Signature verification service

Online verification service for electronic signatures

  1. Supported document and signature formats
  2. Additional services
  3. Technology
  4. Future additional services
  5. Availability
  6. Contact and further information

The Signature Verification Service (SVS) is a web application for signature verification for end users. It provides a web frontend allowing the upload of various types of signed files for signature verification. The rationale of developing the service was, that end users should not bother with different tools for various document and signature formats (e.g. CAdES, XAdES, S/MIME), but have a single application for signature verification providing a common look and feel.

The Signature Verification Service provides the following services:

  • File type detection
  • Signature verification

In contrast to conventional verification services signed files are not bound to a certain type of document format. Any certificate-based signature may be verified using SVS as far as appropriate type detection and validation routines are available.

The first step of a signature verification process is the identification of the underlying document format by an extensible document type detection framework. In the second step the verification of electronic signatures applied to the document is performed if an adequate verification mechanism is available for the identified document type. Finally an overview page is presented to the user with the result of each single signature verification. A signed PDF verification report may be generated and downloaded on request by the user.

Signature verification by the service involves cryptographic verification as well as building and validation of the certification chain and certificate revocation checking.

Supported document and signature formats

Currently supported file types include:

  • XML files containing XMLDSig and XA-dES-BES signatures (detecting common Austrian XML schemes like proof of residency, identity link of the Austrian citizen card, electronic mandate, electronic invoice, etc.)
  • PDF-AS (special Austrian PDF signature for official signatures)
  • CMS/PCKS#7 signatures
  • Signed E-Mails (S/MIME)

Additional services

Apart from the basic document type recognition, signature verification and verification report generation SVS provides:

  • Detection and verification of multiple signatures
  • Detailed examination of the underlying certificate
  • Historical verification of signatures (validity of certificates at the time of signing the document – retrieved from the signing time indicated in the document)
  • Identification of officially signed documents (detection of official signatures)
  • Optional archival of signature revocation information

If multiple signatures are detected each signature (including the specific certificate chain) is automatically verified. Parallel, wrapped, and counter-signatures are possible (such as if a document has been signed, amended by e.g. an approval note and re-signed).

Apart from simple certificate validation SVS retrieves detailed information on the certificate and provides it in the verification report. This includes information on the signer, information on the issuer of the certificate, the certificate's quality (qualified or non-qualified certificate), validation period, key usage as well as certification policy statements.

Austrian official documents issued and signed by the authorities are equipped with special official signatures. SVS detects this type of signatures and indicates their presence to the user via web frontend as well as within the resulting signature verification report.

Technology

The service is implemented in Java™ and requires to be hosted in a standard Java™ Servlet container. Cryptographic signature verification and certificate validation is performed by the MOA-SP module, which is provided by the MOA-ID/SP/SS project. Other modules are employed for handling specific document types – like PDF-AS for handling of PDF signatures.

Future additional services

In the medium term the following extensions are planned:

  • Integration of Trust Service Lists
  • Adding an extension for the verification of Adobe PDF-signatures
  • Adding an extension in order to support a container format for signatures (e.g. for e-procurement)

Availability

Online services as operated by different providers:

The Signature Verification Service is available as open source under the Apache Software License 2.0. The project is developed by A-SIT Secure Information Technologies – Austria. The project web site is hosted at

https://demo.a-sit.at/el_signatur/pruefung/index.html.

Contact and further information

Further information is available through the project site. Please contact office@a-sit.at for any questions regarding the Signature Verification Service.