March 1, 2014 at 17:06CAdES Format Overview
This article is an overview of the CAdES (CMS Advanced Electronic Signatures) standard. The article was written both on the basis of theoretical studies conducted by the author, and on the basis of writing our own implementation of creating and verifying signatures of CAdES formats.
The article presents information from the latest version of this standard, number 2.2.1 and published in April 2013 (all versions of the CAdES standard can be obtained at the following link: www.etsi.org/deliver/etsi_ts/101700_101799/101733 ). A new document is currently being created that describes the CAdES standard and is designated “EN 319-122”. A draft of this document can be found at the following link: docbox.etsi.org/esi/Open/Latest_Drafts .
The article will analyze all the main forms of electronic signatures described in the CAdES standard. Also, if necessary, all attributes of digital signatures included in one or another form of CAdES will be analyzed.
CAdES cannot be analyzed without an initial analysis of the CMS (Cryptographic Message Syntax) standard. In this regard, the article also presents an initial analysis of this standard, as well as motives associated with the emergence of ideas and solutions presented in the CAdES standard.
To understand the article, the reader needs a general knowledge of the basics of creating digital signatures and (to a lesser extent) familiarity with the general ASN.1 notation.
To establish the "primary trust" I will give a few facts about me that are significant for the topic of this article:
Since the article is quite large by the standards of Habr and contains a large number of different formatted lists, this site will (at least for now) provide only the table of contents of the general article and a direct link to the full version of the article in PDF format .
The article presents data on both obsolete formats (such as CAdES-X Long Type 1) and current (CAdES-A v3). The analysis of the reasons for the appearance of CAdES format signatures and the disadvantages of the CMS format are given. The author’s analysis of the shortcomings of individual CAdES formats and the advantages of new versions of “improved signatures” are also presented.
Table of contents:
This article is a general overview of CAdES standard formats. If there are wishes, then certain sections of the article can be supplemented with more complete information.
The article presents information from the latest version of this standard, number 2.2.1 and published in April 2013 (all versions of the CAdES standard can be obtained at the following link: www.etsi.org/deliver/etsi_ts/101700_101799/101733 ). A new document is currently being created that describes the CAdES standard and is designated “EN 319-122”. A draft of this document can be found at the following link: docbox.etsi.org/esi/Open/Latest_Drafts .
The article will analyze all the main forms of electronic signatures described in the CAdES standard. Also, if necessary, all attributes of digital signatures included in one or another form of CAdES will be analyzed.
CAdES cannot be analyzed without an initial analysis of the CMS (Cryptographic Message Syntax) standard. In this regard, the article also presents an initial analysis of this standard, as well as motives associated with the emergence of ideas and solutions presented in the CAdES standard.
To understand the article, the reader needs a general knowledge of the basics of creating digital signatures and (to a lesser extent) familiarity with the general ASN.1 notation.
To establish the "primary trust" I will give a few facts about me that are significant for the topic of this article:
- Over 15 years of professional experience as a programmer;
- I am the primary author of the CryptoArm software (it was written solely by me in 2003, I led the product up to version 2.5, now I have no relation to this software);
- I am the author of the articles “Using the Crypto API” and “ASN.1 in Simple Words”;
- I have been an active participant in the Crypto-Pro company forum since 2005;
Since the article is quite large by the standards of Habr and contains a large number of different formatted lists, this site will (at least for now) provide only the table of contents of the general article and a direct link to the full version of the article in PDF format .
The article presents data on both obsolete formats (such as CAdES-X Long Type 1) and current (CAdES-A v3). The analysis of the reasons for the appearance of CAdES format signatures and the disadvantages of the CMS format are given. The author’s analysis of the shortcomings of individual CAdES formats and the advantages of new versions of “improved signatures” are also presented.
Table of contents:
- Threat model for digital signature CMS format
- General Description of CAdES Formats
- General Description of the TSP and OCSP Protocols
- Signature Format CAdES-BES (Basic Electronic Signature)
- Signature Format CAdES-T (Electronic Signature with Time)
- Signature Format CAdES-C (Electronic Signature with Complete Data References)
- Signature Format CAdES-X Type 1 (EXtended Electronic Signature)
- Signature Format CAdES-X Type 2
- Signature Format CAdES-X Long Type 1 and Type 2 (CAdES-XL)
- Disadvantages of CAdES-BES to CAdES-XL format signatures
- Signature Formats CAdES-A (Archival)
- Conclusion
This article is a general overview of CAdES standard formats. If there are wishes, then certain sections of the article can be supplemented with more complete information.