Public Key Infrastructure (PKI) technology proven as the only technology available today in India (& globally also) that ensures non-forgeable signatures.

In a PKI system, each user has two keys: a public key and a private key. These keys can be used for encrypting and decrypting information, for digitally signing electronic information and for verifying the authenticity of their owner. While the public key is distributed widely, the corresponding private key is held by its owner in a secure place. While both keys are mathematically related, the public key cannot reveal the private key. This makes PKI a great technology for Digital Signatures.

Only Public Key Infrastructure (PKI) digital signatures meet the requirements for such signatures. Digital signatures provide not only stronger user authentication, but also protect the integrity of the data signed, thus ensuring non-repudiation of the transaction by the signer.

The Indian IT ACT gives the legal sanctity to usage of Digital Signature Certificates in India. For example, they are used while eFiling Tax returns, submitting tenders, applying for Import/Export License, etc.

I. Class 3 : These certificates are majorly used for eTendering. The verification requirements are (i) Paper based application form and supporting documents for Organisation (ii) PAN Based and supporting documents or (iii) Aadhaar eKYC OTP + Video Verification .. The Private Key generation and storage should be in Hardware cryptographic device validated to , FIPS 140-2 level 2.

II. Special Purpose Certificate : Secure Socket Layer (SSL) and Document Signer Certificate are special purpose certificates used for Website (HTTPS) and bulk signing at the server respectively.

You can use Digital Signature Certificates for the following:

• For sending and receiving digitally signed and encrypted emails.
• For carrying out secure web-based transactions, or to identify other participants of web-based transactions.
• In eTendering, eProcurement, MCA [for Registrar of Companies], Income Tax [for e-filing income tax returns] Applications and also in many other applications.
• For signing documents like MSWord and PDFs.

Plays a pivotal role in creating a paperless office.

Yes, subsequent to the enactment of Information Technology Act 2000 in India, Digital Signature Certificates are legally valid in India.

Digital Signature Certificates are issued by licensed Certifying Authorities under the Ministry of Information Technology, Government of India as per the Information Technology Act.

Application processing for Digital Signature Certificates comprises of seven:

• a – System performs Mobile verification though SMS “OTP” and Email verification through “Verify email link” with XtraTrust.  
• b – Insert eKYC  details based on category of DSC 
• c – Upload Scanned documents 
• d - Payment transection  
• e - Record Interactive live Video though webcam, Andorid and IOS Mobile Application 
• f - Final Verification from Xtratrust
• g - Download of the certificate. 

A DSC can be issued upto three year validity.

RCAI is the Root Certifying Authority of India. It was established by the CCA under Section 18(b) of the IT Act and is responsible for digitally signing the public keys of all the licensed CAs in the country. The RCAI root certificate is the highest level of certification in the country. The RCAI root certificate is a self-signed certificate.

The key activities of the RCAI include:

• Digitally signing licenses issued by CCA to CA
• Digitally signing public keys corresponding to private keys of a CA
• Ensuring availability of these signed certificates for verification by a Relying Party through the CCA or CA website

XtraTrust follows stringent verification procedures as laid down by Govt. of India. Refusal to issue a Digital Signature Certificate is a result of Incomplete application, information or wrong information is the common causes for such refusal.

No, XtraTrust does not provide any refund of fees paid for the digital signature certificates.

A Digital Signature Certificate can be revoked under circumstances such as the following

• Users suspect compromise of certificate private key.
• USB Token containing the DSC lost
• Change of personal data.
• Change of relationship with the organization

The Certificate Revocation List (CRL) is a list of certificates that have been revoked by the CA, and are therefore no longer valid.

The Certificate Current Practice Statement is a statement of the practices that a Certification Authority (CA) employs for issuing and managing certificates. A CPS may take the form of a declaration by the CA of the details of its system's trustworthiness and the practices that it employs both in its operations and in its support of issuance of a certificate.

A Subscriber Agreement is an agreement between Subscriber and XtraTrust stating that the subscriber will use the Digital Signature Certificate for the assigned use or objective and that the subscriber is solely responsible for the protection of the private key and ensuring functionality of the unique key pair. The subscriber also agrees through the Subscriber Agreement that all the information provided to XtraTrust at the time of registration is accurate. In the event of any change in information, the subscriber is obliged to immediately inform XtraTrust.

XtraTrust is not responsible for any legal disputes arising due to misrepresentation on the part of the subscriber.

DSC issuance would require four business days from the date of submitting the application.        

      a. Paper base DSC: DSC Issuance would require four business days from the day of registration.  

      b. Paperless DSC:  DSC issuance would require fewer time. 

Selection of certificate class depends completely on your usage and security requirements. A rough guideline is provided below on the applicability of various levels of certification:

• Class 3 – for eProcurement, eTicketing, Income Tax eFiling, MCA21

Procuring a Signing Certificate or Signing with Encryption depends on the requirement where you are using it.

Selection of a certificate type depends completely on your requirement i.e where you are using. The options available to you from XtraTrust are:

• Signature - Certificate with this key usage, can be used for only digitally signing documents, emails and online transactions.
• Encryption - Certificate with this key usage, can be used for only encrypting documents, emails and online transactions.

No. However as physical verification is mandatory as per CCA for Class 2 & Class 3 DSCs, you have to record a live video of yourself with min. 20 second duration and upload it with the XtraTrust on the link provided to you while processing your application for DSC Issuance. Please note that only live recording is allowed. No pre-recorded clip or video will be accepted. 

XtraTrust has a strict policy on the use of applicant and customer information & will not disclose such information, except as required by the law.

Visit our website www.xtratrust.com to renew your DSC.

Please visit our web page www.xtratrust.com/dsc-commercials for our offerings.

Class 3 only sign PAN based DSC.

No, because the revocation request can only be made by-

• The Subscriber in whose name the certificate has been issued.

• The duly authorized representative of the subscriber.

• Authorized personnel of the XtraTrust or RA when the subscriber has breached the agreement, regulation, or law that may be in force.

If you believe that your private key is compromised, immediately inform about this through email to XtraTrust help desk at support@xtratrust.com. The certificate revocation form is also available on the XtraTrust at Revocation Form which can be filled in and sent to XtraTrust office for processing of the revocation request.

No fee is charged for certificate revocation and the serial number of your Digital Certificate will be immediately displayed in the certificate revocation list on successful revocation of your Digital Certificate.

OCSP which stands for online certificate status protocol, is another mechanism to check the validity of a digital certificate. Whenever a user tries to use the digital certificate over the server, OSCP requests a validity check, the server responds back with the status of the digital certificate.