Digital Signature Standards: CAdES & PAdES
This section will delve deeper into the concepts of PAdES and CAdES signatures, focusing on their features, differences, and levels of compliance. It’ll explore the characteristics of each signature type, including their file formats, compatibility with various software, support for visible signatures, and ability to handle multiple signatures. Additionally, it’ll discuss the significance of timestamping in PAdES signatures and how trusted timestamping authorities play a crucial role in ensuring document integrity. Finally, it’ll explore long-term validation (LTV) and its importance in maintaining the verifiability of digital signatures over an extended period, even in the face of certificate expirations or revocations.
Introduction to PAdES/CAdES
-
PAdES (PDF Advanced Electronic Signatures) defines a set of extensions to standard electronic signatures used for PDF files, making them conformant to various legislative requirements all over the world.
-
CAdES (CMS Advanced Electronic Signatures) is a set of extensions to Cryptographic Message Syntax (CMS) signed data, making it suitable for advanced electronic signatures.
Explanation of PAdES vs. CAdES
Within the context of PSPDFKit, the terms PAdES and CAdES are used interchangeably. However, there are important differences between them that require some clarification.
PAdES:
-
Are CAdES signatures embedded inside a PDF (Acrobat calls this method CAdES-Equivalent, while the PDF specification refers to them as
ETSICAdESDetached
). -
Can be inspected, validated, and created in regular PDF readers that support eSignatures (e.g. Acrobat, Foxit, PSPDFKit).
-
Supports visible signatures and multiple signatures, and a signature is associated with a signature form field.
CAdES:
-
Signatures and signed files are put in a cryptographic envelope with the extension
.p7m
. -
Can be affixed to any type of file (even PDFs).
-
Require users to have specific software to read the cryptographic envelope.
-
Aren’t true visible signatures; a document is just seen as raw binary data.
PAdES Levels
The EU standard (ETSI TS 103 173) defines the following levels for PAdES/CAdES signatures, each being a superset of the previous one.
-
PAdES B-B — Basic electronic signature, the simplest version.
-
PAdES B-T — B-level, plus a trusted token (time-mark or timestamp token) proving the signature existed at a certain date and time.
-
PAdES B-LT — T-level signatures, plus LTV information containing values of certificates and values of certificate revocation status (CRL and OCSP responses) used to validate a signature. This makes it possible to validate a signed document using the contents of the file itself. These are ideally suited for long-term storage of PDFs in way that the validation remains intact through LTV, making the level ideal for archiving and use as court evidence.
-
PAdES B-LTA — LT-level signature, plus one or more LTV attributes with POE (proof of existence). POE is evidence that proves that an object (a certificate, CRL, signature value, hash value, etc.) existed at a specific date/time, which may be a date/time in the past. This is done by adding a cryptographic timestamp token to the document itself and the validation material. It’s also possible to add additional document timestamp tokens, which enables a document signature to remain valid even after initial certificates and signing algorithms have expired or were deemed insecure. This is currently not supported by PSPDFKit.
The table below provides a summary comparing the different PAdES levels, along with their descriptions and validations (source).
PAdES Levels | Description | Validation |
---|---|---|
B-B | Basic signature | Signing certificate |
B-T | Signature with a timestamp | B-B, plus: Cryptographic timestamp token |
B-LT | Signature with validation for all materials | B-T plus: Timestamp certificates revocation data |
B-LTA | Signature with long-term integrity | B-LT plus: Document timestamp token |
Understanding Timestamping (PAdES B-T)
According to Wikipedia, “trusted timestamping is the process of securely keeping track of the creation and modification time of a document.” This means that no one, including a document’s owner, should be able to change the timestamp once it’s recorded, so long as the integrity of the timestamp isn’t compromised.
PAdES B-T signatures are timestamped using a trusted time stamping authority (TSA). The TSA signs the hash of the document and returns a timestamp token. Once you get the timestamp token from the TSA, you can pass it along to PSPDFKit when signing.
Understanding LTV (PAdES B-LT)
Long-term validation (LTV) refers to the capability of a PDF digital signature to remain verifiable and trustworthy over an extended period. The validity of a digital signature depends on the current status of the signer’s certificate and the certificate chain. Over time, certificates can expire or be revoked, or the certification authority (CA) may cease operations. LTV aims to address these challenges and allows users to validate signatures in the long run, even after a signer’s certificate has become invalid.
To add LTV information to a signature, PSPDFKit will first contact the OCSP server to obtain the revocation status of a given certificate. Then, PSPDFKit will persist the information for long-term validation of digital signatures if it’s valid.
The URI of the OCSP server is specified in the certificate. Document Engine will try to contact this OCSP server automatically when creating a new PAdES B-LT signature. This OCSP URI needs to be allowed and accessible from the Document Engine instance. If the OCSP server isn’t reachable, no LTV information will be stored in the signature. To check the OCSP URI information embedded in the certificate, use the following command:
openssl x509 -in cert.pem -noout -ocsp_uri