0

Is there an equivalent in XAdES for the PAdES timestamp where the PDF gets "signed" by the TSA?

I don't mean XAdES-T where, if I understand correctly, a timestamp is added to an existing signature, I'm looking for something like this (A.2 page 15):

https://www.etsi.org/deliver/etsi_ts/102700_102799/10277804/01.01.01_60/ts_10277804v010101p.pdf

This looks somethig like this: https://1drv.ms/b/s!AlQKaiJaXUDNgxZwz3QxR2CaaORm?e=TnA0uX

If you download the PDF and open it with Adobe Reader for example you would see a "signature" made by the TSA.

Thank you!

pedrofb
  • 37,271
  • 5
  • 94
  • 142
Sesto
  • 1
  • 2
  • Do you mean an equivalent to PAdES-LTV? In the document you have the equivalence with Cades that you can extrapolate to Xades. It would be Xades-XL or Xades-A. Or the most recent Xades-LTA. – pedrofb Sep 23 '19 at 18:14
  • XAdES-T perfectly serves to protect a document with a time stamp. The difference with xades-A is that it encapsulates certificates and revocation evidences, in addition to a second time stamp, which are useful for long-term validation of the signature – pedrofb Sep 23 '19 at 18:27
  • First of all, thank you for taking the time to answering. Do you have and example of a pdf timestamped with some version of xades? – Sesto Sep 24 '19 at 06:25
  • I have edit the question to include a link to a PDF that I want to find the xades equivalent for. – Sesto Sep 24 '19 at 06:26
  • XML->XAdES, PDF->PAdES, BINARY->CAdES. You can't sign/timestamp a PDF with XAdES – pedrofb Sep 24 '19 at 08:57
  • I understand that, but is there in XAdES the same concept of a TSA signature of a file? I can turn the response of an RFC3161 compliant TSA into a PAdES timestamp like the one in the second link, can the same be done in XAdES? – Sesto Sep 24 '19 at 16:07
  • I have found this: https://docs.oasis-open.org/dss/v1.0/oasis-dss-profiles-AdES-spec-cs-v1.0-r1.htm#_Toc159071439 but seems to me that first you need to have a signature and then apply the timestamp which is not excatly what I would want, – Sesto Sep 24 '19 at 16:11
  • A time stamp in XAdES is made on a pre-existing signature. It is not possible to add it directly to the document. It is not a technical issue but the format is like that. I have reviewed the PAdES standard (https://www.etsi.org/deliver/etsi_ts/102700_102799/10277801/01.01.01_60/ts_10277801v010101p.pdf) and I have not found a profile PAdES that allows to apply the time stamp directly. All the profiles are equivalent to XAdES: When a time stamp is applied it is done on a signature. Providing your PDF document to a ETSI PAdES validator fails, so seems that it is not PAdES. – pedrofb Sep 24 '19 at 19:24
  • Wich validator did you use? I used this one and detects the timestmap and says it is correct https://signatures-conformance-checker.etsi.org/pub/index.shtml – Sesto Sep 25 '19 at 06:40
  • Screenshot of the report: https://ibb.co/xLJQQ9J – Sesto Sep 25 '19 at 06:41
  • I used https://ec.europa.eu/cefdigital/DSS/webapp-demo/validation, https://account.ascertia.com/demos/PDFSignatureVerificationStep1, https://valide.redsara.es/. The ETSI official conformance test seems to work. The pdf contains a signature+timestamp made by the TSA, and the OCSP responses. This compatibility issue is very common, one thing is the standard and another the implementations ... – pedrofb Sep 25 '19 at 12:24

0 Answers0