Digital Signature Certificates/Digital Signatures

What is a digital certificate or a digital signature certificate (DSC)?

Ans. A digital certificate or a digital signature certificate (DSC) is a digital record of credentials of an individual or an organization. It verifies the ingenuity of an entity involved in an online transaction. DSCs come in handy during online transactions including e-filing of income tax return, e-tendering, online monetary transactions, etc. over the internet. They are also used during the exchange of confidential information through emails to ensure security and originality of the information as well as its sender.

What is a digital signature?

Ans. A digital signature is an electronic form of signature which verifies the authenticity of a digital document. Digital signatures also verify the identity or authenticity of the sender of the information over the Internet. They also add up to security measures employed during any online transactions.

What is the difference between a digital signature and a digital signature certificate (DSC)?

Ans. Digital signatures offer authenticity verification, privacy and security to its users during online transactions and exchange of information. Digital signatures are used for secure messaging, online banking application use, secure online workflow applications, supply chain management, etc.

The digital signature certificate contains the record of the holder of the certificate and details of the digital certificate.

These are digital documents which verify that a digital authentication associated with an individual or a specific entity does exist. The digital certificate helps prevent any sort of jeopardy to the identity and security of an individual or an entity, from an impersonator.

Why do I need a Digital Signature Certificate?

Ans. A digital signature certificate is an electronic authenticity of one’s identity. It also offers top-notch security and privacy to the user’s online transactions. Certificates can also be used to encrypt the information which will ensure that only the intended recipient can go through it. Digitally signing information also assures the user that the information cannot be changed by a third party halfway during the transaction. It also verifies the user’s identity as the sender of the information.

What are the different types of DSC?

Ans.

Class 1 certificate: This digital certificate is issued to an individual for personal use. User may employ the certificate to prove the authenticity of his identity or of the information shared by him. It is mandatory for an individual, applying for a class 1 certificate, to have a valid email id.

Class 2 certificate: This sort of digital signature is issued to individuals involved with an organization as well as for the personal use of an individual. Class 2 certificate is used to complete transactions which involve the Ministry of corporate affairs or the Registrar of companies. A person applying for a class 2 certificate needs to present a valid identity proof as well as the address proof.

Class 3 certificate: Considered as the most exclusive digital certificate of all, class 3 certificate is the definitive identity authentication and security mean. It is mandatory for organizations and individuals involved in online e-tendering, e-procurement, patent filing, and trademark filing process to have a valid class 3 certificate. It is essential for the person applying for this sort of certificate to register his physical presence before the certifying authority.

What is a Root certificate?

Ans. A root certificate is self-signed or self-recognized public key certificate that identifies the Root Certificate Authority (CA). Root Certifying Authority of India (RAI) is responsible for issuing root certificates in India.

What is Digital Time Stamping?

Ans. As the name suggests, a digital timestamping service issues time stamps. The function of Digital time stamp is similar to any other timestamp i.e. to denote date & time of action on a document. Digital timestamps are used to verify the original date of creation of a document.

Are Digital Signatures legally valid in India?

Ans. Yes, the Information Technology Act of 2000 confirms the legal validity of digital signatures in India.

Where can I use Digital Signature Certificates?

Ans. You can use Digital Signature Certificates for:
Secure exchange of information and online transactions
Encrypting information in an email
Identifying participants of an online transaction
Proving authorship of a digital content
Filing income tax returns
Transactions with Ministry of Corporate Affairs
Applying for e-tenders
Proving the authenticity of a trademark

Public Key Infrastructure & Cryptography

What is Public key infrastructure (PKI)?

Ans. PKI or Public Key Infrastructure is a set of comprehensive system policies, procedures, and technologies working together to allow secure and confidential communication between internet users. It involves encryption of information at the sender’s end and decryption at receiver’s end.

How are PKI and security associated?

