PAdES

Last updated

PAdES (PDF Advanced Electronic Signatures) is a set of restrictions and extensions to PDF and ISO 32000-1 [1] making it suitable for advanced electronic signatures (AdES). This is published by ETSI as EN 319 142. [2]

Contents

Description

While PDF and ISO 32000-1 provide a framework for digitally signing their documents, PAdES specifies precise profiles making it compliant with ETSI standards for digital signatures (Advanced Electronic Signature - AES and Qualified Electronic Signature - QES). ETSI (European Technical Standards Institute) has the function of issuing technical standards by delegation in the EU eIDAS Regulation (European Union Regulation on electronic identification and trust services for electronic transactions in the internal market). The eIDAS regulation enhances and repeals the Electronic Signatures Directive 1999/93/EC. [3] [4] EIDAS is legally binding and in all EU member states since July 2014 and unlike the Directive it replaces, the eIDAS as a Regulation is directly applicable without implementing or interpreting legislation. Any electronic signature recognised under eIDAS (including ‘click accept’) cannot be denied validity and effectiveness by reason of being electronic. If it is a ‘digital signature’ that is, an electronic signature implementing digital certificates in compliance with the advanced or qualified described in eIDAS (and their implementations developed by ETSI from a technology level) it can support PAdES. AES and QES have a higher evidentiary value than simple or ‘standard’ electronic signatures. QES is recognised the same legal value as a handwritten signature. [3]

PAdES standards travel in the same direction and have the same aims as digital signatures (AES and QES). This means they can be easily verified in any PDF reader and as [5]

PAdES has 4 levels of verification for digital certificate, from the most simple and basic (b-b, indicating a signature was executed with a certificate that was valid on a date) to the most complex (b-LTV) allowing electronically signed documents to remain valid for long periods (long term validity) even if underlying cryptographic algorithms or the other certificates expired.

As PAdES recognizes that digitally-signed documents may be used or archived for many years, and may need to be evidenced in court, once signer certificates have expired (after a few months on b-b) they can be enquired by contacting the certification authority. In b-lt or b-LTV (the most complex) certificates remain valid for a very long term. PAdES allows certificates to be verified even after many decades at any time in the future, in spite of technological and other advances. If in the document itself the validar to confirm that the signature was valid is concept known as long-term validation (LTV). [2]

The PAdES standard, ETSI European Standard (EN) 319 142, introduces a number of adaptations and extensions to PDF to satisfy the Directive's requirements. ETSI will feed these European-specific elements back into ISO for inclusion in the next release of the PDF standard, ISO 32000-2.

PAdES in the context of electronic signatures

An electronic signature is a paperless way to sign a document using a unique credential associated with a given person that is logically attached to or associated with the document, carrying an authority equivalent to a handwritten signature. It can be used to authenticate the signer as well as to detect any changes in the document made after it was signed. Electronic signatures are recognized as a catalyst to electronic commerce, notably Internet transactions. Availability of electronic signature techniques has already been a major stimulus to eBusiness and eGovernment. Digital signatures are a secure and legally binding means to implement electronic signatures through three cryptographic algorithms: [5]

For PDF documents, the signature data is incorporated directly within the signed PDF document, much as an ink signature becomes an integral part of a paper document, allowing the complete self-contained PDF file to be copied, stored and distributed as a simple electronic file. The signature can also have a visual representation as a form field, just as it might on a paper document. A significant advantage of PAdES is that it is being deployed by means of widely available PDF software: it does not require development or customization of specialized software. [2]

PAdES is complementary to two other standards for an implementation of electronic signatures through cryptographically secured digital signatures in compliance to the eIDAS regulation. [4] Like PAdES, they are legally binding in the European Union and suited for applications that do not involve human-readable documents: Cryptographic Message Syntax Advanced Electronic Signatures (CAdES) and XML Advanced Electronic Signatures (XAdES). [6]

The EU recognizes three different eIDAS-compliant implementations of advanced electronic signatures through digital signatures: PAdES, XAdES and CAdES. [7]

An electronic signature can carry legal effect and be used as evidence in legal proceedings. A qualified electronic signature shall have the equivalent legal effect of a handwritten signature. If the qualified certificate was issued in one member state it shall be recognized as a qualified electronic signature in all other member states. [8]

PAdES Standard (ETSI EN 319 142)

The PAdES ETSI technical specification contains 2 parts:

The PAdES standards can be downloaded from the ETSI download page.

ETSI EN 319 142 replaced [9] previous standards such as ETSI TS 103 172 and ETSI TS 102 778.

See also

Related Research Articles

<span class="mw-page-title-main">PDF</span> Portable Document Format, a digital file format

Portable Document Format (PDF), standardized as ISO 32000, is a file format developed by Adobe in 1992 to present documents, including text formatting and images, in a manner independent of application software, hardware, and operating systems. Based on the PostScript language, each PDF file encapsulates a complete description of a fixed-layout flat document, including the text, fonts, vector graphics, raster images and other information needed to display it. PDF has its roots in "The Camelot Project" initiated by Adobe co-founder John Warnock in 1991. PDF was standardized as ISO 32000 in 2008. The last edition as ISO 32000-2:2020 was published in December 2020.

<span class="mw-page-title-main">Digital signature</span> Mathematical scheme for verifying the authenticity of digital documents

A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital signature on a message gives a recipient confidence that the message came from a sender known to the recipient.

