openxades digidoc
Download
Skip this Video
Download Presentation
OpenXAdES & DigiDoc

Loading in 2 Seconds...

play fullscreen
1 / 25

OpenXAdES & DigiDoc - PowerPoint PPT Presentation


  • 89 Views
  • Uploaded on

OpenXAdES & DigiDoc. Tarvi Martens Estonia. The Story. January 2002 – first Estonian ID-card is issued March 2002 – ETSI publishes first version of XAdES October 2002 – First public occasion of digital signing

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'OpenXAdES & DigiDoc' - masao


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
openxades digidoc

OpenXAdES & DigiDoc

Tarvi Martens

Estonia

the story
The Story
  • January 2002 – first Estonian ID-card is issued
  • March 2002 – ETSI publishes first version of XAdES
  • October 2002 – First public occasion of digital signing
  • May 2007 – >2.2M digital signatures created, unified signature system for all sectors
internal vs free flowing
“Internal” vs. “free-flowing”
  • Most of web-based applications making use of digital signatures do not allow for downloadingthe result of signing
  • Notable difference between
    • “internal signing” – usually just for security reasons
    • “signed files” – meant for universal distribution
signatures vs containers
Signatures vs. Containers

Container

Data

Data

Data

Data

External Data

Signature

signature formats
Signature Formats
  • Big zoo before
  • Now stabilizing
  • European standards ahead of U.S.
  • XML-DSIG  XAdES (ETSI TS 101903)
  • PKCS#7 (CMS)  CAdES (ETSI TS 101733)
signature profiles xades example
Signature Profiles – XAdES example

XML-DSIG+BES/PES

T

C

X

L

A

  • ... plus myriad of options within blocks
  • Example : ETSI 101734 & 101934
signature policies
Signature Policies
  • How validity information is obtained ?
  • Which algorithms/key lengths are used ?
  • What is quality of the signing certificate ?
  • Is long-time validity ensured ?
container formats
Container Formats
  • MS OpenXML (XAdES evolving from Latvia)
  • ODF (XML-DSIG)
  • Adobe (CMS)
  • MS <= 2003 (proprietary)
  • DigiDoc (XAdES)
digidoc and openxades
DigiDoc and OpenXAdES
  • OpenXAdES stands for Open Source project & community
    • www.openxades.org
  • DigiDoc is a petname for (mainly) end-user tools for digital signature handling
    • Makes use of OpenXAdES
digidoc openxades a profile of xades
DigiDoc/OpenXAdES – a profile of XAdES
  • XAdES-X-L coming in two flawors
    • with or without timestamping
  • Validity confirmation obtained when signing
  • Long-time validity provided with SeqLog
  • Proprietary container
features experience
Features/experience
  • Signing with CSP-supported smartcard or Mobile-ID (via DigiDocService)
    • Proven support for foreign ID-cards
    • Mobile-ID up and running for a week
  • 5 years of development and field experience
  • Probably the “completest” implemenation of XAdES to date
the scheme
The Scheme

“I just signed this document”

Doc,Cert

OCSP

DB

(Doc,Cert,time)ok

“At the time I saw this document, corresponding certificate was valid”

Secure log

seqlog
SeqLog
  • Data base of certificates:
  • Activation
  • Suspension
  • End of suspension
  • Revocation

SeqLog

OCSP

Signed validity confirmations

digidoc architecture
DigiDoc Architecture

Application

Application

Application

Win32 Client

DigiDoc portal

COM-library

WebService

DigiDoc-library (Win32/Unix/C/Java)

CSP

PKCS#11

MSSP

XML

ID card

Mobile phone

OCSP

digidoc portal
DigiDoc Portal
  • Simple WWW-application for everyone:
    • Downloading/uploading of document
    • Signing and validity confirmation
    • Verification
    • Sending document to another portal user
    • Sorting/Deleting/Archives
    • Multi-language
verification portal
Verification Portal
  • http://digidoccheck.sk.ee
  • Allows to check .ddoc file without ID-card
digidoc client
DigiDoc Client
  • Provides the same functionality as portal
    • Signing and obtaining validity confirmation
    • Verification of signed document
  • Encryption and decryption (XML-ENCRYPT)
  • Does not require uploading document
  • Provides for digital signatures without using DigiDoc portal
  • Multi-language, multi-PKI support
digidocservice
DigiDocService
  • Simple SOAP-based protocol
    • “I have a file here, make it signed”
    • “I have got a signed file. What’s inside it?”
  • Supports mobile authentication and digital signing
  • Best for integration of digital signature handling capability – libraries a changing rapidly, the protocol remains more stable
digidoc library
DigiDoc library (Win32/Unix)

CSP

XML

ID card

OCSP

DigiDoc library
  • Signing through PKCS#11 and CSP
  • Handling of validity confirmation
  • Handling of XML document
  • Verification
  • Win32/Unix, C code
  • DLL & COM under Windows
  • Java implementation
  • Distributed under LGPL terms
document format
Document format
  • Based on XML-DSIG standard
  • Contains subset of ETSI TS 101 903 (XAdES) extensions
    • Place, time and of signature
    • Role of signature holder
    • Validity confirmation and certificate of OCSP responder
document format 2
Document format (2)
  • Multiple original documents can be signed at once
  • Original document can be embedded or detached
  • Original document can be XML or any binary format
  • Multiple signatures are supported
  • Just one validity confirmation per signature
document format1
Document format

Original files

Signature

Certificateof signer

Validityconfirmation

Certificateof responder

availability for lithuania
Availability for Lithuania
  • OpenXAdES completely free (i.e. specs & libraries)
  • DigiDoc applications currently available for free use / free download
  • Further developments need support:
    • Special & new features
    • Following the everchanging environment
    • “Vendor support”
ad