PAdES signatures in itext and the road ahead. Paulo Soares

Size: px
Start display at page:

Download "PAdES signatures in itext and the road ahead. Paulo Soares"

Transcription

1 PAdES signatures in itext and the road ahead Paulo Soares

2 About the speaker Paulo Soares M.Sc. Electronics and Telecomunications Hardware background in military comunication systems Works for Healthcare software (pharmacies, hospitals, clinics, laboratories) Industrial control, automation Software architect itext co-developer since itext Summit 2

3 Some acronyms OSI - Open Systems Interconnection ASN.1 - Abstract Syntax Notation One BER - Basic Encoding Rules DER - Distinguished Encoding Rules IETF - Internet Engineering Task Force RFC Request For Comments CMS Cryptographic Message Syntax CAdES - CMS Advanced Electronic Signatures PAdES - PDF Advanced Electronic Signature Profiles itext Summit 3

4 What is PAdES In July 2009, ETSI (European Telecommunications Standard Institute) has published a new standard that will facilitate secure paperless transactions throughout Europe, in conformance with European legislation. The standard defines a series of profiles for PAdES Advanced Electronic Signatures for PDF documents that meet the requirements of the European Directive on a Community framework for electronic signatures (Directive 1999/93/EC). The new standard was developed by ETSI's Electronic Signatures and Infrastructure (ESI) Technical Committee in collaboration with PDF experts. PDF is defined in a standard ISO , so the ETSI activity included reviewing and documenting how ISO can satisfy the European Directive. The resulting PAdES standard, ETSI Technical Specification (TS) , also introduces a number of adaptations and extensions to PDF to satisfy the Directive's requirements itext Summit 4

5 PAdES summary Part 1: "PAdES Overview - a framework document for PAdES"; Part 2: "PAdES Basic - Profile based on ISO "; Part 3: "PAdES Enhanced - PAdES-BES and PAdES-EPES Profiles"; Part 4: "PAdES Long Term - PAdES-LTV Profile"; Part 5: "PAdES for XML Content - Profiles for XAdES signatures" itext Summit 5

6 PAdES Part 1 Provides a general description of support for signatures in PDF documents including use of XML signatures to protect XML data in PDF documents; Lists the features of the PDF profiles specified in other parts of the document; Describes how the profiles may be used in combination itext Summit 6

7 PAdES Part 2 Profiles the use of PDF signatures, as described in ISO and based on CMS, for its use in any application areas where PDF is the appropriate technology for exchange of digital documents including interactive forms itext Summit 7

8 PAdES Part 2 SubFilter value adbe.pkcs7.detached adbe.pkcs7.sha1 adbe.x509.rsa.sha1a Message Digest SHA1 (PDF 1.3) SHA256 (PDF 1.6) SHA384 (PDF 1.7) SHA512 (PDF 1.7) RIPEMD160 (PDF 1.7) SHA1 (PDF 1.3)b SHA1 (PDF 1.3) SHA256 (PDF 1.6) SHA384 (PDF 1.7) SHA512 (PDF 1.7) RIPEMD160 (PDF 1.7) RSA Algorithm Support Up to 1024-bit (PDF 1.3) Up to 2048-bit (PDF 1.5) Up to 4096-bit (PDF 1.5) See adbe.pkcs7.detached See adbe.pkcs7.detached DSA Algorithm Support Up to 4096-bits (PDF 1.6) See adbe.pkcs7.detached No a Despite the appearance of sha1 in the name of this SubFilter value, supported encodings shall not be limited to the SHA1 algorithm. The PKCS#1 object contains an identifier that indicates which algorithm shall be used. b Other digest algorithms may be used to digest the signed-data field; however, SHA1 shall be used to digest the data that is being signed itext Summit 8

9 PAdES Part 3 Profiles the use of PDF Signatures specified in ISO with an alternative signature encoding to support signature formats equivalent to the signature forms CAdES-BES, CAdES-EPES and CAdES-T as Specified in TS The PAdES-BES profile supports basic CMS (RFC 3852) signature features as specified TS with the additional protection against signing certificate substitution. The PAdES-EPES profile extends the PAdES-BES profile to include signature policies itext Summit 9

10 PAdES Part 4 Profiles the electronic signature formats found in ISO [1] to support Long Term Validation (LTV) of PDF Signatures Specifies how to include validation information in a PDF Document and to further protect the document using time-stamps so that it is possible to subsequently verify a PDF Signature long after it was signed. This profile may be used to support long term validation of: PDF Signatures to profiles specified in TS PDF Signatures to profiles specified in TS PDF Signatures to profiles specified in TS itext Summit 10

11 PAdES Part itext Summit 11

12 PAdES Part 5 Defines four profiles that together profile the usage of XAdES signatures, as defined in TS , for signing XML content within the PDF containers itext Summit 12

13 PAdES support in itext Full support of PAdES Part 2 Support of PAdES Part 3 with an external signature Full support of PAdES Part 4 No support of PAdES Part itext Summit 13

14 PAdES Part 2 in itext Direct support of adbe.x509.rsa.sha1 Direct support of adbe.pkcs7.sha1 Support of adbe.pkcs7.detached as an external signature but itext does the signing itext Summit 14

15 adbe.x509.rsa.sha1 signing KeyStore ks = KeyStore.getInstance("pkcs12"); ks.load(new FileInputStream("my_private_key.pfx"), "my_password".tochararray()); String alias = (String)ks.aliases().nextElement(); PrivateKey key = (PrivateKey)ks.getKey(alias, "my_password".tochararray()); Certificate[] chain = ks.getcertificatechain(alias); PdfReader reader = new PdfReader("original.pdf"); FileOutputStream fout = new FileOutputStream("signed.pdf"); PdfStamper stp = PdfStamper.createSignature(reader, fout, '\0'); PdfSignatureAppearance sap = stp.getsignatureappearance(); sap.setcrypto(key, chain, null, PdfSignatureAppearance.SELF_SIGNED); sap.setreason("i'm the author"); sap.setlocation("lisbon"); sap.setvisiblesignature(new Rectangle(100, 100, 200, 200), 1, null); stp.close(); itext Summit 15

