What is ASIC container and XAdES e-signature?
Business professionals often find themselves in a familiar situation: an important contract arrives in Microsoft Word format requiring an immediate signature. The traditional process of printing, signing, scanning, and emailing back isn't just time-consuming—it's an unnecessary obstacle in today's digital world.
Before diving into ASIC and XAdES format, lets recap what is a digital signature.
A digital signature is a mathematical technique for validating the authenticity and integrity of a message, piece of software, or digital document. It's the digital equivalent of a handwritten signature or a stamped seal, but it's far more secure. A digital signature is designed to prevent tampering and impersonation in digital communications.
Digital signatures (whether they are in XAdES format or actually in PAdES format) can be used to verify the origin, identity, and status of electronic documents, transactions, or digital messages. They can also be used by signers to acknowledge informed consent.
Digital signatures are legally binding in many countries, including the United States, in the same way that traditional handwritten document signatures are.
How do digital signatures function?
Public key cryptography, also known as asymmetric cryptography, underpins digital signatures. Two keys are generated using a public key algorithm, such as RSA (Rivest-Shamir-Adleman), resulting in a mathematically linked pair of keys, one private and one public.
Digital signatures are created using two mutually authenticating cryptographic keys in public key cryptography. The person who creates the digital signature encrypts signature-related data with a private key, and the only way to decrypt that data is with the signer's public key.
If the recipient is unable to open the document using the signer's public key, there is a problem with the document or the signature. Digital signatures are authenticated in this manner.
What exactly is an associated signature container (ASiC)?
ASiC containers conforming to ETSI EN 319 162-1 bind together to form a ZIP archive:
Agrello associates signed file objects (e.g., documents, spreadsheets, multimedia content, XML structured data) with detached digital signatures.
All ASiC containers have the following internal structure:
- a root folder for the signed file objects, possibly with sub-folders reflecting the content structure;
- and a "META-INF" folder in the root folder for files containing metadata about the content, including associated signature (or time assertion) files.
Multiple signature (and time assertion) formats are supported by the European Standard (EN) 319 162-1 developed by the European Telecommunications Standards Institute (ETSI) Technical Committee Electronic Signatures and Infrastructures (ESI). Agrello only employs XML advanced electronic signatures (XAdES).
Without taking into account time assertions or non-XAdES signatures, the standard specifies two types of containers: ASiC Simple (ASiC-S), which associates a single file object (which can be a ZIP archive) in a ZIP archive with one or more XAdES signatures present in a single signature file; and ASiC Extended (ASiC-E), which associates a single file object (which can be a ZIP archive) in a ZIP archive with one or more XAdES signatures present in one or more signature files.
What are the benefits of associated signature containers (ASiC)?
Combining a detached signature with signed objects in a container allows for easy distribution and ensures that the correct signature and any relevant metadata is used when validating. Associated signature containers also provide a simple and secure mechanism for creating point-in-time snapshots of groups of documents, such as during a negotiation or for general audit and compliance purposes.
What is XAdES (XML Advanced Electronic Signature)?
XAdES (XML Advanced Electronic Signature) is a set of extensions to XML-DSig electronic signature format, making it suitable for advanced electronic signatures that remain valid over long periods and comply with European regulations like eIDAS.
XAdES builds upon the XML-DSig standard by adding qualifying properties to the signature. These properties include timestamps, certificate validation data, and other elements that enhance the signature's legal validity and long-term verification capabilities.
XAdES Signature Levels
XAdES comes in several forms, each offering increasing levels of security and long-term validation capabilities:
- XAdES-BES (Basic Electronic Signature): The most basic form that complies with the minimum requirements for advanced electronic signatures.
- XAdES-T (Timestamp): Adds a timestamp to prove the signature existed at a certain point in time.
- XAdES-C (Complete): Adds references to verification data (certificates and revocation information).
- XAdES-X (Extended): Adds timestamps to the references to verification data to protect against future certificate compromise.
- XAdES-XL (Extended Long-Term): Stores the actual verification data alongside the references.
- XAdES-A (Archival): Adds the capability to periodically timestamp the document to maintain its validity indefinitely.
Benefits of XAdES Signatures
XAdES signatures offer several advantages for digital document signing:
- Compliance with European regulations for qualified electronic signatures
- Long-term validation capabilities
- Protection against certificate expiration or revocation
- Standardized format recognized across the EU
- Ability to include timestamps and validation data
- Suitable for XML documents and structured data
ASiC vs XAdES: Understanding the Relationship
While ASiC and XAdES are often mentioned together, they serve different but complementary purposes in the digital signature ecosystem. The following table highlights their key differences and how they work together:
How ASiC and XAdES Work Together
ASiC containers can include XAdES signatures as part of their structure. In fact, when using ASiC-E containers with Agrello, XAdES is the signature format used within the container. This combination provides both the packaging benefits of ASiC and the advanced signature capabilities of XAdES.
Are electronic signatures allowed by law? Absolutely.
In many countries around the world, electronic signatures are legal, trusted, and enforceable. While laws differ, Agrello provides the most flexibility in a single global e-signature solution. You can choose the right type for each use case ranging from simple e-signatures to e-signatures with strong identification to highly secure, regulated digital signatures in the cloud.
Many countries around the world accept e-signature as evidence in court. Certain highly secure, regulated digital signatures are frequently regarded as equivalent to an ink signature.
In the United States, the E-Sign Act and the Uniform Electronic Transactions Act (UETA) established the legal framework for the use of e-signature across all states.
The Electronic Identification and Trust Services Regulation (eIDAS) created legislation in the European Union that helped standardize e-signature status across national borders.
If you use Agrello, is your document secure?
Agrello has made significant investments in cyber security and complies with US, EU, and international security practices.
Frequently Asked Questions
What is the difference between ASiC and XAdES?
ASiC is a container format that packages documents and signatures together, while XAdES is a signature format based on XML. ASiC can actually contain XAdES signatures, making them complementary technologies rather than competing ones.
Are ASiC containers legally valid?
Yes, ASiC containers are recognized under the eIDAS regulation in the European Union as a valid format for electronic signatures. They provide a standardized way to package signed documents and their signatures.
Can I open an ASiC container without special software?
While ASiC containers are based on the ZIP format, specialized software is recommended to properly validate the signatures within. However, you can rename the file extension to .zip and extract the contents to view the documents, though this won't verify the signatures.
What are the advantages of XAdES over other signature formats?
XAdES offers advanced features like timestamp integration, certificate validation references, and long-term validation support. It's specifically designed for XML documents and provides a standardized approach to electronic signatures that complies with European regulations.
How do I know if a signature is XAdES compliant?
A XAdES-compliant signature will contain specific XML elements that extend the basic XML-DSig format. Validation software can verify if a signature meets the XAdES standards and determine which level of XAdES it complies with.
Can ASiC containers contain multiple signatures?
Yes, ASiC-E (Extended) containers can contain multiple documents with multiple signatures. This makes them ideal for complex signing scenarios where multiple parties need to sign different documents within a single package.
Which countries recognize ASiC and XAdES formats?
Both ASiC and XAdES are recognized throughout the European Union under the eIDAS regulation. They are particularly common in Estonia, Lithuania, Latvia, and other European countries that have advanced digital signature infrastructures.