Digital Signature Certificates/Digital signatures 
  • Q. What is a digital certificate or a digital signature certificate (DSC)?
    Ans.A digital certificate or a digital signature certificate(DSC) is a digital record of credentials of an individual or an organization. It verifies the ingenuity of an entity involved in an online transaction. DSCs come in handy during online transactions including e­-filing of income tax return, e-­tendering, online monetary transactions etc. over the internet. They are also used during exchange of confidential information through e­mails to ensure security and originality of the information as well as its sender.
  • Q. What is a digital signature?
    Ans. A digital signature is an electronic form of signature which verifies the authenticity of a digital document. Digital signatures also verify the identity or authenticity of the sender of the information over the Internet. They also add up to security measures employed during any online transactions.
  • Q. What is the difference between a digital signature and a digital signature certificate (DSC)?
    Ans. Digital signatures offer authenticity verification, privacy and security to its users during online transactions and exchange of information. Digital signatures are used for secure messaging, online banking application use, secure online workflow applications, supply chain management etc.

    Digital signature certificate contains the record of the holder of the certificate and details of the digital certificate.

    These are digital documents which verify that a digital authentication associated to an individual or a specific entity does exists. Digital certificate helps prevent any sort of jeopardy to the identity and security of an individual or an entity, from an impersonator.
  • Q. Why do I need a Digital Signature Certificate?
    Ans. A digital signature certificate is an electronic authenticity of one’s identity. It also offers a top ­notch security and privacy to user’s online transactions. Certificates can also be used to encrypt the information which will ensure that only the intended recipient can go through it. Digitally signing an information also assures the user that the information cannot be changed by a third party half way during transaction. It also verifies user’s identity as the sender of the information.
  • Q. What are the different types of DSC?
    • Class 1 certificate: This digital certificate is issued to an individual for personal use. User may employ the certificate to prove the authenticity of his identity or of the information shared by him. It is mandatory for an individual, applying for a class 1 certificate, to have a valid e­mail id.
    • Class 2 certificate: This sort of digital signature is issued to individuals involved with an organization as well as for the personal use of an individual. Class 2 certificate is used to complete transactions which involves the Ministry of corporate affairs or the Registrar of companies. A person applying for a class 2 certificate needs to present a valid identity proof as well as the address proof.
    • Class 3 certificate: Considered as the most exclusive digital certificate of all, class 3 certificate is the definitive identity authentication and security mean. It is mandatory for organizations and individuals involved in online e-­tendering, e-­procurement, patent filing and trademark filing process to have a valid class 3 certificate. It is essential for the person applying for this sort of certificate to register his physical presence before the certifying authority.
  • Q. What is a Root certificate?
    Ans. A root certificate is self ­signed or self recognized public key certificate that identifies the Root Certificate Authority (CA). Root Certifying Authority of India (RAI) is responsible for issuing root certificates in India.
  • Q. What is Digital Time Stamping?
    Ans. As the name suggests,a digital time ­stamping service issues time­ stamps. The function of Digital time stamp is similar to any other time stamp i.e. to denote date & time of an action on a document. Digital time­stamps are used to verify the original date of creation of a document.
  • Q. Are Digital Signatures legally valid in India?
    Ans. Yes, the Information Technology Act of 2000 confirms the legal validity of digital signatures in India.
  • Q. Where can I use Digital Signature Certificates?
    Ans. You can use Digital Signature Certificates for:
    • Secure exchange of information and online transactions
    • Encrypting an information in an e­mail
    • Identifying participants of an online transaction
    • Proving authorship of a digital content
    • Filing income tax returns
    • Transactions with Ministry of Corporate Affairs
    • Applying for e­-tenders
    • Proving the authenticity of a trademark
Public Key Infrastructure & Cryptography 
  • Q. What is Public key infrastructure (PKI)?
    Ans. PKI or Public Key Infrastructure is a set of comprehensive system policies, procedures, and technologies working together to allow secure and confidential communication between internet users. It involves encryption of information at the sender's end and decryption at receiver's end.
  • Q. How are PKI and security associated?
    Ans. PKI manages and regulates cryptography i.e. encryption and decryption of data, which is a security measure for safe keeping of confidential data. PKI accomplishes this task by pro-offering the facility of encoding an information at sender's end and decoding it on the receiver's end.
  • Q. What is cryptography?
    Ans. Cryptography is the practice of employing encryption and decryption techniques for a secure sharing and storing of data and information across insecure networks such as the Internet, in a secure manner. Cryptography essentially comprises of encrypting the information at one end and decrypting it at the other end. Encrypted data remains hidden and inaccessible to everyone except the intended recipient.
  • Q. What is encryption and decryption of data?
    Ans. Encryption is the process of encoding a message or a piece of information in such a manner, that only the authorized party can receive and go through it. The sender of the information uses an encryption key to scramble information so that it is unintelligible to adversaries.

