Log in ....Tribune

Monday, February 24, 2003
Feature

Digital signature different from electronic one
Geeta Gulati

WITH economy having undergone a sea change from agrarian to industrial and now cyber economy, the growth of e-commerce has led to the requirement of electronic alternative to handwritten signature.

As online business involves both businesses and consumers, items of valuable consideration are being purchased and sold by mutual agreement done electronically, which can have substantial economic consequences. For example, in the event of any dispute, the problem of establishing the authentication and integrity of the electronic communication will be difficult. In order to overcome such an eventuality, the provision for digital signatures was provided in the IT Act, 2000.

Digital signature is not to be confused with electronic signature. A signature, which can be executed by using a symbol or sound like writing name at the end of the e-mail is an electronic signature. This does not verify whether the document has been altered in the transaction. This, thus, does not provide for the authentication and veracity of the message.

Digital signature is done electronically by using the Asymmetric Cryptography through a combination of a pair of keys called public key and a private key.

The private key is with the subscriber to create the digital signatures. The public key is with the receiver to verify the digital signatures. Digital signature can be executed by following a few steps. The signer first drafts the message that he wishes to sign digitally. Then he uses the hash function to create hash result or message digest of the original message by using the digital signature software. Finally, the signer uses his private key to sign the message digest. It’s not possible to alter a message digest back to the original data from which it was created.

The receiver decrypts the digital signature by signer’s public key, changing it back into a message digest by using the same hash function as that of a signer if the hash result matches. It implies that the message has not been altered unauthorisedly.

Digital signature fulfills various legal purposes for the effective use of electronic records in e-commerce in government and its agencies. It provides for authenticity, as digital signatures cannot be forged unless the signer losses control over his private key. The signer is accountable for legal consequences, as the message cannot be repudiated thus preventing cheating and other malicious activities. It also provides for the confidentiality of the information.

The IT Act has given legal recognition to digital signature meaning, thereby, that legally it has the same value as handwritten or signed signatures affixed to a document for its verification.

Digital signature under the IT Act authenticates all electronic documents, except Negotiable Instruments, Power of Attorney, Trusts, Wills or other Testamentary dispositions and document for the sale or conveyance of immovable property.

Digital signature certificate is issued by certifying authority, appointed under the IT Act, by making an application with the prescribed fee to the same. Digital Signature Certificate is issued with a designated expiry date. Certifying Authority has the power to suspend and revoke a Digital Signature Certificate after publishing notice of the same.

Digital signatures, thus, provide for the legality and trustworthiness of the electronic document.