Home

CAdESBES

CAdESBES, short for CMS Advanced Electronic Signatures Basic Electronic Signature, is a profile within the CAdES family designed to provide a baseline digital signature using the CMS (Cryptographic Message Syntax) framework. It is defined by ETSI standards for electronic signatures and is used to sign data in a way that supports verification of integrity and authenticity, with optional inclusion of supporting certificate information.

The signature structure of a CAdES-BES signature is a CMS SignedData object that contains one SignerInfo for

Validation and use: CAdES-BES is widely used in European electronic-signature applications as a portable, interoperable signature

Relation to other profiles: CAdES-BES is the baseline profile in the CAdES family. Other profiles, such as

the
signer.
The
SignedAttributes
in
BES
must
include
at
least
the
content-type
and
the
message-digest
attributes;
a
signingTime
attribute
may
also
be
present.
The
signed
data
can
be
encapsulated
within
the
SignedData
or
provided
separately
as
a
detached
signature.
To
enable
verification,
the
signature
commonly
includes
the
signer’s
certificate
chain
and,
optionally,
relevant
revocation
data
(such
as
CRLs
or
OCSP
responses),
so
validators
can
establish
trust
even
if
the
signing
system
is
offline.
format
based
on
CMS.
It
supports
long-term
validation
when
combined
with
additional
features
(for
example,
timestamps
and
revocation
data)
in
extended
profiles,
though
BES
itself
provides
the
core
packaging
and
signing
mechanics.
It
is
compatible
with
a
variety
of
PKI
infrastructures
and
is
supported
by
many
CMS-based
signing
and
verification
tools.
EPES,
T,
C,
and
C-L,
add
features
to
address
explicit
signing-time
handling,
long-term
validation,
or
additional
certificate
information,
depending
on
the
specific
use
case
and
regulatory
requirements.