    Decryption is the complementary process of encryption. A user who receives an encrypted data needs to decrypt it before he can go through it. Decryption converts the scrambled information back to its original form by the use of a decryption key.
  • Q. What are the types of cryptography?
    Ans. Symmetric, or secret key, cryptography uses a single key to both encrypt and decrypt the data.

    Asymmetric, or public key cryptography is a method for securely exchanging messages, by assigning a complimentary pair of keys, one public and one private, to the individuals involved in the exchange of information.
  • Q. What is the difference between public and private keys?
    Ans. Private key is one of the key of a key pair used to create a Digital Signature. Private key is kept confidential.

    A Public Key, as the name suggests, is made available to everyone.
  • Q. How does a Digital Certificate work in Public Key Infrastructure (PKI)?
    Ans. Public Key Infrastructure is the regulatory process behind the use and functioning of digital certificates. PKI employs cryptography in digital signature certificates for controlling the flow of information and limiting it to intended recipients. The certificate contains information about a user's identity along with the public key for accessing the information.

    The private key is retained with the digital certificate holder on a computer hard disk or on an external device such as a smart card. The owner of the digital certificate is in control of the private key which can only be used with the issued password.
  • Q. What is the difference between digitally signing and encrypting an e­mail?
    Ans. Digitally signing an e­mail message comprises of attaching a Digital Certificate to it so that the recipient is reassured that the sender of the information is authentic and the information has not been tampered midway. Although, signing a message does not ensures protection from third party monitoring.

    Encrypting a message ensures that the information being shared on an insecure network can be accessed by the intended recipient of the information only. This is a safeguard measure against monitoring of confidential information. In order to send a signed message, you must have a Digital Certificate. Encrypting a message requires the sender to have the recipient's Digital Certificate.
  • Q. What actually happens when I digitally sign any transaction?
    Ans. Once a transaction is digitally signed, it gets encrypted by a private key. When the recipient receives the information with the digital certificate attached to it, he can verify the information using the public key associated to the certificate.

    Thus, signing a transaction:
    • Verifies a user's identity and maintains non-repudiation of information
    • Establishes user's credentials to perform the transaction
    • Protects the integrity and ingenuity of the information itself.
    Once a transaction is digitally signed by a user, it offers a substantial proof of involvement of user in the transaction, this is referred to as non-repudiation of information.
Authorities, Agreements & Protocols 
  • Q. What is a Certifying Authority?
    Ans. Certifying Authorities are licensed bodies which facilitate digital signature certificate. Certifying authorities are regulated by the Controller of Certifying Authorities (CCA), a government of India endeavour. They are licensed to issue, revoke, renew and cache digital signature certificates.
  • Q. What is CCA?
    Ans. The Controller of Certifying Authorities (CCA) is a subsidiary of the Government of India. It issues license to CAs and regulates their working. The CCA offers certification to public keys of CAs. The Controller of Certifying Authorities (CCA) has been appointed by the Central Government of India under section 17 of the IT Act 2000, to monitor all the CAs in the country.
  • Q. What is the role of CCA?
    Ans. The role of the Controller of CAs (CCA) is to regulate and license the activities of CAs. As CAs perform a trusted role in verifying the identities of parties in electronic transactions, the CCA seeks to provide the assurance that the CAs' responsibilities are met and that these services are made available with apt security and service standards.
  • Q. What is RCAI?
    Ans. RCAI or the Root Certifying Authority of India is responsible for digitally signing the public keys of all the licensed CAs in India. It was established by the CCA under Section 18(b) of the IT Act 2000. The RCAI root certificate is the highest level of digital certification in the country and hence RCAI root certificate is a self ­signed certificate.

