Summer Internship Report

PROJECT: VALIDATOR

Kashish Kochar
15CSU091

Date: 18th July, 2018

1
 TABLE OF CONTENTS

Preface .........................................................................................................4
Acknowledgement ....................................................................................... 5
Abstract ........................................................................................................ 6
Introduction ................................................................................................. 7
Executive Summary ................................................................................... 8
Training Description ................................................................................ 10
Project: Validator…………….…...........................................................10
1. Project Background and Scope….....................................................10
2. Project’s rationale and Goals............................................................10
3. Methodology used for Verification of Digital Signature………......11
3.1 Checking a document’s integrity...................................................11
3.2 Retrieving information from a signature.......................................11
3.3 Validating the certificates of a signature.......................................11
3.4 Checking if the certificate was revoked using CRLs and OCSP..12

4. Technical Details..............................................................................12
Testing…………………………………………..………........................13

Analysis …………......................................................................................14

Conclusion ..................................................................................................15

Bibliography …………...............................................................................16

Appendix A (Languages, frameworks, tools, applications and Web

Development techniques used in Internship
Term)...........................................................................................................17

Appendix B (About
LEEGALITY)………………...................................................................25

2
Appendix C (About LEEGALITY’S AADHAAR ESIGN
SERVICES)................................................................................................28

Appendix D (About Digital

Signatures).................................................................................................30

Project Daily Task ....................................................................................33

3
 PREFACE

This report documents the work done during the summer internship at
Leegality(Grey Swift Private Limited), 91 SpringBoard, Nehru Place, New
Delhi under the supervision of Mr. Prakhar Aggarwal. The report will give
an overview of the tasks completed during the period of internship with
technical details. I have tried my best to keep report simple yet technically
correct. I hope I succeed in my attempt.

4
 ACKNOWLEDGEMENT

During my summer internship, the staff at Leegality and people guiding me were very
helpful and extended their valuable guidance and help whenever required for the projects
which I worked on.

I am highly indebted to my guide Mr. Prakhar Aggarwal for his invaluable guidance and
advice during my Summer Internship.

I am thankful to Mr. Shivam Singla (Director, Leegality) for providing me an

opportunity to work in the company and friendly support during my stay at Leegality.
I am also very grateful to my collegue Mr. Vishwanath and Ms. Shivani for being
supportive project partners. I got to learn a lot from them.
Overall, the above team made my stay at Leegality an enjoyable one and I am
grateful to them for making it so.

Kashish Kochar

5
 ABSTRACT

The Project work is pursued as a part of the curriculum of B.Tech. – Computer

Science at The NorthCap University. The summer internship was taken up at
Leegality(Grey Swift Private Limited), in Nehru Place, New Delhi. The internship
was centered with development on Groovy and Grails, along with some
enhancements to the existing website, which was based on Angular Javascript. At
Leegality, I was initially explained the current work flow of the company, along with
the process of e-Signing gateway used for the process of Aadhaar e-Sign. I was also
involved in writing codes for integration of our product with the client’s existing
systems. Then, I was briefed about the Validator to be developed for verifying the
digital signatures on a document. After developing a thorough understanding of
Groovy along with Grails and also digital signatures, I was handed over my first
project. I was also involved in writing code for testing the application on Spock.

The report presents the three tasks completed during summer internship at Leegality,
which are listed below:
1. Conceptual learning of Groovy and Grails.

2. Developing an application for verification of Aadhaar e-Signature: Validator.

3. Unit Testing

Apache Groovy is a Java-syntax-compatible object-oriented programming

language for the Java platform. It is both a static and dynamic language with features
similar to those of Python, Ruby, Perl, and Smalltalk. It can be used as both
a programming language and a scripting language for the Java Platform, is compiled
to Java virtual machine (JVM) bytecode, and interoperates seamlessly with other
Java code and libraries.

Grails is an open source web application framework that uses the Apache
Groovy programming language (which is in turn based on the Java platform). It is
intended to be a high-productivity framework by following the "coding by
convention" paradigm, providing a stand-alone development environment and
hiding much of the configuration detail from the developer.

6
 INTRODUCTION
COMPANY PROFILE

Leegality is a digital documentation platform helping businesses digitize, optimize

and automate their legal processes. It offers solutions for businesses and help them
to reduce the overhead time and costs involved with documentation by over 90%, at
the same time creating a stellar experience for their customers. All this in a fully law
compliant manner.

