University Institute of Legal Studies,

Punjab University, Chandigarh

Information Technology Law Project

Topic:- Electronic And Digital Signature

Submitted to:- Submitted by:- Gunjan

Dr. Amita Verma Class:- B.Com.LLB(HONS.)
Roll No.:- 250/19
Semester:- 9th
 ACKNOWLEDGEMENT

Primarily, I would thank God for being able to complete this project with success. Then I would like
to thank my subject teacher of Information Technology Law - Dr. Amita Verma , whose valuable
guidance has been the ones that helped me patch this project and make it a full proof success, her
suggestions and instructions has served as the major contribution towards completion of the
project.

Then I would like to thank my parents and friends who have helped me with their valuable
suggestions and guidance has been helpful in various phases of the completion of the project.

Last but not the least I would thank myself who completed this project on time and with full efforts.

Gunjan
 TABLE OF INDEX

1. ) Introduction

2.) Digital Signature

2.1.) Concept of Digital Signature
2.2.) Purpose of Digital Signature
2.3.) Features of Digital Signature
2.4.) Authentication using Digital Signature
2.5.) Process followed for Creation of Digital Signature
2.6.) Verification of Digital Signature
2.7.) Digitial Signature Certificate

3.) Electronic Signature

3.1.) Introduction
3.2.) Section 2 (TA) of IT Act, 2000
3.3.) Types of Electronic Signature
3.3.1) Unsecured Signature
3.3.2) Secured Signature
3.4.) UNCITRAL Model Law on Electronic Signature, 2001
3.5.) Features of Electronic Signature

4.) Difference Between Digital and Electronic Signature

5.) Conclusion

6.) References

2
 1. INTRODUCTION

The introduction of signatures has provided a definite identity to the individuals and allowed the
corporate sector and other individuals to function in a manner faster, keeping pace with the
ongoing technology. The signatures have by far played a huge role in individual's decision making
and enabling consent at a much larger value. In olden times, every individual or the authorized
signatory had to go through the document entirely and then provide his assent. This created
enough hurdles among the organization to keep up with the pace of the signatory and revolve
around his/her timeline. Authorized Signatory may not be at a particular place and still allow his
assent. Technology has duly provided his boon.

In advancement of the growing industrial era, the United Nations in 1998 made an observation that
increasing transactions in cyberspace over the recent years made it very necessary to have a
legal framework dealing with e-signatures. It was the stringent laws for e-signature and the
development of cyber laws were seen as the need of the hour.

3
 2. DIGITAL SIGNATURE

2.1 CONCEPT OF DIGITAL SIGNATURE

A signature is a symbolic and essential representation of one's identity. Signature of a person
holds a very significant place in the field of law as well as while carrying out transactions. When a
person signs a particular document, it means that such a person has read the whole document
carefully, has verified the facts and is aware of the contents of the document and therefore is
giving his assent to the best of his knowledge.
Under the contract law also, signature holds a vital position as it is considered as a sign of
acceptance of an offer. The Conventional form of signatures has evolved a lot due to technological
advancement. With the increased usage of online transactions and e-mails, the risk of the data
being hacked has also increased. Hence, the concept of online signatures has become relatively
important.

2.2 PURPOSE OF DIGITAL SIGNATURE

The purpose of a digital signature is the same as that of a handwritten signature. Instead of using
pen and paper, a digital signature uses digital keys (public-key cryptography). Like the pen and
paper method, a digital signature attaches the identity of the signer to the document and records a
binding commitment to the document. However, unlike a handwritten signature, it is considered
impossible to forge a digital signature the way a written signature might be.
In addition, the digital signature assures that any changes made to the data that has been signed
cannot go undetected. Digital signatures are easily transportable, cannot be imitated by someone
else and can be automatically time-stamped.

2.3 FEATURES OF DIGITAL SIGNATURES

A digital signature can be used with any kind of message, whether it is encrypted or plain text.
Thus Digital Signatures provide the following three features:-

 Authentication - Digital signatures are used to authenticate the source of messages. The
ownership of a digital signature key is bound to a specific user and thus a valid signature
shows that the message was sent by that user.

4
 Integrity - In many scenarios, the sender and receiver of a message need assurance that the
message has not been altered during transmission. Digital Signature provide this feature by
using cryptography message digest functions

 Non Repudiation - Digital signatures ensures that sender who has signed the information can
not at a later time deny having signed it.

