NATIONAL LAW INSTITUTE UNIVERSITY

BHOPAL

Project of International
Trade Law
On
Digital Signature and its position in the Indian
Legislation

SUBMITTED TO: SUBMITTED BY:

Asst. Prof. Monica Raje Suyash Thakur
Faculty: International Trade Law 2008 B.A.LL.B 18

1
 Index

Name of topic Page No

1. Statement of Problem…………………………………………………………………………………………… 3
2. Introduction…………………………………………………………………………………………………………….4
3. What is Digital Signature…………………………………….…………………………………………………..5
4. How it works?...............................................................................................................5
5. Benefit of Digital Signature……………………………………………………………………………………..7
6. Condition for evidence…………………………………………………………………………………………....8
7. Difference between Digital Signature and Written Signature………………………………….9
8. Indian Legislation……………………………………………………………………………………………………..9
 information Technology Act, 2000
 Depositories Act, 1996
 Indian Penal Code, 1960
 Evidence Act,
9. Case Law- State of Punjab v. Amritsar Beverages Ltd. ……………………………………………12
10. Conclusion………………………………………………………………………………………………………………13
11. Bibliography………………….……………………………………………………………………………………….14

2
 Statement of problem
The various aspects of working of digital signature and its position in the Indian
legislation.

3
 Introduction

In this project I have tried to deal with Digital Signature – Indian Legislation. I have also
tried to explain, what digital signature is, how it works, benefit of digital signature,
condition for evidence, difference between digital signature and handwritten signature,
Indian Legislation Senario.
Digital signature is a term generally taken to be a ‘subset’ of electronic signatures.
But some people use the term to describe something equivalent to electronic signature.
Electronic signature means an electronic sound, symbol, or process, attached to or
logically associated with a contract or other record and executed or adopted by a
person with the intent to sign the record.
Digital signatures are often used in the context of Public Key Infrastructure (PKI)
schemes in which the public key used in the signature scheme is tied to a user by a
digital identity certificate issued by a certificate authority, usually run by a third party
commercial firm. PKI systems use asymmetric key cryptography to unbreakably bind
user information (name, address, phone number ...) to a public key; the underlying idea
is closely akin to that of a notary endorsement.

4
 What is Digital Signature?

A digital signature is an electronic signature that can be used to authenticate the

identity of the sender of a message or the signer of a document, and possibly to ensure
that the original content of the message or document that has been sent is unchanged.
Digital signatures are easily transportable, cannot be copied by someone else, and can
be automatically time stamped. The ability to ensure that the original signed message
arrived means that the sender cannot easily repudiate it later.

A digital signature can be used with any kind of message, whether it is encrypted or not,
simply so that the receiver can be sure of the sender’s identity and that the message
arrived intact. A digital certificate contains the digital signature of the certificate-issuing
authority so that anyone can verify that the certificate is real.

How It Works:
Assume you were going to send the draft of a contract to your lawyer in another
town. You want to give your lawyer the assurance that it was unchanged from what you
sent and that it is really from you.
1. You copy and paste the contract (it’s a short one) into an e-mail note.
2. Using special software i.e. hashing (A method for converting representations of
values within fields, usually keys, to a more compact form.), you obtain a
message hash of the contract.
3. You then use a private key that you have previously obtained from a public-
private key authority to encrypt the hash.
4. The encrypted hash becomes your digital signature of the message. (Note that it
will be different each time you send a message.)

5
At the other end, your lawyer receives the message.
1. To make sure it’s intact and from you, your lawyer makes a hash of the received
message.
2. Your lawyer then uses your public key to decrypt the message hash or summary.

If the hashes match, the received message is valid.

Benefits of Digital Signatures

6
There are three benefits of digital signature to communications:

1. Authentication: -
Public key cryptosystems allow encryption of a message with a user’s private
key. If a hash of the document is generated and then protected via encryption, the
document cannot be altered in any way without changing the hash to match, which, if
quality algorithms are properly used, will be quite difficult. By decrypting the hash using
the sender’s public key, and checking the result against a newly generated hash of the
alleged plaintext, the recipient can confirm that the encryption was done with the
sender’s private key, and that the message hasn’t been altered since it was signed.