The platform provides a guarantee of unmatched security and legal reliability on the
documents signed through them.

The Flagship Product 'Aadhaar eSigning Gateway' is a plug-n-play gateway using

which the businesses can collect signatures from their users from right within their
applications in a quick, cost-effective and legally compliant manner.

Leegality’s Documentation Gateway is aimed at helping businesses digitize their

documentation processes in order to increase efficiency, reduce costs and to ensure
legal and regulatory compliance. Aadhaar based digital signing provides a robust
system of legally compliant, secure and quick digital signature system.

Leegality’s Aadhaar eSigning APIs are highly functional and highly modifiable to
allow businesses to incorporate the services within their products as per their unique
flow requirements. Their architecture follows industry best security practices and is
compliant with ISO 27001 Information Management Standard. They also provide a
digitally signed audit trail for every document signed through their platform.

Working as a Web Development Intern in the company, my job was to develop

new applications, as well as enhance the already existing products.

7
 EXECUTIVE SUMMARY
My two-month Industrial Internship Program work term was with the
Leegality(Grey Swift Private Limited), New Delhi. I worked as a Web Development
Intern during my work term.

There is one major project that I had a significant role in.

The project involved gaining a good understanding on a project called Validator.

This project was designed to verify Digital Signatures on a document.
My task was to
 Understand the process of Digital Signatures,

 Learn how to develop applications using IntelliJ Idea,

 Learn about API calls and use them to generate data,

 Learn basics of Groovy and Grails along with my knowledge in web
designing languages such as HTML, CSS and Bootstrap,
 Accomplish the tasks given to me on time.

This project was entirely a learning experience for me and it helped me to learn many
new things since I didn’t had knowledge of Groovy and Grails in starting.
I learnt:
 Step-by-step process of verifying digital signatures
 I learnt many new commands and how to create my own logic.
 I learnt to make new pages in GSP using HTML, CSS and Bootstrap along
with proper validations.
 Handling the uploaded document, creating a preview through Ajax call and
extracting data through backend.
 Using Ajax call to get responsive real time data.

One of the important achievements of this project was the development of a new
Application to verify the digital signature on a document. The application provides the
following checks:

 It verifies the identity of the signing authority.

 It provides Integrity check, and tells whether the document has been
modified after the signature or not.
 It also provides Revocation check of the document.

8
An application was finally developed using the above criteria to demonstrate the
usefulness and requirement of the project. It was a fully developed project which
worked very well.
After the completion of the project I did testing for the same and found out major
improvements and suggestions that could help the project work more efficiently.

I acquired many new technical skills throughout my work term. I acquired new
knowledge in the area of Groovy and Grails. I also brushed up my CSS, Bootstrap
and HTML skills while making these applications. The project is still in its working
phase.
Then I got introduced to the area of research and how to approach it. Most
importantly, the work experience was very good which included good fellowship,
cooperative teamwork and accepting responsibilities.
Although I spent a lot of time learning new things, I found that I was well trained in
certain areas that helped me substantially in my projects. Many programming skills
that I used in my projects, such as programming style and design, were ones that I
had acquired during my studies in Computer Science.

9
 TRAINING DESCRIPTION
Project: Validator

1. Project background and scope

When you receive a signed PDF, you can open it in Adobe Reader and
check if the signature is valid by opening the signature panel, or —in the
case of a visible signature— by clicking the signature’s widget annotation.
That’s easy. It’s a different story when you receive thousands of PDFs. In
that case, opening the documents manually one by one isn’t an option;
you’ll want to test the integrity of the documents and the validity of the
signatures in an automated process.

The aim of the process was to develop a platform in order to verify the
Digital Signature by following a proper step-by-step process as described
in the third section.

2. Project’s rationale and goals

My goals regarding the Validator were the following:

1. To install the required IDE’s and softwares such as IntelliJ Idea,

Postman, Groovy, Grails, SDKMan, Java, Git, Node and npm.

2. To understand the concept of Digital Signatures and the process of its

verification.

3. To understand the required languages such as Groovy, Grails, Ajax,

HTML, CSS, Bootstrap.

4. To understand the programming interfaces and how to implement and

configure it in the successful production of the Validator.

10
3. Methodology used for Verification of Digital Signature
3.1 Checking a document’s integrity
The three reasons which marks the goal of signing documents using a
digital signature are: to ensure the integrity of the document, to get
assurance about the identity of the signer, to make sure the signer can’t
deny he has signed the document.

