CDAC through its e-Hastakshara initiative has enabled citizens with valid Aadhaar ID and registered mobile number to carry out digital signing of their documents online. The signing is done securely in a legally acceptable form. At the backend, validation of user is carried out using Aadhaar service that generates a key pair (a public key and a private key) for the user and signs the document. The user is provided with the Digitally Signed Document (DSD) and the Digital Signature Certificate (DSC).
Wide scale usage of smart-phones and ICT devices coupled with range of ICT services being available for users necessitate the need for authentic records and documents online. Prior to implementation of this project, there was no online service for users to get their documents signed instantly. The methods of obtaining DSC and signing a document were not user-friendly.
In issuing online signing service, two major challenges involved were:
- Authentication of the user.
- Trusted method of signing.
In order to do online signing of a document, a citizen with Aadhaar ID and registered mobile number is required to provide the consent, document Hash and Aadhaar authentication input (in XML format). e-Sign service carries out e-KYC through KUA/KSA (KYC User Agency/KYC Service Agency). e-KYC result is returned to the e-Sign service.
On behalf of the user, a key pair is generated consisting of private and public key. Using the e-KYC data, a Certificate Signing Request (CSR) is generated and is signed by the private key of the user. CSR is then signed by CDAC-Certifying Authority (CDAC-CA) for generating the user certificate. Private key of the user is also used to sign the document hash. e-Sign service then returns signature and user certificate to the application for further processing.
Aadhaar based authentication is carried out to address the challenge of authentication of user and Public Key Infrastructure (PKI) is used to securely sign the user document and establish the trust.
e-Hastakshara offers online platform to citizens for instant signing of their documents securely in a legally acceptable form, under the Indian IT Act, 2000 and various rules and regulations therein. CDAC, through its e-Hastakshara initiative, has enabled citizens with valid Aadhaar ID and registered mobile number, to carry out digital signing of their documents online.
The digital certificate offered by CDAC-CA through the e-Sign service to the applicant is for one-time signing usage and shall be of class “Aadhaar-eKYC-OTP”. CDAC utilises the service of Unique Identification Authority of India (UIDAI) for online e-Authentication and Aadhaar e-KYC Service.
As a provider of DSC and e-Sign services, CDAC plays the role of a Certifying Authority under the Controller of Certifying Authorities (CCA).
- No need of hardware tokens.
- e-Sign is an online service and with this, traditional hardware-tokens are not required.
- Instead of manual verification process by a personal visit, e-Sign provides ease of service online based on Aadhaar based e-Authentication.
- e-Sign facilitates an authentication, based on multiple ways such as One-Time-Password (OTP, received through registered mobile in Aadhaar database) or Biometric (fingerprint or iris-scan). CDAC currently provides Aadhar-OTP based service.
- Privacy is protected.