1 / 24

OpenXAdES DigiDoc

The Story. January 2002 first Estonian ID-card is issuedMarch 2002 ETSI publishes first version of XAdESOctober 2002 First public occasion of digital signingMay 2007 >2.2M digital signatures created, unified signature system for all sectors. Internal" vs. free-flowing". Most of

hayden
Download Presentation

OpenXAdES DigiDoc

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. OpenXAdES & DigiDoc Tarvi Martens Estonia

    2. The Story January 2002 – first Estonian ID-card is issued March 2002 – ETSI publishes first version of XAdES October 2002 – First public occasion of digital signing May 2007 – >2.2M digital signatures created, unified signature system for all sectors

    3. “Internal” vs. “free-flowing” Most of web-based applications making use of digital signatures do not allow for downloading the result of signing Notable difference between “internal signing” – usually just for security reasons “signed files” – meant for universal distribution

    4. Signatures vs. Containers

    5. Signature Formats Big zoo before Now stabilizing European standards ahead of U.S. XML-DSIG ? XAdES (ETSI TS 101903) PKCS#7 (CMS) ? CAdES (ETSI TS 101733)

    6. Signature Profiles – XAdES example ... plus myriad of options within blocks Example : ETSI 101734 & 101934

    7. Signature Policies How validity information is obtained ? Which algorithms/key lengths are used ? What is quality of the signing certificate ? Is long-time validity ensured ? …

    8. Container Formats MS OpenXML (XAdES evolving from Latvia) ODF (XML-DSIG) Adobe (CMS) MS <= 2003 (proprietary) DigiDoc (XAdES)

    9. DigiDoc and OpenXAdES OpenXAdES stands for Open Source project & community www.openxades.org DigiDoc is a petname for (mainly) end-user tools for digital signature handling Makes use of OpenXAdES

    10. DigiDoc/OpenXAdES – a profile of XAdES XAdES-X-L coming in two flawors with or without timestamping Validity confirmation obtained when signing Long-time validity provided with SeqLog Proprietary container

    11. Features/experience Signing with CSP-supported smartcard or Mobile-ID (via DigiDocService) Proven support for foreign ID-cards Mobile-ID up and running for a week 5 years of development and field experience Probably the “completest” implemenation of XAdES to date

    12. The Scheme

    13. SeqLog

    14. DigiDoc Architecture

    15. DigiDoc Portal Simple WWW-application for everyone: Downloading/uploading of document Signing and validity confirmation Verification Sending document to another portal user Sorting/Deleting/Archives Multi-language

    16. Digidoc Portal

    17. Verification Portal http://digidoccheck.sk.ee Allows to check .ddoc file without ID-card

    18. DigiDoc Client Provides the same functionality as portal Signing and obtaining validity confirmation Verification of signed document Encryption and decryption (XML-ENCRYPT) Does not require uploading document Provides for digital signatures without using DigiDoc portal Multi-language, multi-PKI support

    19. DigiDoc Client

    20. DigiDocService Simple SOAP-based protocol “I have a file here, make it signed” “I have got a signed file. What’s inside it?” Supports mobile authentication and digital signing Best for integration of digital signature handling capability – libraries a changing rapidly, the protocol remains more stable

    21. DigiDoc library Signing through PKCS#11 and CSP Handling of validity confirmation Handling of XML document Verification Win32/Unix, C code DLL & COM under Windows Java implementation Distributed under LGPL terms

    22. Document format Based on XML-DSIG standard Contains subset of ETSI TS 101 903 (XAdES) extensions Place, time and of signature Role of signature holder Validity confirmation and certificate of OCSP responder

    23. Document format (2) Multiple original documents can be signed at once Original document can be embedded or detached Original document can be XML or any binary format Multiple signatures are supported Just one validity confirmation per signature

    24. Document format

    25. Availability for Lithuania OpenXAdES completely free (i.e. specs & libraries) DigiDoc applications currently available for free use / free download Further developments need support: Special & new features Following the everchanging environment “Vendor support”

More Related