3.1.1 Listing the signatures in a document: All the signatures which

signed in the document are fetched at the time of verification.

3.1.2 Checking the integrity of a revision

3.2 Retrieving information from a signature

The following process is used for verification:

3.2.1 Overview of the information stored in a signature field and

dictionary: In this process, we return useful information about
the signature field, the signature field’s widget annotation, the
signature dictionary, the signature, and the signer.

3.2.2 Inspecting signatures: We can inspect the different information

that we have received about the certificate. We can even get the
accuracy of the timestamp from the TimeStampInfo object.

3.3 Validating the certificates of a signature

3.3.1 Creating your own root store: In this section we create our own
root store, and we’ll add the certificates of the authorities that we
wish to verify against the documents.
We’ll use this root store to verify the certificates in PDF’s.
3.3.1.1 A PDF signed with a CAcert certificate,
3.3.1.2 A PDF signed with a token from GlobalSign
(CDS)
3.3.1.3 A PDF signed with a self-signed certificate,
3.3.1.4 A PDF signed with an eID for testing purposes

11
 3.3.2 Verifying a signature against a key store: We verify the
certificates obtained from the keystore against the ones generated
from the certificate chain of the document.

3.3.3 Extracting information from certificates: We can define methods

that can be used to find out if a certificate was valid on the
signDate, and if it’s still valid today. It also shows the
Distinguished Name (“DN”) of the issuer of the certificate and
its owner.

3.4 Checking if the certificate was revoked using CRLs and OCSP
We take the signing certificate and the certificate of the issuer of that
certificate (or null if it was self-signed). We’ll use these certificates as
parameters to check for revocation.
We will check if the OCSP responses of the document were valid for the
certificate on a specific date on the signing date or today. If not, the
verifier will try to look for a valid OCSP response online.
Then the verifier will check if the CRLs of the document were valid on a
specific date. If the certificate was revoked an exception will be thrown.
If no valid CRL was found, the verifier will try to fetch a CRL online. If
we still didn’t get any object as result, the certificate couldn’t be verified.
Otherwise, we get a list of the checks that made us accept the certificate.

4. Technical details
 Web Presentation: HTML, CSS, Bootstrap, JavaScript, Groovy Server
Pages(GSP)
 Programming Language: Groovy with Grails
 Browser: Google Chrome
 Front-End and Backend Integration: JQuery and Ajax
 Version Control: Git
 API creation and testing: Postman
 Operating System: Ubuntu 16.04
 IDEs: IntelliJ IDEA 2018.1.4

I was acquainted with some of the languages earlier but few of them were
new to me.

12
Testing
 After the successful completion of the project, I was also involved in
designing test suites and writing codes for unit testing of the already exiting
application in Spock, a unit testing framework for Groovy applications.

 During my term in the company, I wrote codes for four services of the already
existing application along with my fellow interns who wrote codes for the
other services.
 The operations of mocking, stubbing and spying can be accomplished by
really simple code through Spock, which made work easy.

 After the completion of unit testing of services, I was also involved in writing
test codes for 26 domain classes of the already existing system.

 The testing phase was an entirely new learning curve for me which helped me
to learn valuable skills in testing along with my work in development.

13
 ANALYSIS
My training at Leegality has been very beneficial for me as I have learned and
improved myself a lot technically as well non-technically.

During my project, initially I went through all concepts of Groovy and Grails,
HTML, Bootstrap, JavaScript, CSS.
Then, I started my technical analysis of the Web application of the already running
projects to understand the basic layout of the website. I started doing some programs
implementing Grails on my own.
A lot of time was then spent understanding the concepts of digital signatures and
analysing and understanding the verification process for the same.
During my project, I first worked on creating functions for the implementations of
the process, and then discussed all the processes required in verification with my
mentor. Unit testing was done after each step so as to verify the outputs and
successful completion of each step of the process.
After completing the functions required for the process of Validator, I designed the
UI of the application. I first designed a basic layout for the application, then
incorporated the functions which I previously made, using JQuery and Ajax calls.
Then, I discussed all the possible changes required in the UI of the application to
make it more relatable to the look and feel of the already existing website. After
incorporating those changes, I successfully submitted my project for deployment.