16 adbe.pkcs7.sha1 signing KeyStore ks = KeyStore.getInstance("pkcs12"); ks.load(new FileInputStream("my_private_key.pfx"), "my_password".tochararray()); String alias = (String)ks.aliases().nextElement(); PrivateKey key = (PrivateKey)ks.getKey(alias, "my_password".tochararray()); Certificate[] chain = ks.getcertificatechain(alias); PdfReader reader = new PdfReader("original.pdf"); FileOutputStream fout = new FileOutputStream("signed.pdf"); PdfStamper stp = PdfStamper.createSignature(reader, fout, '\0'); PdfSignatureAppearance sap = stp.getsignatureappearance(); sap.setcrypto(key, chain, null, PdfSignatureAppearance.WINCER_SIGNED); sap.setreason("i'm the author"); sap.setlocation("lisbon"); sap.setvisiblesignature(new Rectangle(100, 100, 200, 200), 1, null); stp.close(); itext Summit 16

17 adbe.pkcs7.detached signing PdfSignatureAppearance sap = stp.getsignatureappearance(); sap.setcrypto(null, chain, null, PdfSignatureAppearance.SELF_SIGNED); PdfSignature dic = new PdfSignature(PdfName.ADOBE_PPKLITE, new PdfName("adbe.pkcs7.detached")); dic.setdate(new PdfDate(sap.getSignDate())); sap.setcryptodictionary(dic); HashMap<PdfName,Integer> exc = new HashMap<PdfName,Integer>(); exc.put(pdfname.contents, new Integer(contentEstimated * 2 + 2)); sap.preclose(exc); PdfPKCS7 sgn = new PdfPKCS7(pk, chain, null, "SHA1", null, false); InputStream data = sap.getrangestream(); MessageDigest messagedigest = MessageDigest.getInstance("SHA1"); byte buf[] = new byte[8192]; int n; while ((n = data.read(buf)) > 0) messagedigest.update(buf, 0, n); byte hash[] = messagedigest.digest(); Calendar cal = Calendar.getInstance(); TSAClient tsc = new TSAClientBouncyCastle(TSA_URL, TSA_ACCNT, TSA_PASSW); byte[] ocsp = new OcspClientBouncyCastle((X509Certificate)chain[0], (X509Certificate)chain[1], url).getencoded(); byte sh[] = sgn.getauthenticatedattributebytes(hash, cal, ocsp); sgn.update(sh, 0, sh.length); byte[] encodedsig = sgn.getencodedpkcs7(hash, cal, tsc, ocsp); byte[] paddedsig = new byte[contentestimated]; System.arraycopy(encodedSig, 0, paddedsig, 0, encodedsig.length); PdfDictionary dic2 = new PdfDictionary(); dic2.put(pdfname.contents, new PdfString(paddedSig).setHexWriting(true)); sap.close(dic2); itext Summit 17

18 PAdES Part 3 in itext No direct support but possible to use an external signature itext currently has no capabilities to assist in the signing itext Summit 18

19 PAdES Part 4 in itext Full LTV support both in Document security Store and Timestamp itext Summit 19

20 PAdES Part 4 in itext PdfReader r = new PdfReader(IN_FILE); FileOutputStream fout = new FileOutputStream(OUT_FILE); PdfStamper stp = PdfStamper.createSignature(r, fout, '\0', null, true); LtvVerification v = stp.getltvverification(); AcroFields af = stp.getacrofields(); for (String signame : af.getsignaturenames()) { v.addverification(signame, new OcspClientBouncyCastle(), new CrlClientImp(), LtvVerification.CertificateOption.WHOLE_CHAIN, LtvVerification.Level.OCSP_CRL, LtvVerification.CertificateInclusion.NO); } PdfSignatureAppearance sap = stp.getsignatureappearance(); TSAClientBouncyCastle tsa = new TSAClientBouncyCastle(TSA_URL, TSA_ACCNT, TSA_PASSW, 6500, "sha256"); LtvTimestamp.timestamp(sap, tsa, null); itext Summit 20

21 itext sign architecture Certificate encryption Validation AcroFields.verifySignature() Signing PdfSignatureAppearance, PdfPKCS7 Open Source Modify at will itext Summit 21

22 Shortcomings of itext signing architecture Monolithic Impossible to open a certificate encrypted PDF with a smartcard with C# Impossible to plug-in another validation engine/logic Arbitrary signing is possible with an external signature but itext won t assist much in the process Open Source no urgency in providing a decent interface itext Summit 22

23 New itext signing architecture Based on the factory pattern Plug-in for certificate encryption, validation and signing Standard plug-in for detached signing and CAdES signing itext Summit 23

ETSI TS 102 778-1 V1.1.1 (2009-07) Technical Specification

ETSI TS 102 778-1 V1.1.1 (2009-07) Technical Specification TS 102 778-1 V1.1.1 (2009-07) Technical Specification Electronic Signatures and Infrastructures (ESI); PDF Advanced Electronic Signature Profiles; Part 1: PAdES Overview - a framework document for PAdES

More information

ETSI TS 102 778-3 V1.1.2 (2009-12) Technical Specification

ETSI TS 102 778-3 V1.1.2 (2009-12) Technical Specification TS 102 778-3 V1.1.2 (2009-12) Technical Specification Electronic Signatures and Infrastructures (ESI); PDF Advanced Electronic Signature Profiles; Part 3: PAdES Enhanced - PAdES-BES and PAdES-EPES Profiles

More information

TechNote 0006: Digital Signatures in PDF/A-1

TechNote 0006: Digital Signatures in PDF/A-1 TechNote 0006: Digital Signatures in PDF/A-1 Digital signatures are primarily used to check the integrity of the signed part of the document. They also can be used to authenticate the signer s identity

More information

Digital Signature Service. version : 4.7-SNAPSHOT - 2016-05-09

Digital Signature Service. version : 4.7-SNAPSHOT - 2016-05-09 Digital Signature Service version : 4.7-SNAPSHOT - 2016-05-09 Table of Contents Introduction............................................................................... 1 Purpose of the document..................................................................

