PAdES: PDF Advanced Electronic Signature
What is important to know about the PAdES standard?
PDF files that are specially adapted for electronic signatures through various restrictions and extensions are called PDF Advanced Electronic Signatures, or PAdES for short.
Sometimes it is also referred to as the PAdES standard or the so-called PAdES signature.
PAdES: ETSI specification
The PAdES technical specification was published by ETSI (European Telecommunications Standards Institute). PDF is one of the most common formats used when applying digital signatures to documents. Thus the concept of the digital signature was already introduced in the version PDF 1.3 (1999) and in later versions more and more refined.
Above all, digital signatures play a central role in document workflows within companies. The focus here is on digital release, acceptance and approval processes, including the signing of contracts. Digital signatures and standards have therefore come to occupy a large space in the business world, and are of enormous importance, particularly with regard to archiving and security of digital documents. While no specific PDF signature format had been defined in the past, it was still possible to visualize digital signatures using graphical and textual elements.
Since version 1.3, it is also part of the PDF specification how to include a signature, which PDF objects are involved and what exactly is the scope of the signed area in the PDF.
What exactly is PAdES?
PAdES is the technical specification (from ETSI) used to adapt PDF files for electronic signatures. In this context, “Advanced” stands for “extension” of the PDF standard on how signatures can be used in PDF documents. Here you can find part 1 and part 2.
For the electronic signature itself, the corresponding ETSI and EN standards EN 319 122 and EN 319 132 with their different variants CAdES (CMS-based Advanced Electronic Signature) for general data and XAdES (XML-based Advanced Electronic Signature) for XML data are now used as standards. The bridge to the integration of these signature standards in PDF is provided by the EN 319 142 PAdES (PDF Advanced Digital Electronic Signatures) standard.
PAdES also plays a decisive role whenever signatures are required that conform to the European eIDAS regulations, which have been legally binding in all EU member states since July 2014.
What are the advantages of PAdES?
- A key advantage of PAdES is that documents signed electronically in this way remain valid for a long time, even if the underlying algorithms are broken.
- PAdES recognizes that digitally signed documents must be archived for many years. It must be possible to verify the document’s signature at any time in the future. This concept is called Long-Term Validation (LTV).
- Another advantage of PAdES is also that it does not require any additional software. It can be easily used by existing programs. A PDF reader can be used to read the document, and more advanced PDF readers can also display the signature information.
- The signature information is embedded in the PDF document. This ensures that everything you need to validate the signature is embedded in the same document.
- Another advantage is that PAdES functions as a storage medium for multiple signatures on one document; it can be distributed digitally to all important parties and managed accordingly.
Three different types of electronic signature
It is important to know in this context: In general, a distinction is made in electronic signatures between Basic Level Electronic Signature, Advanced Electronic Signature and Qualified Electronic Signature (QES). In addition, there are options for certifying documents and providing them with a seal certificate. Basic Level Electronic Signature: In this simple form, only data is appended, which then counts as a signature. In the advanced version, the signatory can be clearly identified and linked to the signature. Here, the signatory has sole control (private key) and manipulations can be detected. With a QES as a qualified electronic signature, the service provider must also specify a valid time and date for certificates created.
A basic level electronic signature does not ensure that the document is verifiably unchangeable. An advanced electronic signature is based on the German Electronic Signature Act (SigG – Signature Act Germany) and the German Electronic Signature Ordinance (SigV – Signature Regulation) and is therefore clearly linked to a specific person, provides a unique signature key, and allows data manipulation to be clearly detected.
A qualified electronic signature also requires a signature card with certificate and card reader. The strictest criteria are applied for QES. They are based on a qualified certificate and are created using a secure signature creation device. Qualified signatures are legally equated to manual signatures.
You can find more information about digital signatures here:
Source:
http://blog.pdf-tools.com/2018/11/pades-pdf-advanced-electronic-signature.html
https://www.pdfa.org/pdf-and-digital-signatures/?highlight=PAdES