Other than the project, I have also contributed to the firm in terms of writing codes
for API calls in different languages such as Android and .Net for integration by
clients. Also, using Chart.js, I designed some graphs for graphical representation of
the different data in the user and administrator console.
And, I also wrote test suites for the already existing system in Spock (Unit testing
framework).
Now coming to personal skills, a person never thinks that adapting to corporate
culture, working in a team etc., can be such a big part of shaping an individual. While
working in the company, I inculcated all of it quite successfully and got quite
comfortable with the office environment. One of the strength that I developed during
this training period was being optimistic about unfamiliar work within the given
deadline.
It was a great experience for me as I learned a lot of new things during my internship.
Practical knowledge is very much important to learn anything.

14
 CONCLUSION

In the past 20 years, technology has changed the nature of attendance and complaint

log system. In the old days, everything was done manually, with records maintained

in registers. Now that the computers and technology have penetrated the industry,

automation has become the competitive advantage in today's world. We are now

completely reliable on technology for every work. This summer internship had

helped me a lot to know about the working of IT companies in today's world and

how do they withstand the high level competitive environment. I learnt the real

meaning of team work, punctuality, work compilation, authority and responsibility

during my project. I built a great skill of working and coordinating with team

members and gave my best to the work allotted to me. I gained technical, as well as

soft skills which are very important in every domain of life.

15
 BIBLIOGRAPHY

 https://www.theserverside.com/definition/cascading-style-sheet-CSS
 https://www.theserverside.com/definition/JavaScript
 https://en.wikipedia.org/wiki/JQuery
 https://en.wikipedia.org/wiki/Ajax_(programming)
 https://valuebound.com/resources/blog/get-to-know-about-postman-tool
 https://www.securedsigning.com/resources/intro-to-digital-signatures

16
 APPENDIX A

Languages, frameworks, tools, applications and Web

Development techniques used in Internship Term

1. Groovy
What is Groovy?

Groovy is a dynamic object-oriented programming language for the Java

virtual machine (JVM) that can be used anywhere Java is used. The language
can be used to combine Java modules, extend existing Java applications and
write new applications.

Groovy can serve as a scripting language for developers new to the Java
platform and can also be useful for veteran Java developers interested in
enhancing the expediency and flexibility of that language.

Groovy has a Java-like syntax and works seamlessly with Java bytecode.
Many of the language's features resemble those
of Perl, Python, Ruby and Smalltalk.

Other features include:

 Easy learning curve

 Support for domain-specific languages
 Compact syntax
 Support for dynamic typing
 Powerful processing primitives
 Ease of Web application development
17
  Support for unit testing.

The Groovy concept was introduced in 2003 by James Strachan. Beta

versions were made available from 2004 to 2006. Version 1.0 was released
in January 2007 and version 1.1 was released in December 2007. Groovy is
going through standardization under Java Specification Request (JSR) 241.
The project manager is Guillaume Laforge.

2. Grails
Grails is a web framework based on Groovy and Java which can be deployed
into existing Java web servers, e.g., Tomcat or Jetty.

Grails allows to quickly create web applications; its scaffolding capabilities

let you create a new project within few minutes. Grails is based on
the convention over configuration idea which allows the application to auto-
wire itself based on naming schemes (instead of using configuration files,
e.g, XML files).

Grails uses JavaEE as the architectural basis and Spring for structuring the
application via dependency injection.

The Grails framework allows instance development without requiring any

configuration. Just download Grails and you are ready to start. Grails
accomplish this by automatically providing the Tomcat web container and
the HSQLDB database during development. If you deploy you Grails
application later, you can use another web container or database.

Grails is plug-in based and currently uses its own build system (Gant) but
plans to migrated to Gradle. The Grails homepage provides several pre-
defined plugins which extend the Grails framework.

During the start of a new development with Grails you mainly use the
command line to generated new user interfaces.

2.1. Object relationship mapping (ORM) with GORM

Grails uses GORM (Grails Object Relational Mapping) for the persistence
of the domain model. GORM is based on Hibernate. You can test with the
18
 HSQLDB and run in production against another database simply by
changing the configuration file (DataSource.groovy).

3. HTML
HTML (Hypertext Markup Language) is the set of markup symbols or codes
inserted in a file intended for display on a World Wide Web browser page.
The markup tells the Web browser how to display a Web page's words and
images for the user. Each individual markup code is referred to as an element
(but many people also refer to it as a tag). Some elements come in pairs that
indicate when some display effect is to begin and when it is to end.

