Online Mind Mapping and Brainstorming

Create your own awesome maps

Online Mind Mapping and Brainstorming

Even on the go

with our free apps for iPhone, iPad and Android

Get Started

Already have an account? Log In

Advanced Electronic Signature by Mind Map: Advanced Electronic Signature
0.0 stars - reviews range from 0 to 5

Advanced Electronic Signature

CAdES

CMS Advanced Electronic Signatures

Standards

as CAdES

XMLDSIG

Equivalent to CAdES, but with XML format

XAdES

XML Advanced Electronic Signatures

Standards

as CAdES

ISO 32000-1 - PDF

Formats

PAdES Basic

Based on ISO 32000-1

Recommends timestamp

Recommends revocation information

PAdES Enhanced

PAdES-BES

Based on CAdES-BES

Optionally CAdES-T

PAdES-EPES

Based on CAdES-EPES

Optionally CAdES-T

PAdES Long Term

PAdES-LTV

Used with PAdES-CMS/BES/EPES

Adds validation data

Adds document time-stamp

Protects the document and validation data

Allows additional validation data and time stamps over time

PAdES for XML Content

Basic XAdES

Based on XAdES-BES/EPES/T

Basic XAdES on XFA forms

Based on XAdES-BES/EPES/T

Long-term XAdES

Based on XAdES-C/X/XL/A

Long-term XAdES on XFA forms

Based on XAdES-C/X/XL/A

Signature Policies

invalid

incomplete validation

valid

Validation Results

Formats

Without validation data

CAdES-BEP

Basic Electronic Signature

Contains

Signed user data (CMS)

Mandatory signed attributes (CMS, ESS)

Content-type (CMS)

Message-digest (CMS)

Signing-certificate or signing-certificate-v2 (ESS)

Additional mandatory signed attributes (CAdES)

Digital signature value (CMS)

May contain

Additional signed attributes

Signing-time (CMS)

Content-hints (ESS)

Content-reference (ESS)

Content-identifier (ESS)

Commitment-type-indication (CAdES)

May be

defined as part of the signature policy, in which case, the commitment type has precise semantics that are defined as part of the signature policy

a registered type, in which case, the commitment type has precise semantics defined by registration, under the rules of the registration authority

Signer-location (CAdES)

Signer-attributes (CAdES)

Content-time-stamp (CAdES)

Optional unsigned attributes

CounterSignature (CMS)

CAdES-EPES

Explicit Policy-based Electronic Signature

Based on CAdES-BES

Mandatory sigPolicyID signed attribute (CAdES)

With validation data

Validation data may be collected by signer and/or verifier.

Based on CAdES-BEP or CAdES-EPES

CAdES-T

Electronic Signature with Time

One of

time-stamp unsigned attribute with time-stamp token

Time-stamp tokens may include unsigned attributes required to validate the token, such as the complete-certificate-references and complete-revocation-references attributes. (CAdES)

Token may include unsigned attributes such as complete-certificate-references and complete-revocation-references attributes. (CAdES)

time-mark of the ES by TSP - no attribute added to ES

CAdES-C

ES with Complete Validation Data References

Mandatory unsigned attributes

complete-certificate-references (CAdES)

complete-revocation-references (CAdES)

If the signer does not provide CAdES-C, verifier should create it on first verification. Grace period might be necessary.

CWA 14171 specifies signature validation process for this case

Extended formats

CAdES-X Long

Extended Long Electronic Signature

Mandatory unsigned attributes

certificate-values (CAdES)

revocation-values (CAdES)

CAdES-X Type 1

Extended Electronic Signature with Time Type 1

Adds CAdES-C-time-stamp unsigned attribute

Time stamp over whole CAdES-C

CAdES-X Type 2

Extended Electroinc Signature with Time Type 2

Adds CAdES-C-time-stamped-certs-crls-references unsigned attribute

Time stamp over the references

CAdES-X Long Type 1 or 2

Extended Long Electronic Signature with Time

Combination of CAdES-X Long and CAdES-X Type 1 or 2

CAdES-A

Archival Electronic Signature

Builds on CAdES-X Long or CAdES-X Long Type 1 or 2

Adds one or more archive-time-stamp unsigned attributes

Standards

ETSI TS 101 733 - CAdES

RFC 3852 - CMS

RFC 2634 - ESS

RFC 3280 - X.509 PKIX

RFC 2560 - OCSP

RFC 3161 - TSP

RFC 3370 - CMS Algorithms

RFC 3281 - Attribute Certificate Profile

RFC 5035 - CertID Algorithm Agility

PAdES

PDF Advanced Electronic Signature

Standards

ETSI TR 102 272 - ASN.1 format for policies

ETSI TR 102 038 - XML format for policies

RFC 3125 - Electronic Signature Policies

May be specified in

a free form document for human interpretation

a structured form using an agreed syntax and encoding

Signature Validation Policy

Specifies mandatory fields in signature

Commitment Rules

A sequence by commitment-type-indication.

Signer Rules

Optional if the signed data are included

Mandated signed attributes

Mandated unsigned attributes

Mandated certificate ref

In the SigningCertificate attribute.

Signer only

Full path

Mandated certificate info

In the certificates field of SignedData.

None

Signer only

Full path

Verifier Rules

The CMS unsigned attributes that must be present under this policy and must be added by the verifier if not added by the signer.

Mandatory unsigned attributes

Certificate/Revocation Requirements

Certificate Requirements

Trust point (self-signed certificate)

Path length constraint

Acceptable policies

Name constraints

Policy constraints

Revocation Requirements

Different for end and CA certificates

Possible values

crlCheck

ocspCheck

bothCheck

eitherCheck

noCheck

other (extensions)

Signing Certificate Trust Condition

TimestampTrustCondition

Caution period

The cautionPeriod field specifies a caution period after the signing time that it is mandated the verifier must wait to get high assurance of the validity of the signer's key and that any relevant revocation has been notified.

Signature timestamp delay

The signatureTimestampDelay field specifies a maximum acceptable time between the signing time and the time at which the signature time-stamp is created for the verifier.

AttributeTrustCondition

Attribute / attribute certificate constraints

AlgorithmConstraintSet

Signer

End-entity issuer

CA issuer

Attribute Authority

Timestamp Authority

Signature Policy Extensions