XAdES

XAdES XAdES 2.13

IAIK XML Advanced Electronic Signatures (XAdES) add-on for XML Security Toolkit (XSECT)

IAIK-XAdES is the optimal add-on to our XSECT XML signature library enhancing it about useful properties as signing time and signing place and signature processing facilities for long term electronic document archiving. The toolkit enables the creation of advanced electronic signatures that remain valid over a long period of time and are compliant with the EU directive on electronic signatures.

Main Features

  • Java™ implementation of XML Advanced Electronic Signatures (XAdES) ETSI TS 101 903 V1.4.2 (2010-12) and (new!) ETSI EN 319 132 v1.1.0 (2016-02) Technical Specifications
  • Works on JDK 1.2, 1.3, 1.4, 1.5, 1.6, 1.7, 1.8 and compatible.

 

Cryptographic Provider Independence:

 

  • Can be used with any JCA/JCE 1.2 compliant cryptography provider as long as IAIK’s JCE is in the classpath.
  • Provisions for easy integration of smartcards and other hardware security modules
  • Delivered with the IAIK-JCE provider and IAIK-XSECT by default

Pricing and Licensing

For current prices of the IAIK-XAdES, please see our price list and license conditions.

See Prices

 

Please notice that XAdES is always delivered with IAIK-JCE basic developer license and IAIK-XSECT.

 

Webshop

To order the product enter

See Webshop

 The XAdES specification has been developed by the European Telecommunications Standard Institute (ETSI) to meet the growing importance of XML in electronic commerce and the need for signature standards to support the development of electronic business and electronic government. It fulfills the requirements of the advanced electronic signature according to the EU directive (1999/93/EC), and provides non-repudiation and long-term validity.
 Extending common XMLDSIG signatures XAdES signatures meet the same legal requirements as handwritten signatures do in relation to paper-based data.
 The IAIK-XAdES toolkit offers you a comprehensive software library, continuation with product up-dates and support from the product developers.
 

 

  • Supports all forms of XAdES signatures: Basic forms ( XAdES-BES, XAdES-EPES, XAdES-T and XAdES-C) as well as extended forms ( XAdES-X, XAdES-X-L and XAdES-A)
  • Supports all signature properties:
    • Signed properties:
      SigningTime and SignatureProductionPlace: Usually included in each real world contract common XMLDSIG compliant signatures lack of information about signing time and signing place. XAdES provides a standardised way to integrate these properties into electronic signtures.
       
    • SigningCertificate: Includes an unambiguous reference to the signer’s certificate (issuer name, serial number and cert digest) to avoid diversities in interpretation on the verifier’s side (e.g. if the signer uses different certificates implying different semantics with the same public key).
    • SignaturePolicyIdentifier: Unambiguously identifies a signature policy so that the verifier cannot claim that another policy was used when signing the data.
    • SignerRole: In many cases the role of the signing party is an essential information to be included into the signature.
    • DataObjectFormat: Information about the format of the signed data may be crucial for an (verifying) application (using a wrong format when presenting the signed data (text, sound or video) to a human user may break the signature).
    • CommitmentTypeIndication: As supplemental information to the SignaturePolicy this property can be used for qualifying signed data objects. The predefined commitments (e.g. proof of origin, proof of sender) may be refined by additional statements specified by the user.
    • AllDataObjectsTimeStamp and IndividualDataObjectsTimeStamp: These timestamps are added to some or all data objects to be signed to indicate that they have been created before a specific point in time.
       
  • Unsigned properties:
    • CounterSignature: Unlike XMLDSIG compliant signatures, real world contracts are usally signed by more than one party. The CounterSignature property can be used for signing the signature value of an existing signature and thus implicitly all the data covered by this signature. By these means arbitrarily long series of countersignatures may be built representing real world contracts signed by different parties.
    • SignatureTimeStamp: This timestamp placed on the signature value element protects against repudiation in the case of a key compromise.
    • CompleteCertificateRefs, CompleteRevocationRefs, CertificateValues, RevocationValues: When dealing with long term signatures information necessary for validating the signer’s certificate (CA certificates and especially revocation data) may not be available after a specific period of time.These properties can be used to append the validation data itsself or unambiguous references to the validation data to the signature.
    • AttributeCertificateRefs, AttributeRevocationRefs, AttrAuthoritiesCertValues, AttributeRevocationValues: Append information for validating attribute certificates to the signature.
    • SigAndRefsTimeStamp and RefsOnlyTimeStamp: These timestamps are added on certificate validation data and ( SigAndRefsTimeStamp only) signature value and signature timestamps to indicate that the signature has been successfully validated with the timestamped validation data at a specific point in time.
    • ArchiveTimeStamp: By periodically adding this timestamp over the whole signature, it especailly protects against weakness of cryptographic algorithms or compromised keys as it undoubtedly proves that the signature has been valid before an algorithm may be broken or a key may be compromised.
       
Further Information

 Former XAdES versions:
 

Supported Java™ Versions

XAdES supports all Java™ versions since Java™ 2 (JDK 1.2) and has been successfully tested with the following Java™ versions 1.2.2, 1.3.1, 1.4.2, 1.5.0, 1.6.0, 1.7.0 and JDK 1.8.0.

XAdES 2.13 – 2. October 2017
Class or Package Bug / Change / New Feature Description and Examples
NF

Provides a special version of iaik_xades.jar allowing to use unlimited strength cryptography also if only the default jurisdiction policy files are installed (to may be used in countries with no restrictions of key sizes)

TimeStampValidationDataImpl B

iaik.xml.crypto.xades.impl.dom.properties.TimeStampValidationData could not be created without an URI attribute.

NF

Corresponding XSECT version: 2.13

XAdES 2.12 – 14. June 2017
Class or Package Bug / Change / New Feature Description and Examples
NF, C

jar files are signed with old (for supporting old DSA JCE code signing CA) and new (for supporting new RSA JCE code signing CA) IAIK-JCE provider certificates. The new certificate provides a stronger protection (SHA256withRSA) than the old one (SHA1withDSA). The new JCE code signing CA is effective for Java versions 8u121, 7u131, 6u141 upwards. To support other (former) Java versions the jar files must be signed with the old provider certificate, too.

CertIDV2Impl B

For creating the IssuerSerialV2 member the java.security.Cert object instead of the iaik.x509.X509Certificate object has been used.

iaik.xml.crypto.xades.impl.dom.properties.IssuerSerialV2Impl B

Name has been retrieved from java.security.Cert object instead from iaik.x509.X509Certificate object in constructor of IssuerSerialV2Impl

NF

Corresponding XSECT version: 2.12

XAdES 2.0 – 19. May 2016

Any questions?

Don‘t hestitate to ask us about our products.

Contact us