Get 100% E-invoicing compliant with
Asia's largest e-invoicing providerGet 100% E-invoicing compliant with Asia's largest e-invoicing provider
Seamless integration
with any ERP/ POS system Seamless integration
with any ERP/ POS system
LHDN & MDEC Compliant
e-Invoicing solution LHDN & MDEC Compliant
e-Invoicing solution
Auto upgrades for any
govt. changes Auto upgrades for any
any govt. changes
Book a Demo

RECENTLY PUBLISHED

What is Digital Signature & How to Create it?

Updated on: Apr 19th, 2024

|

21 min read

social iconssocial iconssocial iconssocial icons

IBRM has recently introduced e-invoicing in Malaysia, requiring every e-invoice to be authenticated by the digital signature of the authorized signatory of the business. 

While e-invoicing is a new concept, digital signatures have been used since the 1990s, predominantly within corporate and legal settings. They hold the same validity as a physical signature or thumbprint.

This blog aims to provide comprehensive insights into digital signatures in Malaysia, covering various aspects such as their functionality, applications, legal validity, creation process, necessary documentation, limitations, and more.

The blog is structured into three main sections:

  1. General information: What is a digital signature, working, differences from other electronic signatures?
  2. Digital Signature in Malaysia: Relevance, legal standing, classification, the necessity for digital signatures in Malaysia.
  3. Obtaining a Digital Signature in Malaysia: Outlining the procedural steps and required documentation for acquiring a digital signature.
  4. Additional Information: Advantages and Limitations of DSC.

Feel free to skip to the section that you need to read.

Part A: General Information

What is a digital signature?

A digital signature is a cryptographic technique to validate the authenticity, integrity, and non-repudiation of digital documents or electronic messages. It serves as the electronic equivalent of a handwritten signature on paper documents, providing assurance of the identity of the signer and ensuring that the document has not been altered since it was signed.

How Does Digital Signature Work?

A digital signature works through a process called asymmetric cryptography, also known as public-key cryptography. Here's how it typically works:

  1. Key Generation: Users create a pair of cryptographic keys - public and private keys.
  2. Signing the Document:
  • The signer creates a unique hash of the document using a mathematical algorithm.
  • The hash is encrypted with the signer's private key to create the digital signature.
  1. Verification:
  • Recipients decrypt the digital signature using the signer's public key to obtain the hash.
  • They generate a new hash of the document and compare it with the decrypted hash to verify authenticity.
  1. Certificate Authority (CA):
  • Trusted third-party CAs verify signer identity and issue digital certificates containing public keys.
  1. Non-repudiation:
  • Digital signatures ensure non-repudiation, meaning signers cannot deny signing the document which is done through private key.

E-Signature vs Digital Signature

Electronic Signature (e-signature): An e-signature is a broad term that encompasses any electronic indication of a person's intent to agree to the content of a document or transaction. This can include scanned signatures, a typed name, clicking an "I agree" button or even a biometric signature captured on a touchscreen device.

Digital Signature: A digital signature, on the other hand, is a specific type of electronic signature that utilizes cryptographic techniques to ensure the authenticity and integrity of the signed document. It involves using a digital certificate issued by a trusted Certificate Authority (CA) and employing public-key cryptography to sign and verify documents.

Here are the major differences between E-signature and Digital Signature

Aspect

Electronic Signature (e-signature)

Digital Signature

Technology

Broad term covering any electronic indication of agreement.

Specific type utilizing cryptographic techniques and digital certificates.

Security

Varies widely; may lack strong security measures.

Higher level of security; uses encryption and identity verification.

Legal Recognition

Generally recognized but level of recognition varies by jurisdiction.

Typically has higher legal recognition and evidential value.

Use Cases

Commonly used for everyday transactions.

Used for sensitive or high-value transactions requiring enhanced security.

