Depending on your needs and preferences, we offer the following types of advanced signature:
XML Signature
It is a specification developed under the umbrella of w3c (https://www.w3.org/Signature/) that allows the signature (complete or partial) of documents using a standard XML notation. XML Signatures offers some advantages over traditional signatures since its structure is human-readable because it is based on plain text.
PDF-Signature
Embedded signature in PDF documents according to ISO-32001 standards, making this signature format the most “accessible” for the ordinary citizen. That is, a signature embedded in a PDF could be viewed by a user with any standard PDF reader, such as Acrobat Reader. They are used for scenarios in which the end user or users involved in the process are natural persons.
CMS (Cryptographic Message Syntax) / PKCS#7
Binary signature format used for signature, authentication, digest and encryption of documents. This format was designed mainly for the exchange of information from Electronic Mail. It uses the PKCS#7 standard. This format also incorporates time stamping information obtained by a TSA (TimeStamp Authority).
XAdES – Advanced XML electronic signature
A family of advanced signatures based on XML formats. Unlike an embedded format such as PDF-Signature mentioned above, it is a language designed to “talk between machines”; that is, the exchange of information between automated systems is the purpose of using an XML-based format.
Within this signature format, different extensions have evolved in response to different needs and scenarios; the extensions described below should not be considered from least to most robust, reliable or secure, but rather as evolutions of the format that respond to different scenarios, and do not compete with each other.
XAdES-BES
Basic form that simply meets the legal requirements of the Directive for advanced electronic signatures.
XAdES-EPES
It is an XAdES-BES that incorporates information about the signature policy, such as information about the certificate used and the CA that issued it.
XAdES-T (timestamp)
It is an XAdES-EPES to which a second signature is added, but this time, a signature made by a TSA (Time Stamp Authority). This second signature provides specific information about the exact date and time of the signature.
XAdES-C (complete)
It is an XAdES-T to which references to the certificates and revocation lists used for the validation of the certificate used for the signature are added. For example: it was signed by CCC Certificate issued by CA AAA and whose CRL RRRR was consulted at the time of validation.
XAdES-X (extended)
It is an XAdES-C to which date and time information is added to the data entered for the C extension.
XAdES-XL (extended long-term)
It is an XAdES-X that incorporates the certificates (public key only) and the validation sources that were used. Unlike -C, where only a reference (a pointer) was included, in this format all this information is embedded. For example, in the case of a CRL, the signed list of revoked certificates that was consulted at that time is incorporated.
This is used to ensure validation many years after the signature even if the CA that issued the certificate, or the validation source (CRL) that was consulted, is no longer available (e.g. published). In other words, it guarantees off-line validation in the long term.
XAdES-A (archived)
This format includes all the previous information but includes meta-information associated with re-signing policies. A re-signing policy establishes an expiration period for the digital signature, and after this time, a re-signing is performed.
The ideal scenario for this signature format are documents with a very high validity: mortgages, university degrees, deeds, etc. 15, 20, 50 years, etc.
Long-lived companies
Both the -A and -XL formats are considered long-lived signature formats.
With this re-signing we ensure that the algorithms used at the time of the first signature are not outdated. For example, in 15 years, the signature algorithms used will probably be obsolete and new ones will be used. If we re-sign our document with the new algorithm, we guarantee that it will continue to be reliable for years to come.
This signature format goes hand in hand with a complex policy-based signing system that defines, at a minimum, how often we will sign all our documents, which algorithms will be used in each case, or where these documents will be stored.
PAdES advanced electronic signature in PDF format
It is a set of restrictions and extensions to PDF and the ISO 32000-1 standard making it suitable for advanced electronic signatures.
While PDF and ISO 32000-1 provide a framework for electronically signing documents, PAdES signature specifies precise profiles for the use of advanced electronic signatures under the European Union Directive 1999/93/EC.
An important benefit of PAdEs is that electronically signed documents remain valid for long periods of time, even if the underlying cryptographic algorithms are broken.
Documents electronically signed in PAdES format can be used or archived for many years, even decades, so that at any time in the future, despite possible technological advances, it should be possible to validate the document to confirm that the signature was valid at the time it was signed, a concept known as “Long-Term Validation” (LTV).
This format is complementary to two other electronic signature concepts developed by ETSI, both widely recognized by the European Union and suitable for those applications that do not involve a person reading the document, such as the advanced electronic signature for CMS files (CAdES) and the advanced electronic signature for XML (XAdES).
For documents in PDF format, the signature data is embedded directly into the signed PDF document, allowing the contents of the PDF file to be copied, stored and distributed as a simple electronic file. The signature can also have a visual representation as a form field, just as it might have in a printed document.
A significant advantage of the PAdES format is that it is deployed by means of widely recognized software such as PDF readers, i.e. no development or customization of specialized software is required.
The following table briefly defines the profiles defined by PAdES (ETSI TS 102 778):
PAdES Basic
Basic profile that meets the requirements specified in ISO 32000-1.
PAdES-BES Profile (Enhanced)
This profile specifies an advanced PDF signature based on CAdES-bes and incorporates the option to include a time stamp (CADES-T) in the signature.
EPES Profile (Enhanced)
This profile specifies an advanced PDF signature based on CAdES-EPES. It is the PAdES-BES Profile with the addition of a signature policy identifier and, optionally, a reference to the type of commitment made.
PAdES-LTV Profile (Long Term)
This is the long-lived signature format. This profile allows the validity of PDF signatures to be extended indefinitely. It can be used in conjunction with the PAdES-CMS, PAdES-BES or PADES-EPES profiles. This profile is used to guarantee validation many years after the signature has been made. In other words, it guarantees long-term validation.