A practical guide to digital signatures and electronic signing in India — what they are, how they are valid, common signing methods, where to obtain trusted services, and how 369signer.com supports PDF and XML DSC signing. Published on 369signer.com.
What is a Digital Signature?
A digital signature is an electronic form of signature that uses cryptography to prove who signed a document and to detect if the document was changed after signing. Unlike a scanned image of a handwritten signature pasted on a PDF, a true digital signature is backed by a Digital Signature Certificate (DSC) issued by a licensed Certifying Authority (CA) in India.
When you sign a PDF or XML with a DSC, the signing software creates a cryptographic hash of the document, encrypts it with your private key, and embeds the signature and certificate chain in the file. Anyone opening the signed document can verify the signer’s identity (through the CA) and confirm the document has not been tampered with.
How is a Digital Signature valid?
A digital signature is considered valid when all of the following are true:
- The signer holds a DSC issued by a CA licensed under the Controller of Certifying Authorities (CCA), Government of India.
- The certificate was valid at the time of signing (not expired or revoked).
- The signing process uses the private key corresponding to the certificate — typically stored on a USB crypto token, smart card, or approved cloud-HSM mechanism.
- The signed document has not been altered after signing; verification software confirms the cryptographic integrity.
- The relying party (court, government portal, bank, etc.) accepts that class of DSC for the transaction — for example Class 3 for many high-assurance use cases.
Adobe Acrobat, eMudhra utilities, and similar tools display a green tick or “Signature valid” when these checks pass. Invalid or untrusted signatures usually show a warning.
Is it legal in India?
Yes. Digital signatures are legally recognised in India under the Information Technology Act, 2000 (IT Act), as amended. Section 5 provides that where the law requires a document to be signed, that requirement is satisfied by a digital signature applied in the manner prescribed.
Certain documents are excluded from electronic execution under the First Schedule of the IT Act (for example, wills, negotiable instruments such as cheques, powers of attorney for immovable property, and trusts). For all other documents where electronic records are permitted, a compliant digital signature carries legal weight comparable to a handwritten signature, subject to specific sector rules.
Government departments, MCA (company filings), GST, income-tax e-filing, tenders, and many B2B contracts accept DSC-based signing where their respective rules allow electronic records.
What is eSign?
eSign (electronic signature as defined under India’s eSign framework) is an online signing method that lets an Aadhaar holder apply a legally recognised electronic signature to a document without a physical USB token. It is governed by guidelines issued by CCA under the IT Act and typically uses Aadhaar-based e-KYC to authenticate the signer.
The signer receives an OTP on the mobile number registered with Aadhaar, completes authentication, and the eSign service provider applies a signature backed by a short-lived certificate linked to the Aadhaar identity. The signed document can be verified like other PKI-based signatures.
eSign is widely used for loan agreements, HR letters, vendor contracts, and government forms where token-based DSC is not practical for every citizen.
Types of electronic signing available in India
India uses several signing models. They differ in technology, assurance level, and where they are accepted:
- DSC on USB / crypto token — Class 2 or Class 3 certificate stored on a hardware token (ePass, WatchData, etc.). Plug the token into your computer and sign using vendor software. High assurance; required for many MCA, GST, and tender portals.
- Cloud DSC / remote signing — Private key held in a CA-approved cloud HSM; you authenticate (often with OTP or app) and sign without a physical token. Offered by several licensed CAs and partners.
- Aadhaar-based eSign — Online signing using Aadhaar OTP or biometric e-KYC. No token needed. Governed by CCA eSign guidelines; offered by licensed CAs and Application Service Providers (ASPs).
- PAN / identity-linked signing — Some platforms bind signing to PAN or other KYC data for audit trails. Acceptance depends on the platform’s policy; for statutory filings, check whether PAN-linked signing alone is sufficient or a CCA-licensed DSC/eSign is required.
- OTP-based signing (platform) — A service sends an OTP to the signer’s mobile; accepting the OTP constitutes consent to sign. Common on fintech and agreement platforms. Legal effect depends on contract law, audit logs, and whether the platform is recognised under IT Act rules — it may not be equivalent to DSC/eSign for all government use cases.
- Simple electronic signature — Click-to-sign, typed name, or drawn signature on a web form. Convenient for low-risk internal use; generally not interchangeable with DSC for MCA, e-tender, or court mandates.
