XAdES

Last updated

XAdES (short for XML Advanced Electronic Signatures) is a set of extensions to XML-DSig recommendation making it suitable for advanced electronic signatures. W3C and ETSI maintain and update XAdES together. [1]

Contents

Description

While XML-DSig is a general framework for digitally signing documents, XAdES specifies precise profiles of XML-DSig making it compliant with the European eIDAS regulation (Regulation on electronic identification and trust services for electronic transactions in the internal market). The eIDAS regulation enhances and repeals the Electronic Signatures Directive 1999/93/EC. [2] [3] EIDAS is legally binding in all EU member states since July 2014. An electronic signature that has been created in compliance with eIDAS has the same legal value as a handwritten signature. [2]

An electronic signature, technically implemented based on XAdES has the status of an advanced electronic signature. [4] This means that

A resulting property of XAdES is that electronically signed documents can remain valid for long periods, even if underlying cryptographic algorithms are broken.

However, courts are not obliged to accept XAdES-based electronic signatures as evidence in their proceedings; at least in EU, this is compulsory only for "qualified" signatures. [5] [6] A "qualified electronic signature" needs to be doted with a digital certificate, encrypted by a security signature creation device, and the identity of the owner of this signing-certificate must have been verified according to the "high" assurance level of the eIDAS regulation. [3] [7]

Profiles

XAdES defines four profiles (forms) [4] differing in protection level offered.

In February 2016, ETSI publishes the document ETSI EN 319 132-1 V1.1.0 as final draft for a European Standard. [8] In this draft, the profiles have been omitted.

See also

Related Research Articles

An electronic signature, or e-signature, is data that is logically associated with other data and which is used by the signatory to sign the associated data. This type of signature has the same legal standing as a handwritten signature as long as it adheres to the requirements of the specific regulation under which it was created.

XML Signature defines an XML syntax for digital signatures and is defined in the W3C recommendation XML Signature Syntax and Processing. Functionally, it has much in common with PKCS #7 but is more extensible and geared towards signing XML documents. It is used by various Web technologies such as SOAP, SAML, and others.

Globally Executable MHP (GEM) is a DVB specification of a Java based middleware for TV broadcast receivers, IPTV terminals and Blu-ray players. GEM is an ETSI standard and an ITU "Recommendation”. GEM defines a set of common functionalities which are independent from the signaling and protocols of a specific transmission network and enables to write interoperable Java applications for TV. GEM is not intended to be directly implemented, but rather forms the basis for broader specifications targeting a particular network infrastructure or class of device. GEM defines profiles for different device classes (targets) – these define the set of available features of GEM for this device class. Currently GEM defines targets for broadcast, packaged media (Blu-Ray) and IPTV. Combinations of these targets can be combined into a hybrid GEM platform, which enables to build devices with multiple network interfaces, such as a combined broadcast/IPTV set-top box.

Electronic authentication is the process of establishing confidence in user identities electronically presented to an information system. Digital authentication, or e-authentication, may be used synonymously when referring to the authentication process that confirms or certifies a person's identity and works. When used in conjunction with an electronic signature, it can provide evidence of whether data received has been tampered with after being signed by its original sender. Electronic authentication can reduce the risk of fraud and identity theft by verifying that a person is who they say they are when performing transactions online.

Digital Signature Services (DSS) is an OASIS standard.

Trusted timestamping is the process of securely keeping track of the creation and modification time of a document. Security here means that no one—not even the owner of the document—should be able to change it once it has been recorded provided that the timestamper's integrity is never compromised.

CAdES is a set of extensions to Cryptographic Message Syntax (CMS) signed data making it suitable for advanced electronic signatures.

PAdES is a set of restrictions and extensions to PDF and ISO 32000-1 making it suitable for advanced electronic signatures (AdES). This is published by ETSI as EN 319 142.

