AdES Signer

ENTERPRISE

The signer has the fully qualified class name: org.signserver.module.ades.signer.AdESSigner.

Overview

The AdES signer signs PDF and XML documents, as well as CMS signatures of arbitrary data using ETSI formats for advanced electronic signatures (AdES).

The most common electronic signatures formats used within the European Union are XML Advanced Electronic Signatures (XAdES) and PDF Advanced Electronic Signatures (PAdES). The European Telecommunications Standards Institute (ETSI) creates and maintains a set of technical standards for electronic signatures that support the eIDAS legal framework.

As of version 5.7, SignServer supports Baseline Signature Levels for XAdES (as defined in ETSI EN 319 132) and PAdES (as defined in ETSI EN 319 142). The signature formats fulfill the requirements for Advanced Electronic Signatures as per the EU eIDAS regulation.

Signature Levels

The following list the signature levels:

Baseline-B: Basic Electronic Signature. The most simplistic version includes the document signature.
Baseline-T: Signature with a time-stamp. A time-stamp regarding the time of signing is also added.
Baseline-LT: Signature with Long Term Data. Certificates and revocation data are embedded to allow verification in the future even if their original source is not available.
Baseline-LTA: Signature with Long Term Data and Archive time-stamp. Adds an additional time-stamp and is suited for long-term archiving of documents.

Available Properties

Required Property	Default	Description
SIGNATURE_LEVEL	None	Specifies the signature level to use. Required. The supported values are: BASELINE-B BASELINE-T BASELINE-LT BASELINE-LTA
Properties	Default	Description
ACCEPTED_HASH_DIGEST_ALGORITHMS	None	Comma-separated list of accepted hash digest algorithms. When a request is consisting of a pre-computed hash, the requested digest algorithm must be among the values specified in this property. The property does not have a default value, and must be specified if client-side hashing is set as the default, or if overriding via the request is allowed.
ADD_CONTENT_TIMESTAMP	False	(Optional) Setting if a time-stamp over the content should be included. Note that this is different from the signature time-stamp added as part of BASELINE-T and higher levels.
ADD_VISIBLE_SIGNATURE	None	Enables adding a visible signature for PDF signing.
ALLOW_PROPERTY_OVERRIDE	Not set (no properties are allowed to be overridden).	Comma-separated list of worker properties that are allowed to be overridden by request metadata properties with the same names. See AdES Signer#Request Metadata Properties for a list of properties that can be added to this property.
CLIENTSIDEHASHING	False	Property specifying if the request data should be considered to be a pre-computed (by the requesting client) hash. If this is set to to true, `ACCEPTED_HASH_DIGEST_ALGORITHMS` must be defined. This is currently only supported when `SIGNATURE_FORMAT` is CAdES.
DIGESTALGORITHM	SHA256	(Optional) Algorithm for the digest of the binary. Only one of `SIGNATUREALGORITHM` and `DIGESTALGORITHM` can be specified at the same time.
EXTEND_VALIDITY	False	(Optional) When set to true and the signature level is BASELINE-LTA, the validity of a document is extended if it was already signed (at any level) with an up-to-date archive timestamp. This can be set to true or false. True is only supported when `SIGNATURE_LEVEL` is BASELINE-LTA.
FIXED_SIGNATURE_SIZE	Not set	This property sets a fixed size for the signature space within the PDF and disables the signature size estimation in the first try. This property is only supported with PAdES. If the signature format is PAdES and the `FIXED_SIGNATURE_SIZE` is not set (or equal to zero), the PKCS#7 signature size is estimated. Signature Size Estimation and Retry Algorithm The first estimated value is calculated as the sum of: Certificate chain size 2000 for PKCS#7 structure + hash 8192 for OCSP 8192 for CRLs size 4096 for TSC Then if signing the certificate fails due to that, the signature became larger than the estimated size, the signer will retry using the actual signature size plus a 1024 bytes margin. The retry can happen up to 3 times before it gives up.
REVOCATION_DATA_LOADING_STRATEGY	OCSP	Property specifying what revocation data loading strategy to use, meaning that one can choose if OCSP or CRL should be the prioritized mechanism to retrieve revocation data. If the prioritized mechanism fails, we will fall back to latter mechanism. Supported values: OCSP (Default) CRL
SIGNATUREALGORITHM	Depends on signing key	(Optional) Specifies the signature algorithm. The default value depends on the signing key: SHA256withRSA SHA256withDSA SHA256withECDSA Only one of `SIGNATUREALGORITHM` and `DIGESTALGORITHM` can be specified at the same time. When using client-side hashing, the signature algorithm depends on the digest algorithm of the supplied pre-hashed content. For example, if the configured signature algorithm is SHA256withRSAandMGF1 and the client supplies a SHA-384 pre-hashed content to be signed, the resulting signature algorithm in the signature would be SHA384withRSAandMGF1.
SIGNATURE_FORMAT	None	Specifies the signature formats to use. Supported formats: PAdES XAdES CAdES
SIGNATURE_PACKAGING	None	This property is used and valid when `SIGNATURE_FORMAT = XAdES`, or `SIGNATURE_FORMAT = CAdES`. This property is not supported with PAdES. Supported values: ENVELOPED: When the signature applies to data that surrounds the rest of the document (only supported for XAdES). ENVELOPING: When the signed data form a sub-element of the signature itself: Base64 encoded binaries. Embed XML object(s). Embed Manifest object(s). DETACHED: When the signature relates to the external resource(s) separated from it. INTERNALLY_DETACHED: When the signature and the related signed data are both included in a parent element (only XML) (only supported for XAdES).
TRUSTANCHORS	None	(Optional) Additional trusted certificates in PEM format. When the certificates, revocation data, time-stamp tokens, and so on, are verified as part of signing, certificates not chaining up to the same root CA need to have the root certificate added to this property. If the root certificate is not added, the signing could fail with a processing failure message and the logs show that "revocation data is missing". This especially needs to be done when using a TSA with a signer certificate issued by another root then what this signer is using at LT or higher level and also for cases (at LT level) when the input document already contains signatures (or time-stamps) using a different root.
TSA_DIGESTALGORITHM	SHA-256	(Optional) Algorithm for time-stamp digests.
TSA_PASSWORD	None	Login password used if the TSA uses HTTP Basic Auth. Required if `TSA_USERNAME` is specified.
TSA_USERNAME	None	(Optional) Login username used if the TSA uses HTTP Basic Auth.
TSA_URL	None	(Optional) URL of external time-stamp authority. This property cannot be combined with `TSA_WORKER`. This or `TSA_WORKER` must be set when `SIGNATURE_LEVEL` is set to BASELINE-T (or higher).
TSA_WORKER		(Optional) Worker ID or name of internal time-stamp signer in the same SignServer instance. Default: none. This property cannot be combined with `TSA_URL`. This or `TSA_URL` must be set when `SIGNATURE_LEVEL` is set to BASELINE-T (or higher).
VISIBLE_SIGNATURE_CONTENT_TYPE	None	Content-type of the Base64 image. For example, image/png.
VISIBLE_SIGNATURE_CUSTOM_IMAGE_RESIZE_TO_RECTANGLE	True	If you want the custom image to be resized to a specified rectangle (set by `VISIBLE_SIGNATURE_RECTANGLE_LLX`, `VISIBLE_SIGNATURE_RECTANGLE_LLY`, `VISIBLE_SIGNATURE_RECTANGLE_URX`, and `VISIBLE_SIGNATURE_RECTANGLE_URY`), then set to true. If set to true, the image might look different than the original (as an effect of resizing). If set to false, the rectangle drawn is resized to the specified image's sizes. If set to false, the llx and lly coordinates specified by the `VISIBLE_SIGNATURE_RECTANGLE_LLX` and `VISIBLE_SIGNATURE_RECTANGLE_LLY` properties are used for drawing the rectangle (urx and ury will be calculated from the specified image size). This property is ignored if `ADD_VISIBLE_SIGNATURE` is set to false, or if the custom image to use is not specified.
VISIBLE_SIGNATURE_IMAGE_BASE64	None	The image to use in the visible signature in Base64 format.
VISIBLE_SIGNATURE_IMAGE_PATH	None	The path to the image for the visible signature. In order to use the `VISIBLE_SIGNATURE_IMAGE_PATH`, ensure that the paths to the folders containing the images to be used are on the allowlist. For more information, see Deploy-time Configuration.
VISIBLE_SIGNATURE_NAME	None	Sets the visible signature in the existing empty signature filed with this name.
VISIBLE_SIGNATURE_PAGE	None	Sets a page number where the signature field should be placed. The counting starts from 1 (one) for the first page of the document.
VISIBLE_SIGNATURE_RECTANGLE_LLX	None	Sets an upper-left X coordinate of the visible signature field.
VISIBLE_SIGNATURE_RECTANGLE_LLY	None	Sets an upper-left Y coordinate of the visible signature field.
VISIBLE_SIGNATURE_RECTANGLE_URX	None	Sets the width of the visible signature field.
VISIBLE_SIGNATURE_RECTANGLE_URY	None	Sets the height of the visible signature field.

