Validating and Enhancing Existing Signatures
The Verification Service module can be used to enhance existing basic signatures to more advanced signatures as part of the signature verification process. The signature enhancement is requested by including specific flags in the request to the Verification service.
Two interfaces of verification service are supported for signature enhancement, Business application can send the signature/certificate verification/validation requests on:
- DSS Interface
An OASIS Digital Signature Service (DSS) Interface: Particularly the “Advanced Electronic Signature (AdES) Profiles of OASIS DSS Version 1.0”. - HTTP Interface
An optimized HTTP/S Interface:This provides the same signature verification and enhancement service, but using a faster HTTP/S interface.
The Ascertia ADSS Client SDK implements both interfaces using high-level Java and .NET APIs and this is the easiest way of implementing these services within a business application environment. For further details see the ADSS Server Developers Guide.
The table below describes the formats ADSS Server supports for signature enhancement:
Source Signature Format |
How to Enhance |
PDF Signatures (ISO 32000-1 and PAdES) |
According to PAdES specification PDF ISO 32000-1 signatures are equivalent to PAdES Part 2 signatures, and this specification allows to convert the existing PDF ISO 32000-1 signatures (PAdES Part 2) / PAdES Part 3 signatures to PAdES Part 4 signature by adding the revocation information for the signer/signature timestamp certificates along with addition of an RFC 3161 compliant document timestamp signature. These enhanced signatures will no more be ISO 32000-1 rather these will become PAdES Part 4 signatures as stated above.
Note:
|
CAdES-BES |
ADSS Server can verify and enhance CAdES signatures to the relevant long-term signature profiles, such as:
|
XAdES-BES |
ADSS Server can verify and enhance XAdES signatures to the relevant long-term signature profiles, such as:
|
PKCS#7/CMS |
A PKCS#7/CMS signature can be enhanced to include a timestamp as defined by the ISO 32000-1 PDF specifications (as explained above). There is no standard specification for enhancing such signatures to other long-term signature profiles (e.g. no standard way for embedding revocation information). If this is required then it is recommended to start with a basic CAdES-BES format signature and then enhance this to the relevant CAdES signature profile as explained above |
See also
Configuring the Verification Service
Transactions Log Viewer
Logs Archiving
Alerts
Verification Management Reporting
Verification Service Interface URLs