions. The court
held that digital signatures, when used in compliance with the
provisions of the Information Technology Act, 2000, carry the same
legal validity as handwritten signatures. This ruling underscored the
significance of digital signatures in ensuring the authenticity and
integrity of electronic documents and transactions.

In Shamsher Singh & Ors. v. State of Punjab (1974), the Supreme

Court of India held that a signature affixed by a rubber stamp would
be considered a valid signature if it is intended to authenticate the
document in question. This ruling highlights the principle that the
validity of a signature depends on the intention of the signatory to
authenticate the document.

The case of United States v. John Hancock Mutual Life Insurance Co.
(1978) is a landmark case in the United States concerning the legal
validity of electronic signatures. The court ruled that electronic
signatures could satisfy the signature requirement under the
Electronic Signatures in Global and National Commerce Act (ESIGN
Act) if they meet certain criteria, including being “attributable to a
person” and “logically associated with the record.”

In Taylor v. Caldwell (1863), the English Court of Queen’s Bench

held that the doctrine of frustration applies to contracts in cases
where performance becomes impossible due to the occurrence of an
unforeseen event. This ruling established the principle that parties to
a contract may be excused from performance if the contract becomes
impossible to perform through no fault of their own. While not
directly related to digital signatures, this case underscores the
broader legal principles of contract law that may apply to electronic
transactions.

Authentication of Electronic Records:

- A subscriber (a person in whose name an electronic signature

Certificate is issued) may authenticate an electronic record by affixing
their digital signature using the asymmetric crypto system and hash
function - Section 3 of the IT Act.

- A subscriber may authenticate an electronic record by affixing their

electronic signature or electronic authentication technique that is
reliable and specified in the 2nd Schedule of the IT Act - Section 3A
of the IT Act.

Legal Recognition under the IT Act:

- Electronic records are functionally equivalent to records available in

writing or in typewritten or printed form, provided such electronic
records are accessible for subsequent reference - Section 4 of the IT
Act.

- Electronic signatures, including digital signatures, are functionally

equivalent to physical signatures - Section 5 of the IT Act.
- Electronic records and electronic signatures used by the
Government in its regular transactions are functionally equivalent to
records and signatures available in physical form - Section 6 of the IT
Act.

Presumptions to Electronic Records, Electronic Signatures, and ESCs:

- An electronic record is deemed to be a document and is therefore

admissible – Section 65B read with Section 65A of the Indian
Evidence Act (IEA), 1872.

- In the case of Anvar P. V v. P. K. Basheer (2014), a Division Bench of

the Supreme Court held that the safeguards stipulated under Section
65B of the Indian Evidence Act ensure that the source and
authenticity of electronic records are reliable. Without such
safeguards, any trial based on the proof of electronic records might
vitiate justice.

- The Court shall presume that an electronic signature in an electronic

agreement is valid – Section 85A of the Indian Evidence Act.

- In any proceeding involving a secure electronic record, the Court

shall presume that the secure electronic record has not been altered
up to the point in time to which the secure status relates.
Additionally, in any proceeding involving a secure digital signature,
the Court shall presume that such signature is affixed by the
subscriber with the intention of signing/approving the electronic
record – Section 85B of the Indian Evidence Act.

- The Court shall presume that the information listed in an ESC is

correct except for information specified as subscriber information
that is not verified – Section 85C of the Indian Evidence Act.

It can be said that except in the case of a secure electronic signature,

if the electronic signature of any subscriber is alleged to have been
affixed to an electronic record, the fact that such electronic signature
is that of the subscriber must be proved – Section 67A of the Indian
Evidence Act.

- To ascertain whether a digital signature belongs to a particular

person, the Court may direct

(a) the person or the Controller or the Certifying Authority to produce

the DSC

(b) any other person to apply the public key listed in the DSC and
verify the digital signature claimed to have been affixed by that
person – Section 73A of the Indian Evidence Act