Digital Signature Imperative Information Technology Age

As said earlier digital signatures are like fingerprints comprising encrypted information about the signatory. The popularity accrues from the fact that they are difficult to manipulate and hence are used globally for authorizing contracts, forms, and legal documents pertaining to various sectors like e-tendering, Income Tax, GST and ROC filing, etc.  

The technology is still in the development stage and is promising enough to support eCommerce in the time to come. 

Three main plus points of these secure electronic signatures:

• Authentication
• Integrity 
• Non-Repudiation 

Working Mechanism

The signer encrypts data pertaining to the electronic documents during the process using a hash algorithm like SHA 256. The encrypted data is known as a cryptographic hash or a digest and is unique for every document encrypted. At the same time, a public key is generated that is used by the receiver. The public key is accompanied by the DSC, and the digest is sent to the receiver who uses it to decrypt the encrypted data.  In public key encryption systems, users make their public key available to anyone and keep their private key secret.

A private key is a string of numbers generated by the signer and it is only known to him or her but it is shared between the sender and the receiver in some cases. (Read Symmetric Key Algorithms).  A private key to encrypt documents is created using hash algorithms. There are many hash algorithm generators such as:

•  MD5
• SHA-1
• SHA-2
• NTLM
• LANMAN 
• SHA 256

Hash Generator Online. Another Hash Generator Tool. The last one SHA 256 is the most commonly used. The private key is saved in the sender's computer. 

The digital signature is obtained from a licensing authority, certifying authority (CA), or its partner, thus is a third-party authorization at a price. The CA or authority issues DSC after verifying your documents along with a video verification in a token which is similar to a pen drive. 

One look at the graph by clicking the link will explain what a digital ID or Certificate is. 

https://en.wikipedia.org/wiki/Public_key_certificate

Please copy and paste the link shown above in your browser to see the certificate at the bottom as I cannot paste a graph here since it will be a copyright violation. The digital certificate is self-explanatory.  

The DSC or the public key ensures that the document is not tampered with by using the key that returns the same hash value as sent by the sender. It does not matter if the public key has been appropriated by someone else, the digital signature is just a way of certifying the sender! It certifies the source remember! 

CCA Role

The Controller of Certifying Authorities(CCA) licenses and regulates CAs in India. This authority comes under the ambit of the information technology Act. The CCA also maintains data on DSCs issued in the country. DSC issued by CA is called a third-party trust. Licensed CAs can delegate authority to intermediate CAs. 

Shared Key Encryption
In this case, the sender and the receiver should be in the possession of the same key.

Digital Signature's market size was $215 million in the year 2015. The market growth is 30% CAGR and by the end of the year 2022, the Market size is estimated to be 3444 million US dollars. These figures point out the growing security mechanism on the world wide web.  

Digital Certificate providers:

• eMudra
• Verasys
• Dsc Bazaar Kolkata
• IDSIgn CA
• Pentasign 
• Global Sign
• VeriSign
  
  The digital signature certificates are issued with different use periods and are charged by the CA or licensed authorities as mentioned above. The prices vary as per the provider and the country in which the service is based.