ISO crypto standards

Hashing and MAC




The CEF DSS documentation is practical.


Long term signature

Blind signature

Anonymous signatures


Assurance and testing

Biometric protection

Authenticated encryption


ISO other standards - TTP and related

EU standards and related matters

Europe's Standard Development Organisations are ETSI, CEN and CENELEC.

Regarding security standards, there is also the SOG-IS group, ref below.


EU standards were particularly successful in mobile communication such as GSM. These standards were originally driven through CEPT (European Conference on Post and Telecommunications Administrations). In 1988, ETSI took over, and in 2001 GSM standardisation was transferred to the global 3GPP. For an an overview ref to ETSI security workshop and their whitepapers such as "ETSI White Paper No. 1 Security for ICT - the Work of ETSI" by Charles Brookson and Dionisio Zumerle (January 2006). Areas covered by ETSI:


ETSI activities on electronic signatures are coordinated by Technical Committee (TC) Electronic Signatures and Infrastructures (ESI), chaired by Ricardo Genghini. The ESI TC ongoing and past activities are available, together with the drafts. In 2013, EU e-signature standardisation mandate m460 was given from the EC to CEN and ETSI to establish a rationalised framework for electronic signature standardisation.


ETSI other STFs


While CMS is a general framework for electronic signatures, CAdES specifies profiles of CMS signed data making it compliant with eIDAS.

The main document describing the format is ETSI TS 101 733.
XAdES (XML Advanced Electronic Signatures) is a set of extensions to the W3C XML-DSig recommendation making it suitable for advanced electronic signatures. W3C and ETSI maintain and update XAdES together.
Associated Signature Containers (ASiC) specifies the use of container structures to bind together one or more signed objects with either advanced electronic signatures or timestamp tokens into one single container. The format extends zip, OpenDocument and EPUB. The ASiC standard is used in the Estonian DigiDoc system.


ETSI TR and TS (selection)

Foundation is ETSI TR 119 000 The framework for standardization of signatures: overview. It states the following six areas are addressed regarding trust services:
  1. Signature creation and validation - starting point: ETSI TR 119 100 on "Guidance on the use of standards for signature creation and validation"
  2. Signature creation and other related devices - starting point: ETSI TR 119 200 on "Guidance on the use of standards for signature creation and other related devices"
  3. Cryptographic suites - starting point: ETSI TR 119 300 on "Guidance on the use of standards for cryptographic suites"
  4. TSPs supporting digital signatures - starting point ETSI TR 119 400 on "Guidance on the use of standards for TSPs supporting digital signatures and related services" - covers time-stamping
  5. Trust application service providers - starting point: ETSI TR 119 500 on "Guidance on the use of standards for trust application service providers"
  6. Trust service status list providers - starting point: ETSI TR 119 600 on "Guidance on the use of standards for trust service status lists providers"
ETSI ESI introduction
ETSI ESI 119 area 1 signature creation and validation
ETSI ESI 119 area 2 signature creation and other related devices
ETSI ESI 119 area 3 cryptographic suites
ETSI ESI 119 area 4 TSPs supporting digital signatures
ETSI ESI 119 area 5 Trust application service providers (TASPs)
ETSI ESI 119 area 6 Trust service status list providers

ETSI timestamping

Starting points: Furthermore Don't forget the influencial IETF RFCs

ETSI signing-other

Refer also to related CEN standards.

ETSI certificates

ETSI standards related to certificates

ETSI EU Trust Services

ETSI standards related to EU trust services

ETSI mobile and SIM

ETSI standards related to the new USIM - the SSP

ETSI blockchain and DLT

ETSI blockchain, DLT and Permissioned Distributed Ledger (PDL)

ETSI post quantum

Quantum safe cryptography


CEN signing standards

CEN Standards for remote signing systems: CEN standards related to remote signature:

CEN other standards

Working groups CWA



Regarding security standards, there is also the SOG-IS group. The SOG-IS agreement was produced in response to the EU Council Decision of March 31st 1992 (92/242/EEC) in the field of security of information systems, and the subsequent Council recommendation of April 7th (1995/144/EC) on common information technology security evaluation criteria. The agreement was updated in January 2010. Participants are government organisations or government agencies from countries of the European Union or EFTA (European Free Trade Association), representing their country or countries.

The participants work together to: The agreement provides for member nations to participate in two fundamental ways:

Global de-facto standards and related matters


The Standards for Efficient Cryptography Group (SECG) is consortium founded by Certicom in 1998 to develop commercial standards for elliptic curve cryptography (ECC).

Introduced implicit certificates (ECQV implicit certificate scheme) as a variant of public key certificates, such that a public key can be reconstructed from any implicit certificate, and is said then to be implicitly verified, in the sense that the only party who can know the associated private key is the party identified in the implicit certificate.

Implicit certificates contain an ID, public key and digital signature, but the data elements are super imposed into a string the size of the public key. For example, using an elliptic curve system at 160 bits would give us implicit certificates of size 160 bits.

With implicit certificates there is no explicit validation of the certificate authority's (CA’s) signature on a certificate. Instead, a user computes a public key from the implicit certificate and simply uses it in e.g. key agreement protocols such as ECDH and ECMQV, or signing such as ECDSA. The operation will fail if the certificate is invalid. Thus ECQV is regarded as an implicit validation scheme. Computing the public key is very fast, much faster than a public key operation.

Implicit certificates are also small in size. An X.509 certificate is in the order of 1KB in size (~8000 bits). Using an elliptic curve system at 160 bits would give us implicit certificates with the size of 160 bits.



Cloud Signature Consortium


Emerging: BS 1008:2208 Evidential weight and legal admissibility of electronic information





The PKIX Working Group was established in 1995 to develop Internet standards to support X.509-based Public Key Infrastructures (PKIs). Initially PKIX pursued this goal by profiling X.509 standards developed by the CCITT (later the ITU-T). Later, PKIX initiated the development of standards that are not profiles of ITU-T work, but rather are independent initiatives designed to address X.509-based PKI needs in the Internet.




Comprises two layers: the TLS record and the TLS handshake protocols.

PEM -Privacy Enhancement for Internet Electronic Mail

PEM is best known as a de facto file format for storing and sending cryptographic keys, certificates, and other data, based on a set of 1993 IETF RFCs. The original standards were never broadly adopted, and were supplanted by PGP and S/MIME. However the textual encoding PEM defined became popular and was formalised by the IETF in RFC 7468.
PEM's original 1993 RFCs
PEM encoding, 2015



PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and disk partitions. Phil Zimmermann developed PGP in 1991. The open source version is GPG.

Refer also to crypto-tools

Certificate formats and encoding

Certificate formats
The most popular certificate format is the ITU's X.509, particularly the X.509v3 version standardised by the IETF.
Certificate encoding
The two major encoding schemes for X.509 certificates (and keys) are PEM (Base64 ASCII), and DER (binary). However, there is some overlap and other extensions are used, so you can’t always tell what kind of file you are working with just from looking at the filename.



France - ANSSI

US standards and related matters



E.g. according to FIPS or EAL levels