Signature Settings
This page is used to configure the type of signatures that this profile will be used to verify:
From the above screen assign required signature types to this verification profile. Clients accessing/using this profile will only be able to verify the signature type(s) allowed. Following verification rules will be applied:
PAdES Signature Verification Rules
| Signature Type | Time to be Used in Validation Procedure |
| PAdES-BES | Validate the signature at the current time or historic time based on verification profile settings. |
| PAdES-BES With Embedded Timestamp | Validate the signature at the signature timestamp token time.Thetimestamptoken will be validated at the current time. |
| PAdES-LTV |
Validate the signature, signature timestamp token and validation information at the archive timestamp token time and validate archive timestamp token at current time |
| Verify Explicit Policy Electronic Signature (EPES) attribute |
If enabled then verification service will reject the EPES PAdES signatures which do not comply with the configured Explicit policy and hence the signature verification failure is returned in this case.
The ADSS Verification Service can retrieve the signature policy document in either one of the following ways (Fall-Back order):
Using Policy URI defined inside the signature. The ADSS Verification Service will use this policy URI to retrieve the online available policy document and calculate it's HASH value and compare it with hash of the policy document embedded in the signed properties of the signature. Using locally configured signature policy document. EPES configurations should be made in policy.properties file located at: [ADSS Installation Directory]/service/ Open this file in any text editor and enter policy OID and path to the policy document e.g. 1.2.3.4.5 = "F:/Policy_File" The ADSS Verification Service will retrieve the locally available policy document and calculate it's HASH value and compare it with hash of the policy document embedded in the signed properties of the signature. |
CAdES, XAdES, MS Office Signature Verification Rules
| Signature Type | Time to be Used in Validation Procedure |
| AdES-BES | Validate the signature at the current time or an historic time based on verification profile settings. same is true for Microsoft office XAdES-EPES signatures |
| AdES-T | Validate the signature at the signature timestamp token time. The timestamp token will be validated at the current time. |
| AdES-C | If the signature type is only AdES-C (Complete Validation Data References) then thesignature and AdES-Twill be validated at the current time. |
| AdES-X | If the signature type is AdES-X then the AdES-C and AdES-T signatures will be validated at the AdES-X timestamp token time while the AdES-X timestamp token will be validated at the current time. |
| AdES-X-L |
For AdES-X-L signatures there are two possibilities depending upon whether or not the AdES-X signature exists:
|
| AdES-A |
For AdES-A signatures, there are three posibilities:
|
| Verify Explicit Policy Electronic Signature (EPES) attribute |
If enabled then verification service will reject the EPES AdES signatures which do not comply with the configured Explicit policy and hence the signature verification failure is returned in this case.
The ADSS Verification Service can retrieve the signature policy document in either one of the following ways (Fall-Back order): |
Clicking the Next button will display the Path Discovery Settings page.
See also