What is a Digital Signature Certificate?
A digital signature certificate also known as DSC is a secure digital key that is issued by a certification authority (CA) to verify the identity of an individual or organization.
It is used to authenticate the identity of the sender of an electronic document, such as an email or a file, and to ensure that the content of the document has not been altered during transmission.
How does a Digital Signature Certificate work?
Digital signature certificates use public key infrastructure (PKI) technology to verify the identity of the certificate holder.
PKI uses a pair of keys:
- public key to encrypt data
- private key to decrypt data
The certificate holder’s public key is included in the digital signature certificate, while the private key is kept secret by the certificate holder.
When a document is signed with a digital signature, the sender’s private key is used to create a unique code, called a hash, that is attached to the document.
The recipient of the document can then use the certificate holder’s public key, which is included in the certificate, to verify the authenticity of the document.
If the hash of the document matches the hash that was created by the sender’s private key, the recipient can be confident that the document has not been altered and that it was actually sent by the certificate holder.
Digital signature certificates can be used for:
- Verifying the identity of the sender of an electronic document
- Ensuring the integrity of the document
- Establishing a secure channel for exchanging confidential information
- Providing non-repudiation, which means that the sender of the document cannot later deny having sent it
Digital Signature Certificate Types:
Class 1 DSC: which verify the identity of the certificate holder based on an email address or other online identifier.
Class 2 DSC: which verify the identity of the certificate holder based on government-issued identification, such as a driver’s license or passport.
Class 3 DSC: which are used for high-security applications and verify the identity of the certificate holder through an in-person verification process.
Which is the DSC Issuing Authority?
Digital signature certificates are issued by CAs, which are trusted third parties that are responsible for verifying the identity of the certificate holder and issuing the certificate.
In India, digital signature certificates (DSCs) are issued by certification authorities (CAs) that are authorized by the Controller of Certifying Authorities (CCA), an agency of the Government of India. The CCA maintains a list of approved CAs on its website.
As of 2021, the list of approved CAs for DSCs in India includes:
- eMudhra Limited
- Tata Consultancy Services Limited
- SafeScrypt (a subsidiary of Sify Technologies Limited)
- National Informatics Centre (NIC)
- National Institute of Smart Government (NISG)
- IDRBT (Institute for Development and Research in Banking Technology)
- C-DAC (Centre for Development of Advanced Computing)
- Sify Technologies Limited
- Ideaclicks Infotech Private Limited
- Capricorn Identity Services Limited
- V Sign Technologies Private Limited
It is important to note that this list is subject to change, and it is recommended to check the CCA’s website for the most up-to-date list of approved CAs.
What is a USB Token?
A USB token is a device that is used to store and securely transfer digital certificates and keys, such as a digital signature certificate (DSC).
It connects to a computer via a USB port and is often used as a security measure to ensure that only authorized individuals can access certain information or systems.
The USB token holds the DSC, which is used to authenticate the identity of the user and to sign documents electronically. USB tokens are often used in government, financial, and other organizations where the security of digital transactions is of high importance.