Digital Signature Certificate for Railway

Source of the content-Click here for Railway Board letter

Introduction:-

Digital Signature was inaugurated by the Information Technology Act 2000 and elaborated further in its amendment in 2008.The act provided for the creation of Controller of Certifying Authorities (CCA) which is turn created Certifying Authorities (CA) which formed the Public Key Infrastructure (PKI) for the country.

Features:-

• These are analogous to Handwritten Signature in the digital domain.
• Provides legal validity
• Digital Signature can be verified electronically
• Tempering of Digitally Signed Digital Documents can be detected

Digital Signature Certificate (DSC) is being used on Indian Railway for e-tender, issue of e-Gazette, etc.

Up to 2014, NIC-CA handled the task of providing CA services for all Govt, offices. In July 2014, NIC-CA temporarily stopped issuing/renewing DSC's. In order to circumvent this development. further instructions were issued to permit the procurement of DSC's for official use from any of the certificate Authorities approved by the Controller of Certification Authorities of India (CCA)

A large number of DSC's are already in use in the offices of Indian Railways. These numbers are likely to increase substantially with the introduction of applications like eOffice/SPARROW/PRISMetc.

There is a need to ensure uniformity of DSC's and its associate software, which are already functional or likely to deploy in the future.

Require document for DSC’s-

1. AadhaarID
All applicant shall have an Aadhaar ID
2. Personal Email ID
All applicants shall have a personal email ID. The applicant shall ensure that the email account is functional.
The email account mandatorily requires the user to register a cellphone number. The number used should preferably be such that it remains permanently with the user and an officially issued cellphone number should be avoided.

Class selection of DSC's-

1. DSC's are classified into different classes by the CCA, namely- Class 0, Class 1, Class 2, Class 3. Although other classes are permitted these are special cases.
   Class 2 DSC's Shall be used by default DSC's for application on Indian Railways.
   Class 3 DSC's shall be mandated, where required especially for financial transactions.
2. The private key associated with the digital signatures needs to be stored securely. For application on Indian Railways, USB Crypto Tokens shall be used by default for the storage of the private key and associate certificates. Any other option for storage shall be used after approval by the C&IS Directorate of Railway Board.

Purchase of DSC-

DSC services and required crypto-tokens shall be purchased only from theCCA approved Certification Authorities (CA). The website of CCA shall be checked to ascertain the approved agencies.

In order to facilitate e-Governance initiatives, the National Informatics Centre (a unit of the Department of Electronics and Information Technology), has delegated procurement of DSC’s and tokens to its PSU NIC Services Incorporated (NICSI).

NICSI provides a large range of services for e-Governance projects; therefore they pre-ensure the working of DSC drivers with most applications. Therefore it is recommended that DSC’s and tokens should be sourced from NICSI. 

In case, for any reason, DSC’s/ tokens need to be procured from other CCA approved sources, it shall be ensured by the indentor/purchaser that the DSC software is compatible with the applications on which these are planned to be used.

Registration Guide-

The application forms for DSC’s and tokens are service provider-specific. Forms and instructions under the head ‘DSC and Token” may be followed on the CNISI website.

Please use the following as a guide to filling to the registration form:

1. Please select Class 2 by default or. Class 3 if required. (Class 2 and Class 3 are technically almost the same. However, the identity verification guidelines, issued by CCA, mandate physical verification of the applicant making the application and subsequent renewal process complex.
2. Select Validity of two years by default, unless the DSC user is likely to be retiring from service earlier; in such a case select the period that covers the officer’s retirement date.
3. Select the option for both Sign & Encrypt use for the DSC.
4. Follow all instructions provided on the registration form to ensure an error-free submission. The colour of the ink used for filling the form is mandated. It needs to be followed correctly.
5. Use the personal Email-lD created on the gov.in domain as the Unique Email ID.
6. Use the personal cellphone number (the one which is linked to Aadhaar) as the unique mobile number.
7. Use the Railway identity card as the document of the identity of the applicant. The attested copy shall be attached.
8. Organization Name fill as below-
         Organization Name: Ministry of Railway
            Office Address: 
            Service & Year 
            C/O Confidential Cell, Room No. NNN, 
            Provide Address of the Cadre Controlling Authority
9. The Authorization Letter part of the form shall be verified and signed by an officer(s) nominated by the Confidential Cell of the Railway Unit. All officers in JAG and above grade shall be empowered to sign the authorization letter. Other officers may be nominated by the respective officers (JAG & Above) to sign the authorization letters.
The following details of these nominated officers shall be maintained by the respective confidential cells to be produced on-demand:
a. Name 
a. Service / Year 
c. Designation 
d. ID Card Number 
e. Email ID  
f. Aadhaar Number
g. Cell Number

Issued of DSC-

Only one DSC shall be issued to an officer. In case there is a requirement to have Class 2 and Class 3 DSC’s then the higher Class DSC shall be issued.

Incase under exceptional circumstances more than one DSC is required to be issued, it shall be duly justified by the officer requesting for the same.

Token & PIN-

Safekeeping of the crypto-token, Digital Certificates, PIN etc. is the personal responsibility of the officers to whom the DSC is issued. The officer shall ensure that the DSC’s remain fully functional and active at all times.

Use of DSC-

The DSC’s provided can be used for signing the documents and also for sending secure encrypted messages to other users. The officers can use the DSC’s to digitally sign their personal documents i.e. income tax returns etc. and also send encrypted messages.

Maintenance of DSC-

1. The DSC procured using this procedure do not incur any maintenance or service charges over the validity. However, in case of loss/damage of token or loss of PIN, locking out due to multiple wrong PIN’s, etc, the services provider may levy certain charges for recovery/reissue. Such charges shall be paid personally by the officer concerned and shall not be reimbursed.
2. The DSC is issued to the officer by name, thus the officer shall take it along with him/her on transfer postings. The details about the DSC shall be entered into the LPC of the officer clearly mentioning the CA, initialization date, and validity.
3. In case of superannuation or Voluntary Retirement, DSC shall be deposited with a Confidential cell which shall process further for revocation of DSCs and submission of necessary documents to the Administration.
4. At the end of the validity of the DSC, the CA informs the user and prompts for renewal of the same. The officer may either opt for renewal or seek an altogether new DSC. In both cases, the process of procurement is similar to the initial process.  The USB crypto-token can be reused if permitted by the CA.

The USB tokens shall not be returned to the office by the officers. The officers shall follow the advice of CA for safe disposal of the non-used USB crypto-tokens

How to verify digital signature?

When you open the PDF on the computer it will show a big query mark in the place of the signature, all you have to do is move the mouse over the signature and right click. Right click will open three options in front of you. You have to click on the first option i.e. Validate Signature.

After clicking on Validate Signature, a box will open in front of you, where you have to click on Signature Properties. After clicking, another box will open in front of you where you have to click on Show Signer’s Certificate. Then another box and a lot of menus will come in it. You have to click on the number four menu i.e. Trust.

Then click on Add to Trusted Certificate at the bottom. Then another small box will open. Then you will have the menu box in front of you, you have to click on Ok below it. Then you will have the first box in front of you, you have to click on the Validate Signature of that box. Then you will see that your signature has been verified.

This way you can verify the signature of any e-certificate.