ISO blockchain standards


Soon to be published:

ISO crypto standards

Hashing and MAC




The CEF DSS documentation is practical.


Long term signature

Blind signature


Anonymous signatures


Assurance and testing

Biometric protection

Authenticated encryption


ISO other standards - TTP and related

EU standards and related matters

Europe's Standard Development Organisations are ETSI, CEN and CENELEC.

Regarding security standards, there is also the SOG-IS group, ref below.


EU standards were particularly successful in mobile communication such as GSM. These standards were originally driven through CEPT (European Conference on Post and Telecommunications Administrations). In 1988, ETSI took over, and in 2001 GSM standardisation was transferred to the global 3GPP. For ETSI basics refer to ETSI standards.

ETSI security workshops

For a starting point refer to ETSI security workshop and the whitepapers such as "ETSI White Paper No. 1 Security for ICT - the Work of ETSI" by Charles Brookson and Dionisio Zumerle (January 2006).

ETSI security workshop videos and related

ETSI publications

For the different types of ETSI standards refer to the ETSI standards information page. The main types are:


ETSI TC ESI basics

TC and documents
ETSI activities on electronic signatures are coordinated by Technical Committee (TC) Electronic Signatures and Infrastructures (ESI), chaired by Ricardo Genghini. The ESI TC ongoing and past activities are available, together with the drafts.

The naming of ETSI documents is mainly based on the six areas described below.

However, there are particular ways in naming documents. The EN and TS names of the same standard are completely unrelated, as in PAdES, ETSI TS 102 778 (parts 1 to 5), also published as EN 19 142. Standard names are generally structured as DD L19 xxx-z.
Mandates and Special Task Forces
In 2013, EU e-signature standardisation mandate m460 was given from the EC to CEN and ETSI to establish a rationalised framework for electronic signature standardisation.


ETSI other STFs
Trust models

ETSI TC ESI framework and areas

Signature - read on for identity Always check the ESI portal.
ETSI ESI 119 area 1 signature creation and validation
ETSI ESI 119 area 2 signature creation and other related devices
ETSI standards related to remote signature:
ETSI ESI 119 area 3 cryptographic suites
ETSI ESI 119 area 4 TSPs supporting digital signatures
TS 119 4nn becomes EN 319 4nn.

ETSI ENs regarding TSPs ETSI TSs regarding TSPs Also: CEN Standards for remote signing systems (e.g. cloud):
ETSI ESI 119 area 5 Trust application service providers (TASPs)
ETSI ESI 119 area 6 Trust service status list providers


ETSI refers to electronic signatures as AdES, of which CAdES, XAdES, PAdES, AsIC, JAdES are instantiations.
While CMS is a general framework for electronic signatures, CAdES specifies profiles of CMS signed data making it compliant with eIDAS.

The main document describing the format is ETSI TS 101 733.
XAdES (XML Advanced Electronic Signatures) is a set of extensions to the W3C XML-DSig recommendation making it suitable for advanced electronic signatures. W3C and ETSI maintain and update XAdES together.
Associated Signature Containers (ASiC) specifies the use of container structures to bind together one or more signed objects with either advanced electronic signatures or timestamp tokens into one single container. The format extends zip, OpenDocument and EPUB. The ASiC standard is used in the Estonian DigiDoc system.
Original JAdES proposal is RFC 7515.

ETSI timestamping

Starting points: Furthermore Don't forget the influencial IETF RFCs

ETSI signing-other

Refer also to related CEN standards.

ETSI certificates

ETSI standards related to certificates

ETSI Electronic Registered Delivery Services (ERDS)

ETSI standards related to Electronic Registered Delivery Services (ERDS) and AS4, the CEF eDelivery message exchange protocol, based on OASIS ebMS.

