Presentation is loading. Please wait.

Presentation is loading. Please wait.

OpenXAdES & DigiDoc Tarvi Martens Estonia.

Similar presentations

Presentation on theme: "OpenXAdES & DigiDoc Tarvi Martens Estonia."— Presentation transcript:

1 OpenXAdES & DigiDoc Tarvi Martens Estonia

2 The Story January 2002 – first Estonian ID-card is issued
March 2002 – ETSI publishes first version of XAdES October 2002 – First public occasion of digital signing May 2007 – >2.2M digital signatures created, unified signature system for all sectors

3 “Internal” vs. “free-flowing”
Most of web-based applications making use of digital signatures do not allow for downloading the result of signing Notable difference between “internal signing” – usually just for security reasons “signed files” – meant for universal distribution

4 Signatures vs. Containers
Data Data Data Data External Data Signature

5 Signature Formats Big zoo before Now stabilizing
European standards ahead of U.S. XML-DSIG  XAdES (ETSI TS ) PKCS#7 (CMS)  CAdES (ETSI TS )

6 Signature Profiles – XAdES example
XML-DSIG+ BES/PES T C X L A ... plus myriad of options within blocks Example : ETSI &

7 Signature Policies How validity information is obtained ?
Which algorithms/key lengths are used ? What is quality of the signing certificate ? Is long-time validity ensured ?

8 Container Formats MS OpenXML (XAdES evolving from Latvia)
ODF (XML-DSIG) Adobe (CMS) MS <= 2003 (proprietary) DigiDoc (XAdES)

9 DigiDoc and OpenXAdES OpenXAdES stands for Open Source project & community DigiDoc is a petname for (mainly) end-user tools for digital signature handling Makes use of OpenXAdES

10 DigiDoc/OpenXAdES – a profile of XAdES
XAdES-X-L coming in two flawors with or without timestamping Validity confirmation obtained when signing Long-time validity provided with SeqLog Proprietary container

11 Features/experience Signing with CSP-supported smartcard or Mobile-ID (via DigiDocService) Proven support for foreign ID-cards Mobile-ID up and running for a week 5 years of development and field experience Probably the “completest” implemenation of XAdES to date

12 The Scheme “I just signed this document” Doc,Cert OCSP DB
(Doc,Cert,time)ok “At the time I saw this document, corresponding certificate was valid” Secure log

13 SeqLog Data base of certificates: Activation Suspension
End of suspension Revocation SeqLog OCSP Signed validity confirmations

14 DigiDoc-library (Win32/Unix/C/Java)
DigiDoc Architecture Application Application Application Win32 Client DigiDoc portal COM-library WebService DigiDoc-library (Win32/Unix/C/Java) CSP PKCS#11 MSSP XML ID card Mobile phone OCSP

15 DigiDoc Portal Simple WWW-application for everyone:
Downloading/uploading of document Signing and validity confirmation Verification Sending document to another portal user Sorting/Deleting/Archives Multi-language

16 Digidoc Portal

17 Verification Portal
Allows to check .ddoc file without ID-card

18 DigiDoc Client Provides the same functionality as portal
Signing and obtaining validity confirmation Verification of signed document Encryption and decryption (XML-ENCRYPT) Does not require uploading document Provides for digital signatures without using DigiDoc portal Multi-language, multi-PKI support

19 DigiDoc Client

20 DigiDocService Simple SOAP-based protocol
“I have a file here, make it signed” “I have got a signed file. What’s inside it?” Supports mobile authentication and digital signing Best for integration of digital signature handling capability – libraries a changing rapidly, the protocol remains more stable

21 DigiDoc library (Win32/Unix)
Signing through PKCS#11 and CSP Handling of validity confirmation Handling of XML document Verification Win32/Unix, C code DLL & COM under Windows Java implementation Distributed under LGPL terms DigiDoc library (Win32/Unix) CSP OCSP XML ID card

22 Document format Based on XML-DSIG standard
Contains subset of ETSI TS (XAdES) extensions Place, time and of signature Role of signature holder Validity confirmation and certificate of OCSP responder

23 Document format (2) Multiple original documents can be signed at once
Original document can be embedded or detached Original document can be XML or any binary format Multiple signatures are supported Just one validity confirmation per signature

24 Document format Original files Signature Certificate of signer
Validity confirmation Certificate of responder

25 Availability for Lithuania
OpenXAdES completely free (i.e. specs & libraries) DigiDoc applications currently available for free use / free download Further developments need support: Special & new features Following the everchanging environment “Vendor support”

Download ppt "OpenXAdES & DigiDoc Tarvi Martens Estonia."

Similar presentations

Ads by Google