Long-term Digital Signature: What is it and what are its types?
Digital signature is a set of data that certifies the identity of the person signing, as well as the integrity of the message content, that is, that the message has not been modified or altered. The digital signature has become a common part of our Internet transactions. There are more and more occasions in which we have to use this system in the network, as, for example, when signing a contract, in the electronic invoices or to sign health consents.
When we make a digital signature, it is as if we were signing on a paper. For this reason, just as an endorsement on paper lasts over the time, a digital signature also lasts over the years. Hence, the emergence of the long-term digital signature. A format that companies use to, in case of conflict, have the guarantee of being able to check the validity of the signatures.
In this article we will explain what is the long-term digital signature and the different types that exist.
What is the long-term digital signature?
A long-term digital signature ensures its long-term validity. To achieve this, it incorporates additional information to ensure that the data has not been modified after the signature, checking the status of the certificate when the signature was made, i.e., that it was valid at the time it was signed and guaranteeing non-repudiation (that the issuer cannot deny having signed the document). In addition to this additional information, it also adds a time stamping that ensures the validity of the certificate at the time the signature was made.
The change from a signature to a long-term signature can be made by both the signer and the verifier, because it involves the inclusion of verification elements in the structure of the signatures.
Types of long-term digital signature
There are different types of long-term digital signature. These can be divided into two categories: according to the format and according to the security level.
According to the format, there are three types:
- PAdES: the most common, since the signatures are in PDF format.
- CAdES: this type of format is used for CMS files.
- XAdES: this type is in case of XML documents.
Each of these three formats can be classified into different security levels. According to the European Commission and the European Telecommunications Standards Institute (ETSI), are established four levels:
- Level B: It is short term. It includes information of the certificates that have been used, but it does not guarantee that after a period of time the validity of the certificates can be verified, nor does it guarantee the time at which the signature was made. It is a low level of security.
- Level BT: It is similar to level B, except that it adds the date and time of the moment when the signature was made (time stamping).
- Level B-LT: This security level includes the information of the B and BT levels and adds verification information.
- Nivel B-LTA: It is the most recommended and the most secure signature format, as it includes all the validation and verification information of the document with time stamping.
HSM, key to a secure digital signature
Hardware Security Module (HSM) is a security hardware that is intended for the storage and protection of PKI technology keys through cryptography. It is one of the most reliable technologies in the world of cybersecurity and one of its many uses is the protection of keys and digital certificates.
The long-term digital signature, like the digital signature, includes an HSM. It is essential that digital signatures incorporate this technology, since HSMs improve and extend their security by simplifying the keys of digital signatures and centralizing all digital certificates, thus providing greater control over them and achieving a high level of protection and security in the keys by means of a cryptoprocessor.
HSMs are one of the best alternatives to manage and protect our digital certificates. At REALSEC by Utimaco, we develop encryption and digital signature solutions and for this we have the best Hardware Security Module, with high performance and security, designed to encrypt our data regardless of what operating system is being used.