More information

In accordance with article 11 of the Law on Electronic Signature (Official Gazette of the Republic of Serbia No. 135/04), REGULATION

In accordance with article 11 of the Law on Electronic Signature (Official Gazette of the Republic of Serbia No. 135/04), REGULATION In accordance with article 11 of the Law on Electronic Signature (Official Gazette of the Republic of Serbia No. 135/04), the Minister of Telecommunications and Information Society hereby promulgates REGULATION

More information

ETSI TS 102 778 V1.1.1 (2009-04) Technical Specification

ETSI TS 102 778 V1.1.1 (2009-04) Technical Specification TS 102 778 V1.1.1 (2009-04) Technical Specification Electronic Signatures and Infrastructures (ESI); PDF Advanced Electronic Signature Profiles; CMS Profile based on ISO 32000-1 2 TS 102 778 V1.1.1 (2009-04)

More information

Digital Signature Service. version : 4.6.0-2016-02-22

Digital Signature Service. version : 4.6.0-2016-02-22 Digital Signature Service version : 4.6.0-2016-02-22 Table of Contents Introduction................................................................................... 1 Purpose of the document.....................................................................

More information

Normas ETSI e IETF para Assinatura Digital. Ernandes Lopes Bezerra. Ernandes. 26 de dezembro de 2012

Normas ETSI e IETF para Assinatura Digital. Ernandes Lopes Bezerra. Ernandes. 26 de dezembro de 2012 Normas ETSI e IETF para Assinatura Digital Lopes Bezerra 26 de dezembro de 2012 by 1 Acrônimos TERMO BES CAdES CMS DER DNS DN EPES ETSI HTTP IETF LCR LDAP LTV OID PAdES PDF TR TS URI URL XAdES DESCRIÇÃO

More information

ETSI TS 102 778-5 V1.1.1 (2009-07) Technical Specification

ETSI TS 102 778-5 V1.1.1 (2009-07) Technical Specification TS 102 778-5 V1.1.1 (2009-07) Technical Specification Electronic Signatures and Infrastructures (ESI); PDF Advanced Electronic Signature Profiles; Part 5: PAdES for XML Content - Profiles for XAdES signatures

More information

Specifying the content and formal specifications of document formats for QES

Specifying the content and formal specifications of document formats for QES NATIONAL SECURITY AUTHORITY Version 1.0 Specifying the content and formal specifications of document formats for QES 24 July 2007 No.: 3198/2007/IBEP-013 NSA Page 1/14 This English version of the Slovak

More information

Digital Signatures in a PDF

Digital Signatures in a PDF This document describes how digital signatures are represented in a PDF document and what signature-related features the PDF language supports. Adobe Reader and Acrobat have implemented all of PDF s features

More information

Multiple electronic signatures on multiple documents

Multiple electronic signatures on multiple documents Multiple electronic signatures on multiple documents Antonio Lioy and Gianluca Ramunno Politecnico di Torino Dip. di Automatica e Informatica Torino (Italy) e-mail: lioy@polito.it, ramunno@polito.it web

More information

White Paper. Digital signatures from the cloud Basics and Applications

White Paper. Digital signatures from the cloud Basics and Applications White Paper Digital signatures from the cloud Basics and Applications Contents Basics of digital signature...3 Electronic documents and signature...3 Electronic signature...3 Digital signature...4 Standards

More information

ETSI SECURITY WEEK EIDAS Overview CEN/ETSI esignature Standardization including standards for TSP Compliance. ETSI 2015. All rights reserved

ETSI SECURITY WEEK EIDAS Overview CEN/ETSI esignature Standardization including standards for TSP Compliance. ETSI 2015. All rights reserved ETSI SECURITY WEEK EIDAS Overview CEN/ETSI esignature Standardization including standards for TSP Compliance esignature Standards Framework Certificate Authority Time-stamping Signing Servers Validation

More information

ETSI TS 102 778-4 V1.1.1 (2009-07) Technical Specification

ETSI TS 102 778-4 V1.1.1 (2009-07) Technical Specification TS 102 778-4 V1.1.1 (2009-07) Technical Specification Electronic Signatures and Infrastructures (ESI); PDF Advanced Electronic Signature Profiles; Part 4: PAdES Long Term - PAdES-LTV Profile 2 TS 102 778-4

More information

Representation of E-documents in AIDA Project

Representation of E-documents in AIDA Project Representation of E-documents in AIDA Project Diana Berbecaru Marius Marian Dip. di Automatica e Informatica Politecnico di Torino Corso Duca degli Abruzzi 24, 10129 Torino, Italy Abstract Initially developed

More information

Electronic Signature. István Zsolt BERTA istvan@berta.hu. Public Key Cryptographic Primi4ves

Electronic Signature. István Zsolt BERTA istvan@berta.hu. Public Key Cryptographic Primi4ves Electronic Signature István Zsolt BERTA istvan@berta.hu Public Key Cryptographic Primi4ves 1 Electronic Signatures - Contents 1. Public key cryptography primiaves 2. CerAficates, CerAficate AuthoriAes,

More information

PkBox Technical Overview. Ver. 1.0.7

PkBox Technical Overview. Ver. 1.0.7 PkBox Technical Overview Ver. 1.0.7 14 September 2015 All the information in this document is and can t be used entirely or in part without a written permission from Intesi Group S.p.A. Le informazioni

