Associated Signature Containers (ASiC)

What are associated signature containers (ASiC)?

ASiC containers as specified in ETSI EN 319 162-1 bind together into a ZIP archive:

1. detached digital signatures (or time assertions, which are not used by DokuMate) with
2. signed file objects (e.g. documents, spreadsheets, multimedia content, XML structured data) to which such detached signatures apply.

All ASiC containers have an internal structure consisting of:

• a root folder, possibly with sub-folders reflecting the content structure, for the signed file objects; and
• a "META-INF" folder, in the root folder, for files containing metadata about the content, including associated signature (or time assertion) files.

The European Standard (EN) 319 162-1 produced by the European Telecommunications Standards Institute (ETSI) Technical Committee Electronic Signatures and Infrastructures (ESI) allows for multiple signature (and time assertion) formats. Of those, DokuMate only uses XML advanced electronic signatures (XAdES) with a trusted time-stamp token issued by a Time Stamping Authority (B-T level).

Not considering time assertions and non-XAdES signatures, the standard further specifies two types of containers:

1. ASiC Simple (ASiC-S), which associates, in a ZIP archive having a file name extension ".asics" (preferred) or ".scs", a single file object (which can be a ZIP archive) with one or more XAdES signatures present in a single signature file; and
2. ASiC Extended (ASiC-E), which associates, in a ZIP archive having a file name extension ".asice" (preferred) or ".sce", one or more file objects with one or more XAdES signatures present in one or more signature files.

DokuMate produces ASiC Extended (ASiC-E) containers with a file name extension ".asice". You can open those files with any file compression tool that supports the ZIP format (e.g., 7-Zip, WinZip) and also associate the ".asice" extension with your tool of choice.

Why are associated signature containers (ASiC) useful?

Combining a detached signature with the signed objects in a container allows for easy distribution of those signed objects and guarantees that the correct signature and any relevant metadata is used when validating. Associated signature containers also offer a convenient and secure mechanism for creating point-in-time snapshots of sets of documents, e.g., during a negotiation process or for general audit and compliance purposes.