Home Library Learn Downloads Support Community
Sign in | United States - English | |
This topic has not yet been rated - Rate this topic

2.5.2.6 XAdES Elements

Office

XML Advanced Electronic Signatures [XAdES] extensions to xmldsig signatures MAY<33> be present in either binary or ECMA-376 documents [ECMA-376] when using xmldsig signatures. XAdES-EPES through XAdES-X-L extensions are specified within a signature. Unless otherwise specified, any optional [XAdES] elements are ignored.

The Object element containing the [XAdES] information has a number of optional elements, and many of the elements have more than one method specified. A document compliant with this specification uses the following options:

  • The SignedSignatureProperties element MUST contain a SigningCertificate property as specified in [XAdES] section 7.2.2.

  • A SigningTime element MUST be present as specified in [XAdES] section 7.2.1.

  • A SignaturePolicyIdentifier element MUST be present as specified in [XAdES] section 7.2.3.

  • If the [XAdES] information contains a time stamp as specified by the requirements for XAdES-T, the time stamp information MUST be specified as an EncapsulatedTimeStamp element containing DER encoded ASN.1. data.

  • If the [XAdES] information contains references to validation data, the certificates used in the certificate chain, excepting the signing certificate, MUST be contained within the CompleteCertificateRefs element as specified in [XAdES] section 7.4.1. In addition, for the signature to be considered a well-formed XAdES-C signature, a CompleteRevocationRefs element MUST be present, as specified in [XAdES] section 7.4.2.

  • If the [XAdES] information contains time stamps on references to validation data, the SigAndRefsTimestamp element as specified in [XAdES] sections 7.5.1 and 7.5.1.1 MUST be used. The SigAndRefsTimestamp element MUST specify the time stamp information as an EncapsulatedTimeStamp element containing DER encoded ASN.1. data.

  • If the [XAdES] information contains properties for data validation values, the CertificateValues and RevocationValues elements MUST be constructed as specified in [XAdES] sections 7.6.1 and 7.6.2. Excepting the signing certificate, all certificates used in the validation chain MUST be entered into the CertificateValues element.

There MUST be a Reference element specifying the digest of the SignedProperties element, as specified in [XAdES], section 6.2.1. As specified in [XMLDSig], a Reference element is placed in one of two parent elements:

  • The SignedInfo element of the top-level Signature XML.

  • A Manifest element contained within an Object element.

A document compliant with this specification SHOULD<34> place the Reference element specifying the digest of the SignedProperties element within the SignedInfo element. If the Reference element is instead placed in a Manifest element, the containing Object element MUST have an id attribute set to "idXAdESReferenceObject".

Did you find this helpful?
(1500 characters remaining)