More information

.NET Digital Signature Library User Manual

.NET Digital Signature Library User Manual .NET Digital Signature Library User Manual Introduction The main function of.net Digital Signature Library is to digitally sign files in PDF or PKCS#7 cryptographic standard (.P7S or.p7m files) using X.509

More information

Best prac*ces in Cer*fying and Signing PDFs

Best prac*ces in Cer*fying and Signing PDFs over 10 years of securing identities, web sites & transactions Best prac*ces in Cer*fying and Signing PDFs Paul van Brouwershaven Business Development Director EMEA, GlobalSign @vanbroup on TwiEer INTERNATIONAL

More information

How to Time Stamp PDF and Microsoft Office 2010/2013 Documents with the Time Stamp Server

How to Time Stamp PDF and Microsoft Office 2010/2013 Documents with the Time Stamp Server How to Time Stamp PDF and Microsoft Office 2010/2013 Documents with the Time Stamp Server Introduction Time stamping is an important mechanism for the long-term preservation of digital signatures, time

More information

Submitted to the EC on 03/06/2012. COMPETITIVENESS AND INNOVATION FRAMEWORK PROGRAMME ICT Policy Support Programme (ICT PSP) e-codex

Submitted to the EC on 03/06/2012. COMPETITIVENESS AND INNOVATION FRAMEWORK PROGRAMME ICT Policy Support Programme (ICT PSP) e-codex Submitted to the EC on 03/06/2012 COMPETITIVENESS AND INNOVATION FRAMEWORK PROGRAMME ICT Policy Support Programme (ICT PSP) e-codex e-justice Communication via Online Data Exchange ICT PSP call identifier:

More information

Certificate Path Validation

Certificate Path Validation Version 1.4 NATIONAL SECURITY AUTHORITY Version 1.4 Certificate Path Validation 19 th November 2006 No.: 1891/2006/IBEP-011 NSA Page 1/27 NATIONAL SECURITY AUTHORITY Department of Information Security

More information

Digital Signature Verification using Historic Data

Digital Signature Verification using Historic Data Digital Signature Verification using Historic Data Digital signatures are now relatively common; however historic verification of digitally signed data is not so widely understood. As more data is held

More information

AGENDA ITEM 15-16 : ELECTRONIC SIGNATURE

AGENDA ITEM 15-16 : ELECTRONIC SIGNATURE SCREENING CHAPTER 10 Country Session: 13- Content Legislation Main Points of Turkish Electronic Signature Legislation Electronic Certificate Service Providers and Market Standardization Aspect of Electronic

More information

Long term electronic signatures or documents retention

Long term electronic signatures or documents retention Long term electronic s or documents retention IWAP 2004 Yuichi Suzuki SECOM IS Laboratory IWAP 2004 Yuichi Suzuki (SECOM IS Lab) 1 Problem of validity period of certificate PKI does work well in a validity

More information

e-szigno Digital Signature Application

e-szigno Digital Signature Application MICROSEC Software Development Ltd. e-szigno Digital Signature Application Microsec Software Development Ltd. www.e-szigno.hu www.microsec.hu 1031 Budapest, Záhony utca 7. (+36-1) 505-4444 Cg. 01-09-078353

More information

2.1 The scope of Time Stamping Protocol (TSP)

2.1 The scope of Time Stamping Protocol (TSP) XML Security Time Stamping Protocol Axelle Apvrille Vincent Girier Storage Technology European Operations 1 Rd Point Général Eisenhower 31106 Toulouse, France Axelle Apvrille,Vincent Girier @storagetek.com

More information

CERTIFICATE REVIEW RECORD

CERTIFICATE REVIEW RECORD REVIEW HUNGUARD Informatics and IT R&D and General Service Provider Ltd. as a certification authority assigned by the assignment document No. 001/2010 of the Minister of the Prime Minister s Office of

More information

Exploring ADSS Server Signing Services

Exploring ADSS Server Signing Services ADSS Server is a multi-function server providing digital signature creation and signature verification services, as well as supporting other infrastructure services including Time Stamp Authority (TSA)

More information

TECHNICAL INTEROPERABILITY STANDARD

TECHNICAL INTEROPERABILITY STANDARD TECHNICAL INTEROPERABILITY STANDARD For the Spanish Public Administration E-Signature and Certificate Policy GOBIERNO DE ESPAÑA MINISTERIO DE HACIENDA Y ADMINISTRACIONES PÚBLICAS SECRETARÍA DE ESTADO DE

More information

CERTIFICATION PRACTICE STATEMENT UPDATE

CERTIFICATION PRACTICE STATEMENT UPDATE CERTIFICATION PRACTICE STATEMENT UPDATE Reference: IZENPE-CPS UPDATE Version no: v 5.03 Date: 10th March 2015 IZENPE 2015 This document is the property of Izenpe. It may only be reproduced in its entirety.

More information

Technical Description. DigitalSign 3.1. State of the art legally valid electronic signature. The best, most secure and complete software for

Technical Description. DigitalSign 3.1. State of the art legally valid electronic signature. The best, most secure and complete software for Technical Description DigitalSign 3.1 State of the art legally valid electronic signature The best, most secure and complete software for Adding digital signatures to any document, in conformance with

More information

CALIFORNIA SOFTWARE LABS

CALIFORNIA SOFTWARE LABS ; Digital Signatures and PKCS#11 Smart Cards Concepts, Issues and some Programming Details CALIFORNIA SOFTWARE LABS R E A L I Z E Y O U R I D E A S California Software Labs 6800 Koll Center Parkway, Suite

More information

Digital Signature Service. e-contract.be BVBA info@e-contract.be 2 september 2015

