ETSI’s digital signature standard PAdES tested remotely all over the world

Sophia Antipolis, 11 June 2015

On behalf of ETSI’s Technical Committee for Electronic Signatures and Infrastructures (TC ESI), ETSI’s Centre for Testing and Interoperability organized a remote PlugtestsTM interoperability event for PAdES, PDF digital Signatures, the ETSI specification for digital signatures for PDF documents, from 4 May to 5 June 2015.

This five-week long event was the latest in a series of Plugtests in this area. 

This particular event conducted conformance and interoperability testing on PAdES digital signatures, including testing the evolution of signatures thus simulating real life situations. The remote testing was performed via a Plugtests portal, available 24/7 for the full duration of the event to enable participants from all time zones to generate, upload and verify signatures at their own convenience.

More than 100 participants from 62 organizations from all over the world took part and included government bodies, public entities and enterprises involved in trust services. As PAdES is already implemented within ETSI’s secretariat to sign NDAs, joining the event was only one click away!

The ETSI PAdES specifications, in the TS 102 778 series, are in the process of becoming European Standards (EN 319 142 series) and were developed under Mandate M/460, a European Commission initiative to harmonize the standards on digital signatures in support of the European Digital Single Market. It is part of the broader EU Regulation No 910/2014 on e‐identification, e‐signatures, e‐delivery and related Trust Services.

PAdES signature data is incorporated directly within the signed PDF document allowing the complete self-contained signed PDF file to be copied, stored and distributed as a simple electronic file. The signature can also have a visual representation as a form field.

The ETSI specification allows electronically signed documents to remain valid for long periods, even if underlying cryptographic algorithms are broken. At any time in the future, in spite of technological and other advances, it must be possible to validate the document to confirm that the signature was valid at the time it was signed – a concept known as Long-Term Validation (LTV).

PAdES is complementary to two other digital signature concepts also developed by ETSI's ESI committee, both widely recognized within the European Union and suited for applications that do not involve human-readable documents. Those are Cryptographic Message Syntax digital signatures (CAdES) and XML digital signatures (XAdES). They both undergo or will undergo testing events where interactive and field proven ETSI testing tools help stakeholders (CAdES Plugtests from 10 June until 11 July 2015, XAdES Plugtests in October 2015).

To address security issues in various fields of ICT, ETSI is organizing a Security Week on 22-26 June, at its headquarters in Sophia-Antipolis, France. A security workshop is taking place alongside ETSI committee meetings on security topics and is open to all.