When a digital signature is generated, the signer does not incorporate in the document evidences that give the probative value of this electronic signature. This digital evidence is picked up automatically during the verification process for each digital electronic signature. For performing later verifications of the signatures, such evidences will be stored as fundamental data, that later can be extracted and used by third parties, as probative elements.
Digital evidences include information on the moment when the electronic signature was produced, all the certificates that make the trust chain and the reliable information of the status of the certificates at that instant.
Electronic time stamp
The time-stamp allows irrefutably prove the existence of a document prior to a given date (e.g. contracts, research data, intellectual property, medical records). Time-stamp reliability is based on the existence of a Trusted Third Party (TTP), that is commonly named Time Stamp Authority (TSA), that binds the document to a given date, never the signer.
Time-stamps, used together with electronic signatures, grants electronic documents the non-repudiability or irrefutability property. From a technical perspective time-stamps are required to:
- determine whether an electronic signature has been created prior than the associated digital certificate is no longer valid (due to revocation or expiration) and
- allow a long-time verification of the above mentioned electronic signature, further than expiry date of electronic evidences that grant prove of validity to the electronic signature itself.
Types of electronic signatures
Standards XAdES (ETSI TS 101 903) and CAdES (ETSI TS 101 733) identify four types of signatures:
- Basic electronic signature (ES) that has no time-stamps but the signer declares the signing time.
- Time stamped electronic signature (ES-T) where the signing time is backed by a TSA.
- Electronic signature with complete validation data (ES-C) which adds information on the digital certificate chain and digital certificate revocation status information.
- Electronic signature with archive validation data (ES-A). Once the complete validation data is added and timestamped, the electronic signature is updated with successive timestamps before the cryptographic algorithms become weak or digital certificates expire. This type of electronic signature is the basis for the long-term validity of electronic signatures.
The PAdES standard (ETSI TS 102 778) profiles support for PDF format (ISO 32000-1) digital signatures for including advanced electronic signatures in PDF documents. It also extends this support as it defines new data structures for maintaining the validity of signatures over long periods.
The TrustedX electronic signature generation service currently supports signing PDF documents using the PAdES-CMS profile. For the near future, it is planned that the electronic signature generation service will also support the PAdES-BES, PAdES-EPES and PAdES-XML profiles, and that the update (DR) and electronic signature custody (DSC) services will be able to update signatures using the structures defined in the PAdES-LTV profile.