Digital Signature Service. e-contract.be BVBA info@e-contract.be 2 september 2015 Digital Signature Service e-contract.be BVBA info@e-contract.be 2 september 2015 About e-contract.be BVBA Consultancy Projects: eid/security related only SOA security From analysis to operational hosting

More information

Package PKI. February 20, 2013

Package PKI. February 20, 2013 Package PKI February 20, 2013 Version 0.1-1 Title Public Key Infrastucture for R based on the X.509 standard Author Maintainer Depends R (>=

More information

NISTIR 7676 Maintaining and Using Key History on Personal Identity Verification (PIV) Cards

NISTIR 7676 Maintaining and Using Key History on Personal Identity Verification (PIV) Cards NISTIR 7676 Maintaining and Using Key History on Personal Identity Verification (PIV) Cards David A. Cooper NISTIR 7676 Maintaining and Using Key History on Personal Identity Verification (PIV) Cards David

More information

FOR A PAPERLESS FUTURE. Petr DOLEJŠÍ Senior Solution Consultant SEFIRA Czech Republic

FOR A PAPERLESS FUTURE. Petr DOLEJŠÍ Senior Solution Consultant SEFIRA Czech Republic FOR A PAPERLESS FUTURE Petr DOLEJŠÍ Senior Solution Consultant SEFIRA Czech Republic PAPER IS EVERYWHERE WHY IS THAT? Please no more! Every large organization is typically large paper producer Banks, insurance,

More information

ETSI TR 119 000 V0.0.3 (2014-01)

ETSI TR 119 000 V0.0.3 (2014-01) TR 119 000 V0.0.3 (2014-01) TECHNICAL REPORT Electronic Signatures and Infrastructures (ESI); Rationalised structure for Electronic Signature Standardisation COMPLETE DRAFT FOR PUBLIC REVIEW UNTIL 7 MARCH

More information

Certification Authority. The X.509 standard, PKI and electronic documents. X.509 certificates. X.509 version 3. Critical extensions.

Certification Authority. The X.509 standard, PKI and electronic documents. X.509 certificates. X.509 version 3. Critical extensions. The X.509 standard, PKI and electronic uments Antonio Lioy < lioy @ polito.it > Politecnico di Torino Dipartimento di Automatica e Informatica Certification Authority (4) cert repository (cert, CRL) Certification

More information

Digital Signature: Efficient, Cut Cost and Manage Risk. Formula for Strong Digital Security

Digital Signature: Efficient, Cut Cost and Manage Risk. Formula for Strong Digital Security Digital Signature: Efficient, Cut Cost and Manage Risk Formula for Strong Digital Security Signature Rafidah Ariffin A person s name written in a distinctive way, pattern or characteristic as a form of

More information

Electronic Documents with Signature Constraints

Electronic Documents with Signature Constraints Electronic Documents with Signature Constraints Felipe C. Werlang 1, Ricardo F. Custódio 1, Roberto Araújo 2 1 Departamento de Informática e Estatística Universidade Federal de Santa Catarina (UFSC) Caixa

More information

Entrust Certificate Services. Java Code Signing. User Guide. Date of Issue: December 2014. Document issue: 2.0

Entrust Certificate Services. Java Code Signing. User Guide. Date of Issue: December 2014. Document issue: 2.0 Entrust Certificate Services Java Code Signing User Guide Date of Issue: December 2014 Document issue: 2.0 Copyright 2009-2014 Entrust. All rights reserved. Entrust is a trademark or a registered trademark

More information

NEMA Standards Publication PS 3 Supplement 41. Digital Imaging and Communications in Medicine (DICOM) Digital Signatures

NEMA Standards Publication PS 3 Supplement 41. Digital Imaging and Communications in Medicine (DICOM) Digital Signatures NEMA Standards Publication PS 3 Supplement 1 Digital Imaging and Communications in Medicine (DICOM) Digital Signatures Status: Final Text Sep 001 Prepared by DICOM Standards Committee, Working Group 1

More information

The Direct Project. Implementation Guide for Direct Project Trust Bundle Distribution. Version 1.0 14 March 2013

The Direct Project. Implementation Guide for Direct Project Trust Bundle Distribution. Version 1.0 14 March 2013 The Direct Project Implementation Guide for Direct Project Trust Bundle Distribution Version 1.0 14 March 2013 Version 1.0, 14 March 2013 Page 1 of 14 Contents Change Control... 3 Status of this Guide...

More information

Biometrics, Tokens, & Public Key Certificates

Biometrics, Tokens, & Public Key Certificates Biometrics, Tokens, & Public Key Certificates The Merging of Technologies TOKENEER Workstations WS CA WS WS Certificate Authority (CA) L. Reinert S. Luther Information Systems Security Organization Biometrics,

More information

SSO Eurécia. and external Applications. Purpose

SSO Eurécia. and external Applications. Purpose SSO Eurécia Purpose This document describes the way to manage SSO connection and external applications. The users logged to the external application by entering his credentials then access to Eurécia without

More information

Validity Models of Electronic Signatures and their Enforcement in Practice

Validity Models of Electronic Signatures and their Enforcement in Practice Validity Models of Electronic Signatures and their Enforcement in Practice Harald Baier 1 and Vangelis Karatsiolis 2 1 Darmstadt University of Applied Sciences and Center for Advanced Security Research

More information

ETSI TS 101 903 V1.4.2 (2010-12) Technical Specification. Electronic Signatures and Infrastructures (ESI); XML Advanced Electronic Signatures (XAdES)

ETSI TS 101 903 V1.4.2 (2010-12) Technical Specification. Electronic Signatures and Infrastructures (ESI); XML Advanced Electronic Signatures (XAdES) TS 101 903 V1.4.2 (2010-12) Technical Specification Electronic Signatures and Infrastructures (ESI); XML Advanced Electronic Signatures (XAdES) 2 TS 101 903 V1.4.2 (2010-12) Reference RTS/ESI-000112 Keywords

