Signed document formats

​The E-Signing service supports SDO and PAdES signature formats to maintain non-repudiation and integrity control of the signed data.

The SDO (Signed Data Object) and PAdES (PDF Advanced Electronic Signatures) document format is described on this page. 

SDO

A digitally signed document is often represented in formats that are challenging to visualize for the customer. Digitally signed documents also require a compilation of data to be able to prove in a future conflict that a specific person actually signed this specific document at a proven time in the past.

The SEID SDO is a XML based data package designed to act as a self-contained validation of one or more digital signatures on one or more documents. The reason for this format is to be able to confirm non-repudiation and integrity of the signed document independent of time. Thus the result of a digital signing process can be packaged into a SEID SDO format to simplify validation, traceability and visualization of the signed document.

The SEID SDO is based upon ETSI TS 101 733 (CAdES) and ETSI 101 903 (XAdES). The SEID SDO format is described here: Kva er SEID-prosjektet​ (in Norwegian only)

A comparable format is PAdES which uses Acrobat reader to visualize the digital signature embedded in a .pdf document. The Nets E-Signing service produces both a SDO and a PAdES file (if requested) as the result of a digital signing process.

The format is structured as an SDOlist with one or more SDOs. Each SDO consist of:

  • One document
  • One or more signatures 
  • One seal 
  • Signing time or validation time

 

 

A seal is an automatic signature over the document and the signatures to maintain package integrity. The sealing is performed by use of a signing certificate that is customer specified. Example of supported certificate types are Norwegian BankID organisation certificate, Danish NemID VOCES and Nets AS Intermediate CA (issued by Nets AS Root CA). For details on supported sealing certificates, use the Contact us form to contact support. Default will be the primary organisation certificate issued to the customer. There is no dedicated fee for use of alternative sealing certificate, but most certificates have a cost for signing and thus the use of sealing certificate may influence the total cost. Note that some SDO receivers may have restrictions on which certificate issuer to use for SDO sealing.

The E-Signing service can also make partial SDO’s available. A Partial SDO is a SDO including only one document and one signer. A partial SDO is generated after each sign process in a sign order. The partial SDO is available using the GetDocuments message.
Nets offers a SDO validator to view and validate SDO’s. Read more about the E-Signing validator.  

PAdES​

 

PAdES  is a standard for signed documents, and the standard is maintained by ETSI (ETSI TS 102 778). Infor-mation about the standard and links to documents may be found at Wikipedia: http://en.wikipedia.org/wiki/PAdES

As a customer of the E-Signing service you may choose to get the signed documents in the PAdES format. E-Signing is using the PAdES-BES standard without the use of signature policy. The signed document are following the LTV-profile (TS 102 778-4) with the use of a TSA service from GlobalSign.

To retrieve the signed documents in accordance with PAdES standard there is two ways to do so in E-Signing. Firstly, you may request the document using the GetPAdES XML message, or secondly request the generation of a signed document based on a SDO using the GeneratePAdES XML message. The retrieval of the document from E-Signing with the GetPAdES message is only available for 90 days after the sign order has been completed.

A PDF signed document from E-Signing may only be generated from a PDF file (and not from a text or XML document signed through E-Signing). When generating the PDF signed document, the E-Signing service is appending the following to the original document:

  • A document reference on each side of the document
  • A last page with the document reference and information about the signer(s) of this particular document.
  • An extract of the signature from each signer (as an “attachment” in the document)

The document is sealed using a certificate issued to Nets Branch Norway from GlobalSign.

The last page is added by Nets may look like this:

PAdES_updated.jpg 

The last page is available in five languages:

  • English (default if no other language are specified)
  • Norwegian
  • Danish
  • Swedish
  • Finnish

The default format for signed documents through E-Signing is still SDO, and this document should always be used in case of conflicts. The signed PDF document (PAdES) only includes extracts of the original signatures and not the entire signature.

Note: The use of this function may have an extra cost. If it is not already priced in your agreement, please contact sales.esecurity@nets.eu to retrieve the price list and an offer.