Advanced Electronic Signature

Get Started. It's Free
or sign up with your email address
Rocket clouds
Advanced Electronic Signature by Mind Map: Advanced Electronic Signature

1. CAdES

2. Standards

3. as CAdES

4. XMLDSIG

5. Equivalent to CAdES, but with XML format

6. XAdES

7. Standards

8. as CAdES

9. ISO 32000-1 - PDF

10. Formats

11. PAdES Basic

12. Based on ISO 32000-1

13. Recommends timestamp

14. Recommends revocation information

15. PAdES Enhanced

16. PAdES-BES

17. Based on CAdES-BES

18. Optionally CAdES-T

19. PAdES-EPES

20. Based on CAdES-EPES

21. Optionally CAdES-T

22. PAdES Long Term

23. PAdES-LTV

24. Used with PAdES-CMS/BES/EPES

25. Adds validation data

26. Adds document time-stamp

27. Allows additional validation data and time stamps over time

28. PAdES for XML Content

29. Basic XAdES

30. Based on XAdES-BES/EPES/T

31. Basic XAdES on XFA forms

32. Based on XAdES-BES/EPES/T

33. Long-term XAdES

34. Based on XAdES-C/X/XL/A

35. Long-term XAdES on XFA forms

36. Based on XAdES-C/X/XL/A

37. Signature Policies

38. invalid

39. incomplete validation

40. valid

41. Validation Results

42. Formats

43. Without validation data

44. CAdES-BEP

45. Contains

46. Signed user data (CMS)

47. Mandatory signed attributes (CMS, ESS)

48. Content-type (CMS)

49. Message-digest (CMS)

50. Signing-certificate or signing-certificate-v2 (ESS)

51. Additional mandatory signed attributes (CAdES)

52. Digital signature value (CMS)

53. May contain

54. Additional signed attributes

55. Signing-time (CMS)

56. Content-hints (ESS)

57. Content-reference (ESS)

58. Content-identifier (ESS)

59. Commitment-type-indication (CAdES)

60. May be

61. defined as part of the signature policy, in which case, the commitment type has precise semantics that are defined as part of the signature policy

62. a registered type, in which case, the commitment type has precise semantics defined by registration, under the rules of the registration authority

63. Signer-location (CAdES)

64. Signer-attributes (CAdES)

65. Content-time-stamp (CAdES)

66. Optional unsigned attributes

67. CounterSignature (CMS)

68. CAdES-EPES

69. Based on CAdES-BES

70. Mandatory sigPolicyID signed attribute (CAdES)

71. With validation data

72. Based on CAdES-BEP or CAdES-EPES

73. CAdES-T

74. One of

75. time-stamp unsigned attribute with time-stamp token

76. Token may include unsigned attributes such as complete-certificate-references and complete-revocation-references attributes. (CAdES)

77. time-mark of the ES by TSP - no attribute added to ES

78. CAdES-C

79. Mandatory unsigned attributes

80. complete-certificate-references (CAdES)

81. complete-revocation-references (CAdES)

82. If the signer does not provide CAdES-C, verifier should create it on first verification. Grace period might be necessary.

83. CWA 14171 specifies signature validation process for this case

84. Extended formats

85. CAdES-X Long

86. Mandatory unsigned attributes

87. certificate-values (CAdES)

88. revocation-values (CAdES)

89. CAdES-X Type 1

90. Adds CAdES-C-time-stamp unsigned attribute

91. Time stamp over whole CAdES-C

92. CAdES-X Type 2

93. Adds CAdES-C-time-stamped-certs-crls-references unsigned attribute

94. Time stamp over the references

95. CAdES-X Long Type 1 or 2

96. Combination of CAdES-X Long and CAdES-X Type 1 or 2

97. CAdES-A

98. Builds on CAdES-X Long or CAdES-X Long Type 1 or 2

99. Adds one or more archive-time-stamp unsigned attributes

100. Standards

101. ETSI TS 101 733 - CAdES

102. RFC 3852 - CMS

103. RFC 2634 - ESS

104. RFC 3280 - X.509 PKIX

105. RFC 2560 - OCSP

106. RFC 3161 - TSP

107. RFC 3370 - CMS Algorithms

108. RFC 3281 - Attribute Certificate Profile

109. RFC 5035 - CertID Algorithm Agility

110. PAdES

111. Standards

112. ETSI TR 102 272 - ASN.1 format for policies

113. ETSI TR 102 038 - XML format for policies

114. RFC 3125 - Electronic Signature Policies

115. May be specified in

116. a free form document for human interpretation

117. a structured form using an agreed syntax and encoding

118. Signature Validation Policy

119. Specifies mandatory fields in signature

120. Commitment Rules

121. Signer Rules

122. Optional if the signed data are included

123. Mandated signed attributes

124. Mandated unsigned attributes

125. Mandated certificate ref

126. Signer only

127. Full path

128. Mandated certificate info

129. None

130. Signer only

131. Full path

132. Verifier Rules

133. Mandatory unsigned attributes

134. Certificate/Revocation Requirements

135. Certificate Requirements

136. Trust point (self-signed certificate)

137. Path length constraint

138. Acceptable policies

139. Name constraints

140. Policy constraints

141. Revocation Requirements

142. Different for end and CA certificates

143. Possible values

144. crlCheck

145. ocspCheck

146. bothCheck

147. eitherCheck

148. noCheck

149. other (extensions)

150. Signing Certificate Trust Condition

151. TimestampTrustCondition

152. Caution period

153. Signature timestamp delay

154. AttributeTrustCondition

155. Attribute / attribute certificate constraints

156. AlgorithmConstraintSet

157. Signer

158. End-entity issuer

159. CA issuer

160. Attribute Authority

161. Timestamp Authority

162. Signature Policy Extensions