Ans. PKI manages and regulates cryptography i.e. encryption and decryption of data, which is a security measure for safekeeping of confidential data. PKI accomplishes this task by pro-offering the facility of encoding information at the sender’s end and decoding it on the receiver’s end.

What is cryptography?

Ans. Cryptography is the practice of employing encryption and decryption techniques for a secure sharing and storing of data and information across insecure networks such as the Internet, in a secure manner.
Cryptography essentially comprises of encrypting the information at one end and decrypting it at the other end. Encrypted data remains hidden and inaccessible to everyone except the intended recipient.

What is encryption and decryption of data?

Ans. Encryption is the process of encoding a message or a piece of information in such a manner, that only the authorized party can receive and go through it. The sender of the information uses an encryption key to scramble information so that it is unintelligible to adversaries.

Decryption is the complementary process of encryption. A user who receives an encrypted data needs to decrypt it before he can go through it. Decryption converts the scrambled information back to its original form by the use of a decryption key.

What are the types of cryptography?

Ans. Symmetric, or secret key, cryptography uses a single key to both encrypt and decrypt the data. Asymmetric or public key cryptography is a method for securely exchanging messages, by assigning a complementary pair of keys, one public and one private, to the individuals involved in the exchange of information.

What is the difference between public and private keys?

Ans. The private key is one of the keys of a key pair used to create a Digital Signature. The private key is kept confidential.
A Public Key, as the name suggests, is made available to everyone.

What is the difference between digitally signing and encrypting an email?

Ans. Digitally signing an email message comprises of attaching a Digital Certificate to it so that the recipient is reassured that the sender of the information is authentic and the information has not tampered midway. Although, signing a message does not ensure protection from third-party monitoring.

Encrypting a message ensures that the information being shared on an insecure network can be accessed by the intended recipient of the information only. This is a safeguard measure against monitoring of confidential information. In order to send a signed message, you must have a Digital Certificate. Encrypting a message requires the sender to have the recipient’s Digital Certificate.

What actually happens when I digitally sign any transaction?

Ans. Once a transaction is digitally signed, it gets encrypted by a private key. When the recipient receives the information with the digital certificate attached to it, he can verify the information using the public key associated with the certificate. Thus, signing a transaction: Verifies a user’s identity and maintains non-repudiation of information Establishes user’s credentials to perform the transaction Protects the integrity and ingenuity of the information itself.
Once a transaction is digitally signed by a user, it offers a substantial proof of involvement of the user in the transaction, this is referred to as non-repudiation of information.

Authorities, Agreements & Protocols

What is a Certifying Authority?

Ans. Certifying Authorities are licensed bodies which facilitate digital signature certificate. Certifying authorities are regulated by the Controller of Certifying Authorities (CCA), a government of India endeavour. They are licensed to issue, revoke, renew and cache digital signature certificates.

What is CCA?

Ans. The Controller of Certifying Authorities (CCA) is a subsidiary of the Government of India. It issues a license to CAs and regulates their working. The CCA offers certification to public keys of CAs. The Controller of Certifying Authorities (CCA) has been appointed by the Central Government of India under section 17 of the IT Act 2000, to monitor all the CAs in the country.

What is the role of CCA?

Ans. The role of the Controller of CAs (CCA) is to regulate and license the activities of CAs. As CAs perform a trusted role in verifying the identities of parties in electronic transactions, the CCA seeks to provide the assurance that the CAs’ responsibilities are met and that these services are made available with apt security and service standards.

What is RCAI?

Ans. RCAI or the Root Certifying Authority of India is responsible for digitally signing the public keys of all the licensed CAs in India. It was established by the CCA under Section 18(b) of the IT Act 2000. The RCAI root certificate is the highest level of digital certification in the country and hence RCAI root certificate is a self-signed certificate.

The key activities of the RCAI are:

Digitally signing licenses issued by CCA to CA
Digitally signing public keys corresponding to private keys of a CA
Ensuring the availability of signed certificates for verification by a relying party through the CCA or CA.

