Quick answer
Bid encryption and decryption is the security process on e-procurement portals where financial bids are cryptographically sealed at submission and can only be opened by authorised officials on the designated opening date.
Bid encryption and decryption is the cryptographic security mechanism built into Indian government e-procurement portals that ensures financial bids (Cover 2) submitted by vendors remain sealed and inaccessible to everyone, including the buying department, until the designated bid opening date when authorised officials decrypt them simultaneously.
What is Bid Encryption and Decryption?
In Indian government e-procurement, the two-cover (two-envelope) system requires that technical qualification documents (Cover 1) and financial bids (Cover 2) be submitted separately. The integrity of the process depends on financial bids being completely inaccessible until after technical evaluation is complete. Bid encryption enforces this: when a vendor uploads their financial bid (BOQ or price schedule) to the portal, the portal encrypts it using a combination of the vendor's DSC and the portal's encryption key. The resulting file cannot be opened by the vendor after submission, by the buying department, or by portal administrators until the authorised decryption event.
On the bid opening date, the buying department's authorised officers log in to the portal with their own DSCs and initiate the decryption event. The portal's cryptographic protocol verifies the authorisation and makes the financial bids of technically qualified vendors visible. This joint decryption process is recorded with timestamps and digital signatures of the decrypting officers, creating an immutable audit trail.
The encryption is applied using the portal's public key infrastructure, typically a combination of AES encryption for the document and RSA encryption for the key exchange, ensuring that even a portal administrator cannot access bid contents before the authorised opening event. This replaces the physical sealed envelope system where financial covers were physically locked in a safe until opening day.
Why Bid Encryption and Decryption matters for Indian government suppliers
For vendors, the practical implication is that once a financial bid is uploaded and submitted on an e-procurement portal, it cannot be changed, withdrawn, or previewed. Vendors must ensure their financial bid documents are correct and complete before uploading, as there is no facility to edit after submission. The encryption confirmation message shown after submission is the vendor's only proof that the financial bid was received; this confirmation should be preserved.
Example
A consultancy firm submits a bid on CPPP for a Rs 2.8 crore project management assignment. They upload Cover 1 (technical documents and team CVs) and Cover 2 (fee schedule) before the 3 PM deadline. The portal encrypts Cover 2 immediately upon upload and displays a "Financial Bid Encrypted and Submitted" confirmation with a timestamp. On the financial bid opening date (three weeks later, after technical evaluation), the ministry's two authorised officers log in with their DSCs, and the portal decrypts all technically qualified firms' financial bids simultaneously, displaying fees from all five qualified firms. The consultancy firm is declared L1 at Rs 1.92 crore.
Frequently Asked Questions
Can a vendor see their own financial bid after submitting it on an e-procurement portal?
No. Once the financial bid is encrypted and submitted, the vendor cannot view, modify, or withdraw it from within the portal. The vendor can only confirm submission through the acknowledgement received at the time of upload. This prevents vendors from changing their bids after seeing other bidders' moves.
What happens if the decryption fails on bid opening day?
If decryption fails for a specific bid, due to corruption during upload or a technical error, the portal may show the bid as unreadable. Portal helpdesks typically have recovery procedures for such cases, which may involve the vendor's CA or the portal's technical team. Bids that cannot be decrypted due to vendor error (e.g., using wrong encryption key) may be treated as non-responsive.
Who holds the decryption keys for financial bids on government portals?
The portal's cryptographic infrastructure is designed so that decryption requires the authorised officers' DSCs combined with the portal's server-side key. No single person holds the complete decryption key. This split-key design ensures that no individual officer can unilaterally decrypt a bid before the opening event.
Does bid encryption apply to technical bids as well?
On most portals, Cover 1 (technical bid) is uploaded and accessible to the evaluation committee immediately after submission, it does not need to be sealed until opening. Cover 2 (financial bid) is encrypted and unsealed only on the financial opening date. Some portals apply light encryption to Cover 1 as well to prevent premature access, but the primary encryption concern is for financial bids.
How Bid India helps
Bid India puts Bid Encryption and Decryption to work inside your capture and proposal workflow.
Discover opportunitiesSee Bid India in action
Book a demo and we will show you the platform using your actual contract data.
Related terms
Class III DSC
Class III DSC is the highest assurance category of Digital Signature Certificate in India, mandatory for all government e-tender bid submissions due to its in-person identity verification requirement.
Viewe-Token
An e-Token is the physical USB hardware device that securely stores a Digital Signature Certificate and its private key, required for authentication and bid submission on government e-procurement portals.
ViewGeM Bid/Reverse Auction
GeM Bid/Reverse Auction is a competitive, real-time price-discovery mechanism on Government e-Marketplace where sellers progressively lower quotes until time expires and the lowest bidder wins.
ViewGeM Custom Bid
GeM Custom Bid is a competitive tendering mechanism on Government e-Marketplace for procuring non-catalogue goods and services by inviting bids with buyer-defined specifications.
ViewAuto CRAC Days
Auto CRAC Days is a GeM platform feature that automatically generates a Consignee Receipt and Acceptance Certificate if the buyer's consignee fails to accept or reject delivery within the defined waiting period.
View