Home / Information Technology Act

Criminal Law

Digital Signature and Electronic Signature

 02-Apr-2025

Introduction 

  • In the rapidly evolving digital landscape, the authentication and verification of electronic records have become paramount to ensuring legal integrity, security, and trustworthiness of digital communications and transactions.  
  • Chapter II of the Information technology Act, 2000 (IT Act) states the provisions for Digital Signature and Electronic Signature. 

What is Digital Signature & Digital Signature Certificate? 

  • As per the IT Act: 
    • Section 2(p) ―Digital Signature means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 3. 
    • Section 2(q) ―Digital Signature Certificate means a Digital Signature Certificate issued under sub-section (4) of section 35.

What is Electronic Signature & Electronic Signature Certificate? 

  • As per IT Act: 
    • Section 2(ta) ―Electronic Signature means authentication of any electronic record by a subscriber by means of the electronic technique specified in the Second Schedule and includes digital signature. 
    • Section 2(tb) ―Electronic Signature Certificate means an Electronic Signature Certificate issued under section 35 and includes Digital Signature Certificate. 

Legal Provisions Based on Digital Signature & Electronic Signature 

Section 3: Authentication of Electronic Records 

  • The authentication of electronic records is fundamentally grounded in the ability of a subscriber to validate digital documents through sophisticated cryptographic mechanisms. The legal framework establishes a robust system that ensures: 
    • Unique identification of the signatory. 
    • Integrity of the electronic record. 
    • Non-repudiation of digital transactions. 
    • Computational security against unauthorized modifications. 
  • The authentication process employs an asymmetric crypto system, which utilizes a pair of cryptographically linked keys: 
    • Private Key: A confidential key known exclusively to the subscriber. 
    • Public Key: A corresponding key that can be shared and used for verification. 
  • A critical component of the authentication process is the hash function, which: 
    • Transforms an electronic record into a unique, fixed-size hash result. 
    • Ensures computational infeasibility of:  
      • Reconstructing the original record from the hash result. 
      • Generating identical hash results for different electronic records. 
  • Any person can verify an electronic record by utilizing the subscriber's public key, which allows: 
    • Confirmation of the record's authenticity. 
    • Validation of the digital signature. 
    • Ensuring the record's integrity remains uncompromised. 

Section 3A: Electronic Signatures 

  • Recognizing the evolving digital landscape, the legislation introduces a broader concept of electronic signatures that: 
    • Allows multiple authentication techniques. 
    • Provides flexibility beyond traditional digital signatures. 
    • Maintains stringent reliability standards. 
  • An electronic signature is considered reliable if it meets the following comprehensive criteria: 

Unique Identification: 

  • Signature creation data must be uniquely linked to the signatory. 
  • Prevents impersonation or unauthorized use. 

Exclusive Control: 

  • Signature creation data must be under the sole control of the signatory at the time of signing. 
  • Ensures authenticity and prevents unauthorized interventions. 

Detectability of Alterations: 

  • Any modifications to the electronic signature must be immediately detectable. 
  • Preserves the document's integrity and trustworthiness. 

The Central Government maintains regulatory authority to: 

  • Prescribe verification procedures. 
  • Specify acceptable electronic signature techniques. 
  • Update the Second Schedule with reliable authentication methods. 

Conclusion 

The legislative framework for electronic records authentication represents a sophisticated, forward-looking approach to digital security. By establishing rigorous standards for digital signatures and electronic signatures. As digital interactions continue to proliferate, these authentication mechanisms will play an increasingly critical role in maintaining trust, security, and legal validity in our interconnected world.