0

I have an XML file which has been signed with XADES using qualified digital signature.

How do I tell if this signature is QSCD compliant?

Is this something:

  • that is recorded in the XML signature nodes, for instance as a child node under SignedSignatureProperties?
  • is this perhaps some property of the signing certificate itself (I can extract the public key certificate form the signature by looking at the innerText of the X509Certificate node)?
  • or is this some property of the intermediate or root CA certificate?
  • or maybe the certificate, intermediate or root CA needs to be listed as somewhere as QSCD compliant?

I'm pretty sure this check can be technically performed as various validators can tell you this information. Below samples are from Adobe Acrobat Reader PADES signature verification, but it should work the same way for XADES:

QSCD compliant qualified digital signature

Non QSCD compliant qualified digital signature

Matt
  • 3
  • 2

1 Answers1

0

After some investigation I figured this one out.

Apparently, each signing certificate have a property called Certificate Policy and that may directly refer to EUs QSCD policy with OID 0.4.0.194112.1.3. More info on this OID here. If this OID reference is present in the signing certificate than the signature can be deemed QCSD compliant (given all other formal qualified signature requirements are met).

There may be cases where this OID is not directly present in the certificate. In such case other OID should be present, and that OID may refer to the certificate's issuer custom policy. Then the matter becomes trickier as each EU Country may maintain their own TSL list where this custom OIDs are referenced. Supposedly National lists can be located under this address. Once you are able to locate the National TSL list, then it is possible to find the Certificate's OID and then locate following node which again proves that the signature is QSCD complaint

<Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCWithQSCD"/>
Matt
  • 3
  • 2