Glossary PDF Security and Electronic Signature

A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

AES - Advanced Encryption Standard

Symmetric encryption method published as standard by NIST.

ASN.1 - Abstract Syntax Notation #1

Description language for the syntax of digital messages. For the binary encoding of the messages suitable standards are BER and DER of X.690.


BER - Basic Encoding Rules

Easy to handle rules for the binary encoding of digital messages.


CA - Certification Authority

Accredited issuer of certificates.

CAdES - CMS Advanced Electronic Signatures

An ETSI Standard for the standardisation of CMS-based digital signatures.


A certificate is an electronic certification of the identity of a natural or legal person. The certificate also contains a public key for which only the person possesses a corresponding private key. With this private key the person can generate digital signatures. Any person can verify this signature with the help of the certificate.

CMS - Cryptographic Message Syntax

Message format for digital signatures based on PKCS#7 using the ASN.1 syntax.

CRL - Certificate Revocation List

List of revoked certificates published by the issuer.


DER - Distinguished Encoding Rules

Rules for the binary and unique encoding of digital messages based on BER.

DSA - Digital Signature Algorithm

by the NIST

DSS (Cryptography) - Digital Signature Standard

by the NIST

DSS (PDF) - Document Security Store

Structure in a PDF document to embed signature validation information such as CRLs, OCSPs, and certificates.


eIDAS - Electronic Identification, Authentication and trust Services

An EU regulation set of standards for electronic transactions.


Data are encrypted so that outsiders cannot deduce their meaning. For the communication between sender and recipient, the recipient generates a key pair consisting of a private and a public key. If the sender now encrypts the data with the public key, only the recipient can decrypt the data because the recipient remains the sole owner of the private key. For the encryption, algorithms like RSA with key lengths of currently 2048 bits are used. The usual procedures for digital signatures are based on this technology.

ETSI - European Telecommunications Standards Institute

European organisation for the standardisation of digital signatures etc.



A hash value (hash for short) is a number which is calculated from any quantity of data such as documents, certificates, messages, etc. This number is often much shorter than the original data (a few bytes). The hash value has the characteristic that it is the same for the same data and is almost certainly unique for different data. The original data can also not be determined from the hash value. For the calculation hash algorithms are used such as SHA-1 or SHA-2.

HSM - Hardware Security Module

Device for securely storing private keys and also for encryption, decryption, or creation of digital signatures  and efficient and secure implementation of encryption and signature algorithms.


ISO - International Standards Organisation

International organisation for the standardisation of PDF and PDF/A, etc. Switzerland is represented in the ISO by the Swiss Standards Body (SNV).

ISO/IEC 18014

ISO Standard for Time stamping services

ITU-T - ITU Telecommunication Standardization Sector

Coordinates standards for telecommunications and is one of three sectors of the ITU (International Telecommunication Union)



Data used to encrypt / decript a message. In a public key cryptosystem there exists a pair of a private and public key.


LTV - Long-Term Validation

Enhancement of digital signatures with additional data so that long-term verifiability is possible without online services. The additional data consist of the trust chain of the certificates from the owner certificate up to the root certificate of the issuer and also information which certifies the validity of the certificates at the time of signature.


MDP - Modification Detection and Prevention Signature

Enable detection of disallowed changes specified by the author. A document can contain only one MDP signature; which must be the first in the document. Othertypes of signatures may be present.


NIST - National Institute of Standards and Technology

United States Federal Agency is responsible for standardization processes.


OASIS/DSS - Organization for the Advancement of Structured Information Standards /Digital Signing Services

A standard of the OASIS organisation for signing services based on the XML syntax.

OCSP - Online Certificate Status Protocol

Protocol for the online query of the validity status of a specific certificate based on the ASN.1 syntax.


PAdES - PDF Advanced Electronic Signature Profiles

An ETSI Standard for the structure of CMS signatures and their embedding in PDF documents.

PDF - Portable Document Format

A file format standardised by ISO (ISO-32000) for document exchange. For frequent PDF applications there are special sub-standards such as PDF/A (ISO-19005) for archiving digital documents.

PIN - Personal Identification Number

Secret code needed for the access to a token.

PKCS - Public Key Cryptography Standards

A series of proprietary standards of RSA Security Incorporated. The most common standards are: encryption of signatures (PKCS#1), message format for signatures (PKCS#7), interface to token (PKCS#11) and file format for keys and certificates (PKCS#12).

PKI - Public Key Infrastructure

System which creates, stores and verifies a pair of a private and a public key



Qualified Electronic Signature


Signature, signing

Data with which the integrity and, optional, the authenticity of a document can be ensured. The signature is essentially made as follows: the hash value is formed from the data to be signed and encrypted with the private key. The signature is packed into a CMS message together with certificates and other information.


TLS - Transport Layer Security

Further development of Secure Sockets Layer (SSL), a hybrid encryption protocol for secure data transmission on the internet.


A “container” (part of the HSM, USB stick, smartcard, etc.) which contains private keys and protects against unauthorised access. For practical reasons the token often also contains corresponding certificates and public keys which do not need to be protected.

TSA - Time Stamp Authority

Accredited provider of time stamp services.

TSP - Time Stamp Protocol

Protocol for the online retrieval of cryptographic time stamps based on the ASN.1 syntax.


Verification, verifying

Validity check of a digital signature. A signature is verified as follows: the signature is decrypted with the public key. The hash value contained in the signature message is compared with the hash value calculated from the signed data. If the hashes match then the signature is valid.



ITU-T Standard for a public key infrastructure to create digital certificates based on the ASN.1 syntax


ITU-T Standard for encoding digital messages based on the ASN.1 syntax: Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER).

XAdES - XML Advanced Electronic Signatures

An ETSI Standard for the creation of signatures and their embedding in XML data.

XML - Extensible Markup Language

Format for the exchange of hierarchically structured data in text form between machines.