FAQ

This section contains a wealth of information, related to E-filing If you cannot find an answer to your question, make sure to contact us.

A digital signature is an electronic form of a signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and also ensure that the original content of the message or document that has been sent is unchanged. Digital signatures are easily transportable and cannot be imitated by someone else. The ability to ensure that the original signed message arrived means that the sender cannot easily disclaim it later.

An electronic document is any document that is generated or stored on a computer, such as a letter, a contract, or any such document. In addition, an electronic document can be an image, such as a blueprint, a survey plat, a drawing, or even a photograph. A digital signature can be used to sign these documents.

An application for the digital signature certificate is required to be made to any one of the Licensed Certifying Authority in their prescribed Form accompanied by Proof for identification and other verifications as may be prescribed..

No, there is no threat to the security of the owner / users digital signature, if the private key lies on the smartcard /crypto token and does not leave the SmartCard/cryptotoken.

A digital signature is an electronic method of signing an electronic document whereas a Digital Signature Certificate is a computer based record that:

  • Identifies the Certifying Authority issuing it.
  • Has the name and other details that can identify the subscriber.
  • Contains the subscriber’s public key.
  • Is digitally signed by the Certifying Authority issuing it.
  • Is valid for either one year or two years.

A Digital Signature Certificate (DSC) explicitly associates the identity of an individual/device with a two keys – public and private keys. The certificate contains information about a user’s identity (for example, their name, pincode, country, email address, the date the certificate was issued and the name of the CA. These keys will not work in the absence of the other. They are used by browsers and servers to encrypt and decrypt information regarding the identity of the certificate user. The private key is stored on the user’s computer hard disk or on an external device such as a USB token. The user retains control of the private key; it can only be used with the issued password. The public key is disseminated with the encrypted information. The authentication process fails if either one of these keys in not available or do not match. This means that the encrypted data cannot be decrypted and therefore, is inaccessible to unauthorized parties.

Specific Questions

A Digital Signature Certificate, like hand written signature, establishes the identity of the sender filing the documents through internet which sender can not revoke or deny. Accordingly, Digital Signature Certificate is a digital equivalent of a hand written signature which has an extra data attached electronically to any message or a document. Digital Signature also ensures that no alterations are made to the data once the document has been digitally signed. A DSC is normally valid for 1 or 2 years, after which it can be renewed.

A Digital Signature is a method of verifying the authenticity of an electronic document. Digital signatures are going to play an important role in our lives with the gradual electronisation of records and documents. The IT Act has given legal recognition to digital signature meaning, thereby, that legally it has the same value as handwritten or signed signatures affixed to a document for its verification.

The Information Technology Act, 2000 provides the required legal sanctity to the digital signatures based on asymmetric cryptosystems. The digital signatures are now accepted at par with handwritten signatures and the electronic documents that have been digitally signed are treated at par with paper documents.

Based on usage the Digital Signature can be categorized into 3 broad categories which are as under

Class 2 – This is generally used for filing documents Income Tax, Registrar of Companies and VAT.

Class 3 – This is required for e-tendering, which is a procurement process that is conducted online. Some of the areas it helps in include:

  • Supplier registration/expression of interest
  • Contract download
  • Submission of bid document
  • Evaluation of tenders (May or may not involve e-auctions)

DGFT DSC – DGFT Digital Certification facility offered by us finds extensive usage among Exporters & Importers. Operated under Directorate General of Foreign Trade (DGFT), it is a solution developed for Exporter-Importer community in India that enable them to interact as well as transact with DGFT online with security and confidence. Digital Signature Certificate that is specially designed for Indian Exporters or Importers that enables digital signing of online License applications Benefits of using Safe EXIM:

  • Cost Savings
  • DGFT has extended attractive monetary incentives for Safe EXIM users
  • DGFT charges only 50% of application fee for applications that are digitally signed using Safe EXIM
  • Reduced turnaround time by DGFT for license issuance
  • Convenience & Security
  • Logon to DGFT portal using Safe EXIM is far more secure than using user ID / Password based system
  • Making impossible Impersonation of client’s or their organization online
  • Confidentiality of the transaction assured
  • Integrity of information submitted online no longer in doubt
  • Fraud minimized as the data cannot be tampered with
  • Digitally signed applications that ensure non-repudiation, thus bringing trust as well as confidence into entire online experience
  • Usage of Safe EXIM reduces paperwork considerably for user, thus bringing down associated costs

Under MCA21 Every person who is required to sign manual documents and returns filed with ROC is required to obtain a Digital Signature Certificate (DSC). Accordingly following have to obtain Digital Signature Certificate:

  1. Directors
  2. Auditors
  3. Company Secretary – Whether in practice or in job.
  4. Bank Officials – for Registration and Satisfaction of Charges
  5. Other Authorized Signatories.

a) It can be misused by anyone who is having access to your computer system.
b) DSC is lost if computer system is formatted or internet explorer is changed. Accordingly, safe and proper method is to keep DSC on e-token, a small USB port devise, which is password protected. The said e-token is a small hardware device and can be plugged to USB port of any system to digitally sign the documents and when not in use can be kept in safe custody.

