Create your own awesome maps

Even on the go

with our free apps for iPhone, iPad and Android

Get Started

Already have an account?
Log In

Advanced Electronic Signature by Mind Map: Advanced Electronic
Signature
0.0 stars - reviews range from 0 to 5

Advanced Electronic Signature

CAdES

Standards

as CAdES

XMLDSIG

Equivalent to CAdES, but with XML format

XAdES

Standards

as CAdES

ISO 32000-1 - PDF

Formats

PAdES Basic

Based on ISO 32000-1

Recommends timestamp

Recommends revocation information

PAdES Enhanced

PAdES-BES

Based on CAdES-BES

Optionally CAdES-T

PAdES-EPES

Based on CAdES-EPES

Optionally CAdES-T

PAdES Long Term

PAdES-LTV

Used with PAdES-CMS/BES/EPES

Adds validation data

Adds document time-stamp

Allows additional validation data and time stamps over time

PAdES for XML Content

Basic XAdES

Based on XAdES-BES/EPES/T

Basic XAdES on XFA forms

Based on XAdES-BES/EPES/T

Long-term XAdES

Based on XAdES-C/X/XL/A

Long-term XAdES on XFA forms

Based on XAdES-C/X/XL/A

Signature Policies

invalid

incomplete validation

valid

Validation Results

Formats

Without validation data

CAdES-BEP

Contains

Signed user data (CMS)

Mandatory signed attributes (CMS, ESS)

Content-type (CMS)

Message-digest (CMS)

Signing-certificate or signing-certificate-v2 (ESS)

Additional mandatory signed attributes (CAdES)

Digital signature value (CMS)

May contain

Additional signed attributes

Signing-time (CMS)

Content-hints (ESS)

Content-reference (ESS)

Content-identifier (ESS)

Commitment-type-indication (CAdES)

May be

defined as part of the signature policy, in which case, the commitment type has precise semantics that are defined as part of the signature policy

a registered type, in which case, the commitment type has precise semantics defined by registration, under the rules of the registration authority

Signer-location (CAdES)

Signer-attributes (CAdES)

Content-time-stamp (CAdES)

Optional unsigned attributes

CounterSignature (CMS)

CAdES-EPES

Based on CAdES-BES

Mandatory sigPolicyID signed attribute (CAdES)

With validation data

Based on CAdES-BEP or CAdES-EPES

CAdES-T

One of

time-stamp unsigned attribute with time-stamp token

Token may include unsigned attributes such as complete-certificate-references and complete-revocation-references attributes. (CAdES)

time-mark of the ES by TSP - no attribute added to ES

CAdES-C

Mandatory unsigned attributes

complete-certificate-references (CAdES)

complete-revocation-references (CAdES)

If the signer does not provide CAdES-C, verifier should create it on first verification. Grace period might be necessary.

CWA 14171 specifies signature validation process for this case

Extended formats

CAdES-X Long

Mandatory unsigned attributes

certificate-values (CAdES)

revocation-values (CAdES)

CAdES-X Type 1

Adds CAdES-C-time-stamp unsigned attribute

Time stamp over whole CAdES-C

CAdES-X Type 2

Adds CAdES-C-time-stamped-certs-crls-references unsigned attribute

Time stamp over the references

CAdES-X Long Type 1 or 2

Combination of CAdES-X Long and CAdES-X Type 1 or 2

CAdES-A

Builds on CAdES-X Long or CAdES-X Long Type 1 or 2

Adds one or more archive-time-stamp unsigned attributes

Standards

ETSI TS 101 733 - CAdES

RFC 3852 - CMS

RFC 2634 - ESS

RFC 3280 - X.509 PKIX

RFC 2560 - OCSP

RFC 3161 - TSP

RFC 3370 - CMS Algorithms

RFC 3281 - Attribute Certificate Profile

RFC 5035 - CertID Algorithm Agility

PAdES

Standards

ETSI TR 102 272 - ASN.1 format for policies

ETSI TR 102 038 - XML format for policies

RFC 3125 - Electronic Signature Policies

May be specified in

a free form document for human interpretation

a structured form using an agreed syntax and encoding

Signature Validation Policy

Specifies mandatory fields in signature

Commitment Rules

Signer Rules

Optional if the signed data are included

Mandated signed attributes

Mandated unsigned attributes

Mandated certificate ref

Signer only

Full path

Mandated certificate info

None

Signer only

Full path

Verifier Rules

Mandatory unsigned attributes

Certificate/Revocation Requirements

Certificate Requirements

Trust point (self-signed certificate)

Path length constraint

Acceptable policies

Name constraints

Policy constraints

Revocation Requirements

Different for end and CA certificates

Possible values

crlCheck

ocspCheck

bothCheck

eitherCheck

noCheck

other (extensions)

Signing Certificate Trust Condition

TimestampTrustCondition

Caution period

Signature timestamp delay

AttributeTrustCondition

Attribute / attribute certificate constraints

AlgorithmConstraintSet

Signer

End-entity issuer

CA issuer

Attribute Authority

Timestamp Authority

Signature Policy Extensions