Electronic Signature Formats

## Electronic Signature Formats ### 1. Introduction An electronic signature is a digital tool that provides identity verification, integrity, and non-repudiation to electronic documents. There are different electronic signature formats, each with its own advantages and disadvantages. This document compares and provides examples of the technical specifications of the three most commonly used electronic signature formats: CAdES,PAdES and XAdES. ### 2. CAdES (CMS Advanced Electronic Signatures) ``` xml <CAdES-CMS> <SignedData>  Lorem ipsum dolor sit amet, consectetur adipiscing elit. Integer nec odio. Praesent libero. Sed cursus ante dapibus diam. </SignedData> <Signature> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <InclusiveNamespaces PrefixList="ds xsi" /> </CanonicalizationMethod> <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"> <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /> </SignatureMethod> <Reference URI="#Reference"> <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /> </Reference> </SignedInfo> <SignatureValue>  AbCdEfGhIjKlMnOp... </SignatureValue> <KeyInfo> <Key>  <Modulus>...</Modulus> <Exponent>65537</Exponent> </Key> <Issuer>  <Name>CN=ExampleCA, O=Example Organization, C=US</Name> </Issuer> </KeyInfo> <TimeStamp>  2024-03-29T10:00:00Z </TimeStamp> </Signature> </CAdES-CMS> ``` Detailed explanation of the elements within the <Signature> tag for CAdES: * **<SignedData>:** This element contains the data that has been signed. It typically includes the content or document that the signer wants to authenticate or verify. This content can be represented in various formats depending on the application, such as plain text, XML, or binary data. * **<SignatureValue>:** This element contains the actual digital signature value generated by the signer. The signature value is computed over the signed data along with any additional attributes that are included in the signature. * **<KeyInfo>:** This element provides information about the signer's public key. It may include details such as the public key itself, the algorithm used for generating the key pair, the issuer of the public key certificate, and any other relevant metadata about the signer's identity. **File-based Text Format:** CAdES signatures are typically encoded in various formats such as ASN.1 or Base64. **Technical Specification:** CAdES builds on the Cryptographic Message Syntax (CMS) and provides a framework for creating advanced electronic signatures. It allows incorporating additional signature attributes like timestamping, revocation information, and signer identity into the signature itself. The signature value is calculated over the signed data and additional attributes. **Open Standard and Usage in Europe:** CAdES is an open standard maintained by the European Telecommunications Standards Institute (ETSI). It is widely used in Europe for secure electronic transactions. ### 3. PAdES (PDF Advanced Electronic Signatures) **XML Format:** PAdES doesn't have a native XML format as it's primarily used for signing PDF documents. However, the structure of the PDF itself can be represented in XML using tools like Apache PDFBox or iText. **File-based Text Format:** PAdES signatures are integrated into PDF documents and can't be extracted as standalone text. They're encoded within the PDF file structure. **Technical Specification:** PAdES is tailored for signing PDF documents, ensuring their integrity and authenticity. It specifies where and how the signature should be embedded within the PDF file. PAdES-compliant signatures provide long-term validation features ensuring the signature remains valid even if underlying certificates expire. **Open Standard and Usage in Europe:** PAdES is an ISO standard (ISO 32000-1:2008) and is widely used in Europe for digitally signing PDF documents. ### 4. XAdES (XML Advanced Electronic Signatures) ``` xml <XAdESSignature> <SignedInfo>  </SignedInfo> <SignatureValue>  </SignatureValue> <KeyInfo>  </KeyInfo> <TimeStamp>  </TimeStamp> <RevocationInfo>  </RevocationInfo>  </XAdESSignature> ``` **File-based Text Format:** XAdES signatures can be encoded using XML or Base64 and embedded within XML documents. **Technical Specification:** XAdES is designed for signing XML data. It allows embedding signatures within XML documents and supports various levels of assurance. XAdES signatures can include signing time, certificate details, revocation information, and references to external validation policies. **Open Standard and Usage in Europe:** XAdES is an open standard maintained by the World Wide Web Consortium (W3C) and is widely used in Europe for signing XML-based documents and data. ### 4. Comparison Summary: **Data Format Support:** CAdES supports arbitrary data formats, PAdES is specific to PDFs, and XAdES is tailored for XML. **XML Representation:** CAdES and XAdES have explicit XML representations, while PAdES is embedded within PDF structure which can be represented in XML. **File-based Text Format:** CAdES and XAdES can be represented as standalone XML or encoded in Base64, whereas PAdES signatures are inseparable from the PDF file. **Use Cases:** CAdES is versatile, PAdES is for PDFs, and XAdES is for XML data. **Standardization:** All three formats have international standards (CAdES: ETSI, PAdES: ISO, XAdES: W3C). **Usage in Europe:** CAdES and XAdES are widely used in Europe, with CAdES being more common for general electronic transactions and XAdES for XML-based data. PAdES is also prevalent, particularly for signing PDF documents.