HTML is a formal Recommendation by the World Wide Web Consortium

(W3C) and is generally adhered to by the major browsers, Microsoft's Internet
Explorer and Netscape's Navigator, which also provide some additional non-
standard codes. The current version of HTML is HTML 4.0. However, both
Internet Explorer and Netscape implement some features differently and
provide non-standard extensions. Web developers using the more advanced
features of HTML 4 may have to design pages for both browsers and send out
the appropriate version to a user. Significant features in HTML 4 are
sometimes described in general as dynamic HTML. What is sometimes
referred to as HTML 5 is an extensible form of HTML called Extensible
Hypertext Markup Language (XHTML).

4. CSS
A cascading style sheet (CSS) is a Web page derived from multiple sources
with a defined order of precedence where the definitions of any style element
conflict. The Cascading Style Sheet, level 1 (CSS1) recommendation from the
World Wide Web Consortium (W3C), which is implemented in the latest
versions of the Netscape and Microsoft Web browsers, specifies the possible
style sheets or statements that may determine how a given element is
presented in a Web page.

CSS gives more control over the appearance of a Web page to the page creator
than to the browser designer or the viewer. With CSS, the sources of style
definition for a given document element are in this order of precedence:

19
 1. The STYLE attribute on an individual element tag
2. The STYLE element that defines a specific style sheet containing style
declarations or a LINK element that links to a separate document
containing the STYLE element. In a Web page, the STYLE element is
placed between the TITLE statement and the BODY statement.
3. An imported style sheet, using the CSS @import notation to
automatically import and merge an external style sheet with the current
style sheet
4. Style attributes specified by the viewer to the browser
5. The default style sheet assumed by the browser

In general, the Web page creator's style sheet takes precedence, but it's
recommended that browsers provide ways for the viewer to override the style
attributes in some respects. Since it's likely that different browsers will choose
to implement CSS1 somewhat differently, the Web page creator must test the
page with different browsers.

5. Bootstrap
Bootstrap is a free and open-source front-end framework (library) for
designing websites and web applications. It contains HTML- and CSS-based
design templates for typography, forms, buttons, navigation and other
interface components, as well as optional JavaScript extensions. Unlike many
web frameworks, it concerns itself with front-end development only.

6. JavaScript
JavaScript is a programming language that started off simply as a mechanism
to add logic and interactivity to an otherwise static Netscape browser. In the
years since its introduction, it has not only supplanted a variety of other
competing languages and technologies to become the standard for browser-
based programming, but it has also expanded beyond the client space to
become a dominant language on the server side, as well.

20
 What JavaScript can be used for?
The Hyper Text Transport Protocol, or HTTP, was designed to do exactly
what the name implies, which is to transport HTML text across a network for
viewing. But the problem with HTML is that it is completely static, providing
no capabilities to implement logic.

Basic features we currently take for granted, such as input validation,

autocorrect, progress bars or causing a graphic to change during a
mouse rollover, would all be impossible for a browser to perform without
some type of scripting capability. As a result, when the web first rose to
prominence, every vendor in that space provided some mechanism to make
HTML web pages more interactive.

7. JQuery
jQuery is a cross-platform JavaScript library designed to simplify the client-
side scripting of HTML. It is free, open-source software using the
permissive MIT License. Web analysis indicates that it is the most widely
deployed JavaScript library by a large margin.
jQuery's syntax is designed to make it easier to navigate a document,
select DOM elements, create animations, handle events, and
develop Ajax applications. jQuery also provides capabilities for developers to
create plug-ins on top of the JavaScript library. This enables developers to
create abstractions for low-level interaction and animation, advanced effects
and high-level, themeable widgets. The modular approach to the jQuery
library allows the creation of powerful dynamic web pages and Web
applications.
The set of jQuery core features—DOM element selections, traversal and
manipulation—enabled by its selector engine (named "Sizzle" from v1.3),
created a new "programming style", fusing algorithms and DOM data
structures. This style influenced the architecture of other JavaScript
frameworks like YUI v3 and Dojo, later stimulating the creation of the
standard Selectors API.

