XAdES (short for XML Advanced Electronic Signatures) is a set of extensions to
XML-DSig recommendation making it suitable for
advanced electronic signature
An advanced electronic signature (AES or AdES) is an electronic signature that has met the requirements set forth under EU Regulation No 910/2014 ( eIDAS-regulation) on electronic identification and trust services for electronic transactions in t ...
s.
W3C
The World Wide Web Consortium (W3C) is the main international standards organization for the World Wide Web. Founded in 1994 by Tim Berners-Lee, the consortium is made up of member organizations that maintain full-time staff working together in ...
and
ETSI
The European Telecommunications Standards Institute (ETSI) is an independent, not-for-profit, standardization organization operating in the field of Information and communications technology, information and communications. ETSI supports the de ...
maintain and update XAdES together.
Description
While
XML-DSig is a general framework for digitally signing documents, XAdES specifies precise profiles of
XML-DSig making it compliant with the European
eIDAS regulation (''Regulation on electronic identification and trust services for electronic transactions in the internal market''). The eIDAS regulation enhances and repeals the
Electronic Signatures Directive
The Electronic Signatures Directive 1999/93/EC was a European Union directive (European Union), directive on the use of electronic signatures (e-signatures) in electronic contracts within the European Union (EU).
It was repealed by the eIDAS r ...
1999/93/EC.
EIDAS is legally binding in all EU member states since July 2014. An electronic signature that has been created in compliance with eIDAS has the same legal value as a handwritten signature.
An electronic signature, technically implemented based on XAdES has the status of an advanced electronic signature.
This means that
* it is uniquely linked to the signatory;
* it is capable of identifying the signatory;
* only the signatory has control of the data used for the signature creation;
* it can be identified if data attached to the signature has been changed after signing.
A resulting property of XAdES is that electronically signed documents can remain valid for long periods, even if underlying cryptographic algorithms are broken.
However, courts are not obliged to accept XAdES-based electronic signatures as evidence in their proceedings; at least in EU, this is compulsory only for "qualified" signatures.
A "qualified electronic signature" needs to be doted with a digital certificate, encrypted by a security signature creation device, and the identity of the owner of this signing-certificate must have been verified according to the "high" assurance level of the eIDAS regulation.
Profiles
XAdES defines four profiles (forms)
differing in protection level offered.
*XAdES-B-B (Basic Electronic Signature), The lowest and simplest version just containing the SignedInfo, SignatureValue, KeyInfo and SignedProperties. This form extends the definition of an electronic signature to conform to the identified signature policy.
*XAdES-B-T (Signature with a timestamp), A timestamp regarding the time of signing is added to protect against repudiation.
*XAdES-B-LT (Signature with Long Term Data), Certificates and revocation data are embedded to allow verification in the future even if their original source is not available.
*XAdES-B-LTA (Signature with Long Term Data and Archive timestamp), By using periodical timestamping (e.g. each year) compromising is prevented which could be caused by weakening previous signatures during a long-time storage period.
In February 2016, ETSI publishes the document ETSI EN 319 132-1 V1.1.0 as final draft for a
European Standard
European Standards, sometimes called Euronorm (abbreviated EN, from the German name , "European Norm"), are technical standards which have been ratified by one of the three European Standards Organizations (ESO): European Committee for Standardizat ...
.
In this draft, the profiles have been omitted.
See also
*
European Telecommunications Standards Institute (ETSI)
*
XML Signature
XML Signature (also called ''XMLDSig'', ''XML-DSig'', ''XML-Sig'') defines an XML syntax for digital signatures and is defined in the W3C recommendationbr>XML Signature Syntax and Processing Functionally, it has much in common with PKCS #7 but is ...
*
CAdES, CMS Advanced Electronic Signature
*
PAdES, PDF Advanced Electronic Signature
*
ASiC
An application-specific integrated circuit (ASIC ) is an integrated circuit (IC) chip customized for a particular use, rather than intended for general-purpose use, such as a chip designed to run in a digital voice recorder or a high-efficien ...
, Associated Signature Containers (ASiC)
*
Trusted timestamping
Trusted timestamping is the process of computer security, securely keeping track of the creation and modification time of a document. Security here means that no one—not even the owner of the document—should be able to change it once it has bee ...
References
External links
W3C XAdESversion 1.1.1 from 2003
ETSI TS 101 903 XAdESversion 1.1.1 from 2002 to 2002-12
ETSI TS 101 903 XAdESversion 1.2.2 from 2004 to 2004-02
ETSI TS 101 903 XAdESversion 1.3.2 from 2006 to 2003-07
ETSI TS 101 903 XAdESversion 1.4.1 from 2009 to 2006-15
ETSI TS 101 903 XAdESversion 1.4.2 from 2010 to 2012
ETSI TS 101 903 V1.2.2Technical Specification, XSD and DTD
ETSI TS 101 903 V1.3.2XSD and DTD
ETSI TS 101 903 V1.4.1XSD
DSS: GitHub repositoryCAdES, XAdES and ASiC for Windows in C++Duubaopen source Java library for creating XAdES signatures
{{W3C standards
Cryptography standards
XML-based standards