Validation of Aadhaar eSign involves the following steps: Validating Aadhaar eSign using Adobe Acrobat DC
ADOBE READER FOR AADHAAR CARD SIGNATURE VALIDATION PDF
The second scenario can be thought of as you sending a PDF to someone and he/she validating it without the private key. After the 30 minutes you have to allow the reader or specifically ask the reader to validate the signature and during this your reader will connect with root CA for validation. Now, in the first 30 minutes after the signing, you can see a green tick directly since till then the private key is not deleted and is as good as a connected dongle. When the above two steps successfully validate, the reader shows a green tick depicting success. Then the reader checks if the digests of the document on which signature was placed and the one which is opened for validation are the same or not. The root CA (Which in this case is CCA) checks if the signing was done using one of the signer certificates issued by them and that the chain is not tampered. Now if you send this signed file to someone the other person will have to allow his/her reader to verify the signature certificate from the root CA over the internet.
Now when you open the PDF in a reader, the reader can verify it against the dongle right away and since the dongle contains your private key that was used for signing, it shows validated as soon as the file is opened. Imagine you sign on a PDF using a DSC dongle, save the PDF and close it. This might look a bit odd, but you can understand this by an analogy. The PDF reader verifies the entire signature certificate chain and the document and once the document and chain are verified, it shows a green tick depicting validity of the signature. After the 30 minutes when the private key expires, you will need to click on validate signature. 30 min validity - what is it then?ĭuring these 30 minutes, when a file is opened in a PDF reader that can verify signatures, the signatures are shown as validated automatically. This by no means implies that the document on which this signature was placed and terms agreed upon during the signing process get invalid. The signature associated with the Aadhaar Esign is valid only for 30 minutes, which means the private key associated with this signature is destroyed. Hence, it is a much more secure way of digitally signing electronic documents. However, it doesn’t mean that the transaction you agreed to while signing has become invalid. Thereafter, the private key is destroyed to prevent misuse. The signature certificate associated with your Aadhaar eSign is valid for 30 minutes only. Since Aadhaar is a user identity, you can call Aadhaar eSign as an identity linked electronic signature. Aadhaar eSign uses the PKI to generate a public+private key pair on top of Aadhaar eKYC which verifies user identity.
0 kommentar(er)
