Bringing JSON signatures to ETSI AdES framework: Meet JAdES signatures

Abstract

This paper proposes a set of JSON signed and unsigned attributes which, if incorporated into a JSON signature, will convert it in a digital signature (JAdES) with identical capabilities (for instance, feasibility of validating them long after their generation, even after the signing certificate has expired, or has been revoked) as the digital signatures in ETSI AdES family, namely CAdES, PAdES, and XAdES.The paper also proposes two different mechanisms for incorporating the aforementioned attributes into a JWS signature (i.e. building a JAdES signature on JWS), with special emphasis in the computation and checking of archive time-stamps (i.e. time-stamp tokens that assure integrity and time of existence of all the contents of the digital signature).Finally, the paper summarizes the results obtained by a program developed to ascertain the correctness of the technical approaches taken, and that served as proof of concept.This paper has served as the starting point for building a formal proposal for producing an ETSI (European Telecommunications Standards Institute) Technical Specification (ETSI TS) to ETSI Electronic Signatures and Infrastructure (ESI) Technical Committee, responsible, within ETSI, of developing European Standards for digital signatures and public key infrastructure in general, and of the standardization of AdES digital signatures family in particular.