The scope of the present document covers electronic signature formats only, previous versions of the present document
covered both Electronic Signature Formats and Electronic Signature Policies. The aspects of Electronic Signature
Policies covered by previous versions of the present document are now defined in TR 102 272.
The present document defines a number of electronic signature formats, including electronic signatures that can remain
valid over long periods. This includes evidence as to its validity even if the signer or verifying party later attempts to
deny (repudiates) the validity of the electronic signature.
The present document specifies use of Trusted Service Providers (e.g. Time-Stamping Authorities) and the data that
needs to be archived (e.g. cross certificates and revocation lists) to meet the requirements of long-term electronic
signatures.
An electronic signature, as defined by the present document, can be used for arbitration in case of a dispute between the
signer and verifier, which may occur at some later time, even years later.
The present document includes the concept of signature policies that can be used to establish technical consistency
when validating electronic signatures, but it does not mandate their use.
The present document is based on the use of public key cryptography to produce digital signatures, supported by public
key certificates. The present document also specifies the use of time-stamping and time-marking services to prove the
validity of a signature long after the normal lifetime of critical elements of an electronic signature. The present
document also, as an option, defines ways to provide very long-term protection against key compromise or weakened
algorithms.
The present document builds on existing standards that are widely adopted. These include:
? RFC 3852: "Cryptographic Message Syntax (CMS)";
? ISO/IEC 9594-8/ITU-T Recommendation X.509: "Information technology - Open Systems
Interconnection - The Directory: Public-key and attribute certificate frameworks";
? RFC 3280: "Internet X.509 Public Key Infrastructure (PKIX) Certificate and Certificate Revocation List
(CRL) Profile";
? RFC 3161: "Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP)".
NOTE: See clause 2 for a full set of references.
The present document describes formats for advanced electronic signatures using ASN.1 (Abstract Syntax Notation 1).
These formats are based on CMS (Cryptographic Message Syntax) defined in RFC 3852. These electronic
signatures are thus called CAdES, for "CMS Advanced Electronic Signatures".
Another document, TS 101 903, describes formats for XML Advanced Electronic Signatures (XAdES) built on
XMLDSIG.
In addition, the present document identifies other documents that define formats for Public Key Certificates, Attribute
Certificates, and Certificate Revocation Lists and supporting protocols, including protocols for use by trusted third
parties to support the operation of electronic signature creation and validation.
Informative annexes include:
? illustrations of extended forms of Electronic Signature formats that protect against various vulnerabilities and
examples of validation processes (annex B);
? descriptions and explanations of some of the concepts used in the present document. giving a rational for
normative parts of the present document (annex C);
? information on protocols to interoperate with Trusted Service Providers (annex D);
? guidance on naming (annex E);
? an example structured content and MIME (annex F);
? the relationship between the present document and the directive on electronic signature and associated
standardization initiatives (annex G);
? APIs to support the generation and verification of electronic signatures (annex H);
? cryptographic algorithms that may be used (annex I); and
? naming schemes (annex J).