Ministry of Company Affairs, Government of India (GoI) has initiated MCA21 program, for easy and secure access to its services in a manner that best suits the businesses and citizens. MCA21 is envisioned to provide anytime and anywhere services to businesses. It is a pioneering program being the first mission mode e-governance project being undertaken in the country. This program builds on the GoI vision to introduce a Service Oriented Approach in the design and delivery of Government services, establish a healthy business ecosystem and make the country globally competitive.The MCA21 application is designed to support Class 2 & 3 Digital Signature Certificates (DSC) issued by licensed Certifying Authority under Controller of Certifying Authorities.Those individuals recommended and forwarded by Superior Authority or those who approach any RA office operating under CA with proper certification from Chartered Accountant/Cost Accountant can avail our certification services for obtaining digital certificate.

The certifying authority, on receipt of the application, after due consideration of the certification statement and other particulars and enquiry, can grant the DSC. Discretion is vested with the certifying authority to reject any application. Reasons should be recorded in case of rejection.

For issuing the DSC, the certifying authority should take into consideration the following points:

  • The applicant holds the private key corresponding to the public key to be listed in the DSC.
  • The applicant holds the private key, which is capable of creating a digital signature.
  • The public key to be listed in the certificate can be used to verify a digital signature affixed by private key held by the applicant.

DSC of Class 2 and Class 3 category issued by a licensed Certifying Authority (CA) needs to be obtained for e-filing on the MCA Portal.

The cost of obtaining a digital signature certificate may vary as there are many entities issuing DSCs and their charges may differ.

The Certifying Authorities are authorized to issue a Digital Signature Certificate with a validity of at least one year.

Digital Signatures are legally admissible as per IT ACT 2000.

You can store your Digital Signature in a Pen Drive/ Removable Media to carry the same to the PFO for digitally signing the e-forms.

Digital Signature Certificate (DSC) is not required by Companies but by individuals. For example the Director or the Company Secretary, signing on behalf of the Company requires a DSC.

No. it is mandatory to have a valid digital signature certificate for e-filing the forms on MCA portal.

No. A DSC is unique to each individual. If a professional has obtained a DSC, he/ she can use the same DSC for e-filing of forms for multiple companies, provided he/ she has been authorized to do so by the respective companies.

Yes. If the Company Secretary is an authorized signatory, he/ she is required to obtain a DSC.

You should keep the media carrying your digital signature safely and not disclose your password to anybody.

Digital Signatures are password protected and cannot be copied from a digitally signed document.

There is no difference between the two signatures. Only the media differs.

Both have their own advantages and disadvantages. It all depends upon the comfort level of subscriber and his intended usage of the same. Both require passwords for usage. Also seeGeneral FAQs contains information on Public Key Infrastructure (PKI), Cryptography, Digital Signature Certificates and Digital Signature technology.Digital Signature Certificates: An Introduction.

The same reason you trust what is stated in a driver’s license: endorsement by the relevant authority (Department of Transport) in the form of a difficult to forge signature or stamp of approval. Digital Signature Certificates are endorsed in a similar manner by a trusted authority empowered by law to issue them, appropriately known as the Certifying Authority or CA. The CA is responsible for vetting all applications for Digital Signature Certificates, and once satisfied, “stamps” its difficult to forge digital signature on all the Digital Signature Certificates it issues, attesting to their validity.

Three uses are outlined here. Your Digital Signature Certificate could be used to allow you to access membership-based web sites automatically without entering a user name and password. It can allow others to verify your “signed” e-mail or other electronic documents, assuring your intended reader(s) that you are the genuine author of the documents, and that the content has not been corrupted or tampered with in any way. Finally, Digital Signature Certificates enables others to send private messages to you: anyone else who gets his/her hands on a message meant for you will not be able to read it.

Digital Signature Certificates and the CA are just two elements of the Public Key Infrastructure (PKI), an overall Internet security system. Once the PKI is operational, everyone who has a Digital Signature Certificate can be traced and held accountable for their actions. Consequently, uses for the Internet, which could not be fully realized before, will finally take off: electronic banking and commerce (funds transfer, buying and paying on-line), on-line transactions with government agencies (applying for and renewing ICs, licenses, paying fines and bills), and on-line transactions between businesses. The day when the only way to do some of these transactions is through the Internet may not be too far off. Everyone who wants to be part of it will need Digital Signature Certificates.

The PKI is the overall system of identifying parties on the Internet using their certificates. It is headed by a Certifying Authority that is responsible for issuing and verifying the validity of the Digital Signature Certificates.

Cryptography is the science of enabling secure communications between a sender and one or more recipients. This is achieved by the sender scrambling a message (with a computer program and a secret key) and leaving the recipient to unscramble the message (with the same computer program and a key, which may or may not be the same as the sender’s key). There are two types of cryptography: Secret/Symmetric Key Cryptography and Public Key CryptographyThe emphasis of cryptography is on data confidentiality, data integrity, sender authentication, and non-repudiation of origin/data accountability.

Physical keys are used for locking and unlocking. In cryptography, the equivalent functions are encryption and decryption. A key in this case is an algorithmic pattern or rule(s) to render the message unreadable. Below is a simple example of how key is used in a symmetric cryptography. Plain text: transfer rupees five thousand Key: forward shift all letters by 1 position, i.e. a becomes b, b becomes c, etc Ciphered text (after encryption): usbtgfs svqfet gjwf uipvtboeTo decipher text: backward shift all letters by 1 position, giving: transfer rupees five thousandIn practice the key has to be much more complicated than this.

Encryption is the transformation of information from readable form into some unreadable form.

Decryption is the reverse of encryption; it’s the transformation of encrypted data back into some intelligible form.