Scribd Logo
Upload

Welcome to Scribd!

  • PAdES Technical Overview

    Uploaded by

    Leonard Rosenthol
    215 views11 pages
    PDF Advanced Electronic Signatures (PAdES) White Master Leonard Rosenthol PDF Standards Architect Adobe Systems Copyright 2009 Adobe Systems Incorporated. All rights reserved. Adobe confidential.

    Original Description:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    PDF Advanced Electronic Signatures (PAdES) White Master Leonard Rosenthol PDF Standards Architect Adobe Systems Copyright 2009 Adobe Systems Incorporated. All rights reserved. Adobe confidential.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    215 views11 pages

    PAdES Technical Overview

    Uploaded by

    Leonard Rosenthol
    PDF Advanced Electronic Signatures (PAdES) White Master Leonard Rosenthol PDF Standards Architect Adobe Systems Copyright 2009 Adobe Systems Incorporated. All rights reserved. Adobe confidential.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 11

    PDF Advanced

    Electronic Signatures
    (PAdES)
    White Master

    Leonard Rosenthol
    PDF Standards Architect
    Adobe Systems

    Copyright 2009 Adobe Systems Incorporated. All rights reserved. Adobe confidential. 1
    ETSI TS
    102778

    Copyright 2009 Adobe Systems Incorporated. All rights reserved. Adobe confidential. 2
    ETSI TS 102778 – PAdES (PDF Advanced Electronic Signatures)

     Part 1: PAdES Overview – A framework document for PAdES


     General features of PDF Signatures
     Introduction to profiles

     Part 2: PAdES Basic - CMS Profile based on ISO 32000-1


     Technically as in Phase 1 deliverable (Originally TS 102778-1)

     Part 3: PAdES Enhanced


     PAdES-BES and PAdES-EPES Profiles

     Part 4: PAdES Long Term


     PAdES-LTV Profile

     Part 5: PAdES for XML Content


     Profiles for XAdES signatures of XML content in PDF files

    Copyright 2009 Adobe Systems Incorporated. All rights reserved. Adobe confidential. 3
    PAdES Profiles: Part 2 - Basic

     Compatible with ISO 32000-1


     PKCS #7 Signature
     Codifies Acrobat
    implementation details

     Recommendations
     Signature Time-stamp
     CRL and/or OCSP Response

    Under consideration as
    normative for PDF/A-2

    Copyright 2009 Adobe Systems Incorporated. All rights reserved. Adobe confidential. 4
    PAdES Profiles: Part 3 - Enhanced

     CAdES Signature
     Protects against certificate
    substitution
     New signature handler -
    ETSI.CAdES.detached
     Signature time-stamp (-T)
    (Recommended)
     Optional Signature Profile
    (- EPES)
     Explicit Policy ESignatures

    To be submitted as
    proposal for 32000-2

    Copyright 2009 Adobe Systems Incorporated. All rights reserved. Adobe confidential. 5
    PAdES Profiles: Part 4 - Long Term
    (for documents stored beyond certificate lifetime)

     PKCS#7 or CAdES Signature


     as per Part 2 or part 3

     Appended to PDF
     Validation Data
     CA Certificates
     OCSP Responses
     Document Time-stamp
     Protects data integrity beyond
    expiration of user signing
    certificate
    Validation Data
     Equivalent to CAdES-A
    Time-stamp
    To be submitted as
    proposal for 32000-2

    Copyright 2009 Adobe Systems Incorporated. All rights reserved. Adobe confidential. 6
    PAdES Profiles: Part 4 – VERY Long Term
    (for documents stored beyond time-stamp lifetime)

     if document is to be stored
    beyond time-stamp lifetime
     Can be repeatedly applied
     New TSA certificate & keys
     Improved algorithms & key
    length
     Anytime a validation is done,
    any updates can be added. Validation Data (Sig)

     Equivalent to CAdES-X-Long Time-stampTS1 (2009)

    Validation Data (TS1)


    To be submitted as
    proposal for 32000-2 Time-stamp TS2 (2015)

    Copyright 2009 Adobe Systems Incorporated. All rights reserved. Adobe confidential. 7
    Part 4 – Technical Details

     Validation Data – LTV  Document TimeStamp


     Based on Acrobat 9.1’s  Variant of existing Signature
    implementation of “DSS” dictionary
    (Document Security Store)
     /Type/DocTimeStamp
     New dictionary off the Catalog
     /Subfilter/ETSI.RFC3161
     Contains all objects used at time
     Contents are the return from
    of validation
    the timestamp server
     Certs
     CRLs
     OCSPs

    Copyright 2009 Adobe Systems Incorporated. All rights reserved. Adobe confidential.
    8
    8
    PAdES Profiles: Part 5 - XFA Signatures

    XFA (part of ISO 32000-1) already


    supports signatures based on the
    W3C XML DigSig standard.

    TS 102778-5 extends this to support


    the full capabilities of XAdES
    signatures in BES, EPES and T forms.
    <xfa:datasets>
    <itema>coffee</itema>
    <itemb>….</itemb>
    …….
    <ds:Signature>
    …….
    </ds:Signature>
    Signed XML Content …..
    </xfa:datasets>
    – XML data signed with
    XAdES Signature
    – Mapped to PDF Forms using
    XFA
    To be submitted as
    proposal for 32000-2

    Copyright 2009 Adobe Systems Incorporated. All rights reserved. Adobe confidential. 9
    PAdES Profiles: Part 5 - XFA Long Term

    TS 102778-5 also adds support for


    the long term forms of XAdES(A &
    XL) through the use of the same
    validation data & time-stamp
    features in profile 4.

    <xfa:datasets>
    <itema>coffee</itema>
    <itemb>….</itemb>
    …….
    <ds:Signature>
    …….
    </ds:Signature>
    Validation Data …..
    Signed XML Content Time-stamp (2009)
    </xfa:datasets>

    – XML data signed with


    XAdES Signature
    – Mapped to PDF Forms using
    XFA
    – Long term validity of both
    XML & PDF Signature can be To be submitted as
    preserved using LTV
    extensions to file proposal for 32000-2

    Copyright 2009 Adobe Systems Incorporated. All rights reserved. Adobe confidential. 10
    ®

    Copyright 2009 Adobe Systems Incorporated. All rights reserved. Adobe confidential. 11

    You might also like