A handwritten signature scanned and digitally attached with a document does not qualify as a
digital signature. An ink signature can be easily replaced from one document to another by
copying the image manually or electronically.

2.4 AUTHENTICATION USING DIGITAL SIGNATURE

The authentication of the electronic record is done by creating a digital signature which is a
mathematical function of the message content. Such signatures are created and verified by
Cryptography, which is a branch of applied mathematics. It is used to secure the confidentiality
and authentication of the data by replacing it with a transformed version that can be reconverted to
reveal the original data only to someone who has the proper key.

 A key is a sequence of symbols that controls the operation of a cryptographic transformation.

 It involves two processes which are as follows.

1.) Encryption: The process of transforming the plain message into a cipher text.

2.) Decryption: The reversal of Cipher text into the original message.

ASYMMETRIC ENCRYPTION

Can only be decrypted using a publicly available key known as the ‘Public Key’ provided by the
sender. The procedure has been under Section 2(1)(f) of the Information Technology Act, 2000.
Under this system, there is a pair of keys, a private key known only to the sender and a public key
known only to the receivers.

The message is encrypted by the private key of the sender, on the contrary, decryption can be
done by anyone who is having the public key. It depicts the authenticity of the sender. It is also
known as the ‘principle of irreversibility ie. the public key of the sender is known to many users,
but they do not have access to the private key of the sender which bars them from forging the
digital signature.
5
SYMMETRIC ENCRYPTION

There is only a single key known to both the sender and the receiver. Under this system, the
secret key or the private key is known to the sender and the legitimate user. This secret key is
used for both encryption and decryption of the message.

The only drawback of this symmetric encryption is that as the number of pairs of users increases,
it becomes difficult to keep track of the secret keys used.

2.5 PROCESS FOLLOWED FOR THE CREATION OF DIGITAL SIGNATURE

Digital signatures are becoming very popular in the whole world. Countries that approve the use of
digital signatures have a structure that governs the acquisition and use of the digital signature.
Even so, regardless of the country that you come from, the way of acquisition is standard. Digital
signatures are created and issued by qualified individuals. For anyone to get a valid digital
certificate, they must get it from a certifying authority (CA).

The Certifying Authority (CA) is a kind of Trust Service Provider, and it is a third-party organization
that is trusted and accepted in a country. It has the power of issuing the citizens with digital
signatures. These CAs have rules and regulations that they have to keep and be governed by.

Firstly a person needs to get a Digital Signature Certificate from the Certifying Authorities. After
that, the following process is followed:

 The original message of the sender is demarcated in order to get the message digest,
with the help of the hash function.
 Then the private key is used to encrypt the message digest.
 The encrypted message digest becomes the digital signature by using the signature
function.
 The digital signature is then attached to the original data
 Two things are transmitted to the recipient:
 The Original message
 The digital signature

6
Rule 4 of the Information Technology(Certifying Authorities) Rules, 2000, explains the
procedure of digital signature as:

 To sign an electronic record or any other item of information, the signer first applies the
hash function in the signer’s software. A hash function is a function which is used to map
data of arbitrary size onto data of a fixed size. The values returned by a hash function are
called hash values, hash codes, digests, or simply hashes
 The hash function computes a hash result of standard length, which is unique to the
electronic record.

 The signer’s software transforms the hash result into a Digital Signature using the
signer’s private key.
 The resulting Digital Signature is unique to both electronic record and private key which
is used to create it.
 The Digital Signature is attached to its electronic record and stored or transmitted with its
electronic record

2.6 VERIFICATION OF DIGITAL SIGNATURE

The recipient receives the original message and the digital signature. After this, there are two
steps which need to be followed:

 A new message digest is recovered from the original message by applying the hash
result.
 The signer’s public key is applied to the digital signature received by the recipient and
another message digest is recovered as the outcome of it.
 If both the message digests are identical, it means that the message is not altered.
Rule 5 of the Information Technology (Certifying Authorities) Rules, 2000, explains the
method of verification of digital signature as:

The verification of a Digital Signature shall be accomplished by computing a new hash result of the
original electronic record by means of a hash function which is used to create a Digital Signature
and by using the public key and the new hash result.

