Portals and Systems

e-Token

An e-Token is the physical USB hardware device that securely stores a Digital Signature Certificate and its private key, required for authentication and bid submission on government e-procurement portals.

Quick answer

An e-Token is the physical USB hardware device that securely stores a Digital Signature Certificate and its private key, required for authentication and bid submission on government e-procurement portals.


An e-Token is a tamper-resistant USB cryptographic hardware device that stores the private key and certificate of a Digital Signature Certificate (DSC), ensuring the key never leaves the secure hardware and enabling PIN-protected signing and encryption on government e-procurement portals.

What is an e-Token?

A Class III DSC cannot be stored as a software file on a computer, storing it digitally would make it copyable and potentially misusable. Instead, the private key is generated inside and stored exclusively within the e-Token, a USB hardware security module (HSM) manufactured to FIPS 140-2 standards. The e-Token connects to a computer's USB port, and bid submission portals access the DSC through middleware that communicates with the token, without ever extracting the private key from the device.

Common e-Token brands used in Indian government e-procurement include SafeNet/Gemalto eToken, WatchData, MosChip, and Feitian. Certifying Authorities such as eMudhra and Sify issue the DSC already loaded on a compatible e-Token. The token is protected by a PIN (set during DSC issuance); three consecutive wrong PIN attempts lock the token permanently, requiring the CA to unlock it.

For bid submission, the e-Token must be inserted into the submitting computer's USB port, the PIN entered, and the portal's signing process completed before the deadline. e-Tokens are compatible across portals, the same token issued for CPPP works on GePNIC, IREPS, NHAI, and CPWD portals. Tokens are reusable: when a DSC expires, the CA loads the renewed certificate onto the same hardware without replacing the token.

Why e-Token matters for Indian government suppliers

The e-Token is the physical component that enables bid submission. A malfunctioning, lost, or locked token on bid submission day is as serious as a missed deadline. Suppliers should keep the token in a safe location, protect its PIN, maintain at least one backup token, and test the token on portals a few days before each submission. Budget for replacement tokens (Rs 500-1,000) as routine tendering infrastructure.

Example

A supplier's e-Token falls out of a laptop bag and the device is damaged. The bid submission deadline for a Rs 4.5 crore tender on a GePNIC portal is tomorrow. The company contacts their Certifying Authority (eMudhra) who arranges emergency token replacement and DSC transfer within the day for an expedited fee of Rs 1,500. The new token is tested on the portal that evening and the bid is successfully submitted by 11 AM the next day, 6 hours before the 5 PM deadline. The lesson: the company orders two additional backup tokens the following week.

Frequently Asked Questions

What happens if the e-Token PIN is entered incorrectly three times?


After three consecutive wrong PIN attempts, the e-Token is permanently locked. The user must contact the Certifying Authority to unlock the token, which requires physical presence or identity reverification and may take 1-2 working days. It is critical to remember the PIN or store it securely and never guess without certainty.

Can a DSC be transferred from one e-Token to another?


Yes, within the validity period of the DSC, the CA can transfer the certificate to a new hardware token if the original is damaged or lost. This requires identity verification and may involve a nominal fee. Suppliers should contact their CA immediately if a token is damaged to assess recovery options before the DSC expires.

Is any specific browser required to use an e-Token on procurement portals?


Many Indian government e-procurement portals have Java applet-based or browser plugin-based DSC utilities that work best on Internet Explorer, specific Chrome versions, or Firefox with Java enabled. Some newer portals support Chrome without Java. Suppliers should check each portal's technical requirements page and test compatibility before bid submission day.

Does the same e-Token work on both CPPP and GePNIC portals?


Yes. The e-Token stores the Class III DSC, which is accepted across all government e-procurement portals in India. While different portals may have different driver installation requirements, the underlying e-Token hardware and certificate are the same. Suppliers should install the portal-specific middleware or configuration utility for each portal they use.

How Bid India helps

Bid India puts e-Token to work inside your capture and proposal workflow.

Discover opportunities

See Bid India in action

Book a demo and we will show you the platform using your actual contract data.