A digital signature mimics in the virtual environment the function of a hand-written signature in printed documents. Information related to a unique user is encrypted in a private key that is appended to any message sent by this user. It authenticates the identity of the user and guarantees the integrity of the message.

A digital certificate is an electronic equivalent of an identification card such as a passport or driving license. It unequivocally establishes the identity of the user when exchanging information over the internet.

A Digital Certificate authenticates your identity electronically. It also provides you with a high level of security for your online transactions by ensuring absolute privacy of the information exchanged using a digital certificate. You can use certificates to encrypt information such that only the intended recipient can read it. You can digitally sign information to assure the recipient that it has not been changed in transit, and also verify your identity as the sender of the message.

Digital Certificates are issued only through a valid Certification Authority (CA), such as e-Mudhra. A digital certificate explicity associates the identity of an individual/device with a pair of electronic keys - public and private keys - and this association is endorsed by the CA. These keys complement each other in that one does not function in the absence of the other. They are used by browsers and servers to encrypt and decrypt information regarding the identity of the certificate user during information exchange processes.

The private key of the CA is integral to the certificate and is kept secret, while the public key is disseminated with the encrypted information. The authentication process fails if either one of these keys in not available or do not match. This means that the encrypted data cannot be decrypted and therefore, is inaccessible to unauthorized parties.

Digital certificates can be used for signing email, encrypting messages, executing electronic financial transactions, e-commerce, securing web servers and much more.

e-Mudhra, a Certification Authority (CA), offers secure digital signatures through various options tailored to suit individual as well as organizational needs.

You can use Digital Certificates for the following:

• For secure email and web-based transactions, or to identify other participants of web-based transactions.
• To prove ownership of a domain name and establish SSL / TLS encrypted secured sessions between your website and the user for web based transactions.
• As a developer, for proving authorship of a code and retaining integrity of the distributed software programs.
• For signing web forms, e-tendering documents, filing income tax returns, to access membership-based websites automatically without entering a user name and password etc.

A digital certificate explicitly associates the identity of an individual/device with a pair of electronic keys - public and private keys - and this association is endorsed by the CA. The certificate contains information about a user's identity (for example, their name, email address, the date the certificate was issued and the name of the Certifying Authority that issued it.).

These keys complement each other in that one does not function in the absence of the other. They are used by browsers and servers to encrypt and decrypt information regarding the identity of the certificate user during information exchange processes. The private key is stored on the user's computer hard disk or on an external device such as a smart card. The user retains control of the private key; it can only be used with the issued password.

The public key is disseminated with the encrypted information. The authentication process fails if either one of these keys in not available or do not match. This means that the encrypted data cannot be decrypted and therefore, is inaccessible to unauthorized parties.

Yes, subsequent to the enactment of Information Technology Act 2000 in India, Digital Signatures are legally valid in India.

A digital signature is an electronic method of signing an electronic document whereas a Digital Certificate is a computer based record that

• Identifies the Certifying Authority issuing it
• Has the name or the identity of its subscriber
• Contains the subscriber's public key
• Is digitally signed by the Certifying Authority issuing it

Personal certificates serve to identify a person. They can be used to secure e-mail correspondence or provide enhanced access control to sensitive or valuable information.

Signing an e-mail message means that you attach your Digital Certificate to it so that the recipient knows it came from you and was not tampered with en-route to their inbox. Signing authenticates a message, but it does not provide protection against third party monitoring.

Encrypting a message means scrambling it in such a way that only the designated recipients can unscramble it. This safeguards messages against monitoring or interception. In order to send a signed message, you must have a Digital Certificate. Since message encryption is done using specific keys available in the certificate, you cannot encrypt a message unless you possess the recipient's Digital Certificate.

You can digitally sign any e-mail as long as the recipient has an e-mail application, which supports S/MIME. However, you cannot encrypt a message, unless you have the recipient's Digital Certificate.

Microsoft Internet Explorer Users: Signed messages will be shown in the inbox (or any other folder) with a red ribbon on the envelope icon. Encrypted messages will show a padlock on the envelope icon.

Netscape Communicator Users: Any signed e-mail you receive will have a prominent icon in the upper-right corner of the message saying "signed" or "encrypted" or both. If you want more information about the security of a message, click on the Security button (padlock icon) above the message.

No, you cannot. A digital certificate e-mail address combination is unique.

Digital signatures for e-tendering are allowed, though with limited scope. The following transactions/instruments are not recognized as per the IT Act 2000:

• Negotiable Instrument as defined in section 13 of 26 of 1881. The Negotiable Instrument Act, 1881.
• A Power-of-Attorney.
• Succession Act/Will.
• Transfer of Immovable property
• Trust

Yes, digital signatures can be employed in wireless networks.

