Is there any reason to use CAdES over XAdES for advanced electronic signatures?
Asked Answered
S

2

7

I haven't been able to find any reason of why should anyone prefer to implement a CAdES oriented electronic signature software solution over a XAdES oriented one.

There are a lot more open libraries and implementation cases and examples of XAdES on the internet, but still, I don't believe that is the reason why people decide on using XAdES over CAdES.

Is it because XAdES is XML oriented and software developers tend to love anything XML related? Is there any scenario where CAdES is just outright the best option to use over XAdES?

For reference:

  • CAdES is CMS/PKCS#7 in advanced form (supports timestamping)
  • XAdES is XML-DSig in advanced form (supports timestamping)
Snowblink answered 18/6, 2011 at 20:8 Comment(0)
S
9

One advantage of CAdES is that it generally causes less interoperability problems because the XML-DSig standard allows many options including XSLT, XPointer Framework, XML canonicalization and more. CAdES would be less demanding if only dealing with strictly DER-encoded signatures (The picture changes once you need to deal with BER encodings).

CAdES outperforms XAdES in scenarios where producing "attached" signatures on large data chunks is necessary (You want the result to be one single chunk of data that contains both the original data and the signature). The equivalent of an attached CAdES signature (The original input data is stored in the EncapContentInfo element of the CMS structure) is an Enveloping Signature. If you are required to produce such a kind of signature there is a high probability that you will run into problems when dealing with large input data if your XAdES implementation is DOM-based (those I know of are) - your machine will eventually run out of memory.

Performance would be another argument where CAdES is favoured. The message digest computation of CAdES is typically done directly on the raw bytes of the input data, XML signatures that are computed on XML documents involve a lot of overhead such as evaluation of XPath expressions, XSLT transforms, Base64 en-/decoding and Canonicalization, and potentially several Transform elements.

If you are building an archiving system for long-term validation of signatures where a lot of signatures are stored, CAdES is the preferred format due to its compactness in comparison to the textual XAdES format.

Surratt answered 4/7, 2011 at 23:55 Comment(1)
Thank you for your great answer! We are going to investigate more on the different scenarios you mention.Snowblink
B
5

CAdES over XAdES:

  • Less options to implement
  • (Way) Easier to verify
  • Works with any sort of data, including XML
  • Easier for ASiC
  • Windows API more robust to build it
  • No need for complex canonicalizations
  • Can be used with S/MIME
  • Allows multiple signatures
  • It is used in PAdES
  • Faster

XAdES over CAdES:

  • Signed XML files can still be read by encryption-unaware applications
  • Multiple elements can be signed with one pass
  • You do not need an ASN.1 compiler

The only reason I would use XAdES is the first one, personal opinion. But then, an unaware application might modify the file, rendering the signature invalid. Also, using the *AdES types means that you want to be compatible with the EU regulations and, this usually means PDF documents signed with PAdES. When you simply want to sign an e-mail, CAdES is not very much useful as it is not validated by most S/MIME clients. The AdES stuff is european laws, so not so many US apps are aware of it.

Also, these forms are not just the old ones with timestamps, there are a lot of addons. See https://www.w3.org/TR/XAdES/ and https://www.secureblackbox.com/kb/articles/8-CAdES.rst.

I have also implemented them in C++ for Windows, check here and here for my complete toolset.

Befoul answered 9/9, 2018 at 20:47 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.