Jump to content

CAdES (computing)

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by ScienceGuard (talk | contribs) at 19:13, 1 March 2016 (I packed all parts on the evolution of the standard into one section). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
For other uses, see Cades.

CAdES (CMS Advanced Electronic Signatures) is a set of extensions to Cryptographic Message Syntax (CMS) signed data making it suitable for advanced electronic signatures[1].

Description

CMS is a general framework for Electronic Signatures for various kinds of transactions like purchase requisition, contracts or invoices[2]. CAdES specifies precise profiles of CMS signed data making it compliant with the European eIDAS regulation (Regulation on electronic identification and trust services for electronic transactions in the internal market). The eIDAS regulation enhances and repeals the Electronic Signatures Directive 1999/93/EC.[3][4] EIDAS is legally binding in all EU member states since July 2014. An electronic signature that has been created in compliance with eIDAS has the same legal value as a handwritten signature.[3] An important property of CAdES is that electronically signed documents can remain valid for long periods, even if the signer or verifying party later attempts to deny the validity of the signature.

The document ETSI TS 101 733 Electronic Signature and Infrastructure (ESI) – CMS Advanced Electronic Signature (CAdES) describes the framework.

Evolution of the framework

The main document describing the format is ETSI TS 101 733 Electronic Signature and Infrastructure (ESI) – CMS Advanced Electronic Signature (CAdES).

The ETSI TS 101 733 was first issued as V1.2.2 (2000-12). The current release version has the release number V2.2.1 (2013-04). ETSI is working on a new draft of CAdES. All drafts and released documents are publicly accessible at [1].

The ETSI TS V.1.7.4 (2008-07) is technically equivalent to RFC 5126. RFC 5126 document builds on existing standards that are widely adopted. These includes

  • RFC 3852 : "Cryptographic Message Syntax (CMS)"
  • ISO/IEC 9594-8/ITU-T Recommendation X.509 "Information technology - Open Systems Interconnection - The Directory: Authentication framework"
  • RFC 3280 "Internet X.509 Public Key Infrastructure (PKIX) Certificate and Certificate Revocation List (CRL) Profile"
  • RFC 3161 "Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP)".

Profiles

CAdES defines eight profiles (forms) differing in protection level offered. Each profile includes and extends the previous one[2]:

  • CAdES-BES, basic form just satisfying Directive legal requirements for advanced signature;
  • CAdES-T (timestamp), adding timestamp field to protect against repudiation;
  • CAdES-C (complete), adding references to verification data (certificates and revocation lists) to the signed documents to allow off-line verification and verification in future (but not storing actual verification data);
  • CAdES-X (extended), adding timestamps on the references introduced by CAdES-C to protect against possible compromise of certificates in chain in future;
  • CAdES-X-L (extended long-term), adding actual certificates and revocation lists to the signed document to allow verification in future even if their original source is not available;
  • CAdES-A v2 (archival, version 2), adding possibility for periodical timestamping (e.g. each year) of the archived document to prevent compromise caused by weakening signature during long-time storage period. In latest CAdES standard the profile in fact considered "deprecated".
  • CAdES-LT (long term), adding usage of "tree-hashing" algorithm and "evidence records" (RFC 4998). In latest CAdES standard the profile in fact considered "deprecated".
  • CAdES-A v3 (archival, version 3). Most flexible profile, introduced fixes for almost all CAdES problems.

See also

References

  1. ^ Turner, Dawn M. "INTRODUCTION INTO CADES FOR TRUST SERVICE PROVIDERS". Cryptomathic. Retrieved 1 March 2016.
  2. ^ a b European Telecommunications Standards Institute. "Electronic Signatures and Infrastructures (ESI); CMS Advanced Electronic Signatures (CAdES) v. 4/2013" (PDF). ETSI.
  3. ^ THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION. "REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 23 July 2014". Official Journal of the European Union. Retrieved 1 March 2016.
Retrieved from "https://en.wikipedia.org/w/index.php?title=CAdES_(computing)&oldid=707777954"