This page is used to configure the type of signatures that this profile will be used to verify:

From the above screen assign required signature types to this verification profile. Clients accessing/using this profile will only be able to verify the signature type(s) allowed. Following verification rules will be applied:


PAdES Signature Verification Rules

Signature Type

Time to be Used in Validation Procedure

PAdES-BES

Validate the signature at the current time or historic time based on verification profile settings.

PAdES-BES With Embedded Timestamp

Validate the signature at the signature timestamp token time.The timestamp token will be validated at the current time.

PAdES-LTV

Validate the signature, signature timestamp token and validation information at the archive timestamp token time and validate archive timestamp token at current time.

Verify Explicit Policy Electronic Signature (EPES) attribute

When enabled, service will send an alert whenever auto-archiving is performed. 


​The ADSS Verification Service can retrieve the signature policy document in either one of the following ways (Fall-Back order):

Using Policy URI defined inside the signature. The ADSS Verification Service will use this policy URI to retrieve the online available policy document and calculate it's HASH value and compare it with hash of the policy document embedded in the signed properties of the signature.


Using locally configured signature policy document. EPES configurations should be made in policy.properties file located at: [ADSS Installation Directory]/service/

Open this file in any text editor and enter policy OID and path to the policy document

e.g. 1.2.3.4.5 = "F:/Policy_File"


The ADSS Verification Service will retrieve the locally available policy document and calculate it's HASH value and compare it with hash of the policy document embedded in the signed properties of the signature.



CAdES, XAdES, MS Office Signature Verification Rules

Signature Type

Time to be Used in Validation Procedure

AdES-BES

Validate the signature at the current time or an historic time based on verification profile settings. same is true for Microsoft office XAdES-EPES signatures.

AdES-T

Validate the signature at the signature timestamp token time. The timestamp token will be validated at the current time.

AdES-C

If the signature type is only AdES-C (Complete Validation Data References) then the signature and AdES-Twill be validated at the current time.

AdES-X

If the signature type is AdES-X then the AdES-C and AdES-T signatures will be validated at the AdES-X timestamp token time while the AdES-X timestamp token will be validated at the current time.

AdES-X-L

For AdES-X-L signatures there are two possibilities depending upon whether or not the AdES-X signature exists:

  1. If the signature type is AdES-X-L and the AdES-X exists then the AdES-X-L, AdES-C and AdES-T signatures will be validated at the AdES-X timestamp token time while the AdES-X timestamp token will be validated at the current time.
  2. If the signature type is AdES-X-L and AdES-X does not exist then the AdES-X-L, AdES-X, AdES-C and AdES-T signatures will all be validated at the current time.

AdES-A

For AdES-A signatures, there are three possibilities:

  1. If the signature type is AdES-A and the AdES-X exists then the AdES-X-L, AdES-C and AdES-T signatures will be validated at the AdES-X timestamp token time, the AdES-X will be validated at the AdES-A timestamp token time and the AdES-A itself will be validated at the current time.
  2. If the signature type is AdES-A and the AdES-X signature is not present then the AdES-X-L, AdES-C and AdES-T signatures will be validated at the AdES-A timestamp token time while the AdES-A signature will be validated at the current time.
  3. If the signature consists of multiple archived timestamps then the outermost timestamp token will be validated at the current time and the subsequent inner timestamp tokens will be validated at the previous archived timestamp token time.

Verify Explicit Policy Electronic Signature (EPES) attribute

If enabled then verification service will reject the EPES AdES signatures which do not comply with the configured Explicit policy and hence the signature verification failure is returned in this case


​The ADSS Verification Service can retrieve the signature policy document in either one of the following ways (Fall-Back order):

Using Policy URI defined inside the signature. The ADSS Verification Service will use this policy URI to retrieve the online available policy document and calculate it's HASH value and compare it with hash of the policy document embedded in the signed properties of the signature.


Using locally configured signature policy document. EPES configurations should be made in policy.properties file located at: [ADSS Installation Directory]/service/

Open this file in any text editor and enter policy OID and path to the policy document

e.g. 1.2.3.4.5 = "F:/Policy_File"


The ADSS Verification Service will retrieve the locally available policy document and calculate it's HASH value and compare it with hash of the policy document embedded in the signed properties of the signature.



Clicking the Next button will display the Algorithms Settings page.


See also

General Settings

Trust Anchor Settings
Algorithms Settings
Path Discovery Settings
Path Validation Settings
Advanced Settings