An electronic signature, or e-signature, is data that is logically associated with other data and which is used by the signatory to sign the associated data. This type of signature has the same legal standing as a handwritten signature as long as it adheres to the requirements of the specific regulation under which it was created.

Electronic authentication is the process of establishing confidence in user identities electronically presented to an information system. Digital authentication, or e-authentication, may be used synonymously when referring to the authentication process that confirms or certifies a person's identity and works. When used in conjunction with an electronic signature, it can provide evidence of whether data received has been tampered with after being signed by its original sender. Electronic authentication can reduce the risk of fraud and identity theft by verifying that a person is who they say they are when performing transactions online.

XAdES is a set of extensions to XML-DSig recommendation making it suitable for advanced electronic signatures. W3C and ETSI maintain and update XAdES together.

Worldwide, legislation concerning the effect and validity of electronic signatures, including, but not limited to, cryptographic digital signatures, includes:

Digital Signature Services (DSS) is an OASIS standard.

Trusted timestamping is the process of securely keeping track of the creation and modification time of a document. Security here means that no one—not even the owner of the document—should be able to change it once it has been recorded provided that the timestamper's integrity is never compromised.

CAdES is a set of extensions to Cryptographic Message Syntax (CMS) signed data making it suitable for advanced electronic signatures.

ARX is a digital security company headquartered in San Francisco, CA, with offices in the UK, the Netherlands, Australia and Israel. It is the creator of CoSign by ARX, a digital signature technology, along with related digital signature security technology products. ARX was acquired by DocuSign in May 2015. The acquisition builds on a three-year business partnership between DocuSign and ARX, bringing together ARX's CoSign digital signature technology with DocuSign's Digital Transaction Management (DTM) platform and broadens The DocuSign Global Trust Network.

eIDAS EU electronic identification regulation

eIDAS is an EU regulation with the stated purpose of governing "electronic identification and trust services for electronic transactions". It passed in 2014 and its provisions came into effect between 2016 and 2018.

An advanced electronic signature is an electronic signature that has met the requirements set forth under EU Regulation No 910/2014 (eIDAS-regulation) on electronic identification and trust services for electronic transactions in the European Single Market.

ZertES is a Swiss Federal law that regulates the conditions under which trust service providers may use certification services with electronic signatures. Additionally, this law provides a framework that outlines the provider’s obligations and rights as they apply to providing their certification services.

A qualified electronic signature is an electronic signature that is compliant with EU Regulation No 910/2014 for electronic transactions within the internal European market. It enables to verify the authorship of a declaration in electronic data exchange over long periods of time. Qualified electronic signatures can be considered as a digital equivalent to handwritten signatures.

A trust service provider (TSP) is a person or legal entity providing and preserving digital certificates to create and validate electronic signatures and to authenticate their signatories as well as websites in general. Trust service providers are qualified certificate authorities required in the European Union and in Switzerland in the context of regulated electronic signing procedures.

In the context of Regulation (EU) No 910/2014 (eIDAS), a qualified digital certificate is a public key certificate issued by a trust service provider which has government-issued qualifications. The certificate is designed to ensure the authenticity and data integrity of an electronic signature and its accompanying message and/or attached data.

A secure signature creation device (SSCD) is a specific type of computer hardware or software that is used in creating an electronic signature. To be put into service as a secure signature creation device, the device must meet the rigorous requirements laid out under Annex II of Regulation (EU) No 910/2014 (eIDAS), where it is referred to as a qualified (electronic) signature creation device (QSCD). Using secure signature creation devices helps in facilitating online business processes that save time and money with transactions made within the public and private sectors.

Associated Signature Containers (ASiC) specifies the use of container structures to bind together one or more signed objects with either advanced electronic signatures or timestamp tokens into one single digital container.

<span class="mw-page-title-main">Qualified website authentication certificate</span>

A qualified website authentication certificate is a qualified digital certificate under the trust services defined in the European Union eIDAS Regulation.

An electronic seal is a piece of data attached to an electronic document or other data, which ensures data origin and integrity. The term is used in the EU Regulation No 910/2014 for electronic transactions within the internal European market.

References

  1. "ISO 32000-1:2008 Document management -- Portable document format -- Part 1: PDF 1.7". International Organization for Standardization ISO. Retrieved 22 March 2016.
  2. 1 2 3 "ETSI EN 319 142-1 V1.1.1 (2016-04): Electronic Signatures and Infrastructures (ESI); Electronic Signatures and Infrastructures (ESI); PAdES digital signatures; Part 1: Building blocks and PAdES baseline signatures" (PDF). European Telecommunications Standards Institute ETSI. Retrieved 18 May 2021.
  3. 1 2 THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION. "REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 23 July 2014". Official Journal of the European Union. Retrieved 1 March 2016.
  4. 1 2 Turner, Dawn M. "Understanding the Major Terms Around Digital Signatures" . Retrieved 22 March 2016.
  5. Turner, Dawn M. "Introduction into PAdES for Trust Services Providers". Cryptomathic. Retrieved 22 March 2016.
  6. Turner, Dawn M. "UNDERSTANDING THE MAJOR TERMS AROUND DIGITAL SIGNATURES". Cryptomathic. Retrieved 1 March 2016.
  7. "REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL". Official Journal of the European Union. Article 25. Retrieved 10 October 2017.
  8. "PAdES (PDF Advanced Electronic Signature) Baseline Profile" . Retrieved 18 May 2021.