Formats of signature

• The signature format is the How the signature document is generated and how the signature information is saved or structured in the generated document.
• The existence of multiple signature formats is due to historical reasons, to how the signature has been introduced in already existing document formats and to how functionalities have been added over time.
• A signature file has a format that is determined by these aspects:
• File structure: CAdES, XAdES, PAdES, OOXML, ODF formats…
• Where is the original document stored?
• Signatures with multiple users.
• Longevity of the signature and timestamp

An electronic signature is a file that contains information about the original document, the signer, the date of the signature, algorithms used and possible expiration of the signature.

How this information is structured (the order of that information within the file, the labels that indicate when a field begins and when it ends, the optionality of those fields, etc.) It is determined by different formats:

• CAdES (CMS Advanced).

  It is the evolution of the first standardized signature format. It is appropriate to sign large files, especially if the signature contains the original document because it optimizes the information space. After signing, you will not be able to see the signed information, because the information is stored in a binary form.

• XAdES (XML Advanced).

  The result is an XML text file, a text format very similar to HTML that uses tags. The documents obtained are usually larger than in the case of CAdES, so it is not suitable when the original file is very large. Applications such as eCoSignatures from the Ministry of Industry and Trade, only sign in XAdES.

• PAdES (PDF Advanced).

  This is the most appropriate format when the original document is a pdf. The signature recipient can easily check the signature and the signed document. With the above formats this is not possible if no external tools are used.

• OOXML and ODF.

  These are the signature formats used by Microsoft Office and Open Office, respectively.

The AutoSignature client application allows you to configure the format to be used.

Depending on how the original document is referenced or where it is saved in the signature file, we can have two cases:

• The original document is included in the signature file.

In the case of CAdES these signatures are called implicit signatures.

In the case of signatures XML XA, usually the document is included in the signature file. We talk about signatures Peeled (detached), enveloped (enveloping) and wrapped (enveloped) Depending on where in the signature file itself the original document is saved.

In practice, case 1 is often used, which is the default way of operating signature applications. Larger signature files are obtained but, in return, it does not require storing the original file as a separate document next to the signature.

• The document is not included in the signature.

In this case, the document is not included in the signature result or only is includes a reference to the place where it is found so that the document can be localizado.Por so much, they are obtained smaller files, but, on the contrary, the original document must always be kept together with the signature.

In the case of CAdES these signatures are called explicit signatures.

In the case of XAdES XML signatures, only for the Detached Firms (Detached), the document may be out.

In the world of paper and handwritten signature, a document can contain the signature of several people:

• In one case, the signatures may have the same weight or legal value, so the order in which the signatures are printed on the document does not matter.
• Another case is that some signatures serve to endorse or certify other previous signatures, so the order in which the signatures are stamped is important.

The equivalent of those signatures in the electronic world are multiple signatures. According to the criterion of the number of signatories we can have:

• Simple signatures. They are the basic signatures that contain the signature of a single signer.
• Co-signature or online signature. It is the multiple signature in which all signers are at the same level and in which no matter the order in which it is signed. The co-signature is used in the signing of documents that are the results of meetings, conferences or committees.
• Counter-signature or cascade signature. Multiple signature in which the order in which it is signed is important, since each signature must endorse or certify the signature of the previous signer. Counter-signatures are especially used in applications such as Signature Holders, where a document must follow a specific line through several signers until the entire process is approved.

The AutoSignature signature application allows all three types of signatures. The user can configure the type of multiple signature that he wants to perform.

The EasySign application automatically selects the co-signature when presented to sign a previously signed document.

To verify a signature it is necessary:

• Check the integrity of the signed data ensuring that they have not undergone any modification.
• Check that the status of the certificate with which it was signed was correct, that is, it was in force at the time of the operation.

In the case of the basic electronic signature, if the certificate is automatically expired, the signature is given as invalid.

So how do we know that the certificate was in force or not on the date it was signed? And what should be done so that when you want to validate or verify a signature in the future, validation is possible even if the certificate is expired?

To answer these questions, the AdES formats (generic way of calling the CAdES, XAdES and PAdES formats) contemplate the possibility of incorporating into electronic signatures additional information that guarantees the validity of a signature in the long term, once the validity period of the certificate expires.

These formats add to the signature evidence from third parties (from certification authorities) and time certifications, which actually certify what the status of the certificate was at the time of signing.

Specifically, there are different signature formats that increase the quality of the signature until a signature can be verified in the long term (indefinitely) with full legal guarantees:

• Basic Signature (AdES - BES), is the basic format to meet the requirements of advanced electronic signature.
• AdES - T, a time stamp (T from TimeStamp) is added in order to place in time the instant in which a document is signed.
• AdES - C, adds a set of references to certification chain certificates and their status, as a basis for long-term verification (C Chain).
• AdES - X, adds timestamps to the references created in the previous step (X of eXtendida).
• AdES - XL, adds certificates and revocation information for long-term validation (XL for Long-Term Extension).
• AdES - A, allows the addition of periodic timestamps to ensure the integrity of the archived or saved signature for future verifications (Archive A).

The implementing regulations of Regulation (EU) No 910/2014 (eIDAS) define the new types of signature Baseline. These types are as valid as traditional formats if they meet a number of requirements.

This new format is more generic and serves to ensure the cross-border interoperability of electronic signatures, in line with Directive 2006/123/EC of the European Parliament and of the Council. This regulatory change is supported by Regulation (EU) No 910/2014, in particular Commission Implementing Decision (EU) 2015/1506 of 8 September 2015. This decision establishes the specifications of the formats of advanced electronic signatures and advanced stamps that must be recognized by public sector bodies. In essence, it states that:

• Member States must recognise advanced electronic signatures in XML, CMS or PDF format at their different levels (B, T or LT).
• The same applies to advanced electronic seals in these formats.

The annex includes the list of technical specifications for advanced electronic signatures XML, CMS or PDF and the associated signature/seal container:

• XAdES base profile (ETSI TS 103171 v2.1.1).
• CAdES base profile (ETSI TS 103173 v2.2.1).
• PAdES base profile (ETSI TS 103172 v2.2.2).
• Base profile of the container (ETSI TS 103174 v2.2.1).

For information purposes, the following equivalences are established between the traditional formats and the new 'Baseline' formats:

Baseline profiles are in many cases a subset of traditional formats.

As seen in the previous section, time stamping is a method for prove that a data set existed before a given time and that none of this data has been modified since.

The Time Stamp is a signature of a Time Stamping Authority (TSA), which acts as third part of trust Testifying to the existence of such electronic data at a specific date and time.

Time stamping adds relevant information to the signature, because it indicates when it was created. If the signatory included this data, it would be provided by one of the parties involved. Ideally, the timestamp should come from a trusted third party.

Resealing

Since the Time Stamp is a signature made with the electronic certificate of the Sealing Authority, when that certificate expires, the stamp and, therefore, the signature are no longer valid.

Therefore, before the TSA certificate expires it is necessary reseal or reapply the Time Stamp to maintain the temporary validity of the signature.