A digital signature can be viewed as a fingerprint or a coded message that is unique to both the document being signed and the signer. It binds both of them together.
If we recall, a handwritten signature also does the same thing. However, in the digital signature’s case, this is being done electronically with no paperwork involved.
Instead of using pen and paper, a digital signature uses digital keys, also called public-key cryptography.
A digital signature is considered equal to a handwritten signature.
Just as a person’s identity is attached when signing a paper document, the digital signature too acts as a binding commitment and attaches the identity of the person signing it to the document.
Compared to a handwritten signature, it is much more difficult to forge a digital signature, provided the keys used to create the digital signature are kept secure.
The real value is in saving time and avoiding the paper, and keeping your data electronic.
How does Digital Signature work?
Digital signatures are based on cryptographic technology. One can generate two mathematically linked keys using an algorithm. These keys are called private and public keys.
To create a digital signature, signing software creates something called a hash of the electronic data to be signed. This hash is then encrypted using the private key.
The digital signature consists of this encrypted hash, a hashing algorithm along with some other details.
You may notice that it is the hash that is encrypted instead of the entire document.
The reason for this is that a hash function by its nature gives fixed-length value output for any arbitrary input, which is usually much shorter.
So instead of encrypting a random length document, it is considered easier to encrypt the fixed-length hash.
This saves time since hashing is much faster than signing.
What Makes Digital Signatures Secure?
The main feature that makes digital signature unique than a handwritten signature is that the hash of any data is unique.
This inherent feature of hash makes validating the integrity of the data very easy and secure.
This can be done by decrypting it using the signer’s public key.
If the decrypted hash matches another hash of the same document, it proves that the data hasn’t been tampered with, since it’s signed.
If the two hashes do not match, the data has either been tampered with in some way, or the signature was affixed using a private key that doesn’t correspond to the public key presented by the signer.
In either case, the fraud has been detected at a very early stage.
Issues Involved In The Digital Signing Process
There are three major issues concerning digital document signing:
- Authentication of the user: This involves making sure that the required person has signed the document.
- Trusted method of signing: This involves making sure that the document has been securely signed and that no forgery has happened.
- The document signed is legally binding: This involves making sure that the signed document is legally binding on the parties.
The Government of India vides its Gazette Notification (REGD. No. D. L. 33004/99 dated 28th January, 2015) has announced a new initiative that allows Certifying Authority (CA) to offer eSign service to citizens who have Aadhaar number.
This initiative takes care of all the three issues highlighted above.
The Aadhaar Initiative
India took a great leap of faith by implementing the Aadhaar program through which every citizen of India is being assigned a 12-digit unique identification (UID) number.
Originally implemented to make the subsidy target of the Government of India more transparent, Aadhaar has, over the course of time, opened new avenues to reform other areas of governance.
One of them is the area of digital signatures.
How Does Aadhaar Bridge The Gap?
Aadhar service validates the authenticity of the person. A Public Key Infrastructure is used to securely sign the document and establish trust.
These services are offered by trusted third-party service providers, like Certifying Authorities (CA), licensed as per the Information Technology Act, 2000, under the Controller of Certifying Authorities (CCA), which makes them legally binding.
eSign Process Explained
The way these whole process works is very simple. Firstly, a person with an Aadhaar number uploads his document to an eSign service provider’s portal, to get it digitally signed.
Next, he enters his Aadhaar number and gets a one time password (OTP) to his mobile number registered with Aadhaar. Then he enters the OTP in the field provided.
In the backend, validation of the user is carried out using Aadhaar service and a key pair (a public key and a private key) is generated for the user and an eSign is affixed to the document using the private key.
The user can then download the eSigned document.
Not only this, but the person can also share the eSigned document or invite another person for further signing.
The invited person can also eSign the document in the same manner i.e, by entering his Aadhaar no. and OTP sent to his mobile, from any remote location.
Thus, we can say that eSign is the way forward for a secure and time-efficient way of signing documents.
Built on top of the foundation and laid down by the Unique Identification Authority of India (UIDAI), it authenticates the user securely and provides a seamless interface to digitally sign any document.
eSign-The Way Forward
SignDesk has come up with a one-stop solution for digitally signing all your legal documents.
You can upload your document, eSign it using Aadhaar and invite other people as well to get the document eSigned.
To simplify the process for small businesses and for people who want just a single signature, SignDesk has separate pricing structures based on the number of eSign requirements for different entities as well.