What is NRDC?

Ans. CCA is also responsible for maintaining the National Repository of Digital Signature Certificate (NRDC), which is a storage facility of all the digital certificates issued by numerous CAs in India. NRDC is also responsible for keeping a record of all the expired and revoked digital certificates and facilitates verification of public keys issued by various CAs.

What is an Associate?

Ans. An Associate is an official for a Certifying Authority available for the subscriber to initiate the application/registration process. Associate collects the filled in application form along with admissible documents. The application form and the documents are then verified for their authenticity and accuracy. Once the verification is approved by the associate the application is processed further and the certificate is produced.

What are Certificate Policies?

Ans. Certificate Policies describe details of different classes of certificates issued by a Certifying Authority. These details include procedures involved in the issuance and revocation of digital certificates and terms of usage of certificates.

What is Certification Practice Statement (CPS)?

Ans. Certification Practice Statement is a statement of practice or a code of conduct, employed by a licensed Certifying Authority in issuing and managing digital certificates. A CPS may be drafted by the CA as a declaration with the details of its management system and the practices it employs in its operations for issuance of a certificate.

What is a Subscriber Agreement?

Ans. Subscriber Agreement is an agreement between a subscriber and a Certifying Authority for the provision of designated public certification services in accordance to a Certification Practice Statement.

What is key agreement protocol?

Ans. A key agreement protocol is a secure and convenient mode for two or more parties to resolve upon a key to be used for secret key cryptography. It is also referred to as a key exchange protocol. Key agreement protocol allows users to share keys freely and securely over an insecure medium, without employing the use of a previously established shared secret.

What does “Relying Party” mean?

Ans. A Relying Party is an individual or an entity that relies on the information provided in a digital certificate.

Certificate Validation Mechanism

What is Certificate Validation?

Ans. Certificate Validation refers to the procedure of determining the status of a certificate I.e. whether it is valid, expired or revoked. Digital certificates have a validity period of one, two and three years.

What is Certificate Validation Mechanism?

Ans. It is the mechanism used to check the validity of the digital signature certificate, every time a digital signature certificate is used to sign a transaction. This ensures that the certificate has not been revoked or expired.

What are the various validation mechanisms available?

Ans. One can validate a certificate by using one of these mechanisms; CRL, OCSP or CAM.

What is Certificate Revocation?

Ans. Certificate Revocation is the cancellation of the Digital Signature Certificate. A certificate may be revoked because of any of the following reasons:
Inaccuracy in the data on the digital certificate
Revocation on the request from the subscriber of the digital certificate.
In the case of secrecy of private key being compromised
Change of any information on digital certificate.

What is Certificate Revocation List (CRL)?

Ans. Certificate Revocation list is a list published by Certifying Authorities which contains detail of all the digital certificates that have been revoked, expired or are considered no longer valid. The CRL is updated on a periodic basis and published at regular intervals by Certificate Authorities.

What is OCSP Validation?

Ans. OCSP which stands for online certificate status protocol, is another mechanism to check the validity of a digital certificate. Whenever a user tries to use the digital certificate over the server, OSCP requests a validity check, the server responds back with the status of the digital certificate.

What is CAM?

Ans. The Certificate Arbitrator Module (CAM) provides validation services across different vendors of the ACES (Access certificates for electronic services) program.

Why do I need to validate a Digital Certificate?

Ans. Validation of a Digital Certificate is required to check the status of a digital certificate, to ensure that the digital certificate is valid for use and has not been revoked, changed or has expired.

Technology

What is an e-token?

Ans. An E-tokens is a secure hardware device that contains private and public key certificates, and a cache of other certificates. E-Tokens enhance the security of data on public and private networks. E-tokens can be used to generate and provide secure storage for passwords and Digital certificates, for secure authentication, digital signing and encryption.

What is a hash algorithm?

