Is there any reason to use CAdES over XAdES for advanced electronic signatures?

One advantage of CAdES is that it generally causes less interoperability problems because the XML-DSig standard allows many options including XSLT, XPointer Framework, XML canonicalization and more. CAdES would be less demanding if only dealing with strictly DER-encoded signatures (The picture changes once you need to deal with BER encodings).

CAdES outperforms XAdES in scenarios where producing "attached" signatures on large data chunks is necessary (You want the result to be one single chunk of data that contains both the original data and the signature). The equivalent of an attached CAdES signature (The original input data is stored in the EncapContentInfo element of the CMS structure) is an Enveloping Signature. If you are required to produce such a kind of signature there is a high probability that you will run into problems when dealing with large input data if your XAdES implementation is DOM-based (those I know of are) - your machine will eventually run out of memory.

Performance would be another argument where CAdES is favoured. The message digest computation of CAdES is typically done directly on the raw bytes of the input data, XML signatures that are computed on XML documents involve a lot of overhead such as evaluation of XPath expressions, XSLT transforms, Base64 en-/decoding and Canonicalization, and potentially several Transform elements.

If you are building an archiving system for long-term validation of signatures where a lot of signatures are stored, CAdES is the preferred format due to its compactness in comparison to the textual XAdES format.


CAdES over XAdES:

  • Less options to implement
  • (Way) Easier to verify
  • Works with any sort of data, including XML
  • Easier for ASiC
  • Windows API more robust to build it
  • No need for complex canonicalizations
  • Can be used with S/MIME
  • Allows multiple signatures
  • It is used in PAdES
  • Faster

XAdES over CAdES:

  • Signed XML files can still be read by encryption-unaware applications
  • Multiple elements can be signed with one pass
  • You do not need an ASN.1 compiler

The only reason I would use XAdES is the first one, personal opinion. But then, an unaware application might modify the file, rendering the signature invalid. Also, using the *AdES types means that you want to be compatible with the EU regulations and, this usually means PDF documents signed with PAdES. When you simply want to sign an e-mail, CAdES is not very much useful as it is not validated by most S/MIME clients. The AdES stuff is european laws, so not so many US apps are aware of it.

Also, these forms are not just the old ones with timestamps, there are a lot of addons. See https://www.w3.org/TR/XAdES/ and https://www.secureblackbox.com/kb/articles/8-CAdES.rst.

I have also implemented them in C++ for Windows, check here and here for my complete toolset.