Part B: Digital Signature in Malaysia

Applicability of Digital Signature in Malaysia

Digital signatures are widely utilized across Malaysia, regulated by the Digital Signature Act 1997 (DSA 1997) since October 1, 1998. This legislation ensures the security and legality of electronic transactions, requiring validation through certificates issued by licensed Certification Authorities (CAs). The Malaysian 

The Communications and Multimedia Commission (MCMC) oversees and enforces the DSA 1997, enhancing the trustworthiness of digital signatures for various sectors.

Here are some most common use cases of Digital Signatures in Malaysia

  • Compliance: Used for filing reports, tax returns and generating e-invoices in Malaysia.
  • Government services: Used for procurement, licensing, and regulatory compliance.
  • Financial Services: Authenticate online transactions and mitigate fraud.
  • Legal and Commercial Contracts: Expedite contract execution and reduce paperwork.
  • Education: Issue academic transcripts and certifications securely.
  • Cross-Border Trade: Facilitate electronic documentation for international trade.

Non-Applicability of Digital Signature

Not all types of legal documents or contracts can be signed with a digital signature. These include:

  • Power of Attorney documents as per section 2(2) of the Electronic Commerce Act (ECA).
  • Wills, codicils, and trusts as per section 2(2) of the ECA.
  • Negotiable instruments, bills of exchange, and promissory notes as per section 2(2) of the ECA.
  • Any instrument dealing with properties under the Malaysian National Land Code.
  • Statutory Declarations under the Statutory Declarations Act 1960.

Who needs a Digital Signature in Malaysia?

  1. Businesses: Managers, owners, directors, partners, and authorized signatories of corporations rely on digital signatures for generating e-invoices, signing contracts and agreements, board meeting minutes, filing tenders, secretarial compliances, financial documents, and more.
  2. Government officials: Federal and state-level government agents use digital signatures for authenticating official documents.
  3. Legal and Financial Professionals: Lawyers, accountants, and financial advisors utilize digital signatures for signing legal contracts, financial statements, and client agreements securely.
  4. Healthcare Providers: Hospitals and clinics use digital signatures for signing electronic health records, medical prescriptions, and consent forms.
  5. Educational Institutions: Key managerial personnel of universities and colleges use digital signatures for administrative tasks like signing enrolment forms, academic transcripts, and certificates.
  6. Individuals: People use digital signatures for personal transactions, signing contracts, agreements, or documents electronically.

Different Classes of Digital Signature

Digital signature certificates are categorized into different classes based on the level of trust and assurance they provide. In Malaysia, there are three main classes of digital certificates: Class 1, Class 2, and Class 3. Here's an overview of each class:

Certificate Class

Level of Assurance

Identity Verification

Common Uses

Class 1

Basic

Minimal

Verifying email communications, Basic identity verification

Class 2

Moderate

Some verification against trusted databases

Online transactions, Access to secure websites

Class 3

High

Stringent identity verification, including in-person checks

Electronic banking, financial transactions, Legal documentation

Part C: Obtaining a Digital Signature in Malaysia

How to Get a Digital Signature in Malaysia?

In Malaysia, Certification Authorities (CA) are responsible for verifying the identity of applicants and issuing digital certificates, ensuring the security and integrity of digital transactions. 

Here's a step-by-step guide on how to acquire a digital signature in Malaysia:

  1. Choose the Right Certification Authority: Select a licensed Certification Authority (CA) recognized by the Malaysian Communications and Multimedia Commission (MCMC). 
  2. Complete the Application Form: Fill out an application form provided by the chosen CA. This form requires basic personal information, company details, and details about the intended use of the digital signature.
  3. Submit the Necessary Documents: These documents may include proof of identity, such as a copy of your identification card or passport, as well as any additional documentation specified by the CA.
  4. Pay Applicable Fees: Digital signature services involve certain fees, which vary depending on the type of digital certificate required. Class 1, Class 2, and Class 3 certificates have different levels of security and functionality.
  5. Undergo Identity Verification: Before issuing the digital certificate, the CA will verify your identity to ensure that the information provided in the application is accurate. 
  6. Receive and Use: The CA will issue your digital certificate once your identity has been verified. You can then use this digital signature to sign electronic documents securely and legally in accordance with Malaysian laws and regulations.

