The AdES Toolset is a set of tools that enhance digital signatures by using the EU ETSI standards. They are sets of extensions to Cryptographic Message Syntax (CMS) or XML Signature Syntax, making them suitable for advanced electronic signatures.

In order for a digital signature to be valid in the EU and elsewhere, it has to be in one of these profiles. These profiles define the way that certificates, CLRs, timestamps, etc. are added to the standard CMS or XML signatures.

The entire toolset is available with an Evaluation License. If you want to use it in your commercial projects, please obtain a license.


CAdES is an extension to the old CMS/PKCS#7 that can sign any binary data. CAdES is also compatible with older applications not aware of AdES (like S/MIME mail clients).
Current features:
  • Sign up to CAdES-XL level
  • Verify up to CAdES-T level
  • Supports attached and detached signatures
  • Supports multiple certificates

XAdES is an extension to the old XMLDSig that can sign any binary data (in detached forms) or be embedded within XML in enveloped or enveloping forms.
Current features:
  • Sign up to XAdES-XL level
  • Supports enveloping, enveloped and detached signatures
  • Supports multiple certificates

PAdES is a set of protocols to include CAdES and XAdES inside a PDF signature. Applications that are not AdES aware can still verify PDF signatures.
Current features:
  • Sign up to PAdES B-LT level
  • Supports most PDF files (excluding password protected ones)
  • Supports multiple certificates
  • Can sign recursively

ASiC is container definition to contain all items and their signatures in a single archive. ASiC is based on ZIP and BDOC.
Current features:
  • Supports ASiC-S and ASiC-E
  • Supports both CAdES and XAdES

MIME-AdES is my own set of extensions to MIME, allowing it to support AdES signatures. CAdES e-mails sent with this are still compatible with non AdES aware S/MIME clients.
Current features:
  • Supports attached and detached signatures
  • Supports both CAdES and XAdES

HTML-AdES is my own set of extensions to HTML, allowing a html file to contain a detached XAdES. Browsers are still compatible with such html files.
Current features:
  • Supports detached XAdES signatures
  • Inserts invisible signature after head tag

More information:




The tools, in the evaluation version, have the following limitations:
  • They inject, as a signed attribute, an "Unlicensed copy" message within the CAdES or XAdES signature
  • Command line interface is not available.
To obtain an unlimited commercial license, please check the "Licensing" tab.


AdES Toolset GUI



The Command line interface for AdES GUI is only available to licensed users.

Parameters:
  • -t type: One of cades, xades, pades, asic-cades, asic-xades, mime-cades, mime-xades, html, exe
  • -l level: Processing level (0-5):
    • 0: Plain CMS or XMLDSIG
    • 1: CAdES-B/XAdES-B/PAdES B
    • 2: CAdES-T/XAdES-T/PAdES B-T (default)
    • 3: CAdES-C/XAdES-C
    • 4: CAdES-X/XAdES-X
    • 5: CAdES-XL/XAdES-XL/PAdES B-LT
  • -h hash: Hash Type (1-4):
    • 1: SHA-1
    • 2: SHA-256 (default)
    • 3: SHA-384
    • 4: SHA-512
  • -a attach: Attach type.
    • For CAdES or MIME, this is 0 (detached) or 1 (attached)
    • For XAdES, this is 0 (detached), 1 (enveloping) or 2 (enveloped)
    • For PAdES,EXE or ASiC, this is ignored (always detached)
    • For HTML, this is ignored (always enveloped)
  • -i file: Add this input file. You can specify -i multiple times.
    • For enveloped/enveloping XAdES the input files must be plain XML (no namespaces, comments, cdatas)
    • For PAdES, the input files must be PDF files
    • For HTML, the input files must be HTML files
    • For EXE, the input files must be PE files (EXE/DLL etc)
    • For the rest of the types, the input files can be of any type
  • -o file: Add this output file:
    • For CAdES, HTML, enveloped XAdES or PAdES, the number of outputs must be the same number of inputs
    • For the rest of the types, there must be only one output file
    The output file format is:
    • For CAdES: p7s file
    • For XAdES: xml file
    • For PAdES: pdf file
    • For ASiC: asice file
    • For MIME: eml file
    • For HTML: html file
    • For EXE: exe/dll file
  • -m mask: Add this batch. You can specify -m multiple times. For example -m c:\pdfs\*.pdf will automatically add all pdf files in c:\pdfs. The output names will be set automatically, by appending ".signed.pdf" to the file.
  • -s item: Add a certificate. You can specify -s multiple times.
    • You can specify an email subject, to be picked from Windows store
    • You can specify "pick" to show the dialog for the user to pick a certificate
    • You can specify "pickmultiple" to show the dialog for the user to pick multiple certificates
    • You can specify a file,pwd, to load a P12 file with an optional password
  • --policy policy: Optional policy
  • --tsserver ts: Optional Timestamp server (default: http://timestamp.comodoca.com/)
  • --cmtm commitment: Optional commitment type
  • --tspolicy tspol: Optional Timestamp policy
  • --mime hdr: For MIME, add this header
  • --pdfname name: For PAdES, a PDF Name entry
  • --pdfreason reason: For PAdES, a PDF Reason entry
  • --pdfcontact contact: For PAdES, a PDF Contact entry
  • --pdflocation location: For PAdES, a PDF Location entry
  • --openfinish [0|1] : Open output file if operation is finished. Default 0.
  • --pdfvisible auto : Add Visible signature to PDF.


    The tools are provided with an evaluation version.

    If you want to obtain a license that allows you to use any of the AdES Toolset in your apps or for C++ source code licensing, then contact me via the Business Support here.