Do you know the purpose of the CAdES format? Today, running a business is not just about going paperless, but also creating a truly integrated and seamless workflow to automate tedious business processes like sending documents for signature.
To this end, the CAdES format is one of the best options to automate and streamline signing processes while ensuring the security offered by advanced electronic signatures.
This article will take a closer look at the CAdES format, including its extensions and how it differs from other options.
What is CAdES format?
CAdES stands for CMS advanced electronic signature. Is a set of signed data extensions with cryptographic message syntax (CMS) and thus suitable for advanced electronic signature.
CMS provides a general framework to eSign several types of transactions, such as purchase requisitions, contracts or invoices. CAdES defines precise profiles on data signed by the CMS, ensuring compliance with EU eIDAS regulation.
Uses ASN.1 data representation and is designed to be used for signing binary data. Furthermore, the signature can remain valid for long periods of time, meaning that evidence of its validity is included in case the signer or the verifying party later attempts to repudiate the signature.
The format can be regarded both as an extension of RFC 3852 and RFC 2634.
The contents of this Informational RFC amount to a transposition of the ETSI Technical Specification (TS) 101 733 V.1.7.4 (CMS Advanced Electronic Signatures — CAdES) and is technically equivalent to it.
Types of extensions
CAdES defines 6 different extensions to meet different needs and scenarios:
- CAdES-BES. Basic form that simply meets the legal requirements for advanced e-signature
- CAdES-T (timestamp). Includes a timestamp to protect the data against repudiation.
- CAdES-C (complete). Adds information on certificates and revocation lists to enable off-line validation and future verification (without storing current verification data)..
- CAdES-X (extended). Incorporates information on the time and date of the data for the C extension
- CAdES-X-L (extended long-term). It is a variation of the previous format that incorporates certificates (public key only) as well as validation sources previously used. It ensures long-term off-line validation even if the original source is not available.
- CAdES-A (archived). This format includes all the above but adds metadata on re-signing policies. A re-signing sets an expiration period for the signature, and after this time, it is signed again. Ideal scenarios for this format are those documents with high validity periods, such as mortgages, university degrees, deeds, etc. 15, 20, 50 years, etc.
CAdES vs. other formats
Choosing between one or the other will depend on the type of document and what to do with them once they are electronically signed.
Below are other formats that are also supported by our solutions:
- PAdES: Technical standard to refer to a set of extensions and restrictions for PDFs and ISO 32000-1 making it suitable for advanced electronic signature. By default, the rubric is always embedded inside the PDF document and can only be read by humans. Therefore, this option is not suitable in case the data must be read by a computer.
- XAdES (XML Advanced electronic signatures): It’s a set of extensions to the XML-DSig or XML signature recommendations. It is suitable for e-signing financial transactions. The XML data structure also makes it accessible to individuals and contains all information required to identify the signer.
In case you are not sure which format you need to handle your processes, please let us about your e-signature project and we will get in touch with shortly.
Viafirma Suite: Flexible solutions to support any signature format
Viafirma has developed different electronic signature solutions both for companies and public entities, each of them tailored to the different requirements set by our clients, since not everyone has the same needs.
In addition, based on the nature of the document we can choose among the different formats mentioned above when configuring a signature request. We always suggest adding further legal evidence (OTP, use of checks, images, videos, etc) to increase the legal validity of the document in case of repudiation.