Hi Everyone,
I attended a lecture at Indian Merchants Chambers yesterday on the new government rule called MCA-21. The new rule provides that all document sumbitted to the Ministry of Company Affaires now needs to be given in digital form only. They will no longer accept physical documents. Further, each of these documents will have to have a digital signature of the persons who were earlier required to sign the physical documents.
This is the first step to moving all governement documents to digital form and save huge time and cost of users now wasted in standing in line and submitting documents to the government. The next will be Tax authorities, followed by Excise and Customs. Land Records are expected to be next thereafter.
There are 7 companies in India who are authorised to issue digital certificates recorgnised under the Information Technology Act. TCS is one who was present at the seminar and demonstrated the use of the digital certificates. For those who have not used them, these are stored by TCS on USB Tokens, which look like USB Pen drives but are read-only 32KB drives with processors built in. You are supposed to insert in the token in the UCB port and then ask the Online-Form to pick up the digital certificate from the token and add it to the document to submit to the government.
These certificates are based on 128 bit encryption and PKI.
TCS assured me that it is designed to work both on Linux and Mac in addition to Windows and that they are including the relevant drivers with the token. However, the additional software tools they are providing for automating digital signatures on other documents will work only on Windows. I would like to know if any of you have used the Digital Siganture / Digital Certificates that is being issued under MCA-21 and can confirm that it works properly on Linux.
The other providers of Digital Certificates includes MTNL. While TCS is charging Rs. 2075 for a 1 year valid certificate, MTNL is charging Rs. 350. They are sending it to you on email !! Ofcourse, they are doing this only at Malabar Hill Exchange and you have to go personally to their office and they will verify that you are the person whose name is on the form and your address, photo, etc.
I do not know much on Digital Certificates. However with this becoming a major part of commercial and business transactions, I hope what the government is doing does not work only on Windows. If necessary, we (or perhaps FSF) will need to initiate a dialog with the government.
In the next year, it is estimated that just government requirment will result in over 1 million digital certificates being issued. I think the actual figure will be close to 5 million as more government depatments like Income Tax, Sales Tax, Excise and Customs departments move to "digital documents only" mode. (Just imagine - if every shop keeper needs to file his sales tax returns online and needs a digital certificate to be able to upload the return to the government). It would be very important for us to ensure that Linux gets supported in the process.
Regards Saswata
On Sat, 2006-04-22 at 23:25 +0530, Saswata Banerjee & Associates wrote:
TCS assured me that it is designed to work both on Linux and Mac in addition to Windows and that they are including the relevant drivers with the token. However, the additional software tools they are providing for automating digital signatures on other documents will work only on Windows. I would like to know if any of you have used the Digital Siganture / Digital Certificates that is being issued under MCA-21 and can confirm that it works properly on Linux.
You missed my earlier posting under the "subject: Fwd: GOI wants us to buy M$ products for interacting with it." TCS gave you a snow job at the lecture. The basic web pages for company search name and the feed back from do not work properly in Firefox on Win XP forget about Linux. Essentially you are locked into using MSIE. Surprise, surprise - the site http://www.mca.gov.in/ has been developed by none other than TCS! I hope you have the TCS guy's visiting card to put him/her thru the "ganna juice" wringer.
I do not know much on Digital Certificates. However with this becoming a major part of commercial and business transactions, I hope what the government is doing does not work only on Windows. If necessary, we (or perhaps FSF) will need to initiate a dialog with the government.
After seeing the stuff on Ministry of Company Affairs website, I am afraid the whole e-governance will require you to use Windows to do your transactions unless there is a strong protest now. Personally, I don't care what they use on the server side but whatever their server spews out should work with any standards compliant browser. Unfortunately, this is an endemic problem with a good number of Indian sites - the Govt. being no exception.
In the next year, it is estimated that just government requirment will result in over 1 million digital certificates being issued. I think the actual figure will be close to 5 million as more government depatments like Income Tax, Sales Tax, Excise and Customs departments move to "digital documents only" mode. (Just imagine - if every shop keeper needs to file his sales tax returns online and needs a digital certificate to be able to upload the return to the government). It would be very important for us to ensure that Linux gets supported in the process.
Specific to the MCA dictat, the move will be a major fiasco since they do not seem to have a transition plan or a fall back plan. Only time will tell.
-- Arun Khan (knura at yahoo dot com) Why can't you be a non-conformist like everyone else?
Saswata Banerjee & Associates wrote:
Hi Everyone,
I attended a lecture at Indian Merchants Chambers yesterday on the new government rule called MCA-21. The new rule provides that all document sumbitted to the Ministry of Company Affaires now needs to be given in digital form only. They will no longer accept physical documents. Further, each of these documents will have to have a digital signature of the persons who were earlier required to sign the physical documents.
<snip>
thanks saswata for alerting. I have requested a few of the com members advising Indian govt to look into the matter. Please do inform such instances to the fsf-friends@mm.gnu.org.in also. for this time, i have forwarded your mail to that list.
Nagarjuna
On 22/04/06 23:25 +0530, Saswata Banerjee & Associates wrote: <snip>
The other providers of Digital Certificates includes MTNL. While TCS is charging Rs. 2075 for a 1 year valid certificate, MTNL is charging Rs. 350. They are sending it to you on email !! Ofcourse, they are doing this only at Malabar Hill Exchange and you have to go personally to their office and they will verify that you are the person whose name is on the form and your address, photo, etc.
Email is just fine for sending a public key around. A quick tutorial on S/MIME (trying to avoid too many technical details):
S/MIME uses a technique known as asymmetric key cryptography. In this, there are two distinct keys involved: a public key, and a private key. These are fully reversible, so it doesn't matter which one of the pair is made the public key.
However, an encryption operation done with one element of the key pair can only be undone by using the other element of the keypair. So if I use the public key to encrypt information, only someone with access to the private key can decrpyt it. If I use the private key to encrypt data, only the public key can decrypt it.
A digital signature consists of the public key, the name of a hashing algorithm and an encrypted hash of the public key generated using that algorithm. The encryption is done using the private key of the signing party.
The hashing algorithm converts long bits of information into smaller ones. This acts like a checksum, but there are possibilities of collisions (two different strings producing the same checksum) since the length of the string is reduced. A good hashing algorithm makes for unique hashes with a very low probability of collisions. For example, md5 has a 1/(2^128) probability of a collision, while sha160 has 1/(2^160). At the moment, neither of these is a good choice for a hashing algorithm.
The public key is widely distributed, allowing anyone to decrypt the hash and verify that the public key thus obtained was the same as the one given to the signing party.
About PKI: PKI stands for Public Key Infrastructure. This consists of a chain of certificates generated as above. If you have any one of the public keys, you can verify all keys signed by that key. It is possible to then use the verified key to verify keys below it in the hierarchy.
If you have the key at the top of the chain, you can validate all keys below it. This automatically leads to a tree like model of trust.
I do not know much on Digital Certificates. However with this becoming a major part of commercial and business transactions, I hope what the government is doing does not work only on Windows. If necessary, we (or perhaps FSF) will need to initiate a dialog with the government.
There is a pretty good implementation of PKI on Linux, and other Unixy systems named OpenSSL.
Devdas Bhagat
-
Arun K. Khan -
Devdas Bhagat -
Nagarjuna -
Saswata Banerjee & Associates