Q. Should individual's signature and encryption certificate be different?

Yes, The signature and encryption certificate should be separate for an individual. The encryption keys are to be generated at the subscriber's system and should be archived prior to transfer into crypto-medium. The signature keys should be generated in the crypto-medium and should not be copied.

Q. Does one require multiple certificates for different application?

No, Ideally, there should not be any requirement for different certificates, however the person holding lower assurance Class 2 certificate may require higher assurance Class 3 certificates for application which demand the same. The higher assurance Class 3 certificates can be used where ever application requires lower assurance certificate. Apart from assurance, depending on the information included in the DSC (For example PAN Number may be required by application) additional certificate may be required.

You can use Digital Signature Certificates for the following:

1. I. For sending and receiving digitally signed and encrypted emails.
2. II. For carrying out secure web-based transactions, or to identify other participants of web-based transactions.
3. II. In eTendering, eProcurement, MCA [For Registrar of Companies efiling], Income Tax [For efiling income tax returns] Applications and also in many other applications.
4. IV. For signing documents like MSWord, MSExcel and PDFs.
5. V. Plays a pivotal role in creating a paperless office.

Class 2 : The verification requirements are
(i) ID Proof & Address Proof
(ii) Paper based application form with other supporting documents
(iii) Forward SMS + Video Verification. The Private Key generation and storage should be in Hardware cryptographic device validated to FIPS 140-1/2 level 2.

Class 3 : The verification requirements are
(i) ID Proof & Address Proof
(ii) Paper based application form with other supporting documents and
(iii) Forward SMS + Video Verification. The Private Key generation and storage should be in Hardware cryptographic device validated to FIPS 140-1/2 level 2.

The document signer certificate is issued for use with the software of an organisation for automated authenticated response. Document signer certificate is not a replacement for the signature of the authorised signatory of the organisation.

A public key infrastructure (PKI) supports the distribution, verification and revocation of public keys used for public key encryption, and enables linking of identities with public key certificates.

A PKI enables users and systems to securely exchange data over the internet and verify the legitimacy of certificate-holding entities, such as webservers, other authenticated servers and individuals. The PKI enables users to authenticate digital certificate holders, as well as to mediate the process of certificate revocation, using cryptographic algorithms to secure the process.

A digital signature is an electronic method of signing an electronic document whereas a Digital Signature Certificate is a computer based record that

1. I. Identifies the Certifying Authority issuing it.
2. II. Has the name and other details that can identify the subscriber.
3. II. Contains the subscriber's public key.
4. IV. Is digitally signed by the Certifying Authority issuing it.
5. V. Is valid for either one year or two years