More information

PDF Signer User Manual

PDF Signer User Manual PDF Signer User Manual Introduction The main function of PDF Signer is to sign PDF documents using X.509 digital certificates. Using this product you can quickly sign multiple PDF files (bulk sign) by

More information

mod_ssl Cryptographic Techniques

mod_ssl Cryptographic Techniques mod_ssl Overview Reference The nice thing about standards is that there are so many to choose from. And if you really don t like all the standards you just have to wait another year until the one arises

More information

Open Source eid Projects

Open Source eid Projects Open Source eid Projects RMLL Frank Cornelis 10/07/2013 Agenda Overview eid Cryptography in Java via JCA RSA, PKI, jtrust, eid Trust Service Integration levels for eid eid Applet Commons eid eid Identity

More information

STANDARDISIERUNG FÜR EIDAS IM MANDATE/460

STANDARDISIERUNG FÜR EIDAS IM MANDATE/460 STANDARDISIERUNG FÜR EIDAS IM MANDATE/460 TeleTrusT Signaturtag 17.09.2015 ETSI 2014. All rights reserved STANDARDISIERUNG FÜR EIDAS IM MANDATE/460 TeleTrusT Signaturtag 17.09.2015 ETSI 2014. All rights

More information

ETSI TS 102 280 V1.1.1 (2004-03)

ETSI TS 102 280 V1.1.1 (2004-03) TS 102 280 V1.1.1 (2004-03) Technical Specification X.509 V.3 Certificate Profile for Certificates Issued to Natural Persons 2 TS 102 280 V1.1.1 (2004-03) Reference DTS/ESI-000018 Keywords electronic signature,

More information

NIST-Workshop 10 & 11 April 2013

NIST-Workshop 10 & 11 April 2013 NIST-Workshop 10 & 11 April 2013 EUROPEAN APPROACH TO OVERSIGHT OF "TRUST SERVICE PROVIDERS" Presented by Arno Fiedler, Member of European Telecommunications Standards Institute Electronic Signatures and

More information

ETSI TS 102 639-5 V1.1.1 (2009-04) Technical Specification

ETSI TS 102 639-5 V1.1.1 (2009-04) Technical Specification TS 102 639-5 V1.1.1 (2009-04) Technical Specification Access and Terminals, Transmission and Multiplexing (ATTM); Third Generation Transmission Systems for Interactive Cable Television Services - IP Cable

More information

Package PKI. July 28, 2015

Package PKI. July 28, 2015 Version 0.1-3 Package PKI July 28, 2015 Title Public Key Infrastucture for R Based on the X.509 Standard Author Maintainer Depends R (>= 2.9.0),

More information

DECREE 132 of the National Security Authority. dated from 26 March 2009

DECREE 132 of the National Security Authority. dated from 26 March 2009 DECREE 132 of the National Security Authority dated from 26 March 2009 on the conditions for providing accredited certification services and requirements for an audit, the extent of an audit and the qualification

More information

BDOC FORMAT FOR DIGITAL SIGNATURES

BDOC FORMAT FOR DIGITAL SIGNATURES :2013 BDOC FORMAT FOR DIGITAL SIGNATURES Version 2.1:2013 OID: 1.3.6.1.4.1.10015.1000.3.2.1 Table of Contents INTRODUCTION... 2 1. SCOPE... 3 2. REFERENCES... 4 3. DEFINITIONS AND ABBREVIATIONS... 5 4.

More information

Digital Signing without the Headaches

Digital Signing without the Headaches Digital Signing without the Headaches Nick Pope 1 Juan Carlos Cruellas 2 1 Security & Standards Associates Grays, Essex, United Kingdom nickpope@secstan.com 2 Universitat Politècnica de Catalunya Barcelona,

More information

<Insert Picture Here> Oracle Security Developer Tools (OSDT) August 2008

<Insert Picture Here> Oracle Security Developer Tools (OSDT) August 2008 Oracle Security Developer Tools (OSDT) August 2008 Items Introduction OSDT 10g Architecture Business Benefits Oracle Products Currently Using OSDT 10g OSDT 10g APIs Description OSDT

More information

Study on Mutual Recognition of esignatures: update of Country Profiles Icelandic country profile

Study on Mutual Recognition of esignatures: update of Country Profiles Icelandic country profile Study on Mutual Recognition of esignatures: update of Country Profiles Icelandic country profile This report / paper was prepared for the IDABC programme by: Coordinated by: Hans Graux (time.lex), Brigitte

More information

LinShare project version 0.8 File sharing and vault application

LinShare project version 0.8 File sharing and vault application LinShare project version 0.8 File sharing and vault application RMLL 2010 Slideshow LinShare project LinShare uses : File sharing - Big files support - Enterprise directory support - Group management -

More information

Signature policy for TUPAS Witnessed Signed Document

Signature policy for TUPAS Witnessed Signed Document Signature policy for TUPAS Witnessed Signed Document Policy version 1.0 Document version 1.1 1 Policy ID and location Policy ID Name URL urn:signicat:signaturepolicy:tupas wsd:1.0 Signature policy for

More information

Cryptography and Network Security Chapter 15

Cryptography and Network Security Chapter 15 Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 15 Electronic Mail Security Despite the refusal of VADM Poindexter and LtCol North

More information

DIGITAL SIGNATURE FOR EANCOM MESSAGES

DIGITAL SIGNATURE FOR EANCOM MESSAGES Digital Signatures for EACOM Messages DIGITAL SIGATURE FOR EACOM MESSAGES GS1 Implementation Guidelines EACOM TDT DOCUMET v1.0 Page 1 Digital Signatures for EACOM Messages TABLE OF COTETS 1 Introduction...