<span class="mw-page-title-main">DigiDoc</span> File format family

DigiDoc is a family of digital signature- and cryptographic computing file formats utilizing a public key infrastructure. It currently has three generations of sub formats, DDOC-, a later binary based BDOC and currently used ASiC-E format that is supposed to replace the previous generation formats. DigiDoc was created and is developed and maintained by RIA.

eIDAS EU electronic identification regulation

eIDAS is an EU regulation with the stated purpose of governing "electronic identification and trust services for electronic transactions". It passed in 2014 and its provisions came into effect between 2016 and 2018.

An advanced electronic signature is an electronic signature that has met the requirements set forth under EU Regulation No 910/2014 (eIDAS-regulation) on electronic identification and trust services for electronic transactions in the European Single Market.

ZertES is a Swiss Federal law that regulates the conditions under which trust service providers may use certification services with electronic signatures. Additionally, this law provides a framework that outlines the provider’s obligations and rights as they apply to providing their certification services.

A qualified electronic signature is an electronic signature that is compliant with EU Regulation No 910/2014 for electronic transactions within the internal European market. It enables to verify the authorship of a declaration in electronic data exchange over long periods of time. Qualified electronic signatures can be considered as a digital equivalent to handwritten signatures.

A trust service provider (TSP) is a person or legal entity providing and preserving digital certificates to create and validate electronic signatures and to authenticate their signatories as well as websites in general. Trust service providers are qualified certificate authorities required in the European Union and in Switzerland in the context of regulated electronic signing procedures.

In the context of Regulation (EU) No 910/2014 (eIDAS), a qualified digital certificate is a public key certificate issued by a trust service provider which has government-issued qualifications. The certificate is designed to ensure the authenticity and data integrity of an electronic signature and its accompanying message and/or attached data.

A secure signature creation device (SSCD) is a specific type of computer hardware or software that is used in creating an electronic signature. To be put into service as a secure signature creation device, the device must meet the rigorous requirements laid out under Annex II of Regulation (EU) No 910/2014 (eIDAS), where it is referred to as a qualified (electronic) signature creation device (QSCD). Using secure signature creation devices helps in facilitating online business processes that save time and money with transactions made within the public and private sectors.

Associated Signature Containers (ASiC) specifies the use of container structures to bind together one or more signed objects with either advanced electronic signatures or timestamp tokens into one single digital container.

Mobile Signature Service (MSS) is a high-level service specified by the European Telecommunications Standards Institute that defines the roles participating in mobile identity management and mobile signature transactions, as well as functional and business-related requirements and interfaces. The specification is the governing standard for PKI and enables cross-compatible mobile signature solutions.

<span class="mw-page-title-main">Qualified website authentication certificate</span>

A qualified website authentication certificate is a qualified digital certificate under the trust services defined in the European Union eIDAS Regulation.

An electronic seal is a piece of data attached to an electronic document or other data, which ensures data origin and integrity. The term is used in the EU Regulation No 910/2014 for electronic transactions within the internal European market.

References

  1. Turner, Dawn M. "INTRODUCTION INTO XADES FOR TRUST SERVICE PROVIDERS". Cryptomathic. Retrieved 1 March 2016.
  2. 1 2 THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION. "REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC". EUR-Lex. Official Journal of the European Union. Retrieved 1 March 2016.
  3. 1 2 European Telecommunications Standards Institute. "Building blocks and XAdES baseline signatures V1.1.1" (PDF). ETSI.
  4. Turner, Dawn. "Understanding eIDAS". Cryptomathic. Retrieved 12 April 2016.
  5. Turner, Dawn M. "UNDERSTANDING THE MAJOR TERMS AROUND DIGITAL SIGNATURES". Cryptomathic. Retrieved 1 March 2016.
  6. "Electronic Signatures" (PDF). Dept. for Business Innovation & Skills. Government of the United Kingdom.
  7. European Telecommunications Standards Institute. "ETSI EN 319 132-1 V1.1.0 (2016-02)" (PDF). ETSI. Retrieved 1 March 2016.