Always confirm which method your recipient (government portal, bank, counterparty) requires before signing.
Who provides Digital Signature Certificates (DSC tokens)?
DSCs are issued only by Certifying Authorities (CAs) licensed by CCA, India (cca.gov.in). You purchase a certificate from a CA or its registration authority; the CA may supply or recommend a compatible USB crypto token.
Licensed CAs operating in India have included (names may change; verify on the CCA website):
- eMudhra Limited — DSC, eSign, and signing utilities
- Capricorn Identity Services Pvt. Ltd. — DSC and identity services
- NSDL Database Management Limited — DSC and eSign services
- (n)Code Solutions — Gujarat Narmada Valley Fertilizers & Chemicals Ltd.
- National Informatics Centre (NIC) — Government-focused certificates
- IDSign, Sify Communications, TCS, SafeScrypt (Sify), and other CCA-licensed entities
Hardware tokens (ePass, WatchData, Gemalto, etc.) are manufactured by token vendors; the certificate inside the token always comes from a licensed CA. Token validity and renewal are managed through the CA that issued your DSC.
Who provides eSign and signing platforms?
eSign and document-signing services in India are offered by licensed CAs directly and by Application Service Providers (ASPs) and SaaS platforms integrated with CA infrastructure:
- Licensed CAs offering eSign — eMudhra, NSDL, Capricorn, and other CAs listed on cca.gov.in
- ASP / platform providers — Leegality, SignDesk, Digio, Signzy, and similar services (often white-label CA eSign or DSC workflows for businesses)
- Enterprise & government — NIC, CDAC, and sector-specific portals may embed approved signing for their workflows
When choosing a provider, check: CCA licensing or CA partnership, Aadhaar eSign compliance (for eSign), audit trail, timestamping, long-term validation (LTV), pricing, and whether your counterparty accepts signatures from that provider.
How does 369signer.com fit in?
369signer.com (369signer.com) is a desktop utility that helps subscribers sign PDF and XML documents using their Digital Signature Certificate. It also includes IMG 2 PDF to convert images into a PDF, automatic signature validation when opening already-signed files, and tools to save password-protected PDF copies. It is a signing and document-prep tool, not a Certifying Authority — you still obtain your DSC from a licensed CA and use it according to that CA’s instructions.
After subscribing on 369signer.com, paying per sign, and completing verification, you download a personalised Signer package for Windows. Signing is performed locally on your computer; sign usage is tracked within your licensed package.
Workflow
-
Subscribe on the portal
Visit 369signer.com, enter your details, choose how many signs you need, and set a 6-digit PIN.
-
Pay and submit proof
Transfer the subscription amount to the displayed bank account, then submit your UTRN, payment receipt, and captcha on the payment page.
-
Admin verification
An administrator verifies your payment. Track status anytime on the Check Subscription page using your mobile number and PIN.
-
Download Signer package
Once active, download your personalised Windows Signer utility from the subscription status page.
-
Connect your DSC token
Obtain a DSC from a licensed CA, plug in your USB crypto token (or use your CA-approved setup), and configure it in the desktop utility.
-
Sign PDFs offline
Open PDFs on the PDF Sign tab and apply digital signatures locally. Use placeholder search, custom appearance, or invisible signing as needed. Already-signed PDFs are validated automatically; you can add further signatures without field-name conflicts. You can also save password-protected copies of open PDFs.
-
Sign XML offline (optional)
Open the XML Sign tab to apply enveloped XMLDSig signatures. Already-signed XML is validated on open; Signature Details shows certificate information. Each XML sign uses one subscription sign.
-
Convert images to PDF (optional)
On the IMG 2 PDF tab, add images, choose a layout, preview the document, and convert to PDF when your subscription has remaining signs. Then sign the new PDF on the PDF Sign tab if required.
-
Add more signs (optional)
When your balance runs low, use Add More Signs on the subscription status page to top up. Additional signs are merged into your active subscription after verification.
For questions about subscriptions or the utility, see our FAQs or register a grievance. For general digital-signature law and CA lists, refer to cca.gov.in.
Disclaimer
This Knowledge Base is published for general information only and does not constitute legal advice. Laws, CCA guidelines, and licensed CA lists change over time. Always verify current requirements with the relevant government portal, your legal adviser, or the official Controller of Certifying Authorities website before signing important documents.