XAdES XAdES 2.13

Document Security

IAIK XML Advanced Electronic Signatures (XAdES) add-on for XML Security Toolkit (XSECT)

IAIK-XAdES is the optimal add-on to our XSECT XML signature library enhancing it about useful properties as signing time and signing place and signature processing facilities for long term electronic document archiving. The toolkit enables the creation of advanced electronic signatures that remain valid over a long period of time and are compliant with the EU directive on electronic signatures.

Evaluation version

PDF Brochure

Purchase

Main Features

Java™ implementation of XML Advanced Electronic Signatures (XAdES) ETSI TS 101 903 V1.4.2 (2010-12) and (new!) ETSI EN 319 132 v1.1.0 (2016-02) Technical Specifications
Works on JDK 1.2, 1.3, 1.4, 1.5, 1.6, 1.7, 1.8 and compatible.

Cryptographic Provider Independence:

Can be used with any JCA/JCE 1.2 compliant cryptography provider as long as IAIK’s JCE is in the classpath.
Provisions for easy integration of smartcards and other hardware security modules
Delivered with the IAIK-JCE provider and IAIK-XSECT by default

Pricing and Licensing

For current prices of the IAIK-XAdES, please see our price list and license conditions.

See Prices

Please notice that XAdES is always delivered with IAIK-JCE basic developer license and IAIK-XSECT.

Webshop

To order the product enter

See Webshop

IAIK-XAdES Features
Further Information

The XAdES specification has been developed by the European Telecommunications Standard Institute (ETSI) to meet the growing importance of XML in electronic commerce and the need for signature standards to support the development of electronic business and electronic government. It fulfills the requirements of the advanced electronic signature according to the EU directive (1999/93/EC), and provides non-repudiation and long-term validity.
Extending common XMLDSIG signatures XAdES signatures meet the same legal requirements as handwritten signatures do in relation to paper-based data.
The IAIK-XAdES toolkit offers you a comprehensive software library, continuation with product up-dates and support from the product developers.

Supports all forms of XAdES signatures: Basic forms ( XAdES-BES, XAdES-EPES, XAdES-T and XAdES-C) as well as extended forms ( XAdES-X, XAdES-X-L and XAdES-A)
Supports all signature properties:
- Signed properties:
  SigningTime and SignatureProductionPlace: Usually included in each real world contract common XMLDSIG compliant signatures lack of information about signing time and signing place. XAdES provides a standardised way to integrate these properties into electronic signtures.
- SigningCertificate: Includes an unambiguous reference to the signer’s certificate (issuer name, serial number and cert digest) to avoid diversities in interpretation on the verifier’s side (e.g. if the signer uses different certificates implying different semantics with the same public key).
- SignaturePolicyIdentifier: Unambiguously identifies a signature policy so that the verifier cannot claim that another policy was used when signing the data.
- SignerRole: In many cases the role of the signing party is an essential information to be included into the signature.
- DataObjectFormat: Information about the format of the signed data may be crucial for an (verifying) application (using a wrong format when presenting the signed data (text, sound or video) to a human user may break the signature).
- CommitmentTypeIndication: As supplemental information to the SignaturePolicy this property can be used for qualifying signed data objects. The predefined commitments (e.g. proof of origin, proof of sender) may be refined by additional statements specified by the user.
- AllDataObjectsTimeStamp and IndividualDataObjectsTimeStamp: These timestamps are added to some or all data objects to be signed to indicate that they have been created before a specific point in time.
Unsigned properties:
- CounterSignature: Unlike XMLDSIG compliant signatures, real world contracts are usally signed by more than one party. The CounterSignature property can be used for signing the signature value of an existing signature and thus implicitly all the data covered by this signature. By these means arbitrarily long series of countersignatures may be built representing real world contracts signed by different parties.
- SignatureTimeStamp: This timestamp placed on the signature value element protects against repudiation in the case of a key compromise.
- CompleteCertificateRefs, CompleteRevocationRefs, CertificateValues, RevocationValues: When dealing with long term signatures information necessary for validating the signer’s certificate (CA certificates and especially revocation data) may not be available after a specific period of time.These properties can be used to append the validation data itsself or unambiguous references to the validation data to the signature.
- AttributeCertificateRefs, AttributeRevocationRefs, AttrAuthoritiesCertValues, AttributeRevocationValues: Append information for validating attribute certificates to the signature.
- SigAndRefsTimeStamp and RefsOnlyTimeStamp: These timestamps are added on certificate validation data and ( SigAndRefsTimeStamp only) signature value and signature timestamps to indicate that the signature has been successfully validated with the timestamped validation data at a specific point in time.
- ArchiveTimeStamp: By periodically adding this timestamp over the whole signature, it especailly protects against weakness of cryptographic algorithms or compromised keys as it undoubtedly proves that the signature has been valid before an algorithm may be broken or a key may be compromised.