Ans. A hash algorithm is a function that converts a data string into a numeric string output of a fixed length which is generally much smaller than the original data. Hash algorithm can be used in the encryption and decryption of digital signatures. The hash function transforms the digital signature, then both the hash value and signature are sent to the receiver. The receiver uses the same hash function to generate the hash value and then compares it to that received with the message. If the hash values are the same, it is likely that the message was transmitted without errors.

What is Cryptographic Service Provider?

Ans. Cryptography Service Provider or CSPs, provide hardware and software-based encryption and decryption. A CSP is responsible for creating and revoking keys, and using them to perform a variety of cryptographic operations.

What is SSL (secure socket layer)?

Ans. An SSL (Secure Sockets Layer) is a standard security technology. It provides a secure connection between internet browsers and websites, allowing you to transmit private data online. Websites frequently use SSL technology for secure online monetary transactions through credit cards or internet banking.

What is MIME?

Ans. Multipurpose Internet Mail Extensions, (MIME) is an Internet standard format that allows the attachment and sending of non-text files including compressed files, sound clips, graphics file, videos to an e- mail.

What is Secure Multipurpose Internet Mail Extensions (S/MIME)?

Ans. S/MIME, which abbreviates from Secure/Multipurpose Internet Mail Extensions, is a standard for public key encryption and signing of MIME data i.e. an email message. It defines the specifications to support the signing and encryption of e-mail security to be transmitted across the Internet.

What do X.509 and X.500 mean?

Ans.

X.509: – is an standard for a public key infrastructure (PKI) to verify that a public key belongs to the user, computer or service identity contained within the certificate. An X.509 certificate contains information about the identity to which a certificate is issued and the identity that issued it.

X.500: – The X.500 directory service is a global directory service whose components cooperate to manage information about objects including countries, organizations, people, and machines in a worldwide scope. It provides the ability to look up information by name and also to browse and search for information.

What is Message Digest?

Ans. Message digests are designed to protect the integrity of a piece of data or media to detect changes and alterations to any part of a message.

They are a type of cryptography utilizing hash values that can warn the copyright owner of any modifications introduced to their work.

Each message digest hash number is specified for a particular file containing protected work. Thus, one message digest is assigned to particular data content. It refers to any change made deliberately or accidentally to the protected work. It also prompts the owner to identify the modification as well as the individual making the change.

What is PKCS?

Ans. The Public-Key Cryptography Standards (PKCS) are a set of inter-vendor standard protocols for making possible secure information exchange on the Internet using a public key infrastructure (PKI). PKCS or public key cryptography standards are formulated and published by the RSA security which also promotes the use of cryptographic techniques. It can be said that PKCS includes all the techniques that are used in modern-day cryptography.

What is the Smart Card?

Ans. A smart card is a plastic card which looks similar to a credit card. It has a built-in microprocessor and memory which is used for identification during financial transactions. When it is inserted into a reader, it transfers data to and from a central computer. It is more secure than a magnetic stripe card. It can also be programmed for Self-destruction to prevent its misuse. Self-destruction is initiated if an unauthorized authentication is being performed several times.

What is the HSM card?

Ans. A hardware security module (HSM) is a hardware device that stores and secures digital keys for authentication and provides cryptographic processing. They are generally in the form of a plug-in card or an external device that is attached directly to a computer or network server.

What is MD5?

Ans. The MD5, message-digest algorithm is a widely used cryptographic hash function that is used to verify data integrity through the creation of a 128-bit message digest from data input. MD5 has been utilized in a wide variety of cryptographic applications, it is also used to verify data integrity.

Minimum Requirements

What are the minimum system software and hardware requirement for download a DSC?

Ans. Please use a system with a minimum configuration of
Windows 7 Service pack 1
Internet Explorer 9
.Net Framework 4.5
but we would prefer a system with the latest configuration.
Windows 10
Internet Explorer 11
.Net Framework 4.5