TB SiteMapbreadcrumb separatorESIbreadcrumb separatorESI Activities

Electronic Signatures and Trust Infrastructures Activities

Introduction

TC ESI is responsible for Electronic Signatures and Trust Infrastructures standardization within ETSI. TC ESI works in collaboration with CEN TC 224 to provide standards for digital signatures. A stakeholders' mailing list has been set up to provide regular news and updates on the progress of the execution of the mandate: Subscribe to the E-SIGNATURES_NEWS mailing list. Some draft deliverables are openly available (Draft deliverables) with specific periods for public review notified on the E-SIGNATURES_NEWS mailing list. TC ESI deliverables aim at supporting Regulation (EU) No 910/2014 as well as supporting the general requirements of the international community to provide trust and confidence in electronic transactions.

Recent Major Developments

ETSI has established a specialist task force (STF 645) to investigate requirements for Next Generation e-Delivery based on emerging technologies development and develop a new standards framework for registered e-Delivery and registered e-Mail. For more details see: https://portal.etsi.org/XTFs/#/xTF/645.

Current Work Items

A list activities to update existing standards and develop new standards can be found here.

Standards Framework

All standards listed below are the ones developed by TC ESI since 2015 within the standards framework. The full set of published deliverables including old ones can be found here

Introductory deliverables

Link to all published introductory deliverables

TR 119 000 "The framework for standardization of signatures: overview" 
This TR is the entry point for the standards related to digital signatures. It describes the general structure for digital signature standardization and outlines existing and potential standards for such signatures.

TR 119 001 Definitions and abbreviations

Trust Service Providers General and Supporting Digital Signatures

Link to all published Trust Service Providers deliverables

More information on Certification Authorities (CAs) and other Trust Service Providers (TSPs) can be found on the TSP page.

  • TR 103 684: Global Acceptance of EU Trust Services
  • TR 119 400: Guidance on the use of standards for trust service providers supporting digital signatures and related services
  • EN 319 403-1: Requirements for conformity assessment bodies assessing Trust Service Providers
  • TS 119 403-2:Trust Service Provider Conformity Assessment;Part 2: Additional requirements for Conformity Assessment Bodies auditing Trust Service Providers that issue Publicly-Trusted Certificates
  • TS 119 403-3:Trust Service Provider Conformity Assessment;Part 3: Requirements for Conformity Assessment Bodies assessing QTSP against eIDAS
  • EN 319 401: General Policy Requirements for Trust Service Providers
  • TR 119 404: NIS2 and its impact on eIDAS standards
  • x19 411: Policy and security requirements for Trust Service Providers issuing certificates
    • EN 319 411-1: General requirements
    • EN 319 411-2: Requirements for trust service providers issuing EU qualified certificates
    • TR 119 411-4: Checklist supporting audit of TSP against ETSI EN 319 411-1 or ETSI EN 319 411-2
    • TR 119 411-5: Guidelines for the coexistence of web browser and EU trust controls
    • TS 119 411-6: Requirements for Trust Service Providers issuing publicly trusted S/MIME certificates
  • EN 319 421: Policy and Security Requirements for Trust Service Providers issuing Electronic Time-Stamps
  • TS 119 441: Policy requirements for TSP providing signature validation services
  • TS 119 431-1: Policy and security requirements for trust service providers; Part 1: TSP service components operating a remote QSCD/SCDev (remote signing)
  • TS 119 431-2: Policy and security requirements for trust service providers; Part 2: TSP service components supporting AdES digital signature creation (remote signing)
  • EN 319 412 & TS 119 412 Certificate Profiles (EN 319 412 and TS 119 412 are the same deliverables, but sometimes published as EN, sometimes published as TS to quickly include new features or corrections before a new EN is progressed)
    • Part 1: Overview and common data structures
    • Part 2: Certificate profile for certificates issued to natural persons
    • Part 3: Certificate profile for certificates issued to legal persons
    • Part 4: Certificate profile for web site certificates issued to organisations
    • Part 5: QCStatements
  • EN 319 422: Time-stamping protocol and electronic time-stamp profiles
  • TS 119 432: Protocols for remote digital signature creation
  • TS 119 442: Protocol profiles for trust service providers providing AdES digital signature validation services
  • TR 119 460: Survey of technologies and regulatory requirements for identity proofing for trust service subjects
  • TS 119 461: Policy and security requirements for trust service components

Open Banking including Payment Services Directive (PSD2)

TS 119 495: Certificate Profiles and TSP Policy Requirements for Open Banking


Signature Creation and Validation

Link to all published Signature Creation and Validation deliverables

  • TR 119 100: Guidance on the use of standards for signatures creation and validation
  • TS 119 101: Policy and security requirements for applications for signature creation and signature validation

