About Encryption DSC
Encryption Class 3 DSC for confidential document signing tendering and tax filings. Forms handled: Class 3 Encryption DSC, Aadhaar e-KYC. Legal basis: IT Act 2000 Sections 35-39.
Plain-English glossary for this service
A digital certificate specifically issued with KeyUsage attribute set to keyEncipherment and dataEncipherment, used for encrypting data such that only the holder of the corresponding private key can decrypt. Distinct from a signing DSC which has KeyUsage digitalSignature and is used for non-repudiation. Under CCA India guidelines and IT Act Section 35, organisations engaging in e-procurement on CPP Portal, GeM, or any portal requiring bid encryption must hold a separate encryption DSC per authorised signatory.
The sequence of certificates from the end entity certificate up through one or more intermediate CA certificates to a trusted root CA. For a DSC issued by a CCA-licensed CA in India, the chain runs from the user's certificate, through the issuing CA's certificate, to the CCA Root. Portals validate this chain at every transaction; a break or missing intermediate causes signature verification failure.
Section 3A of the Information Technology Act 2000 introduced by 2008 amendment, providing legal recognition to electronic signatures using techniques notified by the Central Government in addition to digital signatures under Section 3. Practical relevance: it widens the legal acceptability of e-signatures beyond DSC, while DSCs continue to be the most robust form because they leverage CCA-licensed CA infrastructure for non-repudiation.
Hard token is a physical USB cryptographic device that generates and stores private keys internally with the key never leaving the device. Soft token is a software-based key store such as a .pfx file or Windows Certificate Store entry. Hard tokens are FIPS 140-2 compliant and meet government portal security requirements; soft tokens are convenient but lack tamper resistance and are rejected by defence-category and high-value bidding portals.
A single USB cryptographic token loaded with two certificates: one signing-only certificate and one encryption-only certificate for the same signatory. Issued by a licensed CA after one in-person verification covering both certificates. Cost-efficient and reduces logistical overhead of carrying two separate tokens. Mandatory for participating in e-tenders on CPP Portal and GeM where both signing and bid encryption are required at the same submission step.
Application Supported by Blocked Amount encryption framework used by Self Certified Syndicate Banks in IPO and FPO applications. Investor's bid details and PAN are encrypted using the registrar's public key to ensure confidentiality of subscription patterns until allotment. Built on the same X.509 PKI infrastructure as DSC, applies to retail and HNI investors equally, governed by SEBI ICDR Regulations.
The cryptographic equivalent of a sealed tender envelope where the bid document is wrapped with the tender authority's public key at submission and remains undecryptable until the official bid opening event when the tender authority unwraps it using its private key. CPP Portal and GeM implement this through AES symmetric encryption of the bid content with the symmetric key itself wrapped using the recipient's RSA public key.
Government e-Marketplace's bid encryption mechanism for bids above prescribed threshold values. Uses the seller's organisational encryption certificate registered on GeM seller profile to wrap the financial bid component. Pre-defined bid window opens and closes at portal-controlled timestamps with bid opening only possible at the scheduled time by authorised buyer-side openers using the buyer's decryption keys.
Encryption between an Application Service Provider intermediary and GSTN's API gateway when bulk filing of GSTR-1, GSTR-3B, or GSTR-9 is routed through an ASP-GSP integration. The ASP's encryption certificate is registered on the taxpayer's GSTN profile and used to wrap the return data payload. ASP switch requires re-mapping of the new ASP's encryption certificate on GSTN before bulk filing can resume.
Reserve Bank of India's online portal for regulatory return filing by banks, NBFCs, AD Bank category-I entities, and certain payment system operators. Requires encrypted submission of returns using RBI-published encryption certificate. Monthly XBRL returns under various RBI Master Directions and FEMA-related returns flow through this channel. Encryption is in addition to the signing DSC and not a substitute.
Indian Customs Electronic Commerce Gateway encryption for response messages back to importers and exporters such as assessed Bill of Entry, query messages, and Out of Charge orders. Requires registration of the user's encryption certificate separately from the signing certificate on the IEC holder profile. Without encryption certificate registration, ICEGATE response messages cannot be delivered causing container hold and demurrage.
An encryption certificate issued in the name of an entity rather than an individual, carrying the entity PAN as the Subject primary identifier and the authorised signatory's CommonName as a secondary attribute. Required for GeM seller profile encryption mapping, CPP Portal bidder encryption, and certain RBI Online filings where the encryption is at entity level rather than individual signatory level. Subject field mapping accuracy is critical.
Operative provisions cited on this page
Every claim on this page can be traced back to a section or rule below.
IT Act 2000 Sections 35-39 is the operative provision for encryption dsc in this engagement. Encryption Class 3 DSC for confidential document signing tendering and tax filings The taxpayer should ensure the procedural conditions under this section are met before any filing or submission. Failure to comply attracts the consequences separately prescribed under the penalty and interest provisions of the same Act.
Forms used in this engagement
Statutory form prescribed for Encryption DSC engagements; carries the information set required for filing or submission to the prescribed authority.
Statutory form prescribed for Encryption DSC engagements; carries the information set required for filing or submission to the prescribed authority.
Compliance deadlines that matter
Miss any of these and the next consequence kicks in automatically.
Signing DSC vs Encryption DSC
Three named tax practitioners — not a faceless outsourcer
B.Com, CA Inter, GST Practitioner. 15+ years and 500+ Chennai engagements. Leads the notice-reply and CMA project-report practice.
B.Com. 15+ years in statutory and ROC compliance, partnership-firm matters, and audit-support engagements.
B.Com, M.Com. 5+ years on monthly GST returns, GSTR-2B reconciliation, and ASMT-10 first-touch responses.