2.6 DIGITAL SIGNATURE CERTIFICATE

7
Digital Signature Certificates are digital format certificate to prove identity in the digital world. The
digital signature certificates are issued by Certifying Authorities under the authority of Controller of
Certifying Authorities. A Digital Signature Certificate is an electronic document that can be used to
verify that the public key belongs to the particular individual. Digital Signature Certificates contains
Public key of the certificate owner, Name of the owner, Validity "from" and "to" dates, Name of the
issuing authority, Serial number of the certificate, Digital signature of the issuing authority name of
the person, etc. There are three different classes of digital certificate. They class I, class II and
class III. Depending on the type, each digital certificate provides specific functions.

8
 3. ELECTRONIC SIGNATURE
3.1 INTRODUCTION

Electronic Signature provides an electronic representation of the individual’s identity that provides
the proof of consent and assents to the facts of the given signature. In total, it’s an approval from
the signatory that he assents to the written format of the same electronically. It is important to
ensure that it is coming from the authorized signatory and has made no modifications to the
document.

3.2 SEC 2 (TA) OF INFORMATION TECHNOLOGY ACT 2000

Section 2 (TA) OF IT Act, 2000 had defined electronic signature as follows:-

“Authentication of any electronic record by a subscriber by means of the electronic technique

specified in the second schedule and includes digital signature.”

The definition of electronic signature includes digital signature and other electronic techniques
which may be specified in the second schedule of the Act, thus an electronic signature means
authentication of an electronic record by a subscriber by means of electronic techniques. The
adoption of ‘electronic signature’ has made the Act technological neutral as it recognizes both the
digital signature method based on cryptography technique and electronic signature using other
technologies.

3.3 TYPES OF ELECTRONIC SIGNATURE

1.) Unsecured Signature

Since Electronic Signature is more of an unsecured type of signature, there are affixations that are
marked in the end for reference. However, as stated earlier, they can be easily tampered and not
provide much of the focus on the authenticity of the Identity. Following are the types of Electronic
Signature:

1) Email Signature– Just merely typing one’s name or symbol in the end of an email or sending a
message on letterhead, they can easily be forged by anyone else.
9
2) Web Based Signature– In many organizations, the Company dons many hats with regards to
activities conducted in the Organizations, this may make the organization fall for Web-based

clickwrap contracts in which the acceptance is made merely by clicking a single button. Such
signatures bind the party even if they were conned fraudulently.

The advancement of growing online transactions has caused variety of cyber crime to take place
right from the deceptiveness to hidden identity. It is for this reason that Digital Signature is taken
as a more stringent form of signature and to protect the identity of the sender. There are more
advanced ways to curb the menace caused in Electronic Signatures as well.

2.) Secured Signature

This includes the signatures which are digitally secured and also which have more legal
weightage.

3.4 UNCITRAL Model Law on electronic signatures 2001

The purpose of UNCITRAL Model Law on Electronic Signatures 2001 provides the following
statement which signifies the importance of electronic signature.

“The increased use of electronic authentication techniques as substitutes for handwritten

signatures and other traditional authentication procedures has suggested the need for a specific
legal framework to reduce uncertainty as to the legal effect that may result from the use of such
modern techniques (which may be referred to generally as “electronic signatures”). The risk that
diverging legislative approaches be taken in various countries with respect to electronic signatures
calls for uniform legislative provisions to establish the basic rules of what is inherently an
international phenomenon, where legal harmony as well as technical interoperability is a desirable
objective.”1

1
http://www.legalservicesindia.com/article/1827/Electronic-Signature:-Legal-and-Technical-aspect.html
10
3.5 FEATURES OF ELECTRONIC SIGNATURES

The concept of electronic signature was introduced under section 3A of the Information
Technology (Amendment) Act 2008. An electronic signature means authentication of an electronic
record by a subscriber by any means of electronic authentication techniques. An electronic
signature technique can be used as an authorized electronic signature if such technique is notified
by the central government in the official gazette or in the second schedule of the Act. There are
different types of electronic signature, however, all of them are not secure; hence only the
techniques notified in the official gazette or in the second schedule can be used as a legitimate
electronic signature. For example typed name, a digitized image of a signature is also a form of
electronic signature, but is prone to tampering and are insecure. The electronic signature
technique has to be reliable to be recognized as an electronic signature. Section 3A of the
Information Technology Act 2000 is based on Article 6 "Compliance with a requirement for a
signature" of UNCITRAL Model Law on Electronic Signatures 2001.

