Q:1. What is a digital signature?
A: A digital signature (standard electronic signature) produces an electronic “fingerprint” that is unique to both the document and the signer. Digital signatures can ensure the authenticity of the signer, as well as the integrity of the contents of the document being signed. Any changes made to the document after it has been signed will invalidate the digital signature, thereby protecting against signature forgery and information tampering.
Q: 2. How safe is a digital signature vs. a handwritten signature ?
A: While both handwritten and digital signatures (standard electronic signatures) are legally-binding, only digitally signatures are reliable in electronic world.
Q:3. Is there a "Specimen Digital Signature" like paper signature?
A: No, The Digital signature changes with content of the message.
Q:4. Does a digital signature really seal an electronic document?
A: Yes. Based on the standards digital signatures has the potential to “seal” documents by
♦ Providing evidence of user identity
♦ Guaranteeing data integrity
♦ Ensuring non-repudiation of signed electronic documents
Q: 5. What is PKI?
A: Public Key Infrastructure (PKI) refers to the infrastructure that is essential for a provable and acceptable digital signature (standard electronic signature). PKI encompasses different components, which include a Certificate Authority (CA), end-user enrolment software, and tools for managing, renewing and revoking keys and certificates.
Q:6. What is a Digital Signature Certificate (DSC)?
A: In cryptography, a digital signature certificate is issued to an individual or organization, stating their public key along with their identity.
Q:7. Why is a Digital Signature Certificate (DSC) required?
A: A DSC certifies the public key of the signer, generally by a trusted third-party.Non-repudiation is achieved by proving the authenticity of the signer (user or organization) and its public key.
Q:8. What does X.509 refer to when it relates to digital signature certificates?
A: X.509 is the industry standard for digital signature certificate format. It defines the various mandatory and optional attributes that can be defined within the certificate.
Q:9. What is a Certificate Revocation List?
A: A Certificate Revocation List (CRL) is a list of certificates that have been revoked, and therefore the relying party (user or organization) should no longer trust it.
Q:10. Is it safe to send my Digital Signature Certificate via email?
A: Yes. A digital signature certificate contains only the public information of the user, such as ID, name, and public key. The personal component of the user’s signature credentials, like the private key, is not included in the certificate.
Q:11. What is a root certificate, and why do I need one?
A: A root certificate is a self-signed certificate used to identify the Root Certifying Authority (CA). The root certificate serves as an anchor of trust in a trust hierarchy that starts from the end-entity certificate up to the root.
Q:12. Why does a digital signature certificate have a limited validity period?
A: Digital signature certificates have an explicit start date and an explicit expiration date. This is because, the keys associated with a certificate and the algorithms used have to be frequently updated owing to the increasing security threats.
Q:13. What is the difference between RA(Registration Authority) and CA(Certifying Authority)?
A: RA interacts with the subscribers (individuals / organizations) for providing CA services, like verification of the physical or real identity of the subscribers. The RA is subsumed in the CA, which takes total responsibility for all actions of the RA.
Q:14. When you use a shared computer or resource, is there any possibility of threat to the security of the digital signature?
A: No, there is no threat to the security of the owner / users digital signature, if the private key lies on the crypto token and does not leave the crypto-token.
Q:15. One can forge and sign a paper without the knowledge of a signer. Is it possible in digital signature also?
A: depends upon the how the subscriber (individual / organization) has kept his private keys. If private key is not stored securely, then it can be misused without the knowledge of its owner.
Q:16. Can a person have two digital signatures say one for official use and other one for personal use?
A: Yes
Q:17. If a person is transferred from one post to another (say in govt. department), the digital signature will also change (yes/no)? Please explain?
A: Yes. On moving from one department to another, if the procedures in place so demand, then the existing certificate has to be revoked and a new one issued. In any case, the digital signature generated is different each time, even if the same key has been used.
Q:18. What is the legal sanctity of a certificate issued by outside CA (CA of a foreign country)?
A: The sanctity of such a certificate will be as per the agreement between outside CA and a licensed CA in India. Such an agreement has to be approved by the CCA.
Q:19. Does a person require multiple Digital Signatures Certificates for different places or organizations?
A: It is not mandatory. However, certificates could be issued for different purposes to the same individual. e.g. by the bank where the individual has an account as a customer, by the government to its official.
Q:20. How can I obtain a Digital Signature Certificate (DSC)?
A: A subscriber (individual or organization) can obtain DSC by applying to any of the licensed CA (Certifying Authority) that has been granted license by the office of Controller of Certifying Authorities (CCA) for issuing Digital Signature Certificate under Section 24 of the Indian IT-Act 2000. Some of the CA’s who have been granted permission or license by the CCA are: e-Mudhra, (n)Code Solutions, IDRBT etc... .
Q:21. What is the cost of obtaining a Digital Signature Certificate (DSC)?
A: The cost of a DSC depends upon a class, type and validity of the certificate. Also the costs may from CA to CA, and it is up to the subscriber to choose it.
Q:22. How much time doesa CA take to issue a DSC?
A: The time taken by a CA to issue a DSC may vary from three to seven days.
Q:23. What is the validity period of a Digital Signature Certificate?
A: A subscriber (individual or organization) can obtain DSC by applying to any of the licensed CA (Certifying Authority) that has been granted license by the office of Controller of Certifying Authorities (CCA) for issuing Digital Signature Certificate under Section 24 of the Indian IT-Act 2000. Some of the CA’s who have been granted permission or license by the CCA are: e-Mudhra, (n)Code Solutions, IDRBT etc... .
Q:24. What is the legal status of a Digital Signature?
A: Digital Signatures are legally admissible in an Indian court of Law, as provided under the provisions of Indian IT Act 2000.
Q:25. How to encrypt a message?
A: Encryption in Public Key Cryptography is done by encrypting the message by using the public key of the receiver so that only the receiver will be able to decrypt the message using his/her private key. This approach also ensures that there is no need to share any keys between the sender and receiver.
Q:26.Can I use the Digital Signature Certificate for encrypting a message?
A: No. A Digital Signature Certificate is issued only for the purpose of Digital Signing. For encryption, one can use an Encryption Certificate obtained from the CA. However it may be noted that, an encryption certificate is required only for receiving encrypted messages, as for sending an encrypted message, the sender will be using the public key of the receiver’s encryption certificate.
Q:27. Why can’t I use my Digital Signature Certificate forever?
A: The continuous advancements made in computing, warrant change of algorithms, key sizes etc.. to increase the security and reduce the vulnerabilities. Therefore it becomes essential to have a limited validity period for a Digital Certificate.
Q:28. If my digital signature certificates becomes invalid (expired or revoked) will my previously digitally signed documents be still legally valid?
A: Yes, the legal validity of a digitally signed document depends on the validity of the digital signature certificate used at time at which it was signed.
Q:29. How do I secure my Private Key?
A: Keys are generally stored in a pin-protected, tamper-proof cryptographic USB hardware token, supplied by the Certifying Authority.
Q:30. What class of Certificate should I take, as an Individual?
A: It depends on your requirement. However it is advisable to go for Class-3 Certificates, especially when you need to use services that require high level of assurance.