⭐ Q.2 (a) Explain the process of creation and verification of Digital Signature.
1. Introduction
Digital signature is the heart of the Information Technology Act, 2000 because it gives legal validity to electronic records.
It is equivalent to a handwritten signature in the physical world.
Section 3 & 3A of the IT Act provide the legal foundation of digital signatures and electronic signatures.
Digital signatures ensure:
- Authenticity → Sender is genuine
- Integrity → Data not altered
- Non-repudiation → Sender cannot deny sending
⭐ 2. Process of Creation of Digital Signature
Digital signature is created through Public Key Infrastructure (PKI) using two keys:
- Private Key → known only to the signer
- Public Key → available to everyone
The process includes the following steps:
Step 1: Hashing the Document
- Before signing, the document is converted into a hash value (mathematical summary).
- This ensures security and faster processing.
Step 2: Encryption with Private Key
- The hash value is encrypted with the signer’s private key.
- This encrypted hash becomes the digital signature.
Step 3: Attaching the Signature
- The digital signature is attached to the electronic record or document.
Step 4: Sending the Document
- Signed electronic document is sent to the receiver.
⭐ 3. Process of Verification of Digital Signature
Verification is done using the public key of the signer.
Step 1: Receiver Obtains Public Key
- Public key is available through the Digital Signature Certificate (DSC) issued by a Certifying Authority (CA).
Step 2: Decryption of the Signature
- Digital signature is decrypted using the signer’s public key.
Step 3: Re-Hashing the Original Document
- Receiver generates a new hash from the received document.
Step 4: Compare Both Hash Values
If both hash values match, then:
- Signature is valid
- Document not tampered
- Sender is genuine
If they do not match, verification fails.
⭐ 4. Legal Basis (Sections of the IT Act)
- Section 3 → Digital Signature using asymmetric crypto system + hash function.
- Section 3A → Electronic Signature provisions.
- Section 5 → Legal recognition to digital signatures.
- Section 15 → Secure digital signatures.
⭐ 5. Case Laws Related to Digital Signatures
1. P.R. Transport Agency v. Union of India
- Online tenders submitted with digital signatures are valid.
2. Trimex International v. Vedanta Aluminium (2010)
- Emails and digital signatures can form a binding contract.
3. State of Maharashtra v. Dr. Praful B. Desai
- Court recognised the importance of electronic processes in justice administration (video testimony allowed)—supports digital authentication culture.
⭐ 6. Conclusion
The digital signature system provides security, trust, and legal authenticity to electronic communications, making online business, e-governance, and e-contracts legally reliable in India.
⭐⭐ Q.2 (b) Discuss the functions and powers of Controller of Certifying Authorities (CCA).
1. Introduction
The Controller of Certifying Authorities (CCA) is appointed under Section 17 of the IT Act, 2000.
CCA regulates and supervises the entire digital signature infrastructure in India.
CCA ensures:
- trust in electronic transactions
- proper functioning of Certifying Authorities (CAs)
- security of digital signatures
⭐ 2. Major Functions of CCA
1. Licensing Certifying Authorities (Section 21)
CCA grants licenses to organizations to act as Certifying Authorities.
Only licensed CAs can issue Digital Signature Certificates.
2. Laying Down Standards (Section 18)
CCA defines:
- security standards,
- procedure for digital signatures,
- encryption standards,
- hardware and software guidelines.
3. Monitoring Certifying Authorities
CCA regularly checks:
- whether CAs follow rules,
- maintain security,
- keep proper records,
- renew or suspend licenses if needed.
4. Audit and Inspection (Section 28)
CCA has the power to:
- conduct audits,
- inspect the systems of Certifying Authorities,
- review their security practices.
5. Specifying Digital Signature Formats
CCA notifies:
- X.509 certificate format,
- cryptographic algorithms,
- key sizes,
- digital signature standards.
6. Maintaining the National Repository of Digital Certificates (NRDC)
CCA maintains a government repository containing:
- all digital signature certificates,
- public keys of Certifying Authorities.
This allows safe verification of signatures.
7. Power to Suspend or Revoke License (Section 25)
CCA can:
- suspend,
- revoke,
- cancel a CA’s license for violations.
8. Dispute Resolution
CCA settles disputes:
- between subscriber and CA,
- between two CAs,
- or between CA and any person affected.
9. Framing Rules & Regulations
CCA frames:
- guidelines for digital signatures,
- certification practice statements,
- subscriber agreement rules.
⭐ 3. Powers of CCA
1. Investigative Powers
CCA can:
- call for documents,
- inspect equipment,
- order inquiries.
2. Enforcement Powers
CCA can:
- impose penalties,
- suspend licenses,
- abolish faulty CAs.
3. Technical Powers
CCA decides:
- cryptographic methods,
- security protocols,
- standards for keys and certificates.
4. Administrative Powers
CCA appoints:
- Deputy Controllers,
- Assistant Controllers,
- and staff to monitor operations.
⭐ 4. Case Laws Related to CCA
1. P.V. Anvar v. P.K. Basheer (2014)
Court highlighted the importance of proper certification for digital evidence.
CCA rules guide proper certification practice.
2. P.R. Transport Agency Case
Court upheld validity of digital signatures, indirectly supporting the work of CCA.
⭐ 5. Conclusion
CCA is the backbone of the digital signature and e-authentication system in India.
It ensures:
- trust,
- transparency,
- reliability,
- security
in all electronic transactions governed under the IT Act, 2000.
Comments
Post a Comment