Electronic signing or digital signing is used in different ways to establish authenticity and non-repudiation. It is performed using long-term and short-term signature certificates with the help of hardware security modules. Let’s discuss it in detail.
Long term signature certificates are obtained from Controller of Certifying Authorities in India (CCA) - licensed CAs. The user/subscriber needs to provide all the required information (e.g., identity, geographic location, etc.) according to the class of certificate they need. Usually, class-2 and class-3 certificates are obtained for legally valid signatures. And, users have complete control of their private key and certificates.
Short term signature certificates are used for instant document signing. These certificates expire in very short period of time. Practically, each document signing requires a new certificate.
eSign architecture is defined by CCA on their website. According to CCA, it is mandatory to use FIPS 140-2 Level 3 hardware security modules when a user’s private key is used unattended. The private keys must be stored in the HSM for its entire lifetime. It is a well-known fact that security of the user keys is paramount. Use of HSMs protects the private keys. In addition, off-load cryptographic functions of application on the HSM improve the performance significantly.
And, HSMs offered by Kryptoagile are best suited to meet the compliance, security and signing performance with an extensive range of valuable features: