A Digital Signature Certificate (DSC) is a legally recognised electronic credential issued by a licensed Certifying Authority (CA) under the Controller of Certifying Authorities (CCA), as mandated by the Information Technology Act, 2000. It functions as your tamper-proof digital identity — authenticating your identity and ensuring the integrity of any document you sign electronically.

In India, a DSC is legally mandatory for transactions on:

• MCA (Ministry of Corporate Affairs) — company filings & incorporations
• GST Portal — registration and return filing
• Income Tax — ITR, audits & tax returns
• EPFO — employer provident fund filings
• DGFT — IEC & export promotion filings
• ICEGATE — customs & import/export e-filing
• e-Procurement / Tender portals — government bidding

Learn more at signing.digital/all-about-dsc/.

A Class 3 DSC is the highest-assurance level of digital signature certificate available in India, as defined by CCA guidelines. It requires in-person or video-based identity verification before issuance — ensuring the strongest legally-binding identity assurance.

Class 3 DSC is mandatory for:

• Company directors and officers filing on MCA portal
• Chartered Accountants filing on Income Tax portal
• Employers filing on EPFO portal
• Businesses participating in e-Tenders and government procurement
• Any individual or entity requiring legal-grade digital signing

See current pricing at signing.digital/pricelist/.

Yes — absolutely and without question. DSCs issued under CCA-licensed Certifying Authorities are fully valid under the Information Technology Act, 2000. A DSC-signed document is legally equivalent to a handwritten wet-ink signature for most purposes in India.

DSC-based signatures are accepted by all Central and State government portals, the Indian judiciary's e-Courts system, banking and financial regulators, and courts of law as legally binding evidence. Signing Digital operates under licensed CAs aligned with Digital India and MeitY frameworks.

Non-repudiation means the signer cannot later deny having signed a document. This is achieved through the combination of a private key (stored exclusively on your hardware token) and a PIN known only to you. Any document signed with your DSC is cryptographically proven to have originated from you.

This property is legally recognised under the IT Act, 2000 and is the primary reason government portals mandate hardware-token DSC over software certificates. It protects all parties — businesses, government agencies, and courts — in disputes about the authenticity of digital documents. See also: Digital Signature on Wikipedia.

DSC is mandated by the following major Indian government portals:

• MCA — company incorporation, annual returns, director filings
• GST Portal — GSTIN registration, return filing, e-invoicing
• Income Tax — ITR filing, tax audit reports, refund claims
• EPFO — ECR submission, employer PF remittance
• DGFT — IEC applications, export licences
• ICEGATE — customs clearance, shipping bills, bill of entry
• eProcure / NIC Tender Portal — government bidding & procurement
• Various State e-Procurement portals, SEBI portals, RBI filings, and e-Courts

These two terms are related but distinct:

• Digital Signature — the cryptographic output produced when a document is signed using a private key. It is unique to both the signer and the specific document content, verifying authenticity and detecting any subsequent tampering.
• Digital Signature Certificate (DSC) — the electronic credential issued by a CA that binds a verified identity to a public key. It contains the signer's name, public key, CA identity, serial number, and validity dates.

In practice: you use your DSC (which contains your private key on a USB token) to create a digital signature on a document. Recipients use the public key in your DSC to verify the signature. See: Wikipedia — Digital Signature.

A DSC is issued with a validity of 1 year or 2 years, selected at the time of application. Once expired, the certificate becomes cryptographically invalid — it can no longer be used to sign new documents or log into portals that require an active DSC.

Documents previously signed with an expired DSC retain their legal validity if signed within the certificate's active period and the signature includes a trusted timestamp. Signing Digital sends proactive renewal reminders before your DSC expires. For renewal, visit signing.digital/contact-us/.

The Controller of Certifying Authorities (CCA) is India's apex regulatory body for digital signatures, established under Section 17 of the IT Act, 2000. The CCA:

• Licenses and audits all Certifying Authorities (CAs) authorised to issue DSCs
• Defines technical standards for digital signature creation and USB token security
• Maintains the National Repository of Digital Certificates (NRDC)
• Oversees the entire Public Key Infrastructure (PKI) ecosystem in India
• Approves and revokes CA licences based on compliance audits

Signing Digital operates under CCA-licensed Certifying Authorities, ensuring all issued DSCs carry full legal recognition.

Under CCA guidelines and the IT Act, 2000, a Class 3 DSC private key must be generated and stored exclusively on a FIPS-compliant hardware USB token. The private key is technically non-extractable — it never leaves the token's secure chip at any point.

This is not a restriction but a fundamental security requirement for three reasons:

• Hardware Security — software-based keys can be copied, stolen via malware, or compromised; hardware tokens cannot be cloned
• Two-Factor Authentication — signing requires both physical possession of the token AND knowledge of the PIN, like an ATM card + PIN
• Non-Repudiation — hardware-bound keys provide legally certain attribution of signatures, which software certificates cannot guarantee

Only FIPS-compliant Version 3 tokens approved under CCA guidelines are accepted for DSC issuance in India. Approved models include:

• ePass2003 — widely used, compatible with Windows 7/10/11 and macOS
• mToken — compact form factor, compatible with Windows and macOS

Both tokens are FIPS 140-2 Level 2 certified, tamper-evident, and feature self-locking PIN protection. Signing Digital supplies the correct approved token with every DSC order — customers do not need to source one separately. Token drivers are available at signing.digital/downloads/.

Your DSC token + PIN combination is legally equivalent to your ATM card + ATM PIN. Any person with access to both can sign legally binding documents entirely on your behalf — including government filings on MCA, GST, or tender portals — without your knowledge.

Misuse under IT Act Sections 66, 71, and 73 can result in criminal prosecution. Signing Digital's team will NEVER ask for your PIN at any point. If anyone — including someone claiming to be a CA or support agent — asks for your token or PIN, refuse and report the incident immediately.

After a set number of wrong PIN attempts (typically 5–10 attempts depending on the token model), the token automatically locks. Recovery options:

• If you have the SO (Security Officer) password — use the token management application to reset the user PIN without losing certificates
• If both PIN and SO password are lost — the token must be reformatted, which permanently deletes all stored certificates; a fresh DSC issuance will be required

Signing Digital's support team can guide you through the recovery process. Contact us via signing.digital/contact-us/ or WhatsApp +91-8050185278.

USB token drivers for all approved tokens (ePass2003, mToken) are available for free download at signing.digital/downloads/. Supported operating systems:

• Windows — 7, 8.1, 10, 11 (32-bit & 64-bit)
• macOS — compatible versions via dedicated macOS driver package

Installation steps: (1) Download and install the driver; (2) Plug in your token; (3) Open the token management application; (4) Enter your PIN to access and use your DSC. Signing Digital's expert team provides step-by-step setup support as part of every order. If you face issues, contact signing.digital/contact-us/.

Most approved FIPS-compliant tokens (ePass2003, mToken) can store 5 to 10 certificate objects, depending on the token model and key sizes used. This allows a single token to simultaneously hold, for example, a Class 3 individual DSC and a separate DGFT DSC.

However, Signing Digital recommends using separate dedicated tokens for different certificate types — particularly when certificates are used by different portals or teams — to minimise risk and simplify management. For multi-certificate requirements, contact signing.digital/contact-us/.

Signing Digital's fully assisted 7-step process:

• Step 1 — Place your order at signing.digital/pricelist/
• Step 2 — Our expert team contacts you within minutes
• Step 3 — Team assists with Aadhaar eKYC or PAN-based identity verification
• Step 4 — Team guides you through the video verification call with the Certifying Authority
• Step 5 — DSC is issued upon successful verification
• Step 6 — Our team loads the DSC onto your USB token
• Step 7 — Ready-to-use token shipped to your door (2 hrs within Bangalore, next day Tier-1 cities)

You do not need to understand any technical aspect — our team handles everything end-to-end.