    The key activities of the RCAI are:
    • Digitally signing licenses issued by CCA to CA
    • Digitally signing public keys corresponding to private keys of a CA
    • Ensuring availability of signed certificates for verification by a relying party through the CCA or CA.
  • Q. What is NRDC?
    Ans. CCA is also responsible for maintaining the National Repository of Digital Signature Certificate (NRDC), which is a storage facility of all the digital certificates issued by numerous CAs in India. NRDC is also responsible for keeping a record of all the expired and revoked digital certificates and facilitates verification of public keys issued by various CAs.
  • Q. What is a Associate?
    Ans. An Associate is an official for a Certifying Authority available for the subscriber to initiate the application/registration process. Associate collects the filled in application form along with admissible documents. The application form and the documents are then verified for their authenticity and accuracy. Once the verification is approved by the associate the application is processed further and the certificate is produced.
  • Q. What are Certificate Policies?
    Ans. Certificate Policies describe details of different classes of certificates issued by a Certifying Authority. These details include procedures involved in the issuance and revocation of digital certificates and terms of usage of certificates.
  • Q. What is Certification Practice Statement (CPS)?
    Ans.Certification Practice Statement is a statement of practice or a code of conduct, employed by a licensed Certifying Authority in issuing and managing digital certificates. A CPS may be drafted by the CA as a declaration with the details of its management system and the practices it employs in its operations for issuance of a certificate.
  • Q. What is a Subscriber Agreement?
    Ans. Subscriber Agreement is an agreement between a subscriber and a Certifying Authority for the provision of designated public certification services in accordance to a Certification Practice Statement.
  • Q. What is key agreement protocol?
    Ans. A key agreement protocol is a secure and convenient mode for two or more parties to resolve upon a key to be used for a secret ­key cryptography. It is also referred to as key exchange protocol. Key agreement protocol allows users to share keys freely and securely over any insecure medium, without employing the use of a previously established shared secret.
  • Q. What does "Relying Party" mean?
    Ans. A Relying Party is an individual or an entity that relies on the information provided in a digital certificate.
Certificate Validation Mechanism 
  • Q. What is Certificate Validation?
    Ans. Certificate Validation refers to the procedure of determining the status of a certificate I.e. whether it is valid, expired or revoked. Digital certificates has a validity period of one , two and three years.
  • Q. What is Certificate Validation Mechanism?
    Ans. It is the mechanism used to check the validity of the digital signature certificate, every time a digital signature certificate is used to sign a transaction. This ensures that the certificate has not been revoked or expired.
  • Q. What are the various validation mechanisms available?
    Ans. One can validate a certificate by using one of these mechanisms; CRL, OCSP or CAM.
  • Q. What is Certificate Revocation?
    Ans. Certificate Revocation is the cancellation of the Digital Signature Certificate.

    A certificate may be revoked because of any of the following reasons:­
    • In accuracy in the data on the digital certificate
    • ­
    • Revocation on the request from the subscriber of the digital certificate.
    • ­
    • In case of secrecy of private key being compromised
    • ­
    • Change of any information on digital certificate.
  • Q. What is Certificate Revocation List (CRL) ?
    Ans. Certificate Revocation list is a list published by Certifying Authorities which contains detail of all the digital certificates that have been revoked ,expired or are considered no longer valid. The CRL is updated on a periodic basis and published at regular intervals by Certificate Authorities.
  • Q. What is a CRL Validation?
    Ans. CRL validation is one of the mechanisms to check the validity or status of the Digital Signature Certificates. A digital certificate can be checked against the list of digital certificate enlisted in CRL. If the details of a digital certificate are present in the CRL, it implies that the digital certificate is no longer valid.
  • Q. What is OCSP Validation ?
    Ans. OCSP which stands for online certificate status protocol, is another mechanism to check the validity of a digital certificate. Whenever a user tries to use the digital certificate over the server, OSCP requests a validity check,the server responds back with the status of the digital certificate.
  • Q. What is CAM?
    Ans. The Certificate Arbitrator Module (CAM) provides validation services across different vendors of the ACES (Access certificates for electronic services) program.
  • Q. Why do I need to validate a Digital Certificate?
    Ans. Validation of a Digital Certificate is required to check the status of a digital certificate, to ensure that the digital certificate is valid for use and has not been revoked, changed or has expired.
  • Q. What is an e-­token?
    Ans. An E-tokens is a secure hardware device that contains private and public key certificates, and a cache of other certificates. E-Tokens enhance the security of data on public and private networks. E-tokens can be used to generate and provide secure storage for passwords and Digital certificates, for secure authentication, digital signing and encryption.
  • Q. What is a hash algorithm?
    Ans. A hash algorithm is a function that converts a data string into a numeric string output of a fixed length which is generally much smaller than the original data. Hash algorithm can be used in the encryption and decryption of digital signatures. The hash function transforms the digital signature, then both the hash value and signature are sent to the receiver. The receiver uses the same hash function to generate the hash value and then compares it to that received with the message. If the hash values are the same, it is likely that the message was transmitted without errors.
  • Q. What is Cryptographic Service Provider?
    Ans. Cryptography Service Provider or CSPs, provide hardware and software based encryption and decryption. A CSP is responsible for creating and revoking keys, and using them to perform a variety of cryptographic operations.
  • Q. What is SSL (secure socket layer)?
    Ans. An SSL (Secure Sockets Layer) is a standard security technology. It provides a secure connection between internet browsers and websites, allowing you to transmit private data online. Websites frequently use SSL technology for secure online monetary transactions through credit cards or internet banking.
  • Q. What is MIME?
    Ans. Multipurpose Internet Mail Extensions, (MIME) is an Internet standard format that allows the attachment and sending of non-text files including compressed files, sound clips, graphics file, videos to an e-mail.
  • Q. What is Secure Multipurpose Internet Mail Extensions (S/MIME)?
    Ans. S/MIME, which abbreviates from Secure/Multipurpose Internet Mail Extensions, is a standard for public key encryption and signing of MIME data i.e. an email message. It defines the specifications to support the signing and encryption of e-mail security to be transmitted across the Internet.
  • Q. What do X.509 and X.500 mean?
    Ans. X.509: - is an standard for a public key infrastructure (PKI) to verify that a public key belongs to the user, computer or service identity contained within the certificate.An X.509 certificate contains information about the identity to which a certificate is issued and the identity that issued it.

