ISO crypto standards

Hashing and MAC




The CEF DSS documentation is practical.


Long term signature

Blind signature

Anonymous signatures


Assurance and testing

Biometric protection

Authenticated encryption


ISO other standards - TTP and related

EU standards and related matters

Europe's Standard Development Organisations are ETSI, CEN and CENELEC.

Regarding security standards, there is also the SOG-IS group, ref below.


EU standards were particularly successful in mobile communication such as GSM. These standards were originally driven through CEPT (European Conference on Post and Telecommunications Administrations). In 1988, ETSI took over, and in 2001 GSM standardisation was transferred to the global 3GPP. For ETSI basics refer to ETSI standards.

ETSI security workshops

For a starting point refer to ETSI security workshop and the whitepapers such as "ETSI White Paper No. 1 Security for ICT - the Work of ETSI" by Charles Brookson and Dionisio Zumerle (January 2006).

ETSI security workshop videos and related

ETSI publications

For the different types of ETSI standards refer to the ETSI standards information page. The main types are:


ETSI TC ESI basics

ETSI activities on electronic signatures are coordinated by Technical Committee (TC) Electronic Signatures and Infrastructures (ESI), chaired by Ricardo Genghini. The ESI TC ongoing and past activities are available, together with the drafts. In 2013, EU e-signature standardisation mandate m460 was given from the EC to CEN and ETSI to establish a rationalised framework for electronic signature standardisation.


ETSI other STFs

ETSI TC ESI framework and areas

Always check the ESI portal.
ETSI ESI 119 area 1 signature creation and validation
ETSI ESI 119 area 2 signature creation and other related devices
ETSI standards related to remote signature:
ETSI ESI 119 area 3 cryptographic suites
ETSI ESI 119 area 4 TSPs supporting digital signatures
TS 119 4nn becomes EN 319 4nn.

ETSI ENs regarding TSPs ETSI TSs regarding TSPs Also: CEN Standards for remote signing systems:
ETSI ESI 119 area 5 Trust application service providers (TASPs)
ETSI ESI 119 area 6 Trust service status list providers


ETSI refers to electronic signatures as AdES, of which CAdES, XAdES, PAdES, AsIC, JAdES are instantiations.
While CMS is a general framework for electronic signatures, CAdES specifies profiles of CMS signed data making it compliant with eIDAS.

The main document describing the format is ETSI TS 101 733.
XAdES (XML Advanced Electronic Signatures) is a set of extensions to the W3C XML-DSig recommendation making it suitable for advanced electronic signatures. W3C and ETSI maintain and update XAdES together.
Associated Signature Containers (ASiC) specifies the use of container structures to bind together one or more signed objects with either advanced electronic signatures or timestamp tokens into one single container. The format extends zip, OpenDocument and EPUB. The ASiC standard is used in the Estonian DigiDoc system.

ETSI timestamping

Starting points: Furthermore Don't forget the influencial IETF RFCs

ETSI signing-other

Refer also to related CEN standards.

ETSI certificates

ETSI standards related to certificates

ETSI Electronic Registered Delivery Services (ERDS)

ETSI standards related to Electronic Registered Delivery Services (ERDS) and AS4, the CEF eDelivery message exchange protocol, based on OASIS ebMS.

ETSI mobile and SIM

ETSI standards related to the new USIM - the SSP

ETSI blockchain and DLT

ETSI blockchain, DLT and Permissioned Distributed Ledger (PDL)

ETSI cyber and IOT


ETSI post quantum

Quantum safe cryptography


CEN signing standards

CEN standards related to remote signature:

CEN other standards

Working groups CWA



Regarding security standards, there is also the SOG-IS group. The SOG-IS agreement was produced in response to the EU Council Decision of March 31st 1992 (92/242/EEC) in the field of security of information systems, and the subsequent Council recommendation of April 7th (1995/144/EC) on common information technology security evaluation criteria. The agreement was updated in January 2010. Participants are government organisations or government agencies from countries of the European Union or EFTA (European Free Trade Association), representing their country or countries.

The participants work together to: The agreement provides for member nations to participate in two fundamental ways:

Global de-facto standards and related matters


The Standards for Efficient Cryptography Group (SECG) is consortium founded by Certicom in 1998 to develop commercial standards for elliptic curve cryptography (ECC).

Introduced implicit certificates (ECQV implicit certificate scheme) as a variant of public key certificates, such that a public key can be reconstructed from any implicit certificate, and is said then to be implicitly verified, in the sense that the only party who can know the associated private key is the party identified in the implicit certificate.

Implicit certificates contain an ID, public key and digital signature, but the data elements are super imposed into a string the size of the public key. For example, using an elliptic curve system at 160 bits would give us implicit certificates of size 160 bits.

With implicit certificates there is no explicit validation of the certificate authority's (CA’s) signature on a certificate. Instead, a user computes a public key from the implicit certificate and simply uses it in e.g. key agreement protocols such as ECDH and ECMQV, or signing such as ECDSA. The operation will fail if the certificate is invalid. Thus ECQV is regarded as an implicit validation scheme. Computing the public key is very fast, much faster than a public key operation.

Implicit certificates are also small in size. An X.509 certificate is in the order of 1KB in size (~8000 bits). Using an elliptic curve system at 160 bits would give us implicit certificates with the size of 160 bits.



Cloud Signature Consortium


Emerging: BS 1008:2208 Evidential weight and legal admissibility of electronic information





The PKIX Working Group was established in 1995 to develop Internet standards to support X.509-based Public Key Infrastructures (PKIs). Initially PKIX pursued this goal by profiling X.509 standards developed by the CCITT (later the ITU-T). Later, PKIX initiated the development of standards that are not profiles of ITU-T work, but rather are independent initiatives designed to address X.509-based PKI needs in the Internet.




Comprises two layers: the TLS record and the TLS handshake protocols.

PEM -Privacy Enhancement for Internet Electronic Mail

PEM is best known as a de facto file format for storing and sending cryptographic keys, certificates, and other data, based on a set of 1993 IETF RFCs. The original standards were never broadly adopted, and were supplanted by PGP and S/MIME. However the textual encoding PEM defined became popular and was formalised by the IETF in RFC 7468.
PEM's original 1993 RFCs
PEM encoding, 2015



PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and disk partitions. Phil Zimmermann developed PGP in 1991. The open source version is GPG.

Refer also to crypto-tools

Certificate formats and encoding

Certificate formats
The most popular certificate format is the ITU's X.509, particularly the X.509v3 version standardised by the IETF.
Certificate encoding
The two major encoding schemes for X.509 certificates (and keys) are PEM (Base64 ASCII), and DER (binary). However, there is some overlap and other extensions are used, so you can’t always tell what kind of file you are working with just from looking at the filename.



France - ANSSI

US standards and related matters



E.g. according to FIPS or EAL levels