Aadhaar eKYC (Electronic Know Your Customer) is an identity verification method using your Aadhaar-linked mobile number for OTP-based biometric verification — conducted entirely over a video call. For individual applicants using Aadhaar eKYC at Signing Digital:

• 100% paperless — no physical document upload or display required in most cases
• Fastest issuance — DSC can be issued in as little as 10 minutes after successful verification
• Legally valid — conducted through official UIDAI-approved eKYC channels

Your Aadhaar number must be linked to an active mobile number to use this route. If not linked, PAN-based verification is available as an alternative.

For PAN-based verification, original documents must typically be displayed during the video call:

• PAN card (original)
• Address proof — Aadhaar, Passport, Voter ID, or Driving License (original)
• Passport-size photograph

Signing Digital's expert team will provide a personalised document checklist before the video call, so you know exactly what to keep ready. No documents need to be physically dispatched. Request your free checklist at signing.digital/contact-us/.

For an Organization DSC, original documents typically required to be displayed during video verification:

• Certificate of Incorporation or LLPIN/CIN letter from MCA
• GST registration certificate or GSTIN proof
• Authorization letter on company letterhead (signed by authorized director)
• PAN card of the organization
• Authorized signatory's PAN and identity proof
• Company address proof

Signing Digital provides a complete personalized checklist for every organization application. Contact us at signing.digital/contact-us/.

Signing Digital offers India's fastest DSC issuance and delivery:

• Issuance — as fast as 10 minutes after successful Aadhaar eKYC video verification
• Bangalore delivery — ready-to-use USB token delivered within approximately 2 hours of issuance
• Tier-1 cities — next business day delivery
• All other locations — typically within 3 business days pan-India

Every token is pre-loaded with your DSC by our team — you receive it ready to use immediately upon delivery.

Yes. A director, partner, or authorized signatory can apply for an Organization DSC in their official capacity — the certificate will reflect both the individual's name and their organizational designation (e.g., "Ravi Kumar, Director, ABC Pvt Ltd"). This is the standard format required by MCA, e-Procurement, and other portals for corporate filings.

An authorization letter on company letterhead, signed by another director, is required for the application. Signing Digital assists with the entire process — contact signing.digital/contact-us/.

Yes — completely safe. Signing Digital implements 256-bit SSL encryption across all communications and data transfers — the same standard used by banks. Key safety measures:

• All personal data is processed under CCA-licensed Certifying Authority protocols
• Aadhaar eKYC is conducted through official UIDAI-approved OTP-based channels
• No sensitive data is stored beyond regulatory requirements or shared with unauthorized parties
• Fully aligned with MeitY data protection guidelines and Digital India standards

A DGFT DSC is a specialized digital signature certificate required specifically for the Directorate General of Foreign Trade (DGFT) portal. Key differences from a standard Class 3 DSC:

• Uses a 2048-bit key pair with a CA certificate chain recognized specifically by DGFT systems
• Required for IEC (Importer Exporter Code) applications, advance authorization, EPCG, and all DGFT e-filing
• A standard Class 3 DSC will NOT work on the DGFT portal — only a DGFT DSC is accepted

Signing Digital issues DGFT DSC with full application assistance. Visit signing.digital/pricelist/ for current pricing.

An ICEGATE DSC is a digital signature certificate required for all users of the Indian Customs Electronic Data Interchange Gateway (ICEGATE) — India's customs e-filing system. It is mandatory for:

• Filing Bills of Entry (imports)
• Filing Shipping Bills (exports)
• E-payment of customs duty
• Accessing the ICES (Indian Customs EDI System)
• Customs brokers, freight forwarders, and shipping agents operating on ICEGATE

Signing Digital issues ICEGATE DSC with end-to-end expert support. See current pricing at signing.digital/pricelist/.

Yes. Signing Digital provides specialist Foreign National DSC issuance for:

• NRIs and OCI card holders with Indian financial or corporate interests
• Foreign directors on Indian-registered companies (for MCA filings)
• Foreign entities with FDI-related RBI/FEMA compliance obligations
• Any foreign person requiring a DSC for Indian government portal transactions

The process requires original documents (Passport, Visa, etc.) displayed during video verification. Signing Digital has specialist expertise and handles the entire application remotely. Contact signing.digital/contact-us/ for a consultation.

