An electronic signature is a file containing information on the original document, the signatory, the date of signature, algorithms used and possible expiration of the signature.
How this information is structured (the order of that information within the file, the labels that indicate when a field begins and when it ends, the optionality of those fields, etc.) is determined by different formats:
It's the evolution of the first standardized signature format. It is appropriate to sign large files, especially if the signature contains the original document because it optimizes the information space. After signing, you won't be able to see the signed information, because the information is stored in a binary way.
The result is an XML text file, a text format very similar to the HTML that uses labels. The documents obtained are usually larger than in the case of CAdES, so it is not suitable when the original file is very large. Applications such as eCoSignature from the Ministry of Industry and Commerce only sign in XAdES.
This is the most appropriate format when the original document is a pdf. The recipient of the signature can easily check the signature and the signed document. With the above formats this is not possible if external tools are not used.
They are the signature formats used by Microsoft Office and Open Office, respectively.
The AutoSignature client app allows you to configure the format to be used.
Depending on how the original document is referenced or stored in the signature file, we can have two cases:
The original document is included in the signature file.
Advantage: It is not always necessary to keep the original document and the signature document because it is already included in it. It is therefore a convenient format for storing
Disadvantage: If the file size is high, more storage space is consumed, because in the end the original document, which will always have to be stored, and the signature, ends up being taken on one side.
In the case of CAdES these signatures are called implicit signatures.
For signatures XAdES XML, the usual thing is that the document is included in the signature file. We talk about signatures. detached, enveloping and enveloping (enveloped) depending on where the original document is stored in the signature file itself.
In practice, Case 1 is often used, which is the default way of operating for signature applications. Larger signature files are obtained but, as a counterpart, it does not require storing the original file as another separate document next to the signature.
In this case, the document is not included in the signature result or is only includes a reference to the site where it is so that the document can be localizado.Por so much, you get smaller size filesOn the contrary, the original document must always be kept by the signature.
In the case of CAdES these signatures are called explicit signatures.
In the case of XAdES XML signatures, only for detached signatures (detached), the document may be outside.
In the world of paper and handwritten signature, a document may contain the signature of several persons:
The equivalent of those signatures in the electronic world is multiple signatures. Taking into account the criterion of the number of signatories we may have:
The AutoFirm signature application allows the three types of signature. The user can set the type of multiple signature they want to make.
The Sign Easy application automatically selects the co-signature when submitted to you to sign a previously signed document.
To verify a signature it is necessary to:
In the case of basic electronic signature, if the certificate is automatically expired, the signature is given as invalid.
So how do we know that the certificate was in force or not on the date it was signed? And what should be done so that when you want to validate or verify a signature in the future validation is possible even if the certificate is expired?
To answer these questions, the AdES (generic way of calling the CAdES, XAdES and PAdES formats) provide for the possibility of incorporating additional information to electronic signatures that guarantees the validity of a long-term signature, once the period of validity of the certificate has expired.
These formats add to the signature evidence from third parties (certifying authorities) and time-certifications, which actually certify the status of the certificate at the time of signature.
In particular, there are different signature formats that increase the quality of the signature until obtaining a signature that can be verified in the long term (indefinitely) with full legal guarantees:
The implementing rules for Regulation (EU) No 910/2014 (eIDAS) include the definition of the new Baseline signature types. These rates are equivalent to traditional formats provided that the signatures contain a number of specific requirements.
The new format represents a more generic profile and is used to ensure cross-border interoperability of electronic signatures in the context of Directive 2006/123/EC of the European Parliament and of the Council of 12 December 2006 on services in the internal market. The regulatory change is endorsed in Regulation (EU) No 910/2014, and more specifically in Commission Implementing Decision (EU) 2015/1506 of 8 September 2015 laying down specifications for the formats of advanced electronic signatures and advanced stamps to be recognised by public sector bodies. That Implementing Decision indicates in Articles 1 and 3 respectively:
And the list of technical specifications for advanced electronic signatures XML, CMS or PDF and the container with associated signature/seal/or is included in the annex:
For information purposes, the following equivalences are established between the traditional formats and the new 'Baseline' formats:
CAdES-BES/-EPES |
|
|
CAdES-T |
|
|
XAdES-BES/-EPES |
|
|
XAdES-T |
|
|
XAdES-T |
|
|
XAdES-A |
|
|
PAdES-BES/-EPES |
|
|
PAdES-LTV |
|
CAdES-BES/-EPES
CAdES-T
XAdES-BES/-EPES
XAdES-T
XAdES-T
XAdES-A
PAdES-BES/-EPES
PAdES-LTV
The Baseline profiles are in many cases a subset of traditional formats.
As has been seen in the previous section, time stamping is a method for prove that a data set existed before a given time and that none of these data has been modified since then.
The Time Stamp is a signature of a Time Sealing Authority (TSA), which acts as third part of confidence attesting to the existence of such electronic data on a specific date and time.
Time stamping provides added value to the use of digital signatures, as the signature alone does not provide any information about the time of creation of the signature, and in the event that the signatory included it, this would have been provided by one of the parties, when it is advisable that the timestamp be provided by a third part of confidence.
Resellado
Since the Time Stamp is a signature made with the electronic certificate of the Sealing Authority, when that certificate expires, the seal and therefore the signature cease to be valid.
Therefore, before the TSA certificate expires it is necessary resellar or re-apply the Temporary Stamp to maintain the temporary validity of the signature.