2. Integrity: -
Both parties will always wish to be confident that a message has not been altered
during transmission. Encryption of the message makes it difficult for a third party to
read it, but that third party may still be able to alter it, perhaps maliciously, without
actually reading it. For example, consider a bank which sends instructions from branch
offices to the central office in the form (a,b) where a is the account number and b is the
amount to be credited to the account. A devious customer may deposit £100, intercept
the resulting transmission and then transmit (a,b3) to become an instant millionaire.

3. Non-repudiation: -
In a cryptographic context, the word repudiation refers to the act of disclaiming
responsibility for a message (i.e., claiming it was sent by some third party, certainly not
me; “I repudiate this message and its contents”). A message’s recipient may insist the
sender attach a signature in order to make later repudiation more difficult, since the
recipient can show the signed message to a third party (eg, a court) to reinforce a claim
as to its origin.

Condition For Evidence

7
 Digital signature schemes all have several prior requirements without which no such
signature can mean anything, whatever the cryptographic theory or legal provision.

First, quality algorithms. Some public-key algorithms are known to be insecure,

practicable attacks against them having been discovered.
Second, quality implementations. An implementation of a good algorithm (or
protocol) with mistake(s) will not work.
Third, the private key must remain actually secret; if it becomes known to any
other party, that party can produce perfect digital signatures of anything whatsoever.
Fourth, distribution of public keys must be done in such a way that the public key
claimed to belong to, say, Bob actually belongs to Bob, and vice versa. This is commonly
done using a public key infrastructure and the public key user association is attested by
the operator of the PKI (called a certificate authority).
Fifth, users (and their software) must carry out the signature protocol properly.

Only if all of these conditions are met will a digital signature actually be any
evidence of who sent the message, and therefore of their assent to its contents. Legal
enactment cannot change this reality of the existing engineering possibilities, though
some such have not reflected this actuality

8
 Difference between Digital Signature and
Written Signature

One of the main differences between a digital signature and a written signature is that
the user does not “see” what he signs. It’s the application that presents a hash code to
be encrypted with the private key, but in the case of a malicious application a hash code
of another document might be presented so that the users thinks he is signing the
document he sees on the screen but is actually unwillingly signing another (probably
less favorable).

Indian Legislation
Information Technology Act 2000
The main objective of the Act is to provide legal recognition for transactions carried out
by means of electronic data interchange and other means of electronic communication,
commonly referred to as E-commerce, which involve the use of alternatives to paper-
based methods of communication and storage of information to facilitate electronic
filing of documents with the government agencies. The Act has extra-territorial
jurisdiction to cover any offence or contravention committed outside the country by any
person.
The objectives are to attain paperless system with an attendant secrecy to maintain and
build up confidence of investors in all financial and trade-related transactions and save
them the trauma of fraudulent misconduct of unscrupulous elements in the business
world.

Digital Signature: With the passing of the Act, any subscriber may authenticate
electronic record by affixing his digital signature.

9
Secured Electronic Records and Digital Signature: Under the Act, the central
government has the power to prescribe the security procedure in relation to electronic
records and digital signatures, considering the nature of the transaction, the level of
sophistication of the parties with reference to their technological capacity, the volume
of transactions and the procedures in general used for similar types of
transactions/communications.

Regulation of Certifying Authorities: The central government may appoint a controller

of certifying authority who shall exercise supervision over activities of certifying
authorities. Certifying authority means a person who has been granted a license to issue
a digital signature certificate.

Digital Signature Certificate: Any person may make an application to the certifying
authority for issue of digital signature certificate. The certifying authority, while issuing
such certificate, shall certify that it has complied with the Act's provisions.

Duties of Subscribers: A subscriber can publish or authorize the publication of digital

signature certificate. Similarly, he can accept such certificate. It is the responsibility of a
subscriber to exercise reasonable care to retain control of the private key corresponding
to the public key listed in his digital signature certificate.

Offences: Tampering with computer source documents shall be punishable with

imprisonment up to three years or fine up to Rs 2 lakh or with both. Similarly, hacking
with computer system entails punishment with imprisonment up to three years or with
fine up to Rs 2 lakh or with both.
Publishing of information, which is obscene in electronic form, shall be punishable with
imprisonment up to five years or with fine up to Rs 1 lakh and for second conviction
with imprisonment up to 10 years and with fine up to Rs 2 lakh.

