What Is a Digital Signature? Guide for India
Priya Sharma
Priya covers digital signature regulations and compliance frameworks under Indian IT law. She has written extensively on Aadhaar-based authentication and document signing workflows.
What Is a Digital Signature?
A digital signature is a mathematical technique that validates the authenticity and integrity of a digital document or message. Think of it as the electronic equivalent of a handwritten signature or a stamped seal — but far more secure.
Unlike a simple image of your signature pasted onto a PDF, a digital signature uses public key cryptography (PKI) to create a unique fingerprint tied to both the signer and the document. If anyone alters even a single character after signing, the signature breaks. This makes digital signatures tamper-proof and legally admissible in Indian courts.
How Digital Signatures Work
The process involves two cryptographic keys: a private key (kept secret by the signer) and a public key (shared with anyone who needs to verify the signature).
Here is what happens when you digitally sign a document:
- Hashing: The signing software creates a hash (a fixed-length string) of the document content
- Encryption: Your private key encrypts this hash, producing the digital signature
- Attachment: The encrypted hash and your public key certificate are attached to the document
- Verification: The recipient uses your public key to decrypt the hash and compares it with a freshly generated hash of the document
If both hashes match, the signature is valid. If the document was tampered with, the hashes will differ, and the signature verification fails.
Why This Matters
This two-key system means no one can forge your signature without access to your private key. And because the hash changes with any document modification, you get both authentication (proof of who signed) and integrity (proof nothing changed after signing).
Digital Signatures Under the IT Act 2000
India recognised digital signatures as legally valid through the Information Technology Act, 2000. Section 3 of the original Act defined digital signatures using asymmetric cryptosystems. The 2008 amendment introduced Section 3A, which broadened the scope to include "digital vs electronic signatures" — covering technologies like Aadhaar eSign.
Key legal points:
- Section 5: Grants legal recognition to digital signatures. Any document signed digitally has the same legal standing as a wet-ink signed document
- Section 35: The Controller of Certifying Authorities (CCA) oversees Digital Signature Certificates (DSCs) — for a full breakdown of types of digital signatures in India, see our guide. Issued by licensed Certifying Authorities (CAs) like eMudhra, Sify, and (n)Code Solutions
- Section 3A: Recognises electronic signatures authenticated through Aadhaar eSign as valid under Indian law
If a contract, agreement, or government filing carries a valid digital signature, Indian courts treat it as equivalent to a physical signature.
Digital Signature vs Digital Signature Certificate (DSC)
These terms get confused often. A digital signature is the act of signing a document cryptographically. A Digital Signature Certificate (DSC) is the identity credential — issued by a Certifying Authority — that enables you to create digital signatures.
| Aspect | Digital Signature | DSC |
|---|---|---|
| What it is | The cryptographic output applied to a document | An identity certificate stored on a USB token |
| Issued by | Generated by software using your private key | Licensed Certifying Authority (CA) |
| Validity | Tied to each document individually | Typically valid for 2 years |
| Cost | Depends on the signing method used | ₹500–₹2,000 per year depending on class |
| Use case | Signing documents, filings, contracts | Required for MCA filings, GST, e-tenders |
You need a DSC (or an Aadhaar eSign) to create a digital signature. The DSC is your identity; the digital signature is what you produce with it.
Where Digital Signatures Are Used in India
Digital signatures are mandatory or widely used in several areas:
- MCA (Ministry of Corporate Affairs): All company incorporation forms, annual returns, and director filings require DSC-based digital signatures
- GST filings: GST returns can be signed with DSC or Aadhaar-based authentication
- Income Tax e-filing: Digital signatures are accepted for ITR filing and verification
- e-Tendering: Government procurement portals (like GeM) require DSC-based bidding
- Banking and insurance: Loan agreements, policy documents, and KYC forms increasingly use Aadhaar eSign
- Real estate: Rent agreements and property documents in several states now accept digital signatures
For everyday document signing — offer letters, NDAs, vendor agreements — how Aadhaar eSign works makes it the fastest route. Tools like SignSetu let you eSign PDFs with Aadhaar in under two minutes, without needing a USB token or DSC.
Digital Signature for Individuals vs Businesses
Individuals and businesses use digital signatures differently:
For individuals:
- Signing rental agreements, affidavits, or consent forms
- Filing income tax returns
- Aadhaar eSign is the easiest option — no hardware needed, just your Aadhaar-linked mobile number
For businesses:
- Mandatory for ROC filings, GST returns, and e-tenders
- Typically use Class 3 DSC stored on a USB token
- Aadhaar eSign is gaining adoption for HR documents, client contracts, and vendor agreements
The choice between DSC and Aadhaar eSign depends on your use case. Government filings that specifically require DSC still need the hardware token. For everything else, Aadhaar eSign is faster and cheaper.
How to Get Started with Digital Signatures in India
You have two main paths:
Path 1: Digital Signature Certificate (DSC)
- Choose a licensed Certifying Authority (eMudhra, Sify, nCode, Pantasign)
- Submit identity documents (PAN, Aadhaar, passport photo)
- Complete video verification
- Receive your DSC on a USB token (typically within 1-3 days)
- Cost: ₹500–₹2,000 per year
Path 2: Aadhaar eSign
- Upload your document to an eSign platform like SignSetu
- Enter your Aadhaar number
- Authenticate via OTP sent to your Aadhaar-linked mobile
- Document is signed instantly
- Cost: ₹5–₹50 per signature depending on the provider
Aadhaar eSign is ideal for one-off or occasional signing. DSCs make sense when you sign hundreds of documents monthly or need them for specific government portals.
Is a Digital Signature Safe?
Yes. The cryptographic foundation of digital signatures — 2048-bit RSA or higher — is the same technology that secures online banking and HTTPS websites. No one has cracked this encryption in practice.
Additional safety layers in India:
- CAs are audited and licensed by the CCA under the IT Act
- Aadhaar eSign uses UIDAI's authentication infrastructure with OTP verification
- Signed documents carry a timestamp, making it easy to audit when and by whom a document was signed
The biggest risk is not with the technology but with operational security — keeping your private key (or Aadhaar-linked phone) secure.
Key Takeaways on Digital Signatures in India
Digital signatures are legally recognised, cryptographically secure, and increasingly essential for business and personal use in India. The IT Act 2000 and its 2008 amendment provide clear legal backing. You can get started with a DSC from a licensed CA or use Aadhaar eSign for faster, token-free signing. For most everyday signing needs, Aadhaar eSign offers the simplest path.
Related Posts
How to eSign Documents Using Aadhaar OTP
Step-by-step guide to eSign any document using Aadhaar OTP. Complete the process in under 5 minutes ...
DSC vs Aadhaar eSign: Which One Do You Need?
DSC and Aadhaar eSign are both legally valid in India but serve different purposes. Compare cost, us...
What Is Aadhaar Based eSign and How It Works
Aadhaar based eSign lets you digitally sign documents using Aadhaar OTP. Learn how it works, its leg...
Sign docs in 2 min · ₹15