Improved eIDAS compliant 3Key AdES signature formats module for SignServer

You might be aware of the 3Key AdES signature formats module for the SignServer from eIDAS SignServer: AdES signature formats, a part of our series on eIDAS compliant remote signing.

The main purpose of this module is to provide an easy option to use signature formats that are accepted on a global scale. By these formats we mean the baseline profiles for PAdES, XAdES, CAdES, and ASiC.

Now we’re improving this module with even more functionality:

  • Adding support for JAdES signature format
  • Adding support for AdES signature validation

JAdES support

JAdES signature is an extension of the JSON Web Signature specified in IETF RFC 7515. It’s a part of the technical specification ETSI TS 119 182-1 draft (at the time of writing) defined by:

  • defining an additional set of JSON header parameters that can be incorporated in the JOSE Header
  • specifying the mechanisms for incorporating the JSON components in JSON Web Signatures to build JAdES signatures
  • defining four levels of JAdES baseline signatures addressing incremental requirements to maintain the validity of the signatures over the long term

JAdES can be used for any transaction between an individual and a company, between two companies or between an individual and a governmental body, etc. applicable to any electronic communications. The technical features of the specification can therefore be applied to the use of PKI based digital signature technology and in both regulated and general commercial environments.

It has many helpful uses, for an example to provide a consistent experience and security in an open banking APIs where banks are using various signing algorithms (PSD 2).

AdES signature validation support

Utilizing the AdES signature format is a great way how to build compliant and trusted application. However, it is also important to validate the AdES signature once they are created.

3Key AdES signature formats module validates the AdES signatures according process defined in ETSI EN 319 102-1 (Electronic Signatures and Infrastructures (ESI); Procedures for Creation and Validation of AdES Digital Signatures).

  • The validation procedure is build on the similar AdES building blocks:
  • for basic signatures
  • for signatures with time and signature with long-term validation material
  • for signatures providing long term availability and integrity of validation material

The validation process of AdES signature provides one of these three following statuses:

  • TOTAL-FAILED
  • TOTAL-PASSED
  • INDETERMINATE

When the validation process is finished, you get as a result AdES validation report, which contains information on:

  • the result (general and detailed)
  • the signature
  • the signed document / data
  • the elements used in the validation

Easy integration

It has never been easier to create and validate eIDAS compliant AdES signature formats. Using our improved 3Key AdES module and SignServer capabilities, you are able to effectively integrate digital signing in to your existing products, service, procedures, or workflows.

Whether you would like to create and validate signatures on advanced or qualified level, we can support you with a solution that complies with your requirements, the regulations and standards.

You can use 3Key Marketplace in order to manage your SignServer cluster and upload 3Key AdES module where needed. This is the most convenient way how to get the solution up and running in few minutes.

Let’s increase security, trust, and digitalization together! 

Need help?

Do not hesitate to get in touch with us!

Get in touch with us!

security | data intelligence | consulting

Contact us!