Technical requirements

  • EN 319 102-1 & TS 119 102-1: Procedures for Creation and Validation of AdES Digital Signatures; Part 1: Creation and Validation
  • TS 119 102-2: Procedures for Creation and Validation of AdES Digital Signatures; Part 2: Signature Validation Report
  • TS 119 112: Most significant differences between AdES/ASiC ENs and previous TSs
  • EN 319 122-1: CAdES digital signatures; Part 1: Building blocks and CAdES baseline signatures
  • EN 319 122-2: CAdES digital signatures; Part 2: Extended CAdES signatures
  • TS 119 122-3: CAdES digital signatures; Part 3: Incorporation of Evidence Record Syntax (ERS) in CAdES
  • EN 319 132-1: XAdES digital signatures; Part 1: Building blocks and XAdES baseline signatures
  • EN 319 132-2: XAdES digital signatures; Part 2: Extended XAdES signatures
  • TS 119 132-3: XAdES digital signatures; Part 3: Incorporation of Evidence Record Syntax (ERS) mechanisms in XAdES  
  • EN 319 142-1: AdES digital signatures; Part 1: Building blocks and PAdES baseline signatures
  • EN 319 142-2: PAdES digital signatures; Part 2: Additional PAdES signatures profiles
  • TS 119 142-3: PAdES digital signatures; Part 3: PAdES Document Time-stamp digital signatures (PAdES-DTS)
  • EN 319 162-1: Associated Signature Containers (ASiC); Part 1: Building blocks and ASiC baseline containers
  • EN 319 162-2: Associated Signature Containers (ASiC); Part 2: Additional ASiC containers
  • TS 119 172-1: Signature policies; Part 1: Building blocks and table of contents for human readable signature policy documents 
  • TS 119 182-1: JAdES digital signatures; Part 1: Building blocks and JAdES baseline signatures  
  • Ongoing work:
    • TS 119 172-2 Signature Policies; Part 2: XML format for signature policies
    • TS 119 172-3 Signature Policies; Part 3: ASN.1 format for signature policies
    • TS 119 172-4  Signature policies; Part 4: Signature applicability rules (validation policy) for European qualified electronic signatures/seals using trusted lists

Test specifications

  • TR 119 124-1: CAdES digital signatures Testing; Part 1: Overview
  • TS 119 124-2: CAdES digital signatures Testing; Part 2: Test suites for testing interoperability of CAdES baseline signatures
  • TS 119 124-3: CAdES digital signatures Testing; Part 3: Test suites for testing interoperability of extended CAdES signatures
  • TS 119 124-4: CAdES digital signatures Testing; Part 4: Testing conformance of CAdES baseline signatures
  • TS 119 124-5: CAdES digital signatures Testing; Part 5: Testing conformance of extended CAdES signatures
  • TR 119 134-1: XAdES digital signatures Testing; Part 1: Overview
  • TS 119 134-2: XAdES digital signatures Testing; Part 2: Test suites for testing interoperability of XAdES baseline signatures
  • TS 119 134-3: XAdES digital signatures Testing; Part 3: Test suites for testing interoperability of extended XAdES signatures
  • TS 119 134-4: XAdES digital signatures Testing; Part 4: Testing Conformance of XAdES baseline signatures
  • TS 119 134-5: XAdES digital signatures Testing; Part 5: Testing Conformance of extended XAdES signatures
  • TR 119 144-1: PAdES digital signatures Testing; Part 1: Overview
  • TS 119 144-2: PAdES digital signatures Testing; Part 2: Test suites for testing interoperability of PAdES baseline signatures
  • TS 119 144-3: PAdES digital signatures Testing; Part 3: Test suites for testing interoperability of additional PAdES signatures
  • TS 119 144-4: PAdES digital signatures Testing; Part 4: Testing Conformance of PAdES baseline signatures
  • TS 119 144-5: PAdES digital signatures Testing; Part 5: Testing Conformance of additional PAdES signatures
  • TR 119 164-1: ASiC containers Testing; Part 1: Overview
  • TS 119 164-2: ASiC containers Testing; Part 2: Test suites for testing interoperability of ASiC baseline containers
  • TS 119 164-3: ASiC containers Testing; Part 3: Test suites for testing interoperability of ASiC containers other than baseline
  • TS 119 164-4: ASiC containers Testing; Part 4: Testing Conformance of ASiC baseline containers
  • TS 119 164-5: ASiC containers Testing; Part 5: Testing Conformance of additional ASiC containers
  • 119 192: AdES related Uniform Resource Identifier

Tools implementing the above conformance test specifications have been developed and are accessible as Signatures conformance checkers

Signature creation and other related devices

This area is under the responsibility of CEN TC 224

CEN/TC 224/WG 16 -  Application Interface for smart cards used as Secure Signature Creation Devices