Further Information

Former XAdES versions:

XML Advanced Electronic Signatures (XAdES) W3C Note 20 February 2003
XML Advanced Electronic Signatures (XAdES) ETSI TS 101 903 V1.1.1
XML Advanced Electronic Signatures (XAdES) ETSI TS 101 903 V1.2.2

Supported Java™ Versions

XAdES supports all Java™ versions since Java™ 2 (JDK 1.2) and has been successfully tested with the following Java™ versions 1.2.2, 1.3.1, 1.4.2, 1.5.0, 1.6.0, 1.7.0 and JDK 1.8.0.

XAdES 2.13 – 2. October 2017

Class or Package	Bug / Change / New Feature	Description and Examples
	NF	Provides a special version of iaik_xades.jar allowing to use unlimited strength cryptography also if only the default jurisdiction policy files are installed (to may be used in countries with no restrictions of key sizes)
TimeStampValidationDataImpl	B	iaik.xml.crypto.xades.impl.dom.properties.TimeStampValidationData could not be created without an URI attribute.
	NF	Corresponding XSECT version: 2.13

XAdES 2.12 – 14. June 2017

Class or Package	Bug / Change / New Feature	Description and Examples
	NF, C	jar files are signed with old (for supporting old DSA JCE code signing CA) and new (for supporting new RSA JCE code signing CA) IAIK-JCE provider certificates. The new certificate provides a stronger protection (SHA256withRSA) than the old one (SHA1withDSA). The new JCE code signing CA is effective for Java versions 8u121, 7u131, 6u141 upwards. To support other (former) Java versions the jar files must be signed with the old provider certificate, too.
CertIDV2Impl	B	For creating the IssuerSerialV2 member the java.security.Cert object instead of the iaik.x509.X509Certificate object has been used.
iaik.xml.crypto.xades.impl.dom.properties.IssuerSerialV2Impl	B	Name has been retrieved from java.security.Cert object instead from iaik.x509.X509Certificate object in constructor of IssuerSerialV2Impl
	NF	Corresponding XSECT version: 2.12

XAdES 2.0 – 19. May 2016

Class or Package	Bug / Change / New Feature	Description and Examples
	NF	Implementation of ETSI_EN_319_132 v1.1.0
iaik.xml.crypto.xades.QualifyingPropertiesFactory	NF	Added support for ETSI_EN_319_132 v1.1.0
iaik.xml.crypto.xades.XAdESSignature	NF	Added support for ETSI_EN_319_132 v1.1.0
iaik.xml.crypto.xades.UnsignedSignatureProperties	NF	Added support for ETSI_EN_319_132 v1.1.0
iaik.xml.crypto.xades.SignedSignatureProperties	NF	Added support for ETSI_EN_319_132 v1.1.0
iaik.xml.crypto.xades.SigningCertificateV2	NF	Added support for ETSI_EN_319_132 v1.1.0
iaik.xml.crypto.xades.CertIDListV2Type	NF	Added support for ETSI_EN_319_132 v1.1.0
iaik.xml.crypto.xades.CertIDV2	NF	Added support for ETSI_EN_319_132 v1.1.0
iaik.xml.crypto.xades.IssuerSerialV2	NF	Added support for ETSI_EN_319_132 v1.1.0
iaik.xml.crypto.xades.CertifiedRoleV2	NF	Added support for ETSI_EN_319_132 v1.1.0
iaik.xml.crypto.xades.SignatureProductionPlaceV2	NF	Added support for ETSI_EN_319_132 v1.1.0
iaik.xml.crypto.xades.SignerRoleV2	NF	Added support for ETSI_EN_319_132 v1.1.0
iaik.xml.crypto.xades.CompleteCertificateRefsV2	NF	Added support for ETSI_EN_319_132 v1.1.0
iaik.xml.crypto.xades.AttributeCertificateRefsV2	NF	Added support for ETSI_EN_319_132 v1.1.0
iaik.xml.crypto.xades.CertRefsV2	NF	Added support for ETSI_EN_319_132 v1.1.0
iaik.xml.crypto.xades.RefsOnlyTimeStampV2	NF	Added support for ETSI_EN_319_132 v1.1.0
iaik.xml.crypto.xades.SigAndRefsTimeStampV2	NF	Added support for ETSI_EN_319_132 v1.1.0
iaik.xml.crypto.xades.RenewedDigests	NF	Added support for ETSI_EN_319_132 v1.1.0
iaik.xml.crypto.xades.RecomputedDigestValue	NF	Added support for ETSI_EN_319_132 v1.1.0
iaik.xml.crypto.xades.SignaturePolicyStore	NF	Added support for ETSI_EN_319_132 v1.1.0
iaik.xml.crypto.xades.SignedAssertion	NF	Added support for ETSI_EN_319_132 v1.1.0
iaik.xml.crypto.xades.SPDocSpecification	NF	Added support for ETSI_EN_319_132 v1.1.0
iaik.xml.crypto.xades.CounterSignature	NF	Added Id attribute to CounterSignature

For older versions please see the version history included in the IAIK XAdES distribution.

Any questions?

Don‘t hestitate to ask us about our products.