Presentation is loading. Please wait.

Presentation is loading. Please wait.

OpenXAdES & DigiDoc Tarvi Martens Estonia. The Story January 2002 – first Estonian ID-card is issued March 2002 – ETSI publishes first version of XAdES.

Similar presentations


Presentation on theme: "OpenXAdES & DigiDoc Tarvi Martens Estonia. The Story January 2002 – first Estonian ID-card is issued March 2002 – ETSI publishes first version of XAdES."— Presentation transcript:

1 OpenXAdES & DigiDoc Tarvi Martens Estonia

2 The Story January 2002 – first Estonian ID-card is issued March 2002 – ETSI publishes first version of XAdES October 2002 – First public occasion of digital signing May 2007 – >2.2M digital signatures created, unified signature system for all sectors

3 Internal vs. free-flowing Most of web-based applications making use of digital signatures do not allow for downloading the result of signing Notable difference between internal signing – usually just for security reasons signed files – meant for universal distribution

4 Signatures vs. Containers Signature Data Container External Data

5 Signature Formats Big zoo before Now stabilizing European standards ahead of U.S. XML-DSIG XAdES (ETSI TS ) PKCS#7 (CMS) CAdES (ETSI TS )

6 Signature Profiles – XAdES example... plus myriad of options within blocks Example : ETSI & XML-DSIG+ BES/PES TCXLA

7 Signature Policies How validity information is obtained ? Which algorithms/key lengths are used ? What is quality of the signing certificate ? Is long-time validity ensured ? …

8 Container Formats MS OpenXML (XAdES evolving from Latvia) ODF (XML-DSIG) Adobe (CMS) MS <= 2003 (proprietary) DigiDoc (XAdES)

9 DigiDoc and OpenXAdES OpenXAdES stands for Open Source project & community DigiDoc is a petname for (mainly) end-user tools for digital signature handling Makes use of OpenXAdES

10 DigiDoc/OpenXAdES – a profile of XAdES XAdES-X-L coming in two flawors with or without timestamping Validity confirmation obtained when signing Long-time validity provided with SeqLog Proprietary container

11 Features/experience Signing with CSP-supported smartcard or Mobile-ID (via DigiDocService) Proven support for foreign ID-cards Mobile-ID up and running for a week 5 years of development and field experience Probably the completest implemenation of XAdES to date

12 The Scheme OCSP At the time I saw this document, corresponding certificate was valid I just signed this document (Doc,Cert,time) ok Doc,Cert Secure log DB

13 SeqLog SeqLog Data base of certificates: Activation Suspension End of suspension Revocation OCSP Signed validity confirmations

14 DigiDoc Architecture DigiDoc-library (Win32/Unix/C/Java) CSP PKCS#11 OCSP XML ID card Win32 Client DigiDoc portal Application COM-libraryWebService Application MSSP Mobile phone

15 DigiDoc Portal Simple WWW-application for everyone: Downloading/uploading of document Signing and validity confirmation Verification Sending document to another portal user Sorting/Deleting/Archives Multi-language

16 Digidoc Portal

17 Verification Portal Allows to check.ddoc file without ID-card

18 DigiDoc Client Provides the same functionality as portal Signing and obtaining validity confirmation Verification of signed document Encryption and decryption (XML-ENCRYPT) Does not require uploading document Provides for digital signatures without using DigiDoc portal Multi-language, multi-PKI support

19 DigiDoc Client

20 DigiDocService Simple SOAP-based protocol I have a file here, make it signed I have got a signed file. Whats inside it? Supports mobile authentication and digital signing Best for integration of digital signature handling capability – libraries a changing rapidly, the protocol remains more stable

21 DigiDoc library Signing through PKCS#11 and CSP Handling of validity confirmation Handling of XML document Verification Win32/Unix, C code DLL & COM under Windows Java implementation Distributed under LGPL terms DigiDoc library (Win32/Unix) CSP OCSP XML ID card

22 Document format Based on XML-DSIG standard Contains subset of ETSI TS (XAdES) extensions Place, time and of signature Role of signature holder Validity confirmation and certificate of OCSP responder

23 Document format (2) Multiple original documents can be signed at once Original document can be embedded or detached Original document can be XML or any binary format Multiple signatures are supported Just one validity confirmation per signature

24 Document format Signature Certificate of signer Validity confirmation Certificate of responder Original files

25 Availability for Lithuania OpenXAdES completely free (i.e. specs & libraries) DigiDoc applications currently available for free use / free download Further developments need support: Special & new features Following the everchanging environment Vendor support


Download ppt "OpenXAdES & DigiDoc Tarvi Martens Estonia. The Story January 2002 – first Estonian ID-card is issued March 2002 – ETSI publishes first version of XAdES."

Similar presentations


Ads by Google