Request Metadata Properties

The following properties can be sent by the client with the request:

Property	Description
ADD_VISIBLE_SIGNATURE	Overrides the worker property with the same name. Only allowed if listed in `ALLOW_PROPERTY_OVERRIDE`.
CLIENTSIDE_HASHDIGESTALGORITHM	The hash digest algorithm of the pre-computed hash.
USING_CLIENTSUPPLIED_HASH	If this property is set and defined as true, treat the request data as a pre-computed hash. This requires the `CLIENTSIDE_HASHDIGESTALGORITHM` meta data property to be set and is only allowed if either the signer is configured by default to assume client-side hashing, or if overriding is allowed. This only supported when `SIGNATURE_FORMAT` is CAdES.
VISIBLE_SIGNATURE_CONTENT_TYPE	Overrides the worker property with the same name. Only allowed if listed in `ALLOW_PROPERTY_OVERRIDE`.
VISIBLE_SIGNATURE_IMAGE_BASE64	Overrides the worker property with the same name. Only allowed if listed in `ALLOW_PROPERTY_OVERRIDE`.
VISIBLE_SIGNATURE_NAME	Overrides the worker property with the same name. Only allowed if listed in `ALLOW_PROPERTY_OVERRIDE`.
VISIBLE_SIGNATURE_PAGE	Overrides the worker property with the same name. Only allowed if listed in `ALLOW_PROPERTY_OVERRIDE`.
VISIBLE_SIGNATURE_RECTANGLE_LLX	Overrides the worker property with the same name. Only allowed if listed in `ALLOW_PROPERTY_OVERRIDE`.
VISIBLE_SIGNATURE_RECTANGLE_LLY	Overrides the worker property with the same name. Only allowed if listed in `ALLOW_PROPERTY_OVERRIDE`.
VISIBLE_SIGNATURE_RECTANGLE_URX	Overrides the worker property with the same name. Only allowed if listed in `ALLOW_PROPERTY_OVERRIDE`.
VISIBLE_SIGNATURE_RECTANGLE_URY	Overrides the worker property with the same name. Only allowed if listed in `ALLOW_PROPERTY_OVERRIDE`.
VISIBLE_SIGNATURE_CUSTOM_IMAGE_RESIZE_TO_RECTANGLE	Overrides the worker property with the same name. Only allowed if listed in `ALLOW_PROPERTY_OVERRIDE`.