More information

ETSI TS 101 903 V1.3.2 (2006-03)

ETSI TS 101 903 V1.3.2 (2006-03) TS 101 903 V1.3.2 (2006-03) Technical Specification XML Advanced Electronic Signatures (XAdES) 2 TS 101 903 V1.3.2 (2006-03) Reference RTS/ESI-000034 Keywords e-commerce, electronic signature, security

More information

Al-Wakaye Al-Mesreya / Government Bulletin - Issue No. 115 (Supplement) Dated 25 May 2005

Al-Wakaye Al-Mesreya / Government Bulletin - Issue No. 115 (Supplement) Dated 25 May 2005 Al-Wakaye Al-Mesreya / Government Bulletin - Issue No. 115 (Supplement) Dated 25 May 2005 Ministry of Communications And Information Technology Decree No. 109 Of The Year 2005 Dated 15/5/2005 Issuing The

More information

PEXA Public Key Infrastructure (PKI) Certification Authority Certificate Policy

PEXA Public Key Infrastructure (PKI) Certification Authority Certificate Policy PEXA Public Key Infrastructure (PKI) Certification Authority Certificate Policy Version: 1.0 Issued: August 2014 Status: Final PEXA Certification Authority Certificate Profile 1. Introduction Property

More information

Detailed Specifications

Detailed Specifications 1 of 6 Appendix Detailed Specifications 1. Standards The following standards are used in the document under the following abbreviations: - BASE32, BASE64, BASE64-URL: Network Working Group: Request for

More information

I N F O R M A T I O N S E C U R I T Y

I N F O R M A T I O N S E C U R I T Y NIST Special Publication 800-78-3 DRAFT Cryptographic Algorithms and Key Sizes for Personal Identity Verification W. Timothy Polk Donna F. Dodson William E. Burr Hildegard Ferraiolo David Cooper I N F

More information

X.500 and LDAP Page 1 of 8

X.500 and LDAP Page 1 of 8 X.500 and LDAP Page 1 of 8 Introduction OCLC has completed its investigation of the two proposed electronic access protocols for the ILL Policies Directory. The first is X.500, a directory protocol standard

More information

SAFE Digital Signatures in PDF

SAFE Digital Signatures in PDF SAFE Digital Signatures in PDF Ed Chase Adobe Systems Digital Signatures in PDF Digital Signature Document Digital ID Doc Digest Signer s digital identity is bound to document Modifying document invalidates

More information

I N F O R M A T I O N S E C U R I T Y

I N F O R M A T I O N S E C U R I T Y NIST Special Publication 800-78-2 DRAFT Cryptographic Algorithms and Key Sizes for Personal Identity Verification W. Timothy Polk Donna F. Dodson William. E. Burr I N F O R M A T I O N S E C U R I T Y

More information

ATSC Standard: ATSC Security and Service Protection Standard

ATSC Standard: ATSC Security and Service Protection Standard ATSC Standard: ATSC Security and Service Protection Standard Doc. A/106 28 September 2015 Advanced Television Systems Committee 1776 K Street, N.W. Washington, D.C. 20006 202-872-9160 1 The Advanced Television

More information

CS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure Email

CS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure Email CS 393 Network Security Nasir Memon Polytechnic University Module 11 Secure Email Course Logistics HW 5 due Thursday Graded exams returned and discussed. Read Chapter 5 of text 4/2/02 Module 11 - Secure

More information

DEPARTMENT OF DEFENSE PUBLIC KEY INFRASTRUCTURE EXTERNAL CERTIFICATION AUTHORITY MASTER TEST PLAN VERSION 1.0

DEPARTMENT OF DEFENSE PUBLIC KEY INFRASTRUCTURE EXTERNAL CERTIFICATION AUTHORITY MASTER TEST PLAN VERSION 1.0 DEFENSE INFORMATION SYSTEMS AGENCY JOINT INTEROPERABILITY TEST COMMAND FORT HUACHUCA, ARIZONA DEPARTMENT OF DEFENSE PUBLIC KEY INFRASTRUCTURE EXTERNAL CERTIFICATION AUTHORITY MASTER TEST PLAN VERSION 1.0

More information

BERserk Vulnerability

BERserk Vulnerability Intel Security: Advanced Threat Research BERserk Vulnerability Part 2: Certificate Forgery in Mozilla NSS October 6, 2014 Contents DigestInfo ASN.1 Decoding Vulnerabilities in Mozilla NSS... 2 Forging

More information

Alternate Representations of the Public Key Cryptography Standards (PKCS) Using S-Expressions, S-PKCS

Alternate Representations of the Public Key Cryptography Standards (PKCS) Using S-Expressions, S-PKCS Alternate Representations of the Public Key Cryptography Standards (PKCS Using S-Expressions, S-PKCS Matthew D. Wood Carl M. Ellison Intel Security Technology Lab Alternate Representations of the Public

More information

PKI - current and future

PKI - current and future PKI - current and future Workshop for Japan Germany Information security Yuichi Suzuki yuich-suzuki@secom.co.jp SECOM IS Laboratory Yuichi Suzuki (SECOM IS Lab) 1 Current Status of PKI in Japan Yuichi

More information

DATEVe:secure MAIL V1.1. ISIS-MTT-Assessment Report

DATEVe:secure MAIL V1.1. ISIS-MTT-Assessment Report DATEVe:secure MAIL V1.1 DATEV eg ISIS-MTT-Assessment Report Version 1.1 Date 08. July 2004 Hans-Joachim Knobloch, Fritz Bauspiess Secorvo Security Consulting GmbH Albert-Nestler-Straße 9 D-76131 Karlsruhe

More information

DIRECTOR GENERAL OF THE LITHUANIAN ARCHIVES DEPARTMENT UNDER THE GOVERNMENT OF THE REPUBLIC OF LITHUANIA

DIRECTOR GENERAL OF THE LITHUANIAN ARCHIVES DEPARTMENT UNDER THE GOVERNMENT OF THE REPUBLIC OF LITHUANIA Non-official translation DIRECTOR GENERAL OF THE LITHUANIAN ARCHIVES DEPARTMENT UNDER THE GOVERNMENT OF THE REPUBLIC OF LITHUANIA ORDER ON THE CONFIRMATION OF THE SPECIFICATION ADOC-V1.0 OF THE ELECTRONIC

More information

Paper-based Document Authentication using Digital Signature and QR Code

Paper-based Document Authentication using Digital Signature and QR Code 2012 4T International Conference on Computer Engineering and Technology (ICCET 2012) Paper-based Document Authentication using Digital Signature and QR Code Maykin Warasart and Pramote Kuacharoen Department

More information

OpenADR 2.0 Security. Jim Zuber, CTO QualityLogic, Inc.

