A Digital Signature Certificate (DSC) is a secure digital key that certifies the identity of the holder, issued by a Certifying Authority (CA). It typically contains your identity (name, email, country, APNIC account name and your public key). Digital Certificates use Public Key Infrastructure meaning data that has been digitally signed or encrypted by a private key can only be decrypted by its corresponding public key. A digital certificate is an electronic "credit card" that establishes your credentials when doing business or other transactions on the Web.
A digital signature is an electronic form of a signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and also ensure that the original content of the message or document that has been sent is unchanged. Digital signatures are easily transportable and cannot be imitated by someone else. The ability to ensure that the original signed message arrived means that the sender cannot easily disclaim it later.
You can use Digital Signature Certificates for the following:-
* For sending and receiving digitally signed and encrypted emails .
* carrying out secure web-based transactions, or to identify other participants of web-based transactions.
* In eTendering, eProcurement, MCA [for Registrar of Companies efiling], Income Tax [for efiling income tax returns] Applications and also in many other applications. For signing documents like MSWord, MSExcel and PDFs.
* Plays a pivotal role in creating a paperless office.
How does a DSC works
A Digital Signature Certificate (DSC) explicitly associates the identity of an individual/device with a two keys - public and private keys. The certificate contains information about a user's identity (for example, their name, pincode, country, email address, the date the certificate was issued and the name of the CA. These keys will not work in the absence of the other. They are used by browsers and servers to encrypt and decrypt information regarding the identity of the certificate user. The private key is stored on the user's computer hard disk or on an external device such as a USB token. The user retains control of the private key; it can only be used with the issued password. The public key is disseminated with the encrypted information. The authentication process fails if either one of these keys in not available or do not match. This means that the encrypted data cannot be decrypted and therefore, is inaccessible to unauthorized parties.
There are four classes of certificates given below :-
0 Certificate: This certificate shall be issued only for demonstration/ test purposes.
1 Certificate: Class 1 certificates shall be issued to individuals/private subscribers. These certificates will confirm that user's name (or alias) and E-mail address form an unambiguous subject within the Certifying Authorities database.
Class 2 Certificate: These certificates will be issued for both business purpose and private individuals use. These certificates will confirm that the information in the application provided by the subscriber does not conflict with the information in well-recognized consumer databases.
Class 3 Certificate: This certificate will be issued to individuals as well as organizations. As these are high assurance certificates, primarily intended for e-commerce applications, they shall be issued to individuals only on their personal (physical) appearance before the Certifying Authorities.
Difference Between Electronic Signature & Digital Signature
Electronic signature is not the same as a digital signature, even though many use the two terms interchangeably. Digital signatures embed a unique digital fingerprint into documents and the signer is required to possess a certificate-based digital ID (a digital certificate) in order to link the signer and document. Digital certificates are digital forms of identification; you can compare it to the physical forms of ID, such as a drivers license or a passport . These certificates are issues by certification authorities (CAs) and these authorities provide users two digital keys for the certificate :- a public key and a private key.
When a digital document is sent and the signer has a digital certificate, he or she can share the public key with the documents originator and then enter their private key when signing. While this process does succeed in verifying signer identity, it is extremely cumbersome, impractical and not viable as most signers do not posses these digital certificates. Moreover, digital certificates do not provide any additional security benefits other than signer identity verification.