PAdES (PDF Advanced Electronic Signatures) is a standard for electronic signatures in PDF documents. PAdES hash signing is a method of creating an electronic signature in which the document is not actually signed, but a cryptographic hash of the document is signed instead.
PAdES signature consists of PDF file modified so that signature dictionary is added with different metadata and range of bytes where the signature can be written. Signature itself is CMS format that can be either in eIDAS compliant ETSI.CAdES.detached or older adbe.pkcs7.detached format.
There are 2 different digests that cannot be mixed up when creating PAdES hash signature or the PAdES signature will be invalid due cryptography failure. Digest can be calculated over a) content being signed or b) the content together with the signed attributes
- Digest of the PDF file (digest of content being signed): We can calculate this hash if take the PDF file where signature dictionary is already created and we remove all the characters in the signature dictionary ByteRange Contents between characters “<” and “>”. We take this data and calculate SHA256 or SHA512 digest over this data. Signature dictionary will contain optional PDF visual widget, time of the signature, location, reason and some other info. This digest can be used for CAdES creation without requesting the signer’s public certificate beforehand.
- Digest of content being signed together with the signed attributes also known as Data To Be Signed Representation (DTBSR) – This is the actual hash that will be signed. It contains all of the Data to be Signed (DTBS). This will include the “Digest of the PDF”, signers public certificate and a few more signed attributes. TSP must have separate API to provide signer’s public certificate beforehand as this is required to calculate the digest
Depending on which digest is taken as input to the Trust Service Provider then different responses are possible. Private key is only able to sign DTBSR to return “raw” PKCS #1 signature. PKCS #1 is the basis of all other signature types and allows to generate any format of higher level digital signatures.
For PAdES signatures if TSP only accepts “digest of content being signed” then the result will be CMS signature like CAdES. In general any CMS signature will work and fir eIDAS it should not be strictly CAdES Baseline Profile: ETSI TS 103173 v.2.2.1 because CMS/CAdES to be included in PAdES is forbidden to have signingTime attribute. More relaxed validators will accept if the additional signingTime is there but strict validators reject it.
It is always preferred if QTSP can work with DTBSR and return PKCS #1 signature as different countries and regulations have a long list of different digital signature variations based on below ETSI standards and even more
- XAdES Baseline Profile: ETSI TS 103171 v.2.1.1;
- CAdES Baseline Profile: ETSI TS 103173 v.2.2.1;
- PAdES Baseline Profile: ETSI TS 103172 v.2.2.2;
- ASiC Baseline Profile: ETSI TS 103174 v.2.2.1.
Read more about Cryptographic Message Syntax (CMS) from https://www.rfc-editor.org/rfc/rfc5652