Chapter-6 Functions, Duties and Rights of Subscriber
35. To Generate Key pair:
(1) Where any Certificate issued by the Certifying Authority and accepted by subscriber, consisting of a public key which corresponds to the key pair and to be listed in such Certificate and if such key pair is supposed to be generated by the subscriber only, then the subscriber shall generate such key pair by applying the secured asymmetric crypto system.
(2) Notwithstanding anything contained in Sub-section (1), if a Certifying Authority and the subscriber have concluded an agreement or the
Certifying Authority has accepted any specific system regarding the security system to be used to generate the key pair, then, it shall be the duty of
subscriber to apply the security system as specified in agreement or accepted by the Certifying Authority.
36. To Accept a Certificate :
(1) The certificate shall be deemed to have been accepted by the subscriber in the following conditions:
(n) If he publishes such a certificate or authorizes to publish to one or more persons, or
(o) If there exists any ground of his acceptance to such certificate which may cause to believe it.
(2) If the certificate is accepted it shall be deemed that the subscriber, by that reason, has guaranteed to all who reasonably rely on the information
contained in the certificate that-
(a) The subscriber holds the private key corresponding to the public key and is entitled to hold the same,
(b) All representations and information made by the subscriber to the Certifying Authority in course of issuance of the certificate are
true and correct and all facts relevant to the information contained in the certificate are true, and
(c) All information mentioned in the certificate is, to the best knowledge of subscriber, is true and correct.
37. To retain the private key in a secured manner :
(1) Every subscriber shall exercise reasonable care to retain control of the private key corresponding to the public key listed in the Certificate and adopt all measures to prevent its disclosure to a person not authorized to affix the digital signature of subscriber.
(2) If the private key has been disclosed or compromised by any reason whatsoever, then, the subscriber shall communicate the same without
any delay to the Certifying Authority and on receipt of such information the Certifying Authority shall immediately suspend such a Certificate.
(3) If a certificate is suspended under this Act, it shall be a duty of the subscriber to retain the private key under this section in a safe manner
throughout the duration of such suspension of Certificate.
38. To Deposit the Private Key to the Controller :
(1) If the Controller thinks, in order to protect the sovereignty or integrity of Nepal, to maintain the friendly relations with friendly countries, to maintain the law and order, to prevent from committing of any offence under the laws prevailing, and or in other conditions as prescribed, necessary to issue an order to any subscriber to
deposit the private key to him/her specifying reason there for, such a subscriber shall immediately deposit the private key to the Controller.
(2) The controller shall not inform any unauthorized person about the private key deposited as per sub section (1).