10
Legal recognition of digital signatures has been approved within the framework of the IT
Act. Accordingly, affixing digital signature on electronic records is as good as putting
manual signature on document. Besides, digital signature serves as authentication
technique. It also serves as the digital equivalent to manual transaction. Along with this,
the IT Act also recognizes electronic records, such as, information or any other matter in
electronic form. This is as good as information in the written, typewritten and in printed
form. Added to this, the use of electronic records and digital signatures in Government
and its agencies has been approved as a policy matter within the meaning of IT Act
which is yet to bloom fully.

The Depositories Act, 1996 has been enacted by the Government to help paperless
depository work in order to enable safe and speedy transfer of securities. It is meant to
build and strengthen the confidence of investors in the capital market. The paper-based
ownership and transfer of securities has been a major drawback of the Indian securities
market as this often resulted in delay in settlement and transfer of securities market as
this often resulted in delay in settlement and transfer of securities leading to bad
delivery, theft and forgery causing hardships to the investor. The legal framework in this
regard reflects changes in ownership records through book entry, dematerialization of
securities in the depositories mode and enabling free transferability and exemption on
transfers of shares within a depository from stamp duty.

Section 464 of the Indian Penal Code now recognizes digital signatures.
Sections 29, 167, 172, 192 and 463 of the code have been amended to include

electronic documents within the definition of “documents”. Section 63 of the Evidence

Act has been amended to include admissibility of computer outputs in the media,
paper, optical or magnetic form. Section 73A prescribes procedures for verification of
digital signatures. Sections 85A and 85B raise a presumption as regards electronic
contracts, electronic records and digital signature certificates and electronic messages.

11
 Case Law

State of Punjab v. Amritsar Beverages Ltd.

The sales tax department conducted a raid in the premises of the company and a
large number of documents contained on the hard disk of the computers were seized.
The state sales tax law says that the officer seizing the books and registers shall give a
receipt to the dealer and the latter shall give a receipt in writing. The officer, before
returning them, shall affix his signatures and seal on the pages of the books. The dealer
shall mention the pages on which these are done.

The problem here was that all these cannot be done on a computer disk. The
dealer did not come to verify the data but instead filed a writ petition asking the high
court to order the authorities to return the books and disk. The high court ordered so
and imposed a fine personally on the officers concerned for withholding the documents.
Therefore, the government appealed to the Supreme Court.

The Supreme Court recognized that in the case of a hard disk, literal compliance
of the provision of law was impossible. It said that nothing prevented the authorities
from making copies of the hard disk or obtain a hard copy and fix their signatures or
official seal in physical form and furnish a copy to the dealer. If the sales tax department
could not think of this, at least the high court should have devised the method, as the
problem arose for the first time. It called upon the authorities to avoid such
controversies in future by adapting the letter of the law to the present situation.

12
 Conclusion

The Information Technology Act, 2000 detail various aspects and issues concerning to
Certification Authorities for digital signatures. These rules specify the manner in which
information has to be authenticated by means of digital signatures, the creation and
verification of digital signatures, licensing of certification authorities and the terms of
the proposed licenses to issue digital signatures. The said rules also stipulate security
guidelines for certification authorities and maintenance of mandatory databases by the
said certification authorities and the generation, issue, term and revocation of digital
signature certificates.

The information in the electronic format has been granted legal validity and
sanction, digital signatures have been defined and made legal. It is now possible to
retain information in an electronic format. Electronic contract has been recognized to be
legal and binding. Some types of cyber crimes have been defined and made punishable
offences like hacking, damage to computer source code, publishing of information which
is obscene in the electronic form, breach of confidentiality and privacy and publishing
digital signature certificate false in certain particulars and for fraudulent purpose.

Bibliography
13
 Prof. S.R. Bhansali, Information Technology Act 2000, Ed. 2003, University Book
Publication
 Rustard, Daftray, E-Business Legal Hand Book, Ed. 2001, Aspen Law &
Publication.
 http://www.pkiforum.org/resources/laws_regulations/
 http://www.businessstandard.com/common/storypage.php?
storyflag=y&leftnm=4&leftindx=4&subLeft=2&autono=103107
 http://en.wikipedia.org/wiki/Digital_signature
 www.youdzone.com/signature.html

14