21
8. Ajax
Ajax (also AJAX; short for "Asynchronous JavaScript And XML") is a set
of Web development techniques using many Web technologies on the client
side to create asynchronous Web applications. With Ajax, Web applications
can send and retrieve data from a server asynchronously (in the background)
without interfering with the display and behavior of the existing page. By
decoupling the data interchange layer from the presentation layer, Ajax allows
Web pages, and by extension Web applications, to change content
dynamically without the need to reload the entire page. In practice, modern
implementations commonly utilize JSON instead of XML due to the
advantages of JSON being native to JavaScript.
9. Postman
Postman is a Google Chrome app for interacting with HTTP APIs. It presents
you with a friendly GUI for constructing requests and reading responses. The
people behind Postman also offer an add-on package called Jetpacks, which
includes some automation tools and, most crucially, a Javascript testing
library. This post will walk you through an example that uses those testing
features. While they won't replace your focused unit tests, they do breathe new
life into testing features from outside your applications. This makes it
extremely valuable for functional testers or for developers who love to
test outside-in.
10. Git
Git is a version control system for tracking changes in computer files and
coordinating work on those files among multiple people. It is primarily used
for source code management in software development, but it can be used to
keep track of changes in any set of files. As a distributed revision
control system it is aimed at speed, data integrity, and support for distributed,
non-linear workflows.
Git was created by Linus Torvalds in 2005 for development of the Linux
kernel, with other kernel developers contributing to its initial development. Its
current maintainer since 2005 is Junio Hamano.
As with most other distributed version control systems, and unlike
most client–server systems, every Git directory on every computer is a full-
fledged repository with complete history and full version tracking abilities,
independent of network access or a central server.

22
 Git is free and open source software distributed under the terms of the GNU
General Public License version 2.
11. Spock
Spock is a testing and specification framework for Java and Groovy
applications. What makes it stand out from the crowd is its beautiful and
highly expressive specification language. Thanks to its JUnit runner, Spock is
compatible with most IDEs, build tools, and continuous integration servers.
Spock is inspired
from JUnit, RSpec, jMock, Mockito, Groovy, Scala, Vulcans, and other
fascinating life forms.
Every Spock test (or specification) extends spock.lang.Specification. This
abstract class uses Spock's JUnit
runner, org.spockframework.runtime.Sputnik, and contains useful methods
for writing tests eg creating mock objects

23
 APPENDIX B

About LEEGALITY

Leegality is a digital documentation platform helping businesses digitize, optimize

and automate their legal processes. It offers solutions for businesses and help them
to reduce the overhead time and costs involved with documentation by over 90%, at
the same time creating a stellar experience for their customers. All this in a fully law
compliant manner.

Leegality’s Documentation Gateway is aimed at helping businesses digitize their

documentation processes in order to increase efficiency, reduce costs and to ensure
legal and regulatory compliance. Aadhaar based digital signing provides a robust
system of legally compliant, secure and quick digital signature system.

Aadhaar based e-signing

Easily manage your documents and get them e-signed by any Aadhaar holder

✓ Sign and invite multiple collaborators

✓ Signatures via Aadhaar based OTP and biometrics
✓ Digitally signed audit trail of all documents
✓ Two factor authentication

Online e-stamping
Obtain stamp paper of 7+ states for your legal documents

✓ Convenient form based digital stamping solution

✓ ONE day online delivery
✓ Multiple physical delivery options

24
25
Leegality’s Platform

26
 APPENDIX C

About LEEGALITY’S AADHAAR ESIGN SERVICES

1. What is Aadhaar eSign exactly?

Aadhaar eSign is a method to issue digital signatures. Aadhaar authentication
is just used for eKYC purposes, based on which a digital signatures certificate
is issued in the name of the respective Aadhaar holder. To simplify further,
Aadhaar authentication and eKYC is handled by UIDAI independently.
UIDAI issues the eKYC data to the Certifying Authority, which then uses that
eKYC data to fill up a special digital signature form created for this purpose
and issues a digital signature certificate for every request. The digital
signatures issued are done under the root certificate of the Root Certificate
Authority of India.

2. How does Leegality provide Aadhar eSign?

Leegality’s parent company- “Grey Swift Private Limited’ is a registered
Application Service Provider and a Sub-KUA with (n)Code Solutions18,
which is a registered Certifying Authority and one of the 4 licensed eSign
Service Providers in India. All our Aadhaar eKYC requests and digital
signing related requests are routed through them. As per the on-boarding
authentication guidelines21 issued by the Controller of Certifying
Authorities, Ministry of Electronics and Information Technology, Govt. of
India, Application Service Providers such as us can legally provide the
Aadhaar eSign services to the market.