CEN/TC 224/WG 17 -  Protection Profiles in the context of SSCD

Cryptographic Suites

Link to all Cryptographic Suites deliverables

  • TR 119 300: Business guidance on cryptographic suites
  • TS 119 312: Cryptographic Suites

Trust Application Service Providers

Link to all published eDelivery and Preservation deliverables

Preservation

  • SR 019510: Scoping study and framework for standardization of long-term data preservation services, including preservation of/with digital signatures
  • TS 119 511: Policy & security requirements for trust service providers providing long-term preservation of digital signatures or unsigned data using signature techniques
  • TS 119 512: Protocols for trust service providers providing long-term preservation of digital signatures or unsigned data using signature techniques

eDelivery

  • EN 319 521: Policy and Security Requirements for Electronic Registered Delivery Service Providers
  • EN 319 531: Policy and Security Requirements for Electronic Registered Electronic Mail Service Providers
  • EN 319 522 Electronic Registered Delivery Services
    • Part 1: Framework and Architecture
    • Part 2: Semantic Contents
    • Part 3: Formats
    • Part 4: Bindings
      • 319 522-4-1: message delivery binding
      • 319 522-4-2: evidence and identification binding
      • 319 522-4-3: capability/requirements binding
  • EN 319 532 Registered Electronic Mail (REM) Services
    • Part 1: Framework and Architecture
    • Part 2: Semantic Contents
    • Part 3: Formats
    • Part 4: Interoperability profiles

Test specifications

  • TS 119 524: Testing conformance and interoperability of electronic registered delivery services
    • Part 1: Testing conformance
    • Part 2: Test suites for interoperability testing of electronic registered delivery service providers
  • TS 119 534: Testing conformance and interoperability of registered electronic mail services
    • Part 1: Testing conformance
    • Part 2: Test suites for interoperability testing of providers using same format and transport protocols

Trust Service Status Lists Providers

Link to published Trust Service Status Lists Providers deliverables

  • TR 119 600: Business guidance for trust service status lists providers
  • TS 119 612:Trusted Lists
  • TS 119 614-1: Specifications for testing conformance of XML representation of Trusted Lists
  • TS 119 615 Procedures for using and interpreting European Union Member States national trusted lists

 

ISO Standards Relating to ETSI Standards

The following ISO standards have aspects which overlap with ETSI standards as indicated below.  Conformance to the ETSI standard does not necessarily imply conformance to the listed ISO/ITU standard  but they are taken into account by ETSI.

TSI ESI  standard ISO / ITU-T standard Title / Topic
TSP issuing certificates policy requirements and conformity assessment (e.g. EN 319 401, EN 319 411-1 & 2, EN 319 412-x, EN 319 403) ISO/IEC 27099:2022 PKI - Practices and Policy framework

ISO/IEC TR 14516:2002 / ITU-T X.842:2000  Guidelines for the use and management of trusted third party services

ISO/IEC 15945:2002 / ITU-T X.843 Specification of TTP services to support the application of digital signatures
TS 119 461 ISO/IEC TS 29003:2018 Identity proofing
  ISO 21188: 2018 PKI for financial services — Practices and policy framework
  ISO 15782-1 Certificate management for financial services — Part 1: Public key certificates
  ISO 17090-1:2013 Health Informatics - Part 1: overview of certificate services
  ISO 17090-2:2015 Health Informatics - Part 2: Certificate profile
  ISO 17090-3:2008 Health Informatics - Part 3: Policy Management of CA
  ISO 17090-4:2014 Health Informatics - Part 4: Digital Signatures for healthcare documents 
  ISO 17090-5: 2017 Health Informatics - Part 5: Authentication using Healthcare PKI credentials
  ISO/IEC 9594-8, ITU-T X.509 The Directory: Public-key and attribute certificate frameworks
PAdES  ISO 32000-1:2008 Portable document format — Part 1: PDF 1.7
  Portable document format — Part 2: PDF 2.0
ISO 32000-2:2017  
CAdES  ISO 14533-1 (upd. in progress) Long term signature profiles — Part 1: Long term signature profiles for CMS Advanced Electronic Signatures (CAdES)
XAdES  ISO 14533-2 (upd. in progress) Long term signature profiles — Part 2: Long term signature profiles for XML Advanced Electronic Signatures (XAdES)
ASiC  ISO/IEC 21320-1:2015 Document Container File — Part 1: Core


PlugtestsTM and signatures conformance checkers


Signatures conformance checkers: ETSI Centre for Testing and Interoperability (CTI) provides a free online tool that performs numerous checks in order to verify the conformance of the ETSI AdES Digital Signatures (CAdES, XAdES, PAdES, and ASiC).

For additional information, please contact esisupport@etsi.org

Useful links:

Training on major ESI specifications: Link to the webinar video