Signature formats

• The signature format is the how the signature document is generated and how the signature information is stored or structured in the generated document.
• The existence of multiple signature formats is due to historical reasons, how the signature has been introduced into existing document formats and how functionalities have been added over time.
• A signature file has a format that is determined by these aspects:
• File structure: CAdES, XAdES, PAdES, OOXML, ODF…
• Where is the original document stored?
• Signatures with multiple users.
• Longevity of the firm and time stamp

An electronic signature is a file containing information on the original document, the signatory, the date of signature, algorithms used and possible expiration of the signature.

How this information is structured (the order of that information within the file, the labels that indicate when a field begins and when it ends, the optionality of those fields, etc.) is determined by different formats:

• CAdES (Advanced CMS).

  It's the evolution of the first standardized signature format. It is appropriate to sign large files, especially if the signature contains the original document because it optimizes the information space. After signing, you won't be able to see the signed information, because the information is stored in a binary way.

• XAdES (XML Advanced)

  The result is an XML text file, a text format very similar to the HTML that uses labels. The documents obtained are usually larger than in the case of CAdES, so it is not suitable when the original file is very large. Applications such as eCoSignature from the Ministry of Industry and Commerce only sign in XAdES.

• PAdES (Advanced PDF).

  This is the most appropriate format when the original document is a pdf. The recipient of the signature can easily check the signature and the signed document. With the above formats this is not possible if external tools are not used.

• OOXML and ODF.

  They are the signature formats used by Microsoft Office and Open Office, respectively.

The AutoSignature client app allows you to configure the format to be used.

Depending on how the original document is referenced or stored in the signature file, we can have two cases:

The original document is included in the signature file.

In the case of CAdES these signatures are called implicit signatures.

For signatures XAdES XML, the usual thing is that the document is included in the signature file. We talk about signatures. detached, enveloping and enveloping (enveloped) depending on where the original document is stored in the signature file itself.

In practice, Case 1 is often used, which is the default way of operating for signature applications. Larger signature files are obtained but, as a counterpart, it does not require storing the original file as another separate document next to the signature.

• The document is not included in the signature.

In this case, the document is not included in the signature result or is only includes a reference to the site where it is so that the document can be localizado.Por so much, you get smaller size filesOn the contrary, the original document must always be kept by the signature.

In the case of CAdES these signatures are called explicit signatures.

In the case of XAdES XML signatures, only for detached signatures (detached), the document may be outside.

In the world of paper and handwritten signature, a document may contain the signature of several persons:

• In one case, the signatures may have the same weight or legal value, so it does not matter the order in which the signatures are stamped in the document.
• Another case is that some signatures serve to endorse or certify other earlier signatures, so the order in which the signatures are stamped is important.

The equivalent of those signatures in the electronic world is multiple signatures. Taking into account the criterion of the number of signatories we may have:

• Simple signatures. These are the basic signatures containing the signature of a single signatory.
• Co-signature or online signature. It is the multiple signature on which all the signatories are at the same level and in which the order in which they are signed does not matter. Co-signature is used in the signing of documents that are the results of meetings, conferences or committees.
• Counter-signature or cascade signature. Multiple signature in which the order in which it is signed is important, as each signature must endorse or certify the signature of the previous signatory. Counter-signature is used especially in applications such as Porta Signatures, where a document must follow a specific line through several signatories until the whole process is approved.

The AutoFirm signature application allows the three types of signature. The user can set the type of multiple signature they want to make.

The Sign Easy application automatically selects the co-signature when submitted to you to sign a previously signed document.

To verify a signature it is necessary to:

• Verify the integrity of the signed data by ensuring that they have not undergone any modification.
• Verify that the status of the certificate with which it was signed was correct, i.e. it was in force at the time of the operation.

In the case of basic electronic signature, if the certificate is automatically expired, the signature is given as invalid.

