XAdES


XAdES is a set of extensions to XML-DSig recommendation making it suitable for advanced electronic signatures. W3C and ETSI maintain and update XAdES together.

Description

While XML-DSig is a general framework for digitally signing documents, XAdES specifies precise profiles of XML-DSig making it compliant with the European eIDAS regulation. The eIDAS regulation enhances and repeals the Electronic Signatures Directive 1999/93/EC. EIDAS is legally binding in all EU member states since July 2014. An electronic signature that has been created in compliance with eIDAS has the same legal value as a handwritten signature.
An electronic signature, technically implemented based on XAdES has the status of an advanced electronic signature. This means that
  • it is uniquely linked to the signatory;
  • it is capable of identifying the signatory;
  • only the signatory has control of the data used for the signature creation;
  • it can be identified if data attached to the signature has been changed after signing.
A resulting property of XAdES is that electronically signed documents can remain valid for long periods, even if underlying cryptographic algorithms are broken.
However, courts are not obliged to accept XAdES-based electronic signatures as evidence in their proceedings; at least in EU, this is compulsory only for "qualified" signatures. A "qualified electronic signature" needs to be doted with a digital certificate, encrypted by a security signature creation device, and the identity of the owner of this signing-certificate must have been verified according to the "high" assurance level of the eIDAS regulation.

Profiles

XAdES defines four profiles differing in protection level offered.
  • XAdES-B-B, The lowest and simplest version just containing the SignedInfo, SignatureValue, KeyInfo and SignedProperties. This form extends the definition of an electronic signature to conform to the identified signature policy.
  • XAdES-B-T, A timestamp regarding the time of signing is added to protect against repudiation.
  • XAdES-B-LT, Certificates and revocation data are embedded to allow verification in the future even if their original source is not available.
  • XAdES-B-LTA, By using periodical timestamping compromising is prevented which could be caused by weakening previous signatures during a long-time storage period.
In February 2016, ETSI publishes the document ETSI EN 319 132-1 V1.1.0 as final draft for a European Standard. In this draft, the profiles have been omitted.