Professional Documents
Culture Documents
DIGITAL SIGNATURE
CERTIFICATE
PROCESS DOCUMENT
Version 1.0
Version Control
Version
(x.yy)
1.0
Date of
Revision
18-Mar-15
Description of
Change
First version
Affected
Sections
NA
Approved
By
CBEC
Table of Contents
1.
Introduction............................................................................................................................. 4
1. Introduction
Indian Customs EDI Gateway (ICEGATE) is the gateway for the users of Indian
Customs EDI system. All the Individuals (Importers/Exporters/CHAs/Airlines/Shipping
Lines/Shipping Agents etc.), trade partners (Banks/Custodians/PQIS/FSSAI etc.) or
Govt.
Agencies
(Ministry
of
Commerce/DGCI&S/DG,
connect ICEGATE for
signed electronic copy only. This would inter-alia help in saving forests at a large level
and increase trust in system.
a public
key
certificate (also
known
as
a digital
A Digital signature will include a message/ document which is signed with the
sender's private key, upon signing a hash value is generated which is transmitted with
the message. On receiving the message is deciphered by user who has access to the
sender's public key. The verification proves that the sender had access to the private key,
and therefore is likely to be the person associated with the public key. This also ensures
that the message has not been tampered with, as any manipulation of the message will
result in changes to the encoded message , which otherwise remains unchanged between
the sender and receiver.
signing...).
Public Key: The public key.
Thumbprint Algorithm: The algorithm used to hash the public key certificate.
Thumbprint (also known as fingerprint): The hash itself, used as an abbreviated form
of the public key certificate.
2.3 PKI
PKI (Public key Infrastructure) is an arrangement in cryptography that facilitates third
party examination of, and vouching for, user identities.PKI allows the binding of public keys to
users. These public keys are most frequently stored in cartificates. This binding of public keys to
users is usually carried out by software in a central location, in coordination with other
associated software components installed in distributed locations.
PKI Component should be added in the application to make application PKI enabled. As
PKI component executes at client side, it should be added in the application such a way that it
makes component downloadable at client side. PKI component can be embedded in the web
pages using its tags. When component is embedded to the web page, it will expose few
component specific JavaScript functions to the web page. Web pages can communicate with the
embedded component by calling JavaScript functions.PKI Component provides following
functionalities
Date verification
Certificate Chain Verification
ROOT CA verification
CRL verification
Is Private Key Exists
Data OR File Signing: The user shall utilize any class III PKI DSC for signing documents.
He will use web-based Common Singer Component while signing documents. This component
shall verify CRL also at the time of signing. It will share credentials of user, CA, validation and
Public Key in encrypted form along with Hash Value.
Data OR File Verification: Application will provide Original data, hash & public key of
Signer certificate to component, using all above information component will verify signature on
data. If original data/file or signature is tempered verification will be failed.
Encryption: Application provides component a public key with which data needs to be
encrypted. Component will process Public Key & Original data (Or user entered Data) &
generate encrypted representation of original data.
to file any document through Remote EDI System at ICEGATE will have to use the Class
3 Digital Signature Certificates for digitally signing the Customs Documents (Bills of
Entry, Shipping Bills, IGM, EGM, CGM) before submitting them to ICEGATE for
processing.
Keeping in view the different platforms of RES utilities deployed by users and to
avoid delay in submission of documents at ICEGATE level, web-based Common Signer
Component has been provided to the users through ICEGATE website for signing all the
Customs Documents. The Web-based Common Signer available free of cost to all the
users through ICEGATE portal supported by M/s (n)Code. It is platform neutral and
verifies validity, CRL etc. at the time of signing. This component may be used with any
Class III DSC valid issued by any CA.
The user authorized for signing documents shall use DSC in his name and execute
signing process and send the Digitally signed documents to ICEGATE. On receiving the
digitally signed documents the ICEGATE server side verifier shall verify the users
credentials, validity of certificate, CAs credentials, Public Key and CRL status and Hash
Value of certificate and integrated the data with ICES database. Validation of credentials
of the person who sings document, sends document and the CHA who files the
documents would be completed in the process. Records of digitally signed documents
shall be preserved for legal purpose if any.
ii. Phase 2 - Implementation
communication: In the phase DSC will be implemented for all the agencies with which
server to server communication is done by the Department for all inbound and outbound
messages.
Document Signer DSC, which was introduced by CCA keeping into view the specific
requirement of ICEGATE system.
inbound messages:
i.
ii.
Integrity With Digital certificates it can ascertained that the message has
not been altered during transmission. Digital Signatures provide this feature
by using cryptographic message digest functions
iii.
Non Repudiation Digital signatures ensure that the sender who has
signed the information cannot at a later time deny having signed it . In case of
legal issues user can be held liable for documents received from him.
iv.
v.