So how do we know that the certificate was in force or not on the date it was signed? And what should be done so that when you want to validate or verify a signature in the future validation is possible even if the certificate is expired?

To answer these questions, the AdES (generic way of calling the CAdES, XAdES and PAdES formats) provide for the possibility of incorporating additional information to electronic signatures that guarantees the validity of a long-term signature, once the period of validity of the certificate has expired.

These formats add to the signature evidence from third parties (certifying authorities) and time-certifications, which actually certify the status of the certificate at the time of signature.

In particular, there are different signature formats that increase the quality of the signature until obtaining a signature that can be verified in the long term (indefinitely) with full legal guarantees:

• Basic Signature (AdES - BES), is the basic format for meeting the requirements of advanced electronic signature.
• AdES - T, a time seal (T TimeStamp) is added in order to place in time the time when a document is signed.
• AdES - C, adds a set of references to certification chain certificates and their status, as a basis for long-term verification (Chain C).
• AdES - X, adds time stamps to the references created in the previous step (eXtendida X).
• AdES - XL, adds the certificates and revocation information for long-term validation (eXtendido Long Term XL).
• AdES - A, allows the addition of regular time stamps to ensure the integrity of the archived or saved signature for future verifications (A File).

The implementing rules for Regulation (EU) No 910/2014 (eIDAS) include the definition of the new Baseline signature types. These rates are equivalent to traditional formats provided that the signatures contain a number of specific requirements.

The new format represents a more generic profile and is used to ensure cross-border interoperability of electronic signatures in the context of Directive 2006/123/EC of the European Parliament and of the Council of 12 December 2006 on services in the internal market. The regulatory change is endorsed in Regulation (EU) No 910/2014, and more specifically in Commission Implementing Decision (EU) 2015/1506 of 8 September 2015 laying down specifications for the formats of advanced electronic signatures and advanced stamps to be recognised by public sector bodies. That Implementing Decision indicates in Articles 1 and 3 respectively:

• (1) Member States requiring an advanced electronic signature or an advanced electronic signature based on a qualified certificate as provided for in Article 27(1) and (2) of Regulation (EU) No 910/2014 shall recognise the advanced electronic signature XML, CMS or PDF at the level of conformity B, T or LT or with an associated signature container where the signatures comply with the technical specifications set out in the Annex.
• (3) Member States requiring an advanced electronic seal or an advanced electronic seal based on a qualified certificate as provided for in Article 37(1) and (2) of Regulation (EU) No 910/2014 shall recognise the advanced electronic seal XML, CMS or PDF at the level of conformity B, T or LT or with a container with an associated seal complying with the technical specifications set out in the Annex.

And the list of technical specifications for advanced electronic signatures XML, CMS or PDF and the container with associated signature/seal/or is included in the annex:

• Base profile XAdES (ETSI TS 103171 v2.1.1).
• Base profile CAdES (ETSI TS 103173 v2.2.1).
• Base profile PAdES (ETSI TS 103172 v2.2.2).
• Container base profile (ETSI TS 103174 v2.2.1).

For information purposes, the following equivalences are established between the traditional formats and the new 'Baseline' formats:

The Baseline profiles are in many cases a subset of traditional formats.

As has been seen in the previous section, time stamping is a method for prove that a data set existed before a given time and that none of these data has been modified since then.

The Time Stamp is a signature of a Time Sealing Authority (TSA), which acts as third part of confidence attesting to the existence of such electronic data on a specific date and time.

Time stamping provides added value to the use of digital signatures, as the signature alone does not provide any information about the time of creation of the signature, and in the event that the signatory included it, this would have been provided by one of the parties, when it is advisable that the timestamp be provided by a third part of confidence.

Resellado

Since the Time Stamp is a signature made with the electronic certificate of the Sealing Authority, when that certificate expires, the seal and therefore the signature cease to be valid.

Therefore, before the TSA certificate expires it is necessary resellar or re-apply the Temporary Stamp to maintain the temporary validity of the signature.