This article is a review of the CAdES (CMS Advanced Electronic Signatures) standard. The article was written both on the basis of theoretical studies conducted by the author, and on the basis of writing his own implementation of creating and verifying signatures of the CAdES formats.
The article presents information from the latest version of this standard, which has the number 2.2.1 and published in April 2013 (all versions of the CAdES standard can be obtained from the following link:
www.etsi.org/deliver/etsi_ts/101700_101799/101733 ). Currently in the process of creation is a new document describing the CAdES standard and denoted by "EN 319-122". The draft version of this document can be found at the following link:
docbox.etsi.org/esi/Open/Latest_Drafts .
The article will analyze all the main forms of electronic signatures described in the CAdES standard. Also, if necessary, all attributes of digital signatures included in one or another form of CAdES will be analyzed.
')
The CAdES standard cannot be analyzed without a primary analysis of the CMS standard (Cryptographic Message Syntax). In this regard, the article also presents a primary analysis of this standard, as well as the motives associated with the emergence of ideas and solutions presented in the CAdES standard.
To understand the article, the reader is required to have a general knowledge of the fundamentals of creating electronic digital signatures and (to a lesser extent) familiarity with the general notation of ASN.1.
To establish "primary trust" I will give a few facts about me that are relevant to the topic of this article:
- Over 15 years of professional experience as a programmer;
- I am the primary author of the CryptoArm software (written by me alone in the 2003rd year, led the product up to version 2.5, now I have no relation to this software);
- I am the author of the articles "Using the Crypto API" and "ASN.1 in simple words";
- I have been an active participant in the Crypto-Pro company forum since 2005;
Since the article is quite large by the standards of Habr and contains a large number of different formatted lists, this site will (at least for now) only the table of contents of the general article and a
direct link to the full version of the article in PDF format .
The article provides data on both obsolete formats (such as CAdES-X Long Type 1) and current (CAdES-A v3). An analysis of the reasons for the appearance of CAdES format signatures and disadvantages of the CMS format is given. The author also analyzes the shortcomings of individual CAdES formats and the advantages of the new variants of “improved signatures”.
Table of contents:
- The threat model for digital signatures of the CMS format
- General description of CAdES formats
- General description of TSP and OCSP protocols
- Signature Format CAdES-BES (Basic Electronic Signature)
- Signature Format CAdES-T (Electronic Signature with Time)
- Signature Format CAdES-C (Electronic Signature with Complete Data References)
- Signature Format CAdES-X Type 1 (EXtended Electronic Signature)
- Signature Format CAdES-X Type 2
- Signature Format CAdES-X Long Type 1 and Type 2 (CAdES-XL)
- Lack of format signatures from CAdES-BES to CAdES-XL
- CAdES-A (Archival) Signature Formats
- Conclusion
The article is a general overview of the CAdES standard formats. If there are wishes, then separate sections of the article can be supplemented with more complete information.