e-Signature formats


"Qualified service of conservation of qualified electronic signatures


The ANF AC signature devices generate electronic signatures in all formats of common use, respecting international norms and standards in this matter:


• Interpretable signature (Intellectual Property of ANF AC Legal Deposit -DL B29364-2005)


As its name indicates it is an electronic signature that is readable to the human eye.


The signature is created in * .pdf format and conforms to the CAdES XL standard, and the legible record is signed in accordance with the PAdES XL standard. Interoperable with Adobe Acrobat Reader ®.


• CAdES (CMS Advanced Electronic Signatures) ETSI TS 101 733


You can sign any type of file. The result is a file that has * .sign extension


• XAdES (XML Advanced Electronic Signatures) ETSI TS 101 903


Although it is possible to sign any type of file, it is more oriented to XML files. The result is a file that has * .xml extension


• PAdES (PDF Advanced Electronic Signatures) ETSI TS 102 778


Used to sign * .pdf. The result is a file that has * .pdf extension


• Cryptographic Message Syntax (RFC 5652)


It is based on the PKCS # 7 format. It is out of use because it has evolved into the CAdES format.


• S / MIME Version 3 Message Specification RFC 2633


Specifies the type application / pkcs7-mime. Especially used in email services.


Signed document


The signing device offers the following options:

• The signed document does NOT include the signature result:


O Smaller signature files are obtained, but, on the contrary, the original document must always be stored next to the signature in order to perform the verification process.

O In the case of CAdES these firms are called explicit signatures.

O In the case of XAdES XML, only for detached signatures, the document may be out.


• The signed document SI is included in the signature result, in the format PAdES and in the Interpretable Signature always including the signed original document. Other formats:


In the case of XAdES you have:

O Attached: although the signature and the document are returned in a single XML file, the two are separated within the same and only the part where the document is found is signed.

O Enveloped: If a portion of the XML document containing it has been signed, it is called an enveloped signature.

O Enveloping: If it contains the signed data within itself, it is called an enveloping.


In the case of CAdES:

O Attached / implicit signature: the two elements (document and signature) are in the same file, and the whole file is signed


Signers of the document


The following options are considered:

• Simple signatures. Documents of signature of a single signer.

• Signature online. It is the multiple signature in which all the signatories are at the same level and in which it does not matter the order in which it is signed.

• Counter signature or cascade signature. Multiple signature in which the order in which it is signed is important. Each signature must endorse or certify the signature of the previous signatory.


Acts of Empowerment / Commandments


Only the ANF AC Interpretable Signature format incorporates the full and authenticated representation document.


Multi language


Only the ANF AC Interpretable Signature format incorporates multi-language.


Signature Policy


When signing data, the signer indicates the acceptance of general conditions and particular conditions applicable to that electronic signature by including a signed field, within the signature, which specifies an explicit or implicit policy.


The Electronic Signature Policy of ANF AC has the identifier OID


If the corresponding field is absent and no regulations are identified as applicable, then it can be assumed that the signature has been generated or verified without any normative restriction, and consequently, that it has not been assigned any concrete legal or contractual meaning. It would be a signature that does not explicitly specify any semantics or concrete meaning and, therefore, it will be necessary to derive the meaning of the signature from the context (and especially from the semantics of the signed document).

The purpose of a signature policy is to strengthen trust in electronic transactions through a set of conditions for a given context, which may be a particular transaction, a legal regime or a role assumed by the signatory party.


ANF AC has an Electronic Signature Policy which specifies the general conditions applicable to the electronic signature in terms of its scope, and for its validation.


The General State Administration (AGE) has a Signature Policy that specifies the general conditions applicable to electronic signature for validation, in the electronic relationship of the General State Administration with citizens and between the bodies and entities of the AGE .


According to article 24 of Royal Decree 1671/2009, which partially develops Law 11/2007 on Electronic Access of Citizens to Public Services, the policy of electronic signature and certificates in the field of General State Administration and Its public bodies, is constituted by the guidelines and technical standards applicable to the use of certificates and electronic signature within its scope.


National Interoperability Scheme (NIS)

The signature policy defines the rules and obligations of all parties involved in the signature process in certain contexts (contractual, legal, legal, ...).

Royal Decree 4/2010 regulating the National Interoperability Scheme establishes that the electronic signature and certificate policy of the General State Administration will serve as the general framework of interoperability for the authentication and mutual recognition of electronic signatures within Of its scope of action. It also establishes that this policy may be used as a reference by other Public Administrations to define the policies of certificates and signatures to be recognized within their areas of competence.

The National Interoperability Scheme establishes the series of Technical Norms for Interoperability that are mandatory by the Public Administration and which develop concrete aspects of interoperability between Public Administration and with the citizens.

National Security Scheme (NSS)

Royal Decree 3/2010, of 8 January, which regulates the National Security Scheme in the field of Electronic Administration, aims to establish the principles and requirements of a security policy information protection.

The decree, in its article 33 also relegates to the Policy of Signature all the function of specifying the processes of generation, validation and conservation of electronic signatures, as well as the characteristics and requirements required to the systems of electronic signature, certificates , Time stamp services, and other signature support elements.

On the other hand, the RD in Annex II point 5.7.4 is very specific about the types of signature that must be applied depending on the level of information to be protected.

• Low level

Any means of electronic signature may be used, as provided in the legislation in force.

• Medium level

The means used in the electronic signature will be provided to the qualification of the information treated. In any case:

Algorithms accredited by the National Cryptological Center will be used.

o Recognized certificates should be used.

o Secure signature devices will be used.

Verification and validation of the electronic signature will be guaranteed during the time required by the administrative activity that it supports, notwithstanding that this period may be extended in accordance with what is established by the electronic signature and certification policy that is applicable. For that end:

o All relevant information for verification and validation will be attached to the signature, or will be referenced.

o The signature and the information mentioned in the previous section will be protected with a time stamp.

o The agency that collects documents signed by the administrator will verify and validate the signature received at the time of receipt, attaching

o unambiguously referencing the information described in sections a) and b).

o The electronic signature of documents by the Administration will unambiguously append or reference the information described in sections a) and b).

• High level

The security measures regarding electronic signature required at the Middle level will be applied, in addition to the following:

o Recognized certificates will be used.

o Secure signature creation devices will be used.

o Certified products [op.pl.5] will preferably be used.

The CCN-STIC-807 standard of the National Cryptological Center establishes in point 5.7 which are the mechanisms and algorithms that can be used to sign depending on the level of information.