3. What are the benefits of using Aadhaar eSign based

digital signatures over other alternatives?
Other forms of digital authentication modes, including the ones used in Click-
wrap or other unsecure electronic signatures are not expressly accepted as
valid methods of signing under the law. If used, they create huge business
risk and it can be a very hard process to prove them in front of adjudicatory
authorities, leading to huge transactional losses. Aadhaar eSign is thus a safe,
27
 secure, convenient and legally acceptable method of signing documents
digitally.

In fact, Aadhaar based digital signatures are even more legally secure than
physical signatures due to the presumptions existing in favour of the
authenticity and correctness of digital signatures under Section 85A, 85B &
85 C of the Indian Evidence Act, 1872, as discussed above.

4. What is the legality of Aadhaar eSign?

Aadhaar eSign based digital signatures being used by Leegality are
completely legally accepted and secure manner of electronically signing
documents, under effect of Gazette Notification No. 2015 Jan -GSR 61(E)
Electronic Signature or Electronic Authentication Technique and Procedure
Rules, 2015. Aadhaar eSigns are recognised as an accepted method of secure
electronic signatures as part of the Second Schedule of the Information
Technology Act, 2010 (IT Act). The IT Act recognises secure digital
signatures such as Aadhaar eSign as having legal validity equivalent to that
of physical signatures. Infact, Aadhaar eSigns are a more legally and
technologically secure way of signing documents than other alternative
techniques. Aadhaar eSigns work under the regulatory framework set up by
Controller of Certifying Authorities, Ministry of Electronics and Information
Technology, Government of India.

5. What documents can be signed through Aadhaar eSign?

Section 5 the IT Act reads as, “Where any law provides that information or
any other matter shall be authenticated by affixing the signature or any
document should be signed or bear the signature of any person then,
notwithstanding anything contained in such law, such requirement shall be
deemed to have been satisfied, if such information or matter is authenticated
by means of digital signature affixed in such manner as may be prescribed by
the Central Government”.

But Section 1(4) of the IT Act lays down- “Nothing in this Act shall apply to
documents or transactions specified in the First Schedule by way of addition
or deletion of entries thereto.”

Therefore, Aadhaar eSign, which is a prescribed method of digital signature,

can be used to validy sign and authenticate all documents except for those

28
expressly excluded from the application of the IT Act under the First
Schedule.

These excluded documents under the First Schedule are:

1. A negotiable instrument (other than a cheque) as defined in section 13 of

the Negotiable Instrument Act, 181 (26 of 181).

2. power-of-attorney as defined in section 1A of the Powers-of-Attorney Act,

182 (7 of 182).

3. A trust as defined in section 3 of the Indian Trust Act, 182 (2 of 182).

4. A will as defined in clause (h) of section 2 of the Indian Succession Act,

1925 (39 of 1925), including any other testamentary disposition by whatever
name called.

5. Any contract for the sale or conveyance of immovable property or any

interest in such property.

29
 APPENDIX D

About Digital Signatures

The process & validity behind Digital Signature technology

Public Key Infrastructure – PKI

A cryptographic system that uses two keys, a public key known to everyone and a
private key, the private key has full control to the key owner, and has to keep in
secured environment. A unique element to the public key system is that the public
and private keys are related in such a way that only the public key can be used to
encrypt messages and only the corresponding private key can be used to decrypt
them. Moreover, it is virtually impossible to deduce the private key if you know the
public key.
When David wants to send a secure message to Donna, he uses Donna's public key
to encrypt the message. Donna then uses her private key to decrypt it.
Public key cryptography was invented in 1976 by Whitfield Diffie and Martin
Hellman. It is also called asymmetric encryption because it uses two keys instead of
one key (symmetric encryption).

30
Digital Signatures Process
Using David and Donna, we can demonstrate how digital signatures are work.
From David’s point of view, the signing process operation is simple. But few steps are
happening while signing process is started. :

 Generating a Private and Public Key

For digitally sign documents, David needs to obtain a Private and Public Key
– a one-time process. The Private Key isn’t shared and is used only by David
sign documents. The Public Key is available for all, used for validate the
signatory’s digital signature.