OpenADR 2.0 Security. Jim Zuber, CTO QualityLogic, Inc. OpenADR 2.0 Security Jim Zuber, CTO QualityLogic, Inc. Security Overview Client and server x.509v3 certificates TLS 1.2 with SHA256 ECC or RSA cipher suites TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256

More information

Guidelines for Developing Cryptographic Service Providers (CSPs) for Acrobat on Windows

Guidelines for Developing Cryptographic Service Providers (CSPs) for Acrobat on Windows Technical Note Providers (CSPs) for Acrobat C ONTENTS Requirements for Minimal Functionality 1 Recommendations for Maximum Functionality 2 For a Better User Experience Using CSPs in Acrobat 3 Other Recommendations

More information

Operating a CSP in Switzerland or Playing in the champions league of IT Security

Operating a CSP in Switzerland or Playing in the champions league of IT Security Operating a CSP in Switzerland or Playing in the champions league of IT Security Agenda SwissSign Technology Products and Processes Legal Aspects and Standards Business Model Future Developments 2 SwissSign

More information

Electronic Mail Security. Email Security. email is one of the most widely used and regarded network services currently message contents are not secure

Electronic Mail Security. Email Security. email is one of the most widely used and regarded network services currently message contents are not secure Electronic Mail Security CSCI 454/554 Email Security email is one of the most widely used and regarded network services currently message contents are not secure may be inspected either in transit or by

More information

Technical Specification Electronic Signatures and Infrastructures (ESI); ASiC Baseline Profile

Technical Specification Electronic Signatures and Infrastructures (ESI); ASiC Baseline Profile TS 103 174 V2.2.1 (2013-06) Technical Specification Electronic Signatures and Infrastructures (ESI); ASiC Baseline Profile 2 TS 103 174 V2.2.1 (2013-06) Reference RTS/ESI-0003174v221 Keywords ASiC, electronic

More information

Lecture 9: Application of Cryptography

Lecture 9: Application of Cryptography Lecture topics Cryptography basics Using SSL to secure communication links in J2EE programs Programmatic use of cryptography in Java Cryptography basics Encryption Transformation of data into a form that

More information

Additional Information. OpenLimit Middleware Version 3 Server Product Version: 1.2 Help Manual. Date: 23.03.2012 Document version: 1.

Additional Information. OpenLimit Middleware Version 3 Server Product Version: 1.2 Help Manual. Date: 23.03.2012 Document version: 1. Additional Information OpenLimit Middleware Version 3 Server Product Version: 1.2 Help Manual Date: 23.03.2012 Document version: 1.1 OpenLimit SignCubes AG 2012 This documentation is the intellectual property

More information

Crittografia e sicurezza delle reti. Digital signatures- DSA

Crittografia e sicurezza delle reti. Digital signatures- DSA Crittografia e sicurezza delle reti Digital signatures- DSA Signatures vs. MACs Suppose parties A and B share the secret key K. Then M, MAC K (M) convinces A that indeed M originated with B. But in case

More information

Communication Security for Applications

Communication Security for Applications Communication Security for Applications Antonio Carzaniga Faculty of Informatics University of Lugano March 10, 2008 c 2008 Antonio Carzaniga 1 Intro to distributed computing: -server computing Transport-layer

More information

Network Security Essentials Chapter 7

Network Security Essentials Chapter 7 Network Security Essentials Chapter 7 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 7 Electronic Mail Security Despite the refusal of VADM Poindexter and LtCol North to appear,

More information

Interoperability Guidelines for Digital Signature Certificates issued under Information Technology Act

Interoperability Guidelines for Digital Signature Certificates issued under Information Technology Act for Digital Signature Certificates issued under Information Technology Act Version 2.4 December 2009 Controller of Certifying Authorities Department of Information Technology Ministry of Communications

More information

Electronic Archive Information System

Electronic Archive Information System 107 Electronic Archive Information System Saulius RAGAISIS a,1, Adomas BIRSTUNAS b, Antanas MITASIUNAS b and b Arunas STOCKUS a Software Engineering Department, Vilnius University, Lithuania b Computer

More information

Randomized Hashing for Digital Signatures

Randomized Hashing for Digital Signatures NIST Special Publication 800-106 Randomized Hashing for Digital Signatures Quynh Dang Computer Security Division Information Technology Laboratory C O M P U T E R S E C U R I T Y February 2009 U.S. Department

More information

Number of relevant issues

Number of relevant issues Electronic signature Lecture 8 Number of relevant issues cryptography itself algorithms for signing documents key management generating keys, distribution, key revocation security policy certificates may

More information

Category: Standards Track June 1999

Category: Standards Track June 1999 Network Working Group P. Hoffman, Editor Request for Comments: 2634 Internet Mail Consortium Category: Standards Track June 1999 Status of this Memo Enhanced Security Services for S/MIME This document

More information

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES Table of contents 1.0 SOFTWARE 1 2.0 HARDWARE 2 3.0 TECHNICAL COMPONENTS 2 3.1 KEY MANAGEMENT

More information