Documents Required to Apply for Digital Signature

  1. Identity Proof: Copy of MyKad (for individuals) or company registration documents (for businesses).
  2. Business Registration Documents: Certificate of incorporation, registered partneship deed etc
  3. Address Proof: Utility bill, bank statement, or rental agreement.
  4. Authorization Documentation: Letter of authorization for company representatives.
  5. Additional Information: Depending on CA's requirements and certificate purpose.

 

Benefits of Using Digital Signature

Digital signatures are much better and have a large scope of applications than other forms of electronic signatures. Here are the major advantages of Digital Signature

  1. Integrity: Digital signatures ensure documents remain unchanged after signing, reducing tampering risks.
  2. Authentication: Only licensed Certification Authorities issue digital certificates, verifying the signer's identity and minimizing impersonation risks.
  3. Nonrepudiation: Signers cannot deny their signature, providing evidence of document origin and identity.
  4. Time-Stamped: Documents are time-stamped, aiding in traceability and establishing when they were signed.
  5. Legally Binding: Digital signatures carry the same legal weight as handwritten ones, offering enhanced evidential value.
  6. Convenience: Digital signing simplifies processes, allowing signing from anywhere with an internet connection, boosting efficiency and reducing paperwork hassles.

Limitations of digital signatures

Although digital signatures are a great tool for security and authentication. But like any other technology, they too have their limitations:

  • Dependency: A secure digital signature relies on the careful management of cryptographic keys. If they are lost, compromised, or mishandled, it can lead to security breaches.
  • Limited use: They often require an internet connection for verification which limits their use in remote or offline environments.
  • Complexity: A few recipients may find it challenging to verify digital signatures due to unfamiliarity with this technology, leading to potential delays in processing documents.
  • Compatibility: Digital signature formats may not be universally compatible across all platforms and software and also may not have legal recognition.

Conclusion

As Malaysia's digital economy continues to advance, the adoption of digital signatures is crucial for businesses, facilitating secure and seamless filing, compliance and legal documentation.

The recent e-invoicing mandate by IBRM has significantly expanded the scope and importance of digital signatures in Malaysia.

Frequently Asked Questions

How does a digital signature work?

Digital signatures use cryptographic techniques to verify the authenticity and integrity of a digital document or message by generating a unique digital fingerprint of the content and encrypting it with a private key.

 

What is a digital certificate?

A digital certificate is a tamper-proof electronic document issued by a trusted Certificate Authority (CA) that links a public key to the identity of the certificate holder. It contains information like the holder's name and public key and is used to validate the authenticity of digital signatures.

What are the benefits of using a digital signature?

Digital signatures offer numerous benefits, including non-repudiation, document integrity, security, etc. They also streamline business processes by eliminating the need for physical signatures, reducing paperwork and enhancing document traceability. They also help prevent fraud and ensure the authenticity of electronically transmitted information.

Where can I use a digital signature?

You can use your digital signature in various sectors, including business, government, personal transactions, etc., to sign contracts, emails, legal documents, financial transactions, etc.

Is a digital signature legally binding in Malaysia?

Yes, digital signatures are legally binding in Malaysia. The Digital Signature Act 1997 and the Electronic Commerce Act 2006 provide the legal framework for recognising and enforcing the validity of digital signatures in Malaysia and making them a secure and accepted means of conducting business and legal transactions there.

Index
Clear Logo
Follow us on
FacebookTwitterLinkedInGitHubInstagram
Have a query?
Support
Products & Solutions
ClearTax is a product by Defmacro Software Pvt. Ltd.
Privacy Policy
website-footer-log