CAdES (computing)
Encyclopedia
CAdES is a set of extensions to Cryptographic Message Syntax(CMS)
signed data making it suitable for advanced electronic signature
.
is a general framework for digitally signing documents such as E-Mail(S/MIME
) or PDF, CAdES specifies precise profiles of CMS
signed data for use with advanced electronic signature in the meaning of European Union Directive 1999/93/EC.
One important benefit from CAdES is that electronically signed documents can remain valid for long periods, even if underlying cryptographic algorithms are broken.
The main document describing the format is ETSI TS 101 733 Electronic Signature and Infrastructure (ESI) – CMS Advanced Electronic Signature (CAdES).
The first issue of this TS is V1.2.2 (2000-12), the latest is V1.8.3 (2011-01).
This ETSI TS V.1.7.4 (2008-07) is technically equivalent to RFC 5126.
RFC 5126 document builds on existing standards that are widely adopted. These includes
Cryptographic Message Syntax
The Cryptographic Message Syntax is the IETF's standard for cryptographically protected messages. It can be used to digitally sign, digest, authenticate or encrypt any form of digital data....
signed data making it suitable for advanced electronic signature
Electronic signature
An electronic signature, or e-signature, is any electronic means that indicates either that a person adopts the contents of an electronic message, or more broadly that the person who claims to have written a message is the one who wrote it . By comparison, a signature is a stylized script...
.
Description
While CMSCryptographic Message Syntax
The Cryptographic Message Syntax is the IETF's standard for cryptographically protected messages. It can be used to digitally sign, digest, authenticate or encrypt any form of digital data....
is a general framework for digitally signing documents such as E-Mail(S/MIME
S/MIME
S/MIME is a standard for public key encryption and signing of MIME data. S/MIME is on an IETF standards track and defined in a number of documents, most importantly RFCs. S/MIME was originally developed by RSA Data Security Inc...
) or PDF, CAdES specifies precise profiles of CMS
Cryptographic Message Syntax
The Cryptographic Message Syntax is the IETF's standard for cryptographically protected messages. It can be used to digitally sign, digest, authenticate or encrypt any form of digital data....
signed data for use with advanced electronic signature in the meaning of European Union Directive 1999/93/EC.
One important benefit from CAdES is that electronically signed documents can remain valid for long periods, even if underlying cryptographic algorithms are broken.
The main document describing the format is ETSI TS 101 733 Electronic Signature and Infrastructure (ESI) – CMS Advanced Electronic Signature (CAdES).
The first issue of this TS is V1.2.2 (2000-12), the latest is V1.8.3 (2011-01).
This ETSI TS V.1.7.4 (2008-07) is technically equivalent to RFC 5126.
RFC 5126 document builds on existing standards that are widely adopted. These includes
- RFC 3852 : "Cryptographic Message Syntax (CMS)"
- ISO/IEC 9594-8/ITU-T Recommendation X.509 "Information technology - Open Systems Interconnection - The Directory: Authentication framework"
- RFC 3280 "Internet X.509 Public Key Infrastructure (PKIX) Certificate and Certificate Revocation List (CRL) Profile"
- RFC 3161 "Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP)".
Profiles
CAdES defines six profiles (forms) differing in protection level offered. Each profile includes and extends the previous one:- CAdES, basic form just satisfying Directive legal requirements for advanced signature;
- CAdES-T (timestamp), adding timestampTrusted timestampingTrusted timestamping is the process of securelykeeping track of the creation and modification time of a document. Securityhere means that no one — not even the owner of the document — should be able to change it once it has been recorded provided that the timestamper's integrity is never...
field to protect against repudiation; - CAdES-C (complete), adding references to verification data (certificates and revocation lists) to the signed documents to allow off-line verification and verification in future (but not storing actual verification data);
- CAdES-X (extended), adding timestampsTrusted timestampingTrusted timestamping is the process of securelykeeping track of the creation and modification time of a document. Securityhere means that no one — not even the owner of the document — should be able to change it once it has been recorded provided that the timestamper's integrity is never...
on the references introduced by CAdES-C to protect against possible compromise of certificates in chain in future; - CAdES-X-L (extended long-term), adding actual certificates and revocation lists to the signed document to allow verification in future even if their original source is not available;
- CAdES-A (archival), adding possibility for periodical timestampingTrusted timestampingTrusted timestamping is the process of securelykeeping track of the creation and modification time of a document. Securityhere means that no one — not even the owner of the document — should be able to change it once it has been recorded provided that the timestamper's integrity is never...
(e.g. each year) of the archived document to prevent compromise caused by weakening signature during long-time storage period.
See also
- European Telecommunications Standards Institute (ETSI)European Telecommunications Standards InstituteThe European Telecommunications Standards Institute is an independent, non-profit, standardization organization in the telecommunications industry in Europe, with worldwide projection...
- Cryptographic Message SyntaxCryptographic Message SyntaxThe Cryptographic Message Syntax is the IETF's standard for cryptographically protected messages. It can be used to digitally sign, digest, authenticate or encrypt any form of digital data....
- XAdESXAdESXAdES is a set of extensions to XML-DSig recommendation making it suitable for advanced electronic signature.-Description:...
, XML Advanced Electronic Signature - PAdESPAdESFor the Romanian commune, see Padeş.PAdES is a set of restrictions and extensions to PDF and ISO 32000-1 making it suitable for advanced electronic signature...
, PDF Advanced Electronic Signature - Trusted timestampingTrusted timestampingTrusted timestamping is the process of securelykeeping track of the creation and modification time of a document. Securityhere means that no one — not even the owner of the document — should be able to change it once it has been recorded provided that the timestamper's integrity is never...