CAdES (computing)

For other uses, see Cades.

CAdES (CMS Advanced Electronic Signatures) is a set of extensions to Cryptographic Message Syntax (CMS) signed data making it suitable for advanced electronic signatures.^[1]

Description

CMS is a general framework for Electronic Signatures for various kinds of transactions like purchase requisition, contracts or invoices.^[2] CAdES specifies precise profiles of CMS signed data making it compliant with the European eIDAS regulation (Regulation on electronic identification and trust services for electronic transactions in the internal market). The eIDAS regulation enhances and repeals the Electronic Signatures Directive 1999/93/EC.^[3]^[4] EIDAS is legally binding in all EU member states since July 2014. An electronic signature that has been created in compliance with eIDAS has the same legal value as a handwritten signature.^[3]

An electronic signature, technically implemented based on CAdES has the status of an advanced electronic signature.^[2] This means that

it is uniquely linked to the signatory;
it is capable of identifying the signatory;
only the signatory has control of the data used for the signature creation;
if can be identified if data attached to the signature has been changed after signing.

A resulting property of CAdES is that electronically signed documents can remain valid for long periods, even if the signer or verifying party later attempts to deny the validity of the signature.

A CAdES-based electronic signature is accepted in a court proceeding as evidence; as advanced electronic signatures are legally binding.[8]^[5] But it gets he higher probative value when enhanced to a qualified electronic signature. To receive that legal standing, it needs to be doted with a digital certificate, encrypted by a security signature creation device ("qualified electronic signature").^[4]^[6] The authorship of a statement with a qualified electronic signature cannot be challenged - the statement is non-reputable.

The document ETSI TS 101 733 Electronic Signature and Infrastructure (ESI) – CMS Advanced Electronic Signature (CAdES) describes the framework.^[2]

Evolution of the framework

The main document describing the format is ETSI TS 101 733 Electronic Signature and Infrastructure (ESI) – CMS Advanced Electronic Signature (CAdES).

The ETSI TS 101 733 was first issued as V1.2.2 (2000–12). The current release version has the release number V2.2.1 (2013-04). ETSI is working on a new draft of CAdES. All drafts and released documents are publicly accessible at .

The ETSI TS V.1.7.4 (2008-07) is technically equivalent to RFC 5126. RFC 5126 document builds on existing standards that are widely adopted. These includes

RFC 3852 : "Cryptographic Message Syntax (CMS)"
ISO/IEC 9594-8/ITU-T Recommendation X.509 "Information technology - Open Systems Interconnection - The Directory: Authentication framework"
RFC 3280 "Internet X.509 Public Key Infrastructure (PKIX) Certificate and Certificate Revocation List (CRL) Profile"
RFC 3161 "Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP)".

Profiles

CAdES defines eight profiles (forms) differing in protection level offered. Each profile includes and extends the previous one:^[2]

CAdES-BES, basic form just satisfying Directive legal requirements for advanced signature;
CAdES-T (timestamp), adding timestamp field to protect against repudiation;
CAdES-C (complete), adding references to verification data (certificates and revocation lists) to the signed documents to allow off-line verification and verification in future (but not storing actual verification data);
CAdES-X (extended), adding timestamps on the references introduced by CAdES-C to protect against possible compromise of certificates in chain in future;
CAdES-X-L (extended long-term), adding actual certificates and revocation lists to the signed document to allow verification in future even if their original source is not available;
CAdES-A v2 (archival, version 2), adding possibility for periodical timestamping (e.g. each year) of the archived document to prevent compromise caused by weakening signature during long-time storage period. In latest CAdES standard the profile in fact considered "deprecated".
CAdES-LT (long term), adding usage of "tree-hashing" algorithm and "evidence records" (RFC 4998). In latest CAdES standard the profile in fact considered "deprecated".
CAdES-A v3 (archival, version 3). Most flexible profile, introduced fixes for almost all CAdES problems.

References

↑ Turner, Dawn M. "INTRODUCTION INTO CADES FOR TRUST SERVICE PROVIDERS". Cryptomathic. Retrieved 1 March 2016.
1 2 3 4 European Telecommunications Standards Institute. "Electronic Signatures and Infrastructures (ESI); CMS Advanced Electronic Signatures (CAdES) v. 4/2013" (PDF). ETSI.
1 2 Turner, Dawn M. "EIDAS FROM DIRECTIVE TO REGULATION - LEGAL ASPECTS". Cryptomathic. Retrieved 1 March 2016.
1 2 THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION. "REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 23 July 2014". Official Journal of the European Union. Retrieved 1 March 2016.
↑ Turner, Dawn M. "UNDERSTANDING THE MAJOR TERMS AROUND DIGITAL SIGNATURES". Cryptomathic. Retrieved 1 March 2016.
↑ Dept. for Business Innovation & Skills. "Electronic Signatures" (PDF). Government of the United Kingdom.

External links

This article is issued from Wikipedia - version of the Tuesday, May 03, 2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.