The following are the requirement of an electronic signature:-

a) It has to be reliable.
b) The central government may notify in the official gazette the technique and procedure for
electronic signature or specify in the second schedule of the Information Technology Act 2000.

An electronic Signature shall be considered as reliable if it fulfills following requirements:-

The technique should be such that it can be linked to the creator of the message.
b) The technique of electronic signature must be under the control of the maker of the signature.
c) Any change or alteration to the electronic signature after affixation must be detectable.
d) Any change or alteration of data after affixing electronic signature must be detectable.

The Central Government is the authority to declare the technique as reliable electronic signature
and can add or remove any technique from the electronic authentication technique. As on date the
central government has not issued any notification on the concept of electronic signature and thus
the electronic signature has not gained much attention. In this regard the Delhi high court has
directed the central government to frame policy on electronic signature for authentication of

11
electronic records. The only method of authentication of electronic records in India presently being
digital signature as there are no guidelines on use of electronic signature.

The legal recognition of electronic signature has been provided under section 5 of information
technology Act 2000. This section equates electronic signature as traditional handwritten
signature. It provides that if any, information or document if confirmed by electronic signature shall
have the same effect as the affixing of signature if done according to the prescribed manner. The
central government shall prescribe the manner in which electronic signature has to be affixed.

12
4. DIFFERENCE BETWEEN ELECTRONIC SIGNATURE AND DIGITAL SIGNATURE
S.No Electronic Signature Digital Signature
It has been defined under Section
It has been defined under Section 2(1)(p)
2(1)(ta) of the Information
of the Information Technology Act, 2000.
Technology Act, 2000.

It is technologically neutral, ie. no

specific technological process is to It follows a technology-specific approach
2.
be followed to create an electronic such as usage of hash functions etc.
signature.

It uses public key cryptography system to

It can be created by using various sign up for a particular message which
3. available technologies like attaching requires a pair of keys ie. a private key for
a picture of your signature. encryption and a public key for decryption,
computed by using a hash function.

It can be in the form of a name typed

at the end of an email, a digital It involves the usage of Cryptographic
4. version of a handwritten signature in system of constructing the signature with a
the form of an attachment, a code or two-way protection system.
even a fingerprint.

It is less authentic as compared to It has more authenticity as compared to

5.
the digital signature. the electronic signature.
It is verified through the signer’s It has a certificate-based digital 10
6.
identity. verification.
It is used for verifying It is used as a means for securing a
7.
document. document.

8. It has no expiration or validity period. It is valid up to a maximum of three years.

9. It is easily vulnerable to tampering. It is more secure and highly reliable.

13
 5. CONCLUSION

The growing online transactions and contracts requires stronger protection which is currently
fulfilled by digital signature. However, it would be in the interest of cyber community if the
Government allows and initiate multiple method of authentication like the use of fingerprint or
aadhaar card linked with password based online transaction. The multiple methods would permit
easy identification of persons which will assist in curbing online frauds and ease online transaction
and further enhance online security of users as to even today the factual identity of persons online
is a mirage.
With the advancement in technology, the usage of the digital signature in place of the conventional
signature has widely increased. The Information Technology Act, 2000 talks widely about the
concept of Digital Signature, the authorities who have been given the power of issuing the digital
signature certificate and the circumstances which require affixation of the digital signature.

14
 6. REFRENCES

 Difference Between Digital Signature and Electronic Signature, available at;

http://emudradigital.com (visited on 8th February, 2024)
 What is Digital Signature? Definition by Tech Target, available at; http://www.techtarget.com
(visited on 8th February, 2024)
 What is Electronic Signature? - electronic document signing, available at; http://blog.box.com
(visited on 9th February, 2024)
 ARRAJITA BALAJI, "ALL YOU WANT TO KNOW ABOUT DIGITAL SIGNATURES",
AVAILABLE AT: http://blog.ipleaders.in
 YOGESH KOLEKAR, "ELECTRONIC SIGNATURES: LEGAL AND TECHNICAL ASPECT",
AVAILABLE AT: http://www.legalservicesindia.com

15