Basic FAQ

• Classes of ESC/DSCs a Certifying Authority can issue are:
1. Class 1 : It is generally used for basic level of assurance. However this is the least popular in India.
2. Class 2 & Class 3 (Signing only): Class 3 individual signing certificates is a combination of both class 2 & class 3 certificates for both Personal & organizational. It includes Class 2 OID in the Class 3 certificates which will be qualified as both class 2 & class 3 individual signing certificates. These certificates are issued for both business personnel and private individuals use. These certificates are majorly used for moderate risk of transactions, eg: Income Tax efiling & MCA-21.
3. Class 3 (Signing and Encryption) : This certificate is issued to individuals as well as organizations where threat to data are high. These certificates are majorly used for eTendering and IRCTC eTicketing.
4. Special Purpose Certificate : Secure Socket Layer (SSL) and Document Signer Certificate are special purpose certificates used for Website (HTTPS) and bulk signing at the server respectively.

• A DSC can be issued upto three year validity. The difference is in the commercials. 2 yr DSC is marginally higher than 1 yr DSC so is 3 year DSC costlier than 2 year validity DSC.

Class 2 and Class 3 is issued in two categories - Only Sign DSC and Sign + Encryption DSC.

With Only Sign Certificate, one can Sign the data to ensure the Data integrity and non-repudiation. Such types of certificates are majorly used for Income Tax eFiling, MCA-21, DGFT, GSTN, eTicketing, Sign Invoices, Sign Purchase Orders, etc.

1. With Sign + Encrypt, apart from Signing, one can also Encrypt the data to protect it from the unauthorized access of data. These are majorly used for eTendering services.

It is decided by the Application owner (like Govt. website, eTendering portal, MCA-21 website, Income tax portal, GSTN, etc) i.e Application, where you intend to use the DSC. For example, if you plan to use the DSC at MCA-21 Website, MCA-21 decides what class and type of certificate you have to procure from a Certifying Authority, in India.

OID stand for Object Identifier, OID is used to differentiate one class of certificates from another as per CCA IVG Guidelines and also indicate which CA has used what OID in the DSC and helps software applications to easily validate DSC programatically.

CPS stand for Certification Practice Statement. It is basically a detailed statement of the DSC issuance practices and operational procedures to issue a DSC to the subscriber. Every Certifying Authority will have different CPS, which is generalized by CCA. Our CPS is available at our website - www.ncodesolutions.com

A Subscriber Agreement is an agreement between Subscriber and (n)Code Solutions CA stating that, subscriber is solely responsible for the protection of the Private key in Crypto Token and ensuring functionality of his/her key pair. Subscriber also agrees that all the information provided to (n)Code is correct. (n)Code Solutions CA will not be responsible for any legal disputes arising due to misrepresentation on the part of subscriber. The subscriber agreement is available at our website www.ncodesolutions.com

A DSC can be revoked under circumstances like:

Users suspect compromise of certificate private key.

The X.509 Certificate Policy for India PKI mandates that the private key of the DSC of the subscriber should be stored only in a Cryptographic token ( which resembles a pen drive). There are four major makes of USB Token available - ePass, mToken, Watchdata. USB Token is must to obtain a DSC. Pls refer to www.cca.gov.in for CCA Crypto guidelines.

1. What is Aadhaar Paperless Offline e-KYC?
   • It is a secure sharable document which can be used by any Aadhaar number holder for offline verification of Identification of Aadhaar holder in digital form.
   • A resident desirous of using this facility shall generate his/her digitally signed Aadhaar details by accessing UIDAI resident portal. The details will contain Name, Address, Photo, Gender, DOB, hash of registered Mobile Number, hash of registered Email Address and reference id which contains last 4 digits of Aadhaar Number followed by time stamp in a digitally signed XML. It will provide Offline Aadhaar Verification facility to service providers/Offline Verification Seeking Entity (OVSE) without the need to collect or store Aadhaar number.
2. How to generate Offline Aadhaar?

   The process of generating Aadhaar Offline e-KYC is explained below:

   • Go to URL https://resident.uidai.gov.in
   • Enter ‘Aadhaar Number’ or ‘VID’ and mentioned ‘Security Code’ in screen, then click on ‘Send OTP’ or ‘Enter TOTP’. The OTP will be sent to the registered Mobile Number for the given Aadhaar number or VID. TOTP will be available on m-Aadhaar mobile Application of UIDAI. Enter the OTP received/TOTP. Enter a Share Code which be the password for the ZIP file and click on ‘Download’ button.
   • The Zip file containing the digitally signed XML will be downloaded to device wherein the above mentioned steps have been performed. [ Ensure to download such file in your own mobile/computer device for safety ]
3. Who are the users of this Aadhaar Paperless Offline e-KYC?
   • Any Aadhaar number holder who desires to establish his/her identity to any service provider (OVSE) using digitally signed XML downloaded from UIDAI website can be a user of this service. The service provider should have provisions of providing this Aadhaar Paperless Offline e-KYC at their facility and do the offline verification
4. How to share this Paperless Offline eKYC document with the service provider?
   • Residents can share the XML ZIP file along [ and enter the Share Code in application ] to the service provider as per their mutual convenience ( sharing secure code with anyone is not desirable ).