 Digitally Signing Document

Create a digital signature

A unique document’s hash that represent the document is created using a

math scheme (like as SHA-1).
Added the signature to the document

The hash result and the user’s digital certificate that includes user’s Public
Key are mixed into a digital signature; it’s done by using the user’s Private
Key to encrypt the document hash. The resulting signature is unique to both
the document and the user. Finally, the digital signature is embedded to the
document.
David sends the signed document to Donna. Donna uses David’s public key
(which is included in the signature within the Digital Certificate) to
authenticate David’s signature and to ensure the document didn’t alter after
it was signed.
Donna:

1. Document validation process starts

2. Decrypts David’s digital signature with his Public Key and gets sent
document
31
 3. Compares David’s document hash with Donna calculated Has –Donna
calculates the document hash of the received document and compares it
with the hash document in the digital signature. If both hashes are same,
the signed document has not been altered.

Certificate Authority (CA)

CA issued certificates to ensure the authenticity of the signatories. Certificates are
similar to ID Document. When you want to identify a user in the system you check
his certificate. This certificate issued in registration process once all require
information filled in. In PKI world the CA uses the CA’s certificate for
authenticating user’s identity.

32
 PROJECT DAILY TASK
Date Day Work
th
18 May, 2018 Friday Installing soft wares and getting to
know the workflow of the company.

21st May, 2018 Monday First half: Groovy and Grails

Documentation
Second Half: Fixing API Call from dot
net of client.
22nd May, 2018 Tuesday First Half: Given the task of writing
integration code in 5 languages.
Second Half: Download Android
Studio and reading about API Call in
Android.
23rd May, 2018 Wednesday API Call in Android (Get and Post
Method), creating and maintaining
session in a cookie.
24th May, 2018 Thursday Off. Read about Digital Signature
documentation and groovy, grails.
25th May, 2018 Friday Learning Grails, git. Fetching and
loading verifier file from GitLab,
understanding already written code.
28th May, 2018 Monday First Half: College, paper showing.
Second Half: Understanding process
required in a validator.
First step, upload pdf and certificate
Fetch is done.
29th May, 2018 Tuesday Off. Working on validator and reading
about groovy more.
30th May, 2018 Wednesday Performing Integrity check. Running
test cases.

31st May, 2018 Thursday Check revocation list is done.

Problem: Working on CA, not working
for end party certificates.
1st June, 2018 Friday Reading about digital signatures and
grails for starting with the UI of the
application.
4th June, 2018 Monday Reading Grails Documentation
(Configuration and Dependencies).
5th June, 2018 Tuesday Reading Grails Documentation
(GORM, Controller).
6th June, 2018 Wednesday Reading Grails Documentation
(Controller, GSP, URL Mapping).

33
7th June, 2018 Thursday Looking at different templates for the
UI of the application and finalising
three probable templates.
8th June, 2018 Friday Starting with the UI of the validator.
11th June, 2018 Monday Finalising the template and working
on the UI of the application.
12th June, 2018 Tuesday Working and finishing off the UI of the
application.
13th June, 2018 Wednesday Integration of UI with the
code(Upload file, pdf preview).
Successfully completed training.
14th June, 2018 Thursday Finishing integration of code(PDF
preview, Show certificates) and
making final changes to the
application to make it ready for
deployment. Submitting final project
code for deployment.
15th June, 2018 Friday Off.

18th June, 2018 Monday Starting off with the second

19th June, 2018
20th June, 2018
21st June, 2018 – 26th June, 2018
27th June, 2018 – 29th June, 2018
3rd July, 2018-5th July, 2018
6th July, 2018-7th July, 2018
10th July, 2018
11th July, 2018-14th July, 2018
16th July, 2018-18th July, 2018
18th July, 2018
assignment. Reading about Angular
JS, looking at codes for making bar
graphs, pie graphs and doughnut
graphs.
Tuesday First Half: Finishing graphs with
specified changes.
Second Half: Reading about Unit
testing, TDD(Test driven
Development), BDD(Behaviour Driven
Development).
Wednesday Reading Spock Documentation for
Unit Testing.
Thursday-Monday Creating Spock test suite for all
functions of MandateService.
Tuesday-Friday Creating Spock test suite for all
functions of MessageService.
Monday-Wednesday Creating Spock test suite for all
functions of HttpService.
Thursday-Friday Creating Spock test suite for all
functions of PurchaseService.
Monday Finishing off minor errors in already
written testing codes.
Tuesday-Friday Off.
Monday-Wednesday Testing of Domain Classes.
Wednesday Handing over the completed work to
my Mentor.
Successfully completed training.

34
35