Digital Signature in Cyber Law

 The Information Technology Act, 2000 (IT Act) describes digital signatures as a means of authentication for electronic records. A digital signature is usually a process to ensure that an electronic document is authentic or original.

A digital signature is a type of electronic signature which can be used to authenticate the identity of the sender of a message or the signer of a document, and also secure that the original content of the message or the document sent hasn’t been changed or tampered. Digital signatures are easily transportable and cannot be imitated by anyone else. The ability to ensure that the genuine signed message arrived means that the sender of the message cannot easily disclaim it later. Therefore, Digital Signatures provide the three features which are as followed: -

1. Authentication- Digital signatures are utilized to authenticate the source of messages. The ownership of a digital signature key is restricted to a specific user therefore a valid signature provides that the message was sent by that user itself.
2. Integrity - In most of the cases, the sender and receiver of a message need assurance that the message has not tampered during the transmission of a message. Digital Signatures also provide this feature by utilizing cryptographic message-digest

• Non-Repudiation – Digital signatures also ensures that the sender who has signed the information later cannot at a point deny of not signed

As we observe that many of the Government submissions in India do require documents to be authenticated by digital signatures. All filings at Income Tax, Patents, Registrar of Companies, Trademarks, Copyrights also require digital signatures to be affixed on the documents.

How Digital Signatures work

The technology of Digital Signatures requires a key pair called the Public and Private Key. Similarly, as physical keys are used for locking and unlocking of the locker and safe, in cryptography, the equivalent functions are encryption and decryption. The private key should be kept confidential with the owner usually on a secure media platform such as crypto smart card or crypto token. The public key is shared with everyone. Information encrypted using the private key can only be decrypted by utilizing the corresponding public key.

However, in a case to digitally sign an electronic document, the sender utilizes his/her Private Key. And further to verify that digital signature, the recipient uses the sender’s Public Key.

For example, you need to send a confidential document to your colleague in some different state/country and also want to assure that it wasn’t changed from what you had originally sent, Then, in that case, you will:

Copy and paste the contract into an e-mail notepad. Convert it into the electronic form of a document. (Eg.: - word, pdf).

1. Using any special software, you obtain a message hash (fixed-size bit string) of the contract.
2. Then utilize your private key to encrypt the message
3. The encrypted message hash converts into your digital signature of the contract and is affixed to the

On the other end, your colleague receives the message.

1. To make sure the contract is originally and has been sent by you, your colleague generates a message hash of the received
2. He then utilizes your public key to decrypt the Digital Signature received along with the
3. If the message hash generated from the Digital Signature matches from the previous one generated in Step 1, the integrity of the received contract is verified