CAdES (CMS Advanced Electronic Signatures) is a set of extensions to Cryptographic Message Syntax (CMS) signed data making it suitable for advanced electronic signatures

CMS is a general framework for Electronic Signatures for various kinds of transactions like purchase requisition, contracts or invoices. CAdES specifies precise profiles of CMS signed data making it compliant with the European eIDAS regulation (Regulation on electronic identification and trust services for electronic transactions in the internal market). The eIDAS regulation enhances and repeals the Electronic Signatures Directive 1999/93/EC. EIDAS is legally binding in all EU member states since July 2014. An electronic signature that has been created in compliance with eIDAS has the same legal value as a handwritten signature.

An electronic signature, technically implemented based on CAdES has the status of an advanced electronic signature. This means that

  • it is uniquely linked to the signatory;
  • it is capable of identifying the signatory;
  • only the signatory has control of the data used for the signature creation;
  • it can be identified if data attached to the signature has been changed after signing.

A resulting property of CAdES is that electronically signed documents can remain valid for long periods, even if the signer or verifying party later attempts to deny the validity of the signature.

A CAdES-based electronic signature is accepted in a court proceeding as evidence; as advanced electronic signatures are legally binding. But it gets higher probative value when enhanced to a qualified electronic signature. To receive that legal standing, it needs to be doted with a digital certificate, encrypted by a security signature creation device ("qualified electronic signature"). The authorship of a statement with a qualified electronic signature cannot be challenged - the statement is non-repudiable.

CAdES defines six profiles (forms) differing in protection level offered.

  • CAdES-B (also named XAdES-BES for "Basic Electronic Signature"), basic form just satisfying Directive legal requirements for advanced signature;
  • CAdES-T (timestamp), adding timestamp field to protect against repudiation;
  • CAdES-C (complete), adding references to verification data (certificates and revocation lists) to the signed documents to allow off-line verification and verification in future (but does not store the actual data);
  • CAdES-X (extended), adding timestamps on the references introduced by XAdES-C to protect against possible compromise of certificates in chain in future;
  • CAdES-XL (extended long-term), adding actual certificates and revocation lists to the signed document to allow verification in future even if their original source is not available;
  • CAdES-A (archival), adding the possibility for periodical timestamping (e.g. each year) of the archived document to prevent compromise caused by weakening signature during a long storage period.

1 Signature levels

By default, CAdES_BASELINE_B will be used. You can use any of the following enum types to setup signature level by using constants provided by class CAdES.SIGNATURELEVEL

  • CAdES_BASELINE_B: Basic Electronic Signature The lowest and simplest version just containing the SignedInfo, SignatureValue, KeyInfo and SignedProperties. This level combines the old -BES and -EPES levels.
  • CAdES_BASELINE_T: Signature with a timestamp. A timestamp regarding the time of signing is added to protect against repudiation.
  • CAdES_BASELINE_LT:Signature with Long Term Data Certificates and revocation data are embedded to allow verification in future even if their original source is not available. This level is equivalent to the old XAdES_XL level.
  • CAdES_BASELINE_LTA: Signature with Long Term Data and Archive timestamp. By using periodical timestamping (e.g. each year) compromising is prevented which could be caused by weakening previous signatures during a long-time storage period. This level is equivalent to the old XAdES_A level.

LT and LTA requires revocation list.

2 Signature packaging

You can select from any of the following signature packaging:

  • ENVELOPING, The signature includes the XML document encoded in base64.
  • DETACHED, The signature without the document is returned.

3 Methods

TO DO

This section is incomplete and will be concluded as soon as possible.

4 Enum constants

For either signature level, signature packaging and digest algorithm and enum constant is provided.

Copy 
<script>
    console.log(Ax.crypt.CAdES.SIGNATURELEVEL);
    console.log(Ax.crypt.CAdES.SIGNATUREPACKAGING);
    console.log(Ax.crypt.CAdES.DIGESTALGORITHM);
</script>
CAdES_BASELINE_T, CAdES_BASELINE_LT, CAdES_BASELINE_LTA, CAdES_BASELINE_B]
[ENVELOPING, DETACHED]
[SHA256, SHA3_384, SHA1, SHA384, RIPEMD160, SHA3_512, MD2, SHA3_224, SHA3_256, SHA512, SHA224, MD5]

5 Detached example

Copy 
<script>
	// Load a keystore
    var ks = new Ax.ks.KeyStoreManager("https://bitbucket.org/deister/axional-docs-resources/raw/master/KeyStores/swview/jks-files/jack.jks", "secret");
    
    // Load any document (text, file ...)
    // In our example, we use a simple text
    var src = "This is a memo text that must be signed to certifify it's author";

