IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [eidas]

eIDAS is an EU regulation concerning electronic identification. Its formal name is "Regulation (EU) N°910/2014 on electronic identification and trust services for electronic transactions in the internal market".

14 questions
4
votes
0 answers

What is the difference between PKCS#7 and CADES, PADES and XADES?

I am newbie in PKI. For signing a pdf documents we are free to consider each pkcs#7 format or PADES format. If I have some misunderstandings, please turn it on for me.
rashid
  • 41
  • 3
4
votes
1 answer

Is HelloSign actually compliant with EU Regulation 910/2014 (eIDAS)?

EDIT I added the full replies I got from HelloSign. These may perhaps help someone more expert than I am to determine if they actually provide an AdES signature. Please note that I also asked questions regarding private certificates that as far as I…
dtatti
  • 41
  • 4
2
votes
2 answers

How to validate that a EU List of Trusted Lists is authentic?

In order to validate if a trust service is qualified, one should search for the public key in a member state trusted list (TL). In order to validate if a member state TL is authentic, one should search for the public key that signed the member state…
Victor
  • 373
  • 1
  • 10
2
votes
1 answer

Does the ECDSA signature value (of an OCSP response) need to be DER encoded

In OCSP responses by a certain eIDAS PKI I every once in a while get signature values which, when unpacked from their BIT STRING, contain an ECDSA signature whose INTEGER constituents have an unnecessary leading 00 byte and, therefore, are not DER…
mkl
  • 1,038
  • 2
  • 11
  • 16
1
vote
0 answers

Are there any options for Root CA eIDAS compliant HSMs?

Building the eIDAS compliant certification authority in hierarchy, meaning that the Root CA will issue Subordinate CAs. Root CA will be offline almost whole year and Subordinate CA is online providing services to relying parties. I am trying for a…
user1563721
  • 1,099
  • 11
  • 22
1
vote
1 answer

QES AdESQC TL based Signature Validation Policy

Reading the ETSI EN 319 102-1 V1.1.1 (2016-05) Electronic Signatures and Infrastructures (ESI); Procedures for Creation and Validation of AdES Digital Signatures; Part 1: Creation and Validation. The signature validation procedures and requirements…
user1563721
  • 1,099
  • 11
  • 22
1
vote
0 answers

Certificate generation using Advanced Electronic Signature (AdES)

For a mobile application I would like to be so compliant as possible with the AdES standard. The mobile application will perform operations on behalf of the user, signing them first. A backend service will verify the signature and proceed with the…
crom87
  • 143
  • 3
1
vote
1 answer

Use of ESSCertIDv2 in a RFC 3161 Timestamp

A qualified trust service provider under eIDAS uses ESSCertIDv2 for their time stamp tokens, but ESSCertIDv2 was not present in the RFC 3161 specification, it was added later in RFC 5816. RFC 3161 in 2.4.2 requires ESSCertID: The certificate…
Victor
  • 373
  • 1
  • 10
1
vote
2 answers

How to timestamp a document without electronic signature under eIDAS

I need to timestamp a file to prove data integrity, not authorship. I will use a RFC3161 qualified timestamping service. From the EU Regulation Section 6, Article 41, I understand that I can use a timestamp without an electronic signature*, as they…
Victor
  • 373
  • 1
  • 10
0
votes
1 answer

Looking for a solution: trusted identity with corresponding digital signatures (QES) for intercontinental charity

We are looking for a solution to meet the needs of a UK incorporated charity (CIO) that has three to seven trustees from at least three continents. Obligations as trustees of a board include signing (by a quorum of the trustees): minutes of trustee…
Konchog
  • 605
  • 1
  • 5
  • 9
0
votes
0 answers

I think there's an implementation bug in my eID (eIDAS) when preparing to change the PIN; is it?

I had to renew my eID card. Possessing an EAL-4+ certified card reader (cyberJack RFID komfort by REINER SCT) I tried to activate the ID function by replacing the transport PIN with a personal PIN. The card reader has the latest firmware and the…
U. Windl
  • 137
  • 7
0
votes
0 answers

eIDAS qualified timestamp on email

Every document that needs to be eIDAS compliant needs to have a qualified timestamp. If we take an email as a document, then the email, based on eIDAS regulations, needs to have an qualified timestamp issued by a qualified CA. As I know, no email…
Giulio Ferraiuolo
  • 1
0
votes
0 answers

x509 validation check service

I would like to check validity of x509 certificates of my clients. I would like to trust the certificates what big companies trust. For example I would like to trust what Microsoft Edge, Chrome browser or Apple Safari trust. However, I want it to be…
displayme
  • 21
  • 1
0
votes
1 answer

eIDAS - list of certified qualified electronic signature creation devices

In eIDAS there is written in Article 31: On the basis of the information received, the Commission shall establish, publish and maintain a list of certified qualified electronic signature creation devices Where can I find the list mentioned…
user1563721
  • 1,099
  • 11
  • 22