6.5.1    Signature formats

Different standards exist for electronic signatures. The Validate function of Governikus DATA Boreum supports the following formats:

·     CAdES: PKCS stands for Public Key Cryptography Standard and is part of the IETF Standards Cryptographic Message Syntax (CMS). Of all the different standards defined CAdES is by far the most used format. The extended format CAdES (CMS Advanced Electronic Signatures) is supported as well. The typical suffix of a CAdES signature file is p7s. These two variants are supported:

-      Enveloped: The signed content is contained in the signature file.

-      Detached: The signature is contained in a separate file.

·     PDF (PDF inline/PAdES): When signing a PDF file, the signature is contained within the signed PDF file. The signed PDF file still has the suffix .pdf and can be opened with arbitrary PDF readers. A PDF file can contain several signatures. Embedded signatures in the format PAdES-BES (PDF Advanced Electronic Signatures - Basic Electronic Signature) can also be validated.

·     S/MIME: The S/MIME standard (Secure/Multipurpose Internet Mail Extensions) is valid for signed e-mails. In order to validate an e-mail, it must be available as electronic mail file with the suffix eml. Only the signature can be validated. Signed attachments must be validated separately.

·     De-Mail: Signed De-Mail messages or De-Mail acknowledgement messages that are available as electronic mail file with the suffix .eml can be validated. Only the signature can be validated. Signed attachments must be validated separately.

·     MS Outlook-Mail: The e-mail file format .msg is an own file format of the Microsoft Corporation. E-mails that were saved form the Microsoft mail client Outlook have the suffix .msg. Governikus DATA Boreum supports validating e-mail files of the versions Outlook 2007, Outlook 2010, Outlook 2013, and Outlook 2016. E-mails of older versions of Outlook must be converted to the .eml format before they are validateable. Only the signature can be validated. Signed attachments must be validated separately.

·     Certificate: Separately existing certificates compliant to the X.509v3 standard can be tested for validity independent of a signature. Typical suffixes are .cer and .crt.

·     XML (XAdES): XML-files can be validated where a signature was created according to the standard XAdES (XML Advanced Electronic Signatures). If the signature was created enveloped it was created over the entire XML-file. Detached signed XML-files are supported as well.

·     Associated Signature Containers (ASiC): The European Telecommunications Standards Institute (ETSI) has approved a new European standard for a signed container structure (ASiC). ASiC uses the ZIP file format as a container structure. Signature formats are CAdES or XAdES. Signed Associated Signature Container files have the suffix scs, sce, asics, or asice.