Login

What is a cryptographic envelope and what is its importance for a qualified signature?

An electronic signature is not just a click away. It is a whole set of security features, the foundation of which is a cryptographic envelope. Learn about its structure and use in qualified signatures.
What is a cryptographic envelope and what is its importance for a qualified signature?

Cryptographic envelope - what is it and how does it work in electronic signature?

In the world of digital solutions, security is key. And one of the most important mechanisms that guarantees this security is precisely the cryptographic envelope. Although it sounds like a term from a spy movie, it's actually an everyday component of electronic signatures that protects your data, identity and proof of document signing.

What is a cryptographic envelope?

A cryptographic envelope is a A digital package that bundles the document, the electronic signature and all the information needed to verify it.

It is because of her:

  • The document, once signed, cannot be changed,
  • It is known who signed it and when,
  • The signature can be effectively verified - even after several years.

     

It's like putting a traditional paper document in an envelope, sealing it and stamping it with your name and the date.

Does the envelope only apply to the CAdES signature?

Don't. Although the CAdES signature (with an extension of .p7s), it every qualified electronic signature - including XAdES and PAdES - uses a cryptographic envelope, albeit in its own way.

 

How does the envelope look in different signature formats?

 

Format

Envelope type

Can it be called a cryptographic envelope?

Example

CAdES

Yes - always

Yes, the file .p7s or .asice is a classic envelope

contract.docx.p7s

XAdES

Yes - often

Yes, especially when a container is used .asice

invoice.xml.asice

PAdES

Yes - but "embedded"

Yes, although the signature is embedded in the PDF, the PDF file becomes both a document and an envelope

offer.pdf

As you can see, each of these formats creates its own version of the cryptographic envelope - sometimes as a separate file, sometimes as a container, and sometimes as an embedded signature.

Note: different technical approaches, same idea

  • W PAdES (PDF) does not have a separate signature file - the signature and the document are embedded together. But technically, the entire PDF file becomes a envelope, because it contains the signature, certificate data and security features.

     

  • W CAdES i XAdES, the envelope can be in a more "classic" form - as a separate file .p7s or a container .asice, which contains both the document and the signature.

Why all the envelope?

Thanks to the envelope:

  • document is protected from manipulation - even by a single letter,
  • it can be verified by any tool compliant with eIDAS standards,
  • electronic document circulation systems can automatically read signature data,
  • document meets formal requirements, e.g. when dealing with authorities or courts.

     

What does it look like in practice? Examples from Asseco

proCertum SmartSign - desktop signature center

When signing a document in proCertum SmartSign, you can choose your preferred format: PAdES, CAdES or XAdES. The application itself creates the appropriate cryptographic envelope:

  • PAdES signature - the PDF file becomes both a document and an envelope,
  • CAdES signature - you get a file .p7s (separately) or a container .asice (with the document and signature inside),
  • XAdES signature - XML file or .asice containing the document and the signature.

The application automatically embeds the certificate, timestamp (if you choose) and takes care of the correctness of the structure.

WebNotarius - online verification and envelope preview

WebNotarius is a web application from Asseco that allows:

  • verify the signed document (XAdES, CAdES),
  • look into the contents of the envelope .asice,
  • check the certificate and its validity,
  • download the signature data, including the timestamp.

It's an ideal tool when you need to confirm the authenticity of a signature, but don't want to install additional programs.

 

For whom does it matter?

For anyone who:

  • signs official documents, tenders, contracts, invoices,
  • uses systems such as ePUAP, e-Delivery, KSeF,
  • works with foreign partners and must meet eIDAS standards,

archives documents for many years and wants to ensure their long-term validity.

In summary, kcrypto operta is not an add-on - it is the foundation of a secure electronic signature. It is what makes the signed document:

  • inviolable,
  • verifiable,
  • compliant with the standards of EU law.

     

Solutions from Asseco -. proCertum SmartSign i WebNotarius - create and handle envelopes automatically. You just sign, and all the cryptography happens in the background.

Want to get started? Visit podpisano.pl and check out our qualified signature tools - mobile and desktop, for companies, offices and individuals.

Call us at

+48 22 417 05 55

and we will put you in touch with one of our representatives available virtually nationwide.

Check also:

  • Qualified stamps

How do I access KSeF? ZAW-FA vs. Seal

  • Qualified Stamps, Qualified Signatures

Authentication in KSeF: ZAW-FA or a Qualified Seal? Which one should you choose to start with?

  • Qualified stamps

Registering with KSeF using a qualified digital certificate – Your ticket to skip the lines

  • Qualified Stamps, Qualified Signatures

KSeF in sole proprietorships and small companies: qualified signature, stamp, and invoice automation

See all

Do you need help?

Info
Learn more Add to cart
Info
Learn more Add to cart

Find what you're looking for