No, you cannot use a Digital Certificate that has been purchased by you as an individual for your website. A Digital Certificate meant for use by an individual is applicable to sending and receiving secure email and executing personal web-based transactions through web browsers. If you require a Digital Certificate for your website, you need to purchase one that is specific to the functionality of the web-based transactions handled on your website.

No. You will not be able to use one certificate on different websites because the certificate is explicitly associated with the exact host and domain name.

No, you control the presentation of your Digital Certificates to websites through the settings in your web browser.

To define whether or not you would like your Digital Certificate to be sent automatically to the websites you access, the set up procedure is as follows:

Microsoft Internet Explorer Users: Internet Explorer always asks you whether to send Digital Certificate information to any website requesting it, and allows you to choose which Digital Certificate to use (if you have more than one installed).

Netscape Communicator Users:

1	Click on the Security Preferences button (the one that looks like a padlock) on the Main toolbar.
2	Click Navigator from the menu on the left.
3	From the "Default Certificate to present to websites" pop-up list, select one of the available options:

• Digital Certificate to use automatically
• Ask every time (the default setting)
• Let Navigator choose

A Certifying Authority is a trusted agency whose central responsibility is to issue, revoke, renew and provide directories for Digital Certificates. According to Section 24 of the Information Technology Act 2000, "Certifying Authority" means a person who has been granted a license to issue Digital Signature Certificates.

The IT Act 2000 details the prerequisites of a CA. Accordingly, a prospective CA has to establish the required infrastructure, get it audited by the auditors appointed by the office of Controller of Certifying Authorities. Subsequent to complete compliance of all requirements, a license to operate as a Certifying Authority can be obtained. The license is issued by the Controller of Certifying Authority, Ministry of Information Technology, Government of India.

A RA (Registration Authority) is an agent of the Certifying Authority who collects the application forms and related documents for Digital Certificates, verifies the information submitted and approves or rejects the application based on the results of the verification process.

e-Mudhra has a Partner Program through which various individuals or organizations can join the country-wide network of Registration Authorities. The applicants need to meet certain eligibility criteria that include being involved in any one of the following businesses/services:

• KYC services
• Already a Registration Authority
• Service providers for Mutual Funds, Data Entry, Courier, AVCV, DSA (Bank), PAN
• Collection and Cash Management or any other similar FOS [Feet on Street] service

e-Mudhra reserves the right to accept or reject applications.

The Controller of Certifying Authorities (CCA) is a Government of India undertaking that is involved in the monitoring and compliance of online security policy implementations in the country. These controls include

• CA key generation, storage, backup and recovery
• CA public key distribution and escrow
• CA key usage, destruction and archival
• CA cryptographic hardware life cycle management
• CA-provided subscriber key management
• Certification practice statement and certificate policy management

In accordance with Section 20 of the IT Act, NRDC is a national repository maintained by the CCA that contains all Digital Certificates and CRLs issued by all the licensed CAs. It also contains all the Digital Certificates and CRLs issued by the CCA through its RCAI. All Relying Parties are allowed to verify the authenticity of a CA's public keys from this repository.

RCAI is the Root Certifying Authority of India. It was established by the CCA under Section 18(b) of the IT Act and is responsible for digitally signing the public keys of all the licensed CAs in the country.

The RCAI root certificate is the highest level of certification in the country. The RCAI root certificate is a self-signed certificate.

The key activities of the RCAI include:

• Digitally signing licenses issued by CCA to CA
• Digitally signing public keys corresponding to private keys of a CA
• Ensuring availability of these signed certificates for verification by a Relying Party through the CCA or CA website

The Certificate Revocation List (CRL) is a list of certificates that have been revoked by the CA, and are therefore no longer valid.

The Certificate Practice Statement (CPS) is a statement of the practices that a Certification Authority (CA) employs for issuing and managing certificates. A CPS may take the form of a declaration by the CA of the details of its system's trustworthiness and the practices that it employs both in its operations and in its support of issuance of a certificate.

Certifying Authorities issue Digital Certificates that are appropriate to specific purposes or applications. A Certificate Policy (CP) describes the different classes of certificates issued by the CA, the procedures governing their issuance and revocation and terms of usage of such certificates, besides information regarding the rules governing the different uses of these certificates.

A Subscriber Agreement is an agreement between Subscriber and e-Mudhra CA stating that the subscriber will use the Digital Certificate for the assigned use or objective and that the subscriber is solely responsible for the protection of the private key and ensuring functionality of the unique key pair. The subscriber also agrees through the Subscriber Agreement that all the information provided to e-Mudhra CA at the time of registration is accurate. In the event of any change in information, the subscriber is obliged to immediately inform e-Mudhra CA.

e-Mudhra CA is not responsible for any legal disputes arising due to misrepresentation on the part of the subscriber.