XAdES

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

XAdES (short for "XML Advanced Electronic Signatures") is a set of extensions to XML-DSig recommendation making it suitable for advanced electronic signatures. W3C and ETSI maintain and update XAdES together.[1]

Description[edit]

While XML-DSig is a general framework for digitally signing documents, XAdES specifies precise profiles of XML-DSig making it compliant with the European eIDAS regulation (Regulation on electronic identification and trust services for electronic transactions in the internal market). The eIDAS regulation enhances and repeals the Electronic Signatures Directive 1999/93/EC.[2][3] EIDAS is legally binding in all EU member states since July 2014. An electronic signature that has been created in compliance with eIDAS has the same legal value as a handwritten signature.[2]

An electronic signature, technically implemented based on XAdES has the status of an advanced electronic signature.[4] This means that

  • it is uniquely linked to the signatory;
  • it is capable of identifying the signatory;
  • only the signatory has control of the data used for the signature creation;
  • it can be identified if data attached to the signature has been changed after signing.

A resulting property of XAdES is that electronically signed documents can remain valid for long periods, even if underlying cryptographic algorithms are broken.

However, courts are not obliged to accept XAdES-based electronic signatures as evidence in their proceedings; at least in EU, this is compulsory only for "qualified" signatures.[5][6] A "qualified electronic signature" needs to be doted with a digital certificate, encrypted by a security signature creation device, and the identity of the owner of this signing-certificate must have been verified according to the "high" assurance level of the eIDAS regulation.[3][7]

Profiles[edit]

XAdES defines six profiles (forms)[4] differing in protection level offered.

  • XAdES (also named XAdES-BES for "Basic Electronic Signature"), basic form just satisfying Directive legal requirements for advanced signature;
  • XAdES-T (timestamp), adding timestamp field to protect against repudiation;
  • XAdES-C (complete), adding references to verification data (certificates and revocation lists) to the signed documents to allow off-line verification and verification in future (but does not store the actual data);
  • XAdES-X (extended), adding timestamps on the references introduced by XAdES-C to protect against possible compromise of certificates in chain in future;
  • XAdES-X-L (extended long-term), adding actual certificates and revocation lists to the signed document to allow verification in future even if their original source is not available;
  • XAdES-A (archival), adding the possibility for periodical timestamping (e.g. each year) of the archived document to prevent compromise caused by weakening signature during a long storage period.

In February 2016, ETSI publishes the document ETSI EN 319 132-1 V1.1.0 as final draft for a European Standard.[8] In this draft, the profiles have been omitted.

See also[edit]

References[edit]

  1. ^ Turner, Dawn M. "INTRODUCTION INTO XADES FOR TRUST SERVICE PROVIDERS". Cryptomathic. Retrieved 1 March 2016.
  2. ^ a b THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION. "REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC". EUR-Lex. Official Journal of the European Union. Retrieved 1 March 2016.
  3. ^ a b European Telecommunications Standards Institute. "XML Advanced Electronic Signatures (XAdES) V1.4.1" (PDF). ETSI. Retrieved 1 March 2016.
  4. ^ Turner, Dawn. "Understanding eIDAS". Cryptomathic. Retrieved 12 April 2016.
  5. ^ Turner, Dawn M. "UNDERSTANDING THE MAJOR TERMS AROUND DIGITAL SIGNATURES". Cryptomathic. Retrieved 1 March 2016.
  6. ^ Dept. for Business Innovation & Skills. "Electronic Signatures" (PDF). Government of the United Kingdom.
  7. ^ European Telecommunications Standards Institute. "ETSI EN 319 132-1 V1.1.0 (2016-02)" (PDF). ETSI. Retrieved 1 March 2016.

External links[edit]