The difference between an Electronic Signature and a Digital Signature


It is a common to see people use the terms electronic signature and digital signature interchangeably. However, this is a misconception among many because the two can differ, along with the processes in which they are generated, validated and their specific legal ramifications.

Read more

What is Key Management? a CISO Perspective

Key management refers to managing cryptographic keys within a cryptosystem. It deals with generating, exchanging, storing, using and replacing keys as needed at the user level.

Read more

Introduction into XAdES for Trust Service Providers

The term XAdES stands for XML Advanced Electronic Signatures, which specifies a set of extensions that are used with the W3C recommendation for XML Signature Syntax and Processing (XML-DSig). This documents includes the final drafts for a revised framework by the European Telecommunications Standards Institute (02-2016).

Read more

Is the NIST Digital Signature Standard DSS legally binding?


Under the Computer Security Act of 1987, the National Institute of Standards and Technology (NIST) was authorized to approve standards and set guidelines to ensure the security and confidentiality of sensitive data that is processed on the government’s computer systems. In 1994, the National Institute of Standards and Technology (NIST) adopted the Digital Signature Standard (DSS) FIPS 186, which specifies algorithms that are used in creating digital signatures. Currently, a revised DSS, FIPS 186-4 is awaiting its final release and there is controversy regarding whether the DSS should be considered legally binding.

Read more

Introduction into CAdES for Trust Service Providers


The term CAdES stands for CMS Advanced Electronic Signatures. The Cryptographic Message Syntax (CMS) provides a framework for digitally signed documents, including PDF or emails. This article introduces the relevant signature policies associated with CAdES and takes a deeper look at main formats and validation data. 

Read more

Introduction into PAdES for Trust Service Providers



The term PAdES stands for PDF Advanced Electronic Signatures. It refers to a group of extensions and restrictions that are used with PDF and ISO 32000-1. They allow for advanced electronic signatures that adhere to the eIDAS Regulation, which has evolved from the European Union Directive 1999/93/EC.

Read more

The eIDAS Agenda: Innovation, Interoperability and transparency


Digital signatures (and the accompanying concepts of encryption and authentication) have been a critical aspect of electronic communications for several years now, and both regulatory bodies and businesses continue to demonstrate a vested interest in the continued growth and advancement of this field.

A popular point of discussion and research among businesses in the EU is eIDAS, the EU regulation on the use of identification and trust services for electronic transactions in the internal market. Not only is eIDAS required for legally-compliant digital signatures, it's also part of a greater picture of technological innovation and growth within the EU.

Read more

Understanding the Major Terms Around Digital Signatures


The technology and terms that are involved with digital signing can be confusing. This article attempts to clarify meaning and implications of the major terms related to digital signatures.

Read more

eIDAS From Directive To Regulation


eIDAS has made it easier for citizens and businesses of the European Union to electronically sign documents within Member States that utilize electronic identification schemes (eIDS).

This post breifly explains the implications of eIDAS within the European Union.

Read more