A Document Signer Certificate is a high-volume digital signing certificate designed for automated or bulk document signing workflows — typically deployed on servers rather than USB tokens. It is used by:

• Banks and NBFCs — for automated account statements and loan documents
• Insurance companies — for bulk policy and claim document signing
• Healthcare organisations — for digitally signing patient records and reports
• Logistics companies — for bulk invoice and waybill generation
• Any enterprise needing thousands of digitally signed PDFs per day

Signing Digital provides expert consultation, custom quoting, and end-to-end setup for Document Signer Certificates. Contact signing.digital/contact-us/.

Yes — technically a single FIPS-compliant token can store multiple certificates, including a Class 3 DSC and a DGFT DSC simultaneously, provided the token has sufficient certificate storage slots (typically 5–10 slots). Each certificate is accessed and used independently through the token management application.

However, Signing Digital recommends using separate dedicated tokens for different certificate types — particularly for high-value transactions — to reduce risk and simplify compliance management. For specific guidance on your use case, contact signing.digital/contact-us/.

Misuse of a DSC is a serious criminal offence under the Information Technology Act, 2000:

• Section 66 — Computer-related offences using a DSC: imprisonment up to 3 years and/or fine up to ₹5 lakhs
• Section 71 — Misrepresentation to a Certifying Authority: imprisonment up to 2 years and/or fine up to ₹1 lakh
• Section 73 — Publication of a DSC for fraudulent purposes: imprisonment up to 2 years and/or fine up to ₹1 lakh

Additional penalties may apply under GST, MCA, ICEGATE, or customs regulations if misuse occurs on those portals. This underscores why the token and PIN must never be shared with anyone.

DSC renewal at Signing Digital follows the same assisted 7-step process as a fresh application. Key points:

• Begin renewal at least 30 days before expiry to avoid any compliance gap on government portals
• Identity re-verification (Aadhaar eKYC or PAN-based) is required even for renewal — certificates cannot be extended in-place
• Your existing FIPS-compliant token can typically be reused (subject to its condition and available storage)
• Signing Digital sends proactive renewal reminders before your DSC expires

To initiate renewal, contact signing.digital/contact-us/ or check current renewal pricing at signing.digital/pricelist/.

In most cases, yes — your existing FIPS-compliant token (ePass2003, mToken) can be reused for DSC renewal, provided:

• The token is physically undamaged and functional
• The token firmware is still supported (Version 3 compliance)
• There are available certificate storage slots on the token

If your token is damaged, outdated, or full, a replacement will be provided at an additional cost. Signing Digital's team assesses your token condition during the renewal process and advises accordingly. Contact signing.digital/contact-us/ to start.

Pricing varies based on DSC type (Class 3, DGFT, ICEGATE, Organization, Foreign National, Document Signer), validity period (1 year or 2 years), and any applicable offers. Signing Digital maintains live, dynamic pricing that is always current — no outdated or misleading rates are displayed.

For the most current and accurate pricing, visit: signing.digital/pricelist/. Volume discounts are available for organizations requiring multiple DSCs. Free expert consultation before purchase — contact signing.digital/contact-us/ or WhatsApp +91-8050185278.

Yes — documents signed before the DSC expiry date retain full legal validity, provided:

• The signature was applied while the DSC was active and valid
• A trusted timestamp was included in the signature at the time of signing (which records the exact date and time of signing from a trusted time source)

The expiry of a DSC only affects the ability to sign new documents after the expiry date — it does not retroactively invalidate previous signatures. To ensure continuity, Signing Digital recommends renewing DSC at least 30 days before expiry. Learn more at signing.digital/all-about-dsc/.

Yes — Signing Digital provides comprehensive post-issuance support including:

• USB token driver installation and configuration assistance
• DSC usage guidance for all government portals — MCA, GST, Income Tax, DGFT, ICEGATE
• Token PIN management and unlock support
• Proactive renewal reminders before certificate expiry

Contact the support team via:

• WhatsApp — +91-8050185278 (fastest response)
• Email — [email protected]
• Online — signing.digital/contact-us/