Difference Between Pdf, Xml And Pkcs#7 Digital SignaturesIntroductionDigital signatures have been around for many years and are used to provide integrity, authentication and non-repudiation. Although the basic concept of digital signature i.e. hash the data and then encrypt it remains in use but different standards have emerged to meet real world problems having the core concept of digital signature. These real world problems involve following situations:
As the need of such documents arrive hence the need to secure them and thus different standards have evolved to safeguard the contents of these documents. Here we are not talking about safeguarding from hackers so that they can't view it rather safeguarding from the following threats:
PDF Digital Signature A PDF document is a mixture of binary and human readable data i.e. text, images, videos etc. These documents can be viewed using Adobe Acrobat Reader or other popular PDF rendering software. You can create visible digital signature which can show user hand signature, company logo OR invisible signature. You can create approval signature as well as certified signature.
Certified Signature allows further restrictions to be applied on the document like after the certified signature no further modifications can be made or only form filling can be done or form filling/annotation can be added. Other quickly emerging standards are PAdES in the PDF domain. Get a sample digitally signed PDF from here .PDF supports serial signatures which mean each signature comprises of the previous signature as well. Similarly you can create basic PDF digital signature OR advanced PDF digital signature which contains both the signer's revocation information (CRL/OCSP) and/or the cryptographic timestamp. How to create PDF Digital Signature? To digital sign a PDF document one can use any off the shelf software like shelf software like PDF Sign & Seal which makes PDF Digital Signature creation very simple or Adobe Acrobat. If you need an API then you can use iText or some commercial enterprise wide solution like ADSS Server . If you are looking for cloud based solution accessible from anywhere with zero management hassle then use SigningHub. The Digital Signature is applied on the contents of the complete document.
If you are looking for software which can do a basic digital signature then you can also use Nitro PDF or Foxit PDF but if you are looking for both basic and advanced digital signatures then you can rely on PDF Sign & Seal or Adobe Acrobat Professional (this is bit expensive then PDF Sign & Seal). How to create XML Digital Signature? XML Signatures are important to allow business application to trust intercommunication or intra-communication information sent in XML format. Other concerning standards are XAdES2-BES, XAdES-EPES, XAdES-T, XAdES-C, XAdES-X (Type 2), XAdES-X-L, XAdES-A. To learn more about the standard click here . A basic XML signature comprises of Reference hashes (these are hash of XML data residing either inside the XML or external), Signer information (public key, signing certificate etc.) and Digital Signature.
There are three types of XML signature, one is called enveloping where the above XML signature structure encapsulates the digitally signed XML. The other is called enveloped where the above XML digital signature structure resides inside the being signed XML. The third type is called detached where the being signed XML is present externally to the XML digital signature. You can use .Net or Java which have built in support for XML signature. If you need an enterprise off the shelf solution which can integrate with your business application then you can use ADSS Signing Server. If you are looking for an open source solution then you can use SignServer. How to create PKCS#7 Digital Signature?Before the advent of XML PKCS#7 based digital signatures were prevalent. PKCS#7 allows any type of data (binary etc.) to be digitally signed not like XML digital signature where the content to be signed has to be an XML structure. There are two types of PKCS#7 digital signatures, one is called enveloped (similar concept like in XML digital signature) and the other is called detached. Another term used interchangeably is called CMS. Although there are minor technical differences between a PKCS#7 and CMS but these are fairly the same. PDF digital signature internally uses a PKCS#7/CMS to store the digital signature.
A PKCS#7 digital signature consists of the content type, content data, digital signature and signer information. This information is represented in an ASN.1 structure. Similar like XML, one can create a basic PKCS#7/CMS structure and also an advanced. Other related standards are: CMS/PKCS#7/ and S/MIME, CAdES3-BES, CAdES-EPES, CAdES-T, CAdES-C, CAdES-X-L, CAdES-A. You can use .Net or Java via Bouncy Castle which has built in support for CMS signature. If you need an enterprise off the shelf solution which can integrate with your business application then you can use ADSS Signing Server which is a great XML Signing software. If you are looking for an open source solution then you can use SignServer. Off the Shelf Software - Signature format support | ||||
| |||||||||
|
