What is a Digital Signature?

A digital signature is a legally valid signature created by a pair of encrypted numbers known as the public key and private key to authenticate documents. The documents signed using digital signatures are attested with the specific time, date, name of the person/organization, address, email address, pin code, and name of certifying authority along with the signature.

Mainly, the RSA algorithm is used to generate the public key and private key stored in a hardware security module (HSM) or cloud HSM. Digital signatures follow the protocols of Public Key Infrastructure (PKI) which manages and stores signers' information using asymmetric cryptography to ensure high assurance security. Only the licensed certifying authorities (CA) who are approved by the controller of certifying authority (CCA) are authorized to issue digital signature certificates in India. A digital signature certificate holds the verified identity of the signer and it is used to digitally sign documents for a multitude of use cases.

eMudhra, a licensed certifying authority carries out the registration and authentication of the identity of individuals/ organizations to issue the digital signature certificate (DSC). The registration process is done using multi-factor authentication to ensure identity assurance. It may include biometrics, fingerprint, USB tokens, smart cards, etc. In order to leave no room for tampering. In India, it is mandatory to use digital signature certificate(DSC). To digitally sign various government documents such as income tax returns, e-procurements, and EPFO filing.