    X.500: - The X.500 directory service is a global directory service whose components cooperate to manage information about objects including countries, organizations, people and machines in a worldwide scope. It provides the ability to look up information by name and also to browse and search for information.
  • Q. What is Message Digest?
    Ans. Message digests are designed to protect the integrity of a piece of data or media to detect changes and alterations to any part of a message.

    They are a type of cryptography utilizing hash values that can warn the copyright owner of any modifications introduced to their work.

    Each message digest hash number is specified for a particular file containing protected work. Thus, one message digest is assigned to particular data content. It refers to any change made deliberately or accidentally to the protected work. It also prompts the owner to identify the modification as well as the individual making the change.
  • Q. What is PKCS ?
    Ans. The Public-Key Cryptography Standards (PKCS) are a set of inter vendor standard protocols for making possible secure information exchange on the Internet using a public key infrastructure (PKI). PKCS or public key cryptography standards are formulated and published by the RSA security which also promotes the use of cryptographic techniques. It can be said that PKCS includes all the techniques that are used in modern day cryptography.
  • Q. What is Smart Card?
    Ans. A smart card is a plastic card which looks similar to a credit card. It has a built-in microprocessor and memory which is used for identification during financial transactions. When it is inserted into a reader, it transfers data to and from a central computer. It is more secure than a magnetic stripe card. It can also be programmed for Self-destruction to prevent its misuse. Self destruction is initiated if an unauthorized authentication is being performed several times.
  • Q. What is HSM card ?
    Ans. A hardware security module (HSM) is a hardware device that stores and secures digital keys for authentication and provides cryptographic processing. They are generally in the form of a plug-in card or an external device that is attached directly to a computer or network server.
  • Q. What is MD5 ?
    Ans. The MD5, message-digest algorithm is a widely used cryptographic hash function that is used to verify data integrity through the creation of a 128-bit message digest from data input. MD5 has been utilized in a wide variety of cryptographic applications, it is also used to verify data integrity.
Minimum Requirements 
  • Q. What is the minimum system software and hardware requirement for download a DSC ?

    Ans. Please use a system with a minimum configuration of

    • Windows 7 Sevice pack 1
    • Internet Explorer 9
    • .Net Framework 4.5

    but we would prefer a system with the latest configuration.

    • Windows 10
    • Internet Explorer 11
    • .Net Framework 4.5
Bio-metrics Devices 
  • Q. How to connect Bio-Metrics Devices (Mantra MFS100 and Startek Eng Inc FM220) ?

    1- Install the Cashfingersetup.msi.

    • Download its setup from Utilities in dashboard.
    • Extract and install.

    2- Install the Driver of the respected device.

    • Download the setup
    • Extract it.
    • Right clicking on the setup file and select "Run as Adminstrator".
    • After installation please restart the system if required.

    3- Run Capricorn CA 2014 IE Setting.exe

    • Install "Capricorn CA 2014 IE Setting.exe" from utilities in Dashboard
    • Or you can do the following setting manually.
      • Add and in trusted list.
        • Click on tool and select Internet options.
        • Now select the second tab named "Security", and click on "Trusted sites".
        • Now click add and add in trusted list.
        • Do the same for
      • Enable "initialize and script ActiveX controls not marked as safe for scripting".
        • Now click on Custom Level.
        • Now press "i" button on keyboard. This will directly jump to "initialize and script ActiveX controls not marked as safe for scripting".
        • Enable "initialize and script ActiveX controls not marked as safe for scripting".
        • Now click OK, a dialog box will appear click OK there as well and refresh the page.
    • Now wait a few seconds and the device will appear.
  • Q. How to connect Bio-Metrics Devices (Safran Morpho MSO 1300 E2) ?

    1- Download driver and Install it.

    2- After installation please restart the system if required.

    3- Check in Task Manager for MorphoUtility.exe is running.

    4- Check in Task Manager for MorphoInteractiveService.exe is running.

    Note: If not running, run it from here C:\FingerprintSensors\SMARTCHIP_APPLETLESS

    5- Make sure your Morpho device is connected to PC and Run this url from your browser


    If divice details is shown it means, device is connected and working.