Section 20: Method of Destroying Private Key.-Upon termination of use of a private key, all copies of the private key in computer memory and shared disk space must be securely destroyed by overwriting. Private key destruction procedures must be described in the Certification Practice Statement or other publicly available document

Q: What does Section 20 of The Information Technology (Certifying Authorities) Rules, 2000 (TITCAR) deal with?

Section 20 TITCAR pertains to "Method of Destroying Private Key.-Upon termination of use of a private key, all copies of the private key in computer memory and shared disk space must be securely destroyed by overwriting. Private key destruction procedures must be described in the Certification Practice Statement or other publicly available document". It is part of the The Information Technology (Certifying Authorities) Rules, 2000, a legislation enacted by the Parliament of India. Section 20 of The Information Technology (Certifying Authorities) Rules, 2000 (TITCAR) governs method of Destroying Private Key.-Upon termination of use of a private key, all copies of the private key in computer memory and shared disk space must be securely destroyed by overwriting. Private key destruction procedures must be described in the Certification Practice Statement or other publicly available document. As verified on 19 May 2026.

Q: Is Section 20 TITCAR still in force?

Yes, Section 20 of the The Information Technology (Certifying Authorities) Rules, 2000 is currently in force across the Republic of India.

Q: What is धारा 20 TITCAR?

धारा 20 TITCAR is the Devanagari Hindi reference for Section 20 of the The Information Technology (Certifying Authorities) Rules, 2000. Section 20 of The Information Technology (Certifying Authorities) Rules, 2000 (TITCAR) governs method of Destroying Private Key.-Upon termination of use of a private key, all copies of the private key in computer memory and shared disk space must be securely destroyed by overwriting. Private key destruction procedures must be described in the Certification Practice Statement or other publicly available document. As verified on 19 May 2026.

Q: What is Dhara 20 TITCAR?

Dhara 20 TITCAR is the Roman Hindi reference for Section 20 of the The Information Technology (Certifying Authorities) Rules, 2000. "Dhara" means "Section" in Hindi. Section 20 of The Information Technology (Certifying Authorities) Rules, 2000 (TITCAR) governs method of Destroying Private Key.-Upon termination of use of a private key, all copies of the private key in computer memory and shared disk space must be securely destroyed by overwriting. Private key destruction procedures must be described in the Certification Practice Statement or other publicly available document. As verified on 19 May 2026.

Q: How to cite Section 20 of The Information Technology (Certifying Authorities) Rules, 2000?

Cite as: "Section 20, The Information Technology (Certifying Authorities) Rules, 2000 (TITCAR)" in legal briefs. For academic writing, use the BlueBook format: The Information Technology (Certifying Authorities) Rules, 2000, § 20 (India).

Law on Tips Editorial Board

Substituted by Notification No. G.S.R. 783 (E) dated 25.10.2011 (w.e.f. 17.10.2000)

21. Usage periods for the public and private keys.

21.1 Key Change.-(1) Certifying Authority and Subscriber keys shall be changed periodically.

(2) Key change shall be processed as per Key Generation guidelines.

(3) The Certifying Authority shall provide reasonable notice to the Subscriber's relying parties of any change to a new key pair used by the Certifying Authority to sign Digital Signature Certificates.

(4) The Certifying Authority shall define its key change process that ensures reliability of the process by showing how the generation of key interlocks-such as signing a hash of the new key with the old key.

All keys must have validity periods of no more than five years.

Suggested validity period:

(a) Certifying Authority's root keys and associated certificates-five years;

(b) Certifying Authority's private signing key-two years;

(c) Subscriber Digital Signature Certificate key-three years;

(d) Subscriber Private Key-three years.

Use of particular key lengths should be determined in accordance with departmental Threat-Risk Assessments.

21.2 Destruction.- Upon termination of use of a Certifying Authority signature private key, all components of the private key and all its backup copies shall be securely destroyed.

21.3 Key Compromise.-(1) A procedure shall be pre-established to handle cases where a compromise of the Certifying Authority's Digital Signature private key has occurred. In such case, the Certifying Authority shall immediately revoke all affected Subscriber Digital Signature Certificates.

(2) The Certifying Authority should immediately revoke the affected keys and Digital Signature Certificates in the case of Subscriber private key compromise.

(3) The Certifying Authority's public keys shall be archived permanently to facilitate audit or investigation requirements.

(4) Archives of Certifying Authority's public keys shall be protected from unauthorised modification.

[21. Usage period for keys -

(1)

Certifying Authority and subscriber keys shall be changed periodically.

(2)

Key change shall be processed as per Key Generation guidelines.

(3)

The certifying Authority shall provide reasonable notice to the Subscriber's relying parties of any change to a new key pair used by the Certifying authority to sign Digital Signature Certificates.

(4)

All Certifying Authorities key pairs and associated certificates must have validity period of no more than ten years.

(5)

All subscriber's key pairs and associated certificates must have validity period of no more than three years.]