Digital Signature

Introduction

An electronic signature is essentially the equivalent of a hand-written signature, with data in electronic form being attached to other electronic subject data (Invoice, Payment slip, Contract, etc.) as a means of authentication.

An electronic seal ensures origin and integrity of data.

Both electronic signatures and electronic seals can be supported technically by digital signatures which are data appended to, or a cryptographic transformation of a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery e.g. by the recipient.

With first the European Commission e-sign Directive (1999/93/EC) and now with the Regulation (EU) No 910/2014, electronic signatures and electronic seals have legal effect. Similar effect is provided by the June 2000, U.S. government E-sign bill.

On 28 November 2008 the European Commission adopted an 'Action Plan on e-signatures and e-identification to facilitate the provision of cross-border public services in the Single Market' (COM(2008) 798).

On 22nd December 2009, the European Commission issued a standardization mandate on electronic signatures (M/460) for the definition of a rationalized standardization framework.

In 2014, the Regulation No 910/2104, called eIDAS Regulation, on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC was adopted.

Our Role & Activities

ETSI activity on digital signatures is coordinated by technical committee Electronic Signatures and Infrastructures (ESI).

ETSI ESI is the committee dealing with digital signatures (signature format, certificates, CSPs, trusted list) and ancillary services (Registered email, Registered e-delivery, Time-Stamping, Long-term data preservation).

Their activity covers signature creation and verification based on CAdES (CMSdigital signatures), XAdES (XML digital Signatures), PAdES (PDF digital Signatures), and ASiC (Associated Signature Container). ESI also deals with cryptographic suites, trust service providers supporting e-signatures (e.g. certification authorities, time-stamping authorities), trust application providers (e.g. Registered Emails (REM) providers, Information preservation providers), and Trust-service Status List (TSL). TSL is defined to enhance the confidence of parties relying on certificates or other services related to digital signatures since they have access to information that will allow them to know whether a given Trust Service Provider was operating under the approval of any recognized scheme at the time of providing their services and of any dependent transaction that took place.

In order to prove interoperability of implementations and enhance standards robustness, ETSI is running regular CAdES/XAdES/PAdES PlugtestsTM events. ETSI also organizes Plugtests events on signature validation.

Latest ESI activities on the ETSI Portal.

Standards

The following is a list of the 20 latest published ETSI standards on electronic signatures.

A full list of related standards in the public domain is accessible via the ETSI standards search. Via this interface you can also subscribe for alerts on updates of ETSI standards.

For work in progress see the ETSI Work Programme on the Portal.

Standard No. Standard title.
EN 319 102-1 Electronic Signatures and Infrastructures (ESI); Procedures for Creation and Validation of AdES Digital Signatures; Part 1: Creation and Validation
EN 319 132-1 Electronic Signatures and Infrastructures (ESI); XAdES digital signatures; Part 1: Building blocks and XAdES baseline signatures
EN 319 132-2 Electronic Signatures and Infrastructures (ESI); XAdES digital signatures; Part 2: Extended XAdES signatures
EN 319 162-1 Electronic Signatures and Infrastructures (ESI); Associated Signature Containers (ASiC); Part 1: Building blocks and ASiC baseline containers
EN 319 162-2 Electronic Signatures and Infrastructures (ESI); Associated Signature Containers (ASiC); Part 2: Additional ASiC containers
TR 119 000 Electronic Signatures and Infrastructures (ESI); The framework for standardization of signatures: overview
SR 003 186 Electronic Signatures and Infrastructures (ESI) Testing interoperability and conformity activities to be run during the implementation and promotion of the framework of digital signatures
EN 319 142-1 Electronic Signatures and Infrastructures (ESI); PAdES digital signatures; Part 1: Building blocks and PAdES baseline signatures
EN 319 142-2 Electronic Signatures and Infrastructures (ESI); PAdES digital signatures; Part 2: Additional PAdES signatures profiles
EN 319 122-1 Electronic Signatures and Infrastructures (ESI); CAdES digital signatures; Part 1: Building blocks and CAdES baseline signatures
EN 319 122-2 Electronic Signatures and Infrastructures (ESI); CAdES digital signatures; Part 2: Extended CAdES signatures
TS 119 612 Electronic Signatures and Infrastructures (ESI); Trusted Lists
TR 119 001 Electronic Signatures and Infrastructures (ESI); The framework for standardization of signatures; Definitions and abbreviations
TR 119 300 Electronic Signatures and Infrastructures (ESI); Guidance on the use of standards for cryptographic suites
TR 119 600 Electronic Signatures and Infrastructures (ESI); Guidance on the use of standards for trust service status lists providers
TR 119 100 Electronic Signatures and Infrastructures (ESI); Guidance on the use of standards for signature creation and validation
TR 119 400 Electronic Signatures and Infrastructures (ESI); Guidance on the use of standards for trust service providers supporting digital signatures and related services
TS 119 101 Electronic Signatures and Infrastructures (ESI); Policy and security requirements for applications for signature creation and signature validation
EN 319 421 Electronic Signatures and Infrastructures (ESI); Policy and Security Requirements for Trust Service Providers issuing Time-Stamps
EN 319 422 Electronic Signatures and Infrastructures (ESI); Time-stamping protocol and time-stamp token profiles