ETSI mobile and SIM

ETSI standards related to the new USIM - the SSP

ETSI blockchain and DLT

ETSI blockchain, DLT and Permissioned Distributed Ledger (PDL)

ETSI cyber, IOT and related

Trust IOT Related QUOTE Trust - as defined in ETSI TS 103 532 is the level of confidence in the reliability and integrity of an entity to fulfil specific responsibilities. If a network cannot fulfil its obligations because it cannot access data in encrypted content, it will become less trusted. The concern in this case is that as trust in the network is lowered more encryption from outside the control of the network is then applied, thus further degrading the trust. UNQUOTE

ETSI post quantum

Quantum safe cryptography


CEN signing standards

EN 419 261 Security requirements for TWS

EN 419 221 PPs for TSP cryptomodules

EN 419 241 server signing/remote signature

EN 419 231 time stamping

CEN other standards

Working groups CWA



Regarding security standards, there is also the SOG-IS group. The SOG-IS agreement was produced in response to the EU Council Decision of March 31st 1992 (92/242/EEC) in the field of security of information systems, and the subsequent Council recommendation of April 7th (1995/144/EC) on common information technology security evaluation criteria. The agreement was updated in January 2010. Participants are government organisations or government agencies from countries of the European Union or EFTA (European Free Trade Association), representing their country or countries.

The participants work together to: The agreement provides for member nations to participate in two fundamental ways:

Global de-facto standards and related matters


The Standards for Efficient Cryptography Group (SECG) is consortium founded by Certicom in 1998 to develop commercial standards for elliptic curve cryptography (ECC).

Introduced implicit certificates (ECQV implicit certificate scheme) as a variant of public key certificates, such that a public key can be reconstructed from any implicit certificate, and is said then to be implicitly verified, in the sense that the only party who can know the associated private key is the party identified in the implicit certificate.

Implicit certificates contain an ID, public key and digital signature, but the data elements are super imposed into a string the size of the public key. For example, using an elliptic curve system at 160 bits would give us implicit certificates of size 160 bits.

With implicit certificates there is no explicit validation of the certificate authority's (CA’s) signature on a certificate. Instead, a user computes a public key from the implicit certificate and simply uses it in e.g. key agreement protocols such as ECDH and ECMQV, or signing such as ECDSA. The operation will fail if the certificate is invalid. Thus ECQV is regarded as an implicit validation scheme. Computing the public key is very fast, much faster than a public key operation.

Implicit certificates are also small in size. An X.509 certificate is in the order of 1KB in size (~8000 bits). Using an elliptic curve system at 160 bits would give us implicit certificates with the size of 160 bits.



ITU-T X.509 was also embraced by IETF and its certificate profiles in PKIX





The Key Management Interoperability Protocol (KMIP) is an extensible communication protocol that defines message formats for the manipulation of cryptographic keys on a key management server. This facilitates data encryption by simplifying encryption key management. Keys may be created on a server and then retrieved, possibly wrapped by other keys. Both symmetric and asymmetric keys are supported, including the ability to sign certificates. KMIP also allows for clients to ask a server to encrypt or decrypt data, without needing direct access to the key.

The KMIP standard was first released in 2010. Clients and servers are commercially available from multiple vendors. The KMIP standard effort is governed by the OASIS standards body.

Cloud Signature Consortium


Emerging: BS 1008:2208 Evidential weight and legal admissibility of electronic information





The PKIX Working Group was established in 1995 to develop Internet standards to support X.509-based Public Key Infrastructures (PKIs).
CP and CPS




Comprises two layers: the TLS record and the TLS handshake protocols.

PEM -Privacy Enhancement for Internet Electronic Mail

PEM is best known as a de facto file format for storing and sending cryptographic keys, certificates, and other data, based on a set of 1993 IETF RFCs. The original standards were never broadly adopted, and were supplanted by PGP and S/MIME. However the textual encoding PEM defined became popular and was formalised by the IETF in RFC 7468.
PEM's original 1993 RFCs
PEM encoding, 2015



PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and disk partitions. Phil Zimmermann developed PGP in 1991. The open source version is GPG.

Refer also to crypto-tools

Certificate formats and encoding

Certificate formats
The most popular certificate format is the ITU's X.509, particularly the X.509v3 version standardised by the IETF.
Certificate encoding
The two major encoding schemes for X.509 certificates (and keys) are PEM (Base64 ASCII), and DER (binary). However, there is some overlap and other extensions are used, so you can't always tell what kind of file you are working with just from looking at the filename.

JOSE, JWS, etc.



France - ANSSI

US standards and related matters



E.g. according to FIPS or EAL levels