PKI stands for Public Key Infrastructure. To enable the use of electronic signatures in an open environment (such as the Internet) where the participants do not know each other, it is necessary to know who the signer is. PKI is a system created for this purpose and in this system a reliable third party issues an electronic certificate. The certificate contains information about the person the certificate is issued to. PKI uses a key pair, in which one key is public and the other is private.
The system is based on asymmetric encryption. The signer signs the message with a private key, known only by the signer. The recipient can verify the authenticity of the signature and the integrity of the message with the public key given in the certificate.
The Electronic Transactions Act, 2000 (as amended), and its regulations, provide the required legal sanctity to the digital signatures based on asymmetric cryptosystems. It also provides for the Controller of Certification Authorities (CCA) to license and regulate the working of Certification Authorities. The Certification Authorities (CAs) issue digital signature certificates to users.
The CCA certifies the public keys of CAs using its own private key, which enables users in the cyberspace to verify that a given certificate is issued by a licensed CA.
In line with the provisions of the Electronic Transaction Act 2000 (as amended) and the regulations made thereunder, issuance of Licence/Recognition/Approval certificates implies the remittance of
In May 2012, the technical infrastructure required for the issuance of the digital licence was installed at the premises of the Authority. This infrastructure allows the Authority to perform the following distinct exercises:-