CAdES (computing)

CAdES (CMS Advanced Electronic Signatures) is a set of extensions to CMS(Cryptographic Message Syntax) signed data making it suitable for advanced electronic signature.

While CMS is a general framework for digitally signing documents such as E-Mail(S/MIME) or PDF, CAdES specifies precise profiles of Cryptographic Message Syntax signed data for use with qualified electronic signature in the meaning of European Union Directive 1999/93/EC. One important benefit from CAdES is that electronically signed documents can remain valid for long periods, even if underlying cryptographic algorithms are broken.

CAdES defines six profiles (forms) differing in protection level offered. Each profile includes and extends the previous one:

• CAdES, basic form just satisfying Directive legal requirements for advanced signature;
• CAdES-T (timestamp), adding timestamp field to protect against repudiation;
• CAdES-C (complete), adding references to verification data (certificates and revocation lists) to the signed documents to allow off-line verification and verification in future (but does not store the actual data);
• CAdES-X (extended), adding timestamps on the references introduced by CAdES-C to protect against possible compromise of certificates in chain in future;
• CAdES-X-L (extended long-term), adding actual certificates and revocation lists to the signed document to allow verification in future even if their original source is not available;
• CAdES-A (archival), adding possibility for periodical timestamping (e.g. each year) of the archived document to prevent compromise caused by weakening signature during long-time storage period.

• European Telecommunications Standards Institute (ETSI)
• Cryptographic Message Syntax
• XAdES

• RFC 5126 CMS Advanced Electronic Signatures (CAdES)
• RFC 3126 Electronic Signature Formats for long term electronic signatures
• ETSI TS 101 733 CAdES version 1.7.4 from Jul, 2008