Digital Signature and Electronic Signature

What is a Digital Signature?

A digital signature is an electronic form of signature that authenticates electronic documents by
using data encryption. A digital signature is created with cryptographic techniques that increase
security and transparency in signing electronic documents. A digital signature does notcome in
form of a picture or pdf document, it is a certificate that contains the identification information of
a person like the name, email address, residential address, issuing date of certificate, along with
the details of certifying authority.

Section 2(1)(p) of the Information Technology Act, 2000 (or the IT Act) defines it as
authentication of any electronic record by a subscriber by means of an electronic method.

Before going into the provisions of section 3, it is pertinent to explain a few basics of
cryptography.

Public key cryptography is the method recognized by the IT Act for the safeguarding of
computer documents. Public key cryptography is a form of cryptography, which generally allows
users to communicate securely without having prior access to a shared secret key.

This is done by using a pair of cryptographic keys designated as public key and private key.
A public key is essentially like an email address, and a private key, like the email
address password.

The public key is sent to the receiver, while the private key is not disclosed to anybody. They are
related mathematically. What has been encrypted by the first key can only be decrypted by the
second - and vice versa.

Hence, if A wants to send a secure email to B, A must encrypt it with B’s public key, so that
when B receives the encrypted email, he can decrypt it using his own private key.

Digital Signatures provide a viable solution for creating legally enforceable electronic records,
closing the gap in going fully paperless by completely eliminating the need to print documents
for signing. Digital signatures enable the replacement of slow and expensive paper-based
approval processes with fast, low-cost, and fully digital ones. The purpose of a digital signature
is the same as that of a handwritten signature. Instead of using pen and paper, a digital signature
uses digital keys (public-key cryptography). Like the pen and paper method, a digital signature
attaches the identity of the signer to the document and records a binding commitment to the
document. However, unlike a handwritten signature, it is considered impossible to forge a digital
signature the way a written signature might be. In addition, the digital signature assures that any
changes made to the data that has been signed cannot go undetected. Digital signatures are easily
transportable, cannot be imitated by someone else and can be automatically time-stamped. A
digital signature can be used with any kind of message, whether it is encrypted or plain text.
Thus Digital Signatures provide the following three features:-

 Authentication
Digital signatures are used to authenticate the source of messages. The ownership of a digital
signature key is bound to a specific user and thus a valid signature shows that the message was
sent by that user.

 Integrity
In many scenarios, the sender and receiver of a message need assurance that the message has not
been altered during transmission. Digital Signatures provide this feature by using cryptographic
message digest functions.

 Non Repudiation
Digital signatures ensure that the sender who has signed the information cannot at a later time
deny having signed it. A handwritten signature scanned and digitally attached with a document
does not qualify as a Digital Signature. An ink signature can be easily replicated from one
document to another by copying the image manually or electronically. Digital Signatures
cryptographically bind an electronic identity to an electronic document and the digital signature
cannot be copied to another document. Digital Signature under the ITAct, 2000 Digital signature
means authentication of any electronic record by a subscriber by means of an electronic method
or procedure in accordance with the provisions of section 3.

Section 3 deals with the conditions subject to which an electronic record may be
authenticated by means of affixing digital signature which is created in two definite steps.
 First, the electronic record is converted into a message digest by using a mathematical
function known as ‘Hash function’ which digitally freezes the electronic record thus
ensuring the integrity of the content of the intended communication contained in the
electronic record. Any tampering with the contents of the electronic record will
immediately invalidate the digital signature.

 Secondly, the identity of the person affixing the digital signature is authenticated through
the use of a private key which attaches itself to the message digest and which can be
verified by anybody who has the public key corresponding to such private key. This will
enable anybody to verify whether the electronic record is retained intact or has been
tampered with since it was so fixed with the digital signature. It will also enable a person
who has a public key to identify the originator of the message.

Digital signatures are a means to ensure validity of electronic transactions however who
guarantees about the authenticity that such signatures are indeed valid or not false. In order that
the keys are secure the parties must have a high degree of confidence in the public and private
keys issued. Digital Signature is not like our handwritten signature. It is a jumble of letters and
digits.

It looks something like this.

 Uz5xHz7DxFwvBAh24zPAQCmOYhT47gvuvzO0YbDA5txg5bN1Ni3hgPgnRz8Fw xGUo
Dnj7awl7BwSBeW4MSG7/3NS7oZyD/AWO1Uy2ydYD4UQt/
w3d6D2Ilv3L8EOr5K8Gpe5ZK5CLV+zBKwGY47n6Bpi9JCYXz5YwXj4JxTT+y8=gy5N

Electronic Signature
Electronic signature has also been dealt with under Section 3A of the IT Act, 2000. A subscriber
can authenticate any electronic record by such electronic signature or electronic authentication
technique which is considered reliable and may be specified in the Second Schedule.

Any electronic signature or electronic authentication technique will be considered reliable

if-

1. the signature creation data or the authentication data are, within the context in which
they are used, linked to the signatory or ,as the case may be, the authenticator and of no
other person;

2. the signature creation data or the authentication data were, at the time of signing, under
the control of the signatory or, as thecase may be, the authenticator and of no other
person;

3. any alteration to the electronic signature made after affixing such signature is
detectable;

4. any alteration to the information made after its authentication by electronic signature is
detectable.

An electronic signature will be deemed to be a secure electronic signature if-

(i) the signature creation data, at the time of affixing signature, was under the
exclusive control of signatory and no other person; and
(ii) the signature creation data was stored and affixed in such exclusive manner as
may be prescribed.

Differences Between Digital Signature and Electronic Signature

 Purpose
The main purpose of a digital signature is to secure a document so that it is not tampered with by
people without authorization
An electronic signature is mainly used to verify a document. The source of the document and the
authors are identified.

 Regulation
Digital signature is authorized and regulated by certification authorities. These are trusted third
parties entrusted with the duty to perform such task.

Electronic signatures are not regulated and this is the reason why they are less favorable in
different states since their authenticity is questionable. They can be easily tampered with.

 Security
A digital signature is comprised of more security features that are meant to protect the document

An electronic signature is less secure since it is not comprised of viable security features that can
be used to secure it from being tampered with by other people without permission.

 Types of signatures
Two common types of digital signatures are mainly based on document processing platforms
namely Adobe PDF and Microsoft
An electronic signature can be in the following forms: scanned image, verbal or a tick can be
used on an electronic document. The main idea behind is to identify the person who has signed
the document for contractual purposes.

 Verification
A digital signature can be verified to see if the document has not been tempered with. A digital
certificate can be used to track the original author of the document.

It may be difficult to verify the real owner of the signature since it is not certified. This
compromises the authenticity as well as integrity of the document.

 Intention
A digital signature is usually meant for securing a document so that it is not tampered with by
unauthorized people. All the same, it is legally binding and preferred since it is authentic by
virtue of its traceability to the owner of the document.
An electronic signature usually shows the intent to sign the document or contract. In most cases,
when people want to enter into a contract, they show their commitment by signing a document
that will become legally binding between them.