EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Producing Adobe "CAdES-Equivalent" format

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
#17100
Posted: 07/21/2011 09:46:29
by Richard Holliday (Standard support level)
Joined: 07/21/2011
Posts: 3

Is it possible to recreate the "CAdES-Equivalent" PDF signature format found in the Advanced Preferences of Adobe Acrobat (versions 9.1 and above)?

People on their forums are being advised to enable this option to meet the PAdES standard, so I'm wondering if the "equivalent" part indicates a mixture of these standards.

Can you advise on what options I would need to set in SecureBlackbox in order to produce PDFs that meet "CAdES-Equivalent"?

Also, are you aware of any testing / analysis tools that can be applied to a PDF document that report on whether the CAdES / PAdES standard has been fully met? Acrobat is a bit woolly in this regard.

Kind Regards
Rich H
#17102
Posted: 07/21/2011 10:17:19
by Ken Ivanov (EldoS Corp.)

Thank you for contacting us.

As far as we are aware, the "CAdES-equivalent" option just brings Adobe Acrobat to PAdES mode. Indeed, CAdES and PAdES are different standards, so the term does not appear to be accurate enough. CAdES and PAdES in fact share certain security techniques, but they are common to all *AdES standards.

SecureBlackbox includes a TElPDFAdvancedPublicKeySecurityHandler that implements PAdES support. You can use this component to create and/or process signatures compatible with the ones handled by Adobe Acrobat brought to "CAdES-equivalent" mode.

Quote
Also, are you aware of any testing / analysis tools that can be applied to a PDF document that report on whether the CAdES / PAdES standard has been fully met?

Unfortunately, we are not aware of such tools. However, one thing should be noted here. PAdES is not a "strict" standard in some sense. In many cases the question that should be asked is not about compliance to *PAdES* standard, but about a compliance to certain outer *requirements* - e.g. requirements set on a signature policy, on algorithms and key lengths, on validation information to be included to the signature etc.

A small example: PAdES declares two signature subtypes: PAdES-Basic and PAdES-LTV. According to PAdES standard, signatures of both of these types will be valid PAdES signatures. However, the (outer) policy may enforce regulations to always require LTV signatures with complete validation information included. In this case neither PAdES-Basic signatures nor even PAdES-LTV signatures with incomplete validation information will be accepted by the processor.

Reply

Statistics

Topic viewed 1572 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!