Blog - Cryptomathic

Introduction into PAdES for Trust Service Providers

Written by Dawn M. Turner (guest) | 27. January 2016

The term PAdES stands for PDF Advanced Electronic Signatures. It refers to a group of extensions and restrictions that are used with PDF and ISO 32000-1. They allow for advanced electronic signatures that adhere to the eIDAS Regulation, which has evolved from the European Union Directive 1999/93/EC.

PAdES is the electronic signature design for PDF Advanced Electronic Signatures.
Other eIDAS-compliant designs are C
AdES and XAdES.

The ISO 32000-1

The ISO 32000-1 standard specifies the Portable document format, commonly known as PDF. Currently this standard allows for:

  1. Digital signatures to be added immediately to a PDF document
  2. The saving of a placeholder field where signatures can be placed in the future
  3. Checking the validity of signatures

Long-Term Validation

By using the PAdES standard, also known as ETSI Technical Specification (TS) 1-2 778, there is an assurance that electronically signed documents will remain valid for longer periods of time regardless if the cryptographic algorithms used are broken. This will allow these digitally-signed documents to be archived for many years. At any given time, it is possible to confirm that the signature was valid through a concept referred to as Long-Term Validation (LTV).

PDF Signature Types

With PAdES, different PDF signature types utilize additional document signature functions. Certification signatures rely on modification permissions that are referenced under clause 12.8.4 of ISO 32000-1. This allows the document to be modified as in allowing comments or the filling in of forms, but will still allow the original signature to be read as valid. The usage rights signature type referenced under clause 12.8.2.3 of ISO 32000-1, allows documents to be enhanced with additional privileges and rights during the course of workflow, but uses the signature to confirm that the document and rights have not been tampered with.

PDF Signature Handlers

Multiple implementations for using Cryptographic Message Syntax (CMS) - based digital signatures within a PDF document are defined in ISO 32000-1. Each is defined with a pair of values from the signature dictionary:

  1. Filter, which defines the name of which preferred signature handler to use to validate the signature
  2. Subfilter, which is the name given to describe the encoding within the signature dictionary for the encoding of the PDF Signature and its key information.

Signature Appearance

ETSI Technical Specification (TS) 102778-6 states that the signature appearance will represent elements of the AdES signature, in addition to other attributes, such as the time of signing or location. When creating the signature appearance, the signature handler should include information certifying the identity of the signer and time of signing.

PDF Serial Signatures

For PDF documents that require multiple signatures, serial signatures allow for additional signatures despite the limitation of only a single signing certificate within the PDF. This is done by creating multiple signature dictionaries that each have their own associated Byte Range for each signature.

Conformance Levels for Trust Providers

The PAdES Baseline Profile specified in ETSI TS 103 172 V2.2.2 defines four levels of conformance for digital signatures:

  1. B-Level – Profiles both signed and some unsigned properties of a signature at the time it is created.
  2. T-Level – Generates a trusted token to prove the signature was created on a certain date and time.
  3. LT-Level – Incorporates all material that is required to validate the signature and allow for the long term availability of the signed document.
  4. LTA-Level – Incorporates time-stamp tokens to allow for the long term availability and integrity of the signed document.

When exchanging digitally signed information between parties, the signatures should conform to the level that will allow the parties to trust the signature when the exchange occurs.

Compliance Requirements for Trust Providers

A verifier shall be able to accept a signature that has properties or elements that conform to PAdES. Compliance requirements are grouped into four categories that each have their own corresponding identifier:

  1. Service/Protocol Element – identifies the service or protocol element in which the requirement will apply.
  2. Reference – refers to the relevant clause of the standard that first defines the element.
  3. Requirement on generator – Contains the identifier of the requirement and binds it to the corresponding protocol element.
  4. Notes/Additional requirements – Contains numbers or letters that reference additional requirements.

References and Further Reading

Cover image: courtesy of Highways England (HA0478-029), Flickr