What is ASIC container and XAdES signature?

ASIC container is a format for digitally signing documents where signatures are separated from the digital content.

How to create ASIC container

No items found.

What is ASIC and XAdES?

Before diving into ASIC and XAdES format, lets recap what is a digital signature.

A digital signature is a mathematical technique for validating the authenticity and integrity of a message, piece of software, or digital document. It's the digital equivalent of a handwritten signature or a stamped seal, but it's far more secure. A digital signature is designed to prevent tampering and impersonation in digital communications.

Digital signatures can be used to verify the origin, identity, and status of electronic documents, transactions, or digital messages. They can also be used by signers to acknowledge informed consent.

Digital signatures are legally binding in many countries, including the United States, in the same way that traditional handwritten document signatures are.

How do digital signatures function?

Public key cryptography, also known as asymmetric cryptography, underpins digital signatures. Two keys are generated using a public key algorithm, such as RSA (Rivest-Shamir-Adleman), resulting in a mathematically linked pair of keys, one private and one public.

Digital signatures are created using two mutually authenticating cryptographic keys in public key cryptography. The person who creates the digital signature encrypts signature-related data with a private key, and the only way to decrypt that data is with the signer's public key.

If the recipient is unable to open the document using the signer's public key, there is a problem with the document or the signature. Digital signatures are authenticated in this manner.

What exactly is an associated signature container (ASiC)?

ASiC containers conforming to ETSI EN 319 162-1 bind together to form a ZIP archive:
Agrello associates signed file objects (e.g., documents, spreadsheets, multimedia content, XML structured data) with detached digital signatures.

All ASiC containers have the following internal structure:

  • a root folder for the signed file objects, possibly with sub-folders reflecting the content structure;
  • and a "META-INF" folder in the root folder for files containing metadata about the content, including associated signature (or time assertion) files.

Multiple signature (and time assertion) formats are supported by the European Standard (EN) 319 162-1 developed by the European Telecommunications Standards Institute (ETSI) Technical Committee Electronic Signatures and Infrastructures (ESI). Agrello only employs XML advanced electronic signatures (XAdES).

Without taking into account time assertions or non-XAdES signatures, the standard specifies two types of containers: ASiC Simple (ASiC-S), which associates a single file object (which can be a ZIP archive) in a ZIP archive with one or more XAdES signatures present in a single signature file; and ASiC Extended (ASiC-E), which associates a single file object (which can be a ZIP archive) in a ZIP archive with one or more XAdES signatures present in one or more signature files.

What are the benefits of associated signature containers (ASiC)?


Combining a detached signature with signed objects in a container allows for easy distribution and ensures that the correct signature and any relevant metadata is used when validating. Associated signature containers also provide a simple and secure mechanism for creating point-in-time snapshots of groups of documents, such as during a negotiation or for general audit and compliance purposes.

Are electronic signatures allowed by law? Absolutely.

In many countries around the world, electronic signatures are legal, trusted, and enforceable. While laws differ, Agrello provides the most flexibility in a single global e-signature solution. You can choose the right type for each use case ranging from simple e-signatures to e-signatures with strong identification to highly secure, regulated digital signatures in the cloud.

Many countries around the world accept e-signature as evidence in court. Certain highly secure, regulated digital signatures are frequently regarded as equivalent to an ink signature.

In the United States, the E-Sign Act and the Uniform Electronic Transactions Act (UETA) established the legal framework for the use of e-signature across all states.

The Electronic Identification and Trust Services Regulation (eIDAS) created legislation in the European Union that helped standardize e-signature status across national borders.

If you use Agrello, is your document secure?

Agrello has made significant investments in cyber security and complies with US, EU, and international security practices.