1

Imagine that you have thousands or millions documents signed in CAdES, XAdES or PAdES format. Signing certificate for end user is typically issued for 1-3 years. After few years, certificate will expire, revocation data (CRLs) required for verification will not be available and original crypto algorithms will not guaranee anything after 10-20 years.

I am courious if there is some mature and ready to use solution for this. I know that this can be handled by archive timestamps, but I need real product which will automatically maintain data required for long term validation, add timestamps automatically, etc.

Could you recommend me some application or library? Is it standalone solution or something what can be integrated with filenet or similar system?

Juraj Hajek
  • 13
  • 4
Juro
  • 11
  • 1

4 Answers4

1

The EU does currently try to endorse Advanced Digital Signatures based on the CAdES, XAdES and PAdES standards. These were specifically designed with the goal of providing the possibility for long-term archiving and validation.

CAdES is based on CMS, XAdES on XML-DSig and PAdES on the signatures defined in ISO 32000-1, which themselves again are based on CMS.

One open source solution for XAdES is the Belgian eid project, you could have a look at that.

These are all standards for signatures, they do not, however, go into detail on how you would actually implement an archiving solution, this would still be up to you.

emboss
  • 38,880
  • 7
  • 101
  • 108
0

These are all standards for signatures, they do not, however, go into detail on how you would actually implement an archiving solution, this would still be up to you.

However, this is something what am I looking for. It seems that Belgian eid mentioned above does not address it at all. (I added some clarification to my original question).

Juraj Hajek
  • 13
  • 4
0

You may find this web site helpful. It's an official site even though its pointing to an IP address. The site discusses in detail your problem and offers a great deal of advise in dealing with long term electronic record storage through a Standards based approach.

The VERS standard is quite extensive and fully supports digital signatures and how best to deal with expired signatures.

The standard is also being adopted by leading EDMS/ECM providers.

Julian
  • 111
  • 1
  • 5
0

If I got your question right, our SecureBlackbox components support XAdES, PAdES and CAdES standards and pulls necessary revocation information (and timestamps) and embeds them in to the signature automatically.

Eugene Mayevski 'Callback
  • 45,135
  • 8
  • 71
  • 121