    
    // Sign the document using keystore private key alias "jack" with password "moon"
    var tmp = new Ax.crypt.CAdES(src)
    	.setTspServer("http://tsa.belgium.be/connect")
    	.setSignaturePackaging(Ax.crypt.CAdES.SIGNATUREPACKAGING.DETACHED)
    	.setSignatureLevel(Ax.crypt.CAdES.SIGNATURELEVEL.CAdES_BASELINE_T)
    	.sign(ks, "jack", "moon")
    ;

    // The resulting data is a byte[] in PKCS#7 (CMS) format
    new Ax.io.File("/tmp/books.p7s").write(tmp);
    
    // Look at the content of PKCS7 data
    console.log(tmp);    

</script>
00000000 30 82 1E 2E 06 09 2A 86 48 86 F7 0D 01 07 02 A0 0.....*.H.......
00000010 82 1E 1F 30 82 1E 1B 02 01 01 31 0F 30 0D 06 09 ...0......1.0...
00000020 60 86 48 01 65 03 04 02 01 05 00 30 0B 06 09 2A `.H.e......0...*
00000030 86 48 86 F7 0D 01 07 01 A0 82 06 85 30 82 02 F6 .H..........0...
00000040 30 82 02 5F A0 03 02 01 02 02 09 00 F6 AB 3A 73 0.._..........:s
00000050 F0 12 42 A5 30 0D 06 09 2A 86 48 86 F7 0D 01 01 ..B.0...*.H.....
00000060 05 05 00 30 81 8A 31 0B 30 09 06 03 55 04 06 13 ...0..1.0...U...
00000070 02 4C 4B 31 10 30 0E 06 03 55 04 08 13 07 57 65 .LK1.0...U....We
00000080 73 74 65 72 6E 31 10 30 0E 06 03 55 04 07 13 07 stern1.0...U....
00000090 43 6F 6C 6F 6D 62 6F 31 16 30 14 06 03 55 04 0A Colombo1.0...U..
7580 byte(s) more

6 Enveloping example

Copy 
<script>
	// Load a keystore
    var ks = new Ax.ks.KeyStoreManager("https://bitbucket.org/deister/axional-docs-resources/raw/master/KeyStores/swview/jks-files/jack.jks", "secret");
    
    // Load any document (text, file ...)
    // In our example, we use a simple text
    var src = "This is a memo text that must be signed to certifify it's author";

    
    // Sign the document using keystore private key alias "jack" with password "moon"
    var tmp = new Ax.crypt.CAdES(src)
    	.setTspServer("http://tsa.belgium.be/connect")
    	.setSignaturePackaging(Ax.crypt.CAdES.SIGNATUREPACKAGING.ENVELOPING)
    	.setSignatureLevel(Ax.crypt.CAdES.SIGNATURELEVEL.CAdES_BASELINE_T)
    	.sign(ks, "jack", "moon")
    ;

    // The resulting data is a byte[] in PKCS#7 (CMS) format
    new Ax.io.File("/tmp/books.p7s").write(tmp);
    
    // We can extract the data from PKCS#7 envelope
    var payload = new Ax.crypt.PKCS7().getData(tmp);
    
    // Look at the content of PKCS7 data
    console.log(tmp);    
    // Here again we can see our original document
    console.log(payload);
</script>
00000000 30 82 1E 72 06 09 2A 86 48 86 F7 0D 01 07 02 A0 0..r..*.H.......
00000010 82 1E 63 30 82 1E 5F 02 01 01 31 0F 30 0D 06 09 ..c0.._...1.0...
00000020 60 86 48 01 65 03 04 02 01 05 00 30 4F 06 09 2A `.H.e......0O..*
00000030 86 48 86 F7 0D 01 07 01 A0 42 04 40 54 68 69 73 .H.......B.@This
00000040 20 69 73 20 61 20 6D 65 6D 6F 20 74 65 78 74 20  is a memo text 
00000050 74 68 61 74 20 6D 75 73 74 20 62 65 20 73 69 67 that must be sig
00000060 6E 65 64 20 74 6F 20 63 65 72 74 69 66 69 66 79 ned to certifify
00000070 20 69 74 27 73 20 61 75 74 68 6F 72 A0 82 06 85  it's author....
00000080 30 82 02 F6 30 82 02 5F A0 03 02 01 02 02 09 00 0...0.._........
00000090 F6 AB 3A 73 F0 12 42 A5 30 0D 06 09 2A 86 48 86 ..:s..B.0...*.H.
7648 byte(s) more
00000000 54 68 69 73 20 69 73 20 61 20 6D 65 6D 6F 20 74 This is a memo t
00000010 65 78 74 20 74 68 61 74 20 6D 75 73 74 20 62 65 ext that must be
00000020 20 73 69 67 6E 65 64 20 74 6F 20 63 65 72 74 69  signed to certi
00000030 66 69 66 79 20 69 74 27 73 20 61 75 74 68 6F 72 fify it's author