Supported Signature Types
ADSS Server supports these signature types:
PDF is a common business document format and therefore PDF signatures are the ideal choice when human users need to view and sign documents. Standard PDF signature formats exist (e.g. ISO 32000-1 and ETSI PAdES), which means PDF documents signed using ADSS Server can be verified using other third party PDF software including the ubiquitous Adobe® Reader.
At a high-level ADSS Server supports both PDF Certify signatures and PDF Approval signatures. A certify signature is a special type of PDF signature in which certain restrictions can be applied while signing; e.g. No Changes Allowed, Allow Form fill-in and digital signatures, Allow Annotations, Form fill-in and digital signatures. The PDF specifications only allow a certify signature to be applied if it’s the first signature on a document. An approval signature is any normal digital signature which does not specify any restrictions.
ISO 32000-1 Signatures:
PAdES Signatures:
PAdES stands for “PDF Advanced Electronic Signatures” and is a set of standards published by ETSI (TS 102 778 parts 1 to 5) to support European requirements for qualified electronic signatures. The purpose is specifically for long-term validation, i.e. the ability to successfully verify signature later, even years or decades after signing. PAdES signatures formats are based on the ETSI CAdES signature formats, this allows such PDF signatures to be extended for long-term validation by either the signer at time of signing or later by relying parties.
ADSS Server supports these PAdES signatures formats:
PDF Hash Signing:
ADSS Server is also able to sign just the hash of a PDF document. This is advantageous where the business application does not want to send the whole PDF to ADSS Server for reasons of confidentiality or performance. The PDF hash is usually created via the ADSS Client SDK, (or Auto File Processor) and this hash is sent to ADSS Server for signing. When the signed hash is returned, the ADSS Client SDK assembles this back within the PDF and then returned the signed PDF to the business application.
NOTE: This PDF hash signing approach is not supported for PAdES-LTV signing because ADSS Server needs to receive the whole PDF in order to embed the revocation information and document timestamp. These objects are not embedded inside the signature dictionary but elsewhere in the PDF document.Microsoft Office signatures can be created for Office Word/Excel 2013 (ISO/IEC 29500-2) documents. Word/Excel documents signed using ADSS Server are fully compliant with Office Word/Excel 2013 and vice versa. Basic and long-term formats are supported including:
ADSS Server supports ETSI XAdES signature formats, XAdES stands for “XML Advanced Electronic Signatures” and is a set of standards published by ETSI (TS 101 903) to support European requirements for qualified electronic signatures. The purpose is specifically for long-term validation, i.e. the ability to successfully verify signature later, even years or decades after signing.
XML Dsig Signatures:
This format allows XML to be hashed and signed by generating a XML Dsig signature.
XAdES Signatures:
ADSS Server also supports the original W3C XML DigSig standard with modes:
File Signing is the term used to describe traditional binary-based ASN.1 signature formats. ADSS Server supports the historical signature formats in this category (i.e. PKCS#7 and CMS) and also the latest CAdES formats. It is recommended to use CAdES formats unless the older signature formats are required for backward compatibility. The type of supported signature can be further defined as:
Following signature types are supported for File signing:
PKCS#7 Signatures:
This format allows any type of file to be hashed and signed by generating a PKCS#7 signature. In this category both enveloping signatures (the original file is contained inside the signature) and detached signatures (the signature only contains the hash of the original file) are supported.
CMS Signatures:
This format allows any type of file to be hashed and signed by generating a CMS signature. CMS is essentially a later version of the PKCS#7 signature format. Both enveloping signatures and detached signatures are supported.
CAdES Signatures:
CAdES stands for “CMS Advanced Electronic Signatures” and is a set of standards published by ETSI (TS 101 773) to support European requirements for electronic signatures. The purpose is specifically for creation of Long-Term signatures that are verifiable for years or even decades. CAdES specifies the use of signature formats for signing the file content. So the use of CAdES signatures will allow these signatures to be extended by either the signer or relying parties to ensure that signatures can be verified for as long as is necessary. Following are the different standard CAdES signatures formats:
PKCS#1 Signing
PKCS#1 signatures are the lowest level digital signature format often referred to as a “raw” signature. It is created over the document hash using the signer’s private key. This basic PKCS#1 signature is the core element within the other signature formats explained above.
See also