XAdES, PAdES or CAdES: which e-signature format should you use?
Choosing between XAdES, PAdES or CAdES depends on the type of data or document you need to sign and what you intent to do with it once you applied your electronic signature. Do you need to exchange it? If yes, what sort of applications or programs do you use? Do you also plan to store it for longer periods of time?
E-signature standards in European Union
The benefits of standards and formats are undeniable. They level the ground for different systems and market players, making processes faster and smoother. In the case of e-signature, common standards also ensure it remains accessible and readable over time and despite any future technology developments.
The most common e-signature formats used within European Union are XML Advanced Electronic Signatures (XAdES), PDF Advanced Electronic Signatures (PAdES) and CMS Advanced Electronic Signatures (CAdES). The European Telecommunications Standards Institute (ETSI), a non-profit organisation, is in charge of creating and maintaining this set of technical standards that support the eIDAS legal framework.
The XAdES format
XAdES stands for XML Advanced Electronic Signature and is encoded in a readable textual format that complies with the rules of XML (Extensible Markup Language). XAdES is both human- and machine-readable, making it suitable for a large variety of business use cases. You can use it to sign any type of electronic document including PNG or JPEG pictures, media files (mp3), any sort of binary data (such as .exe file), PDF documents, even SEPA transactions.
XAdES allows 2 signing modes:
- Detached: produces an XML file without modifying the initial file. The data is separate from signature, but then they can be packaged together.
- Encapsulated: produces an XML file which includes the data. The signature then wraps everything together.
The main advantage of XAdES format is that facilitates automatic processing. For example, it supports multiple signing: multiple documents can be logically grouped together and signed using a single XAdES. In addition, two different signers can sign the same document or groups of documents in parallel or, alternatively, in sequence.
The PAdES format
PAdES stands for PDF Advanced Electronic Signature. This format is more restricted compared to XAdES. By default, the e-signature is always embedded within the signed PDF document, which is only human-readable. It is not thus suitable in case the data has to be read by a computer as well. PAdES does not support parallel signing and it requires a PDF software to sign and verify an e-signature.
Usually, PAdES is employed by businesses that handle only PDF documents and in situations where using publicly available tools like Adobe Reader is imperative or the only option to validate electronic signatures. This is typically the case when you share signed documents with a general audience, i.e. in a business-to-consumer or consumer-to-consumer context.
The CAdES format
CAdES stands for CMS Advanced Electronic Signature. Its features are very similar to those of XAdES, just that CAdES can be applied only to binary data. In addition, it lacks some XAdES key concepts like manifest signing or multiple document signing; therefore it does not offer a particular advantage over XAdES.
Not sure which e-signature format (XAdES, PAdES or CAdES) would work best for you? Tell us about your e-signature project here and we will get back to you shortly.
The above represents LuxTrust’s understanding of the relevant law or regulation and should not be taken, relied on or interpreted as a legal opinion. Customers are encouraged to seek independent legal advice before taking any action or decision based on this information. LuxTrust may not be held liable for damages that may result from the use and/or interpretation of the information contained in this document.