Awesome E-Signature

Electronic signatures are increasingly anchored on public or permissioned blockchains for tamper-evidence, time-stamping, and long-term verifiability. This list collects standards, legal frameworks, court cases, cryptographic primitives, tooling, and platforms that shape the field. It is an auto-synced mirror of ChaindocIO/awesome-blockchain-esignature; the canonical home for community PRs and stars is GitHub.

Standards and Specifications — EU and ETSI

eIDAS Regulation (EU 910/2014) — EU framework for electronic identification and trust services.
eIDAS 2.0 Regulation (EU 2024/1183) — 2024 amendment introducing the European Digital Identity Wallet.
ETSI EN 319 122 - CAdES — CMS Advanced Electronic Signatures specification.
ETSI EN 319 132 - XAdES — XML Advanced Electronic Signatures.
ETSI EN 319 142 - PAdES — PDF Advanced Electronic Signatures.
ETSI EN 319 162 - ASiC — Associated Signature Containers for packaging signed data.
ETSI EN 319 411 - TSP policies — Policy and security requirements for trust service providers.
ETSI EN 319 412 - Certificate profiles — Profiles for certificates issued to natural and legal persons.
ETSI TS 119 182 - JAdES — JSON Advanced Electronic Signatures.
ETSI TS 119 461 - Identity proofing — Policy and security requirements for identity proofing of trust service subjects.
ETSI TS 119 612 - Trusted Lists — Format for trusted lists of qualified trust service providers.
Implementing Regulation (EU) 2015/1501 — Interoperability framework for cross-border eID under eIDAS.
Implementing Regulation (EU) 2015/1502 — Minimum technical specifications for eID assurance levels.

Standards and Specifications — IETF RFCs

RFC 3161 - Time-Stamp Protocol — Internet X.509 PKI Time-Stamp Protocol (TSP).
RFC 4880 - OpenPGP Message Format — Detached and inline signature format used in PGP.
RFC 4998 - Evidence Record Syntax — Long-term archival of cryptographic evidence.
RFC 5280 - X.509 PKI Certificate Profile — Certificate and CRL profile for the Internet X.509 PKI.
RFC 5652 - Cryptographic Message Syntax — Foundation for CAdES signatures.
RFC 6283 - XML Evidence Record Syntax — XML representation of evidence records.
RFC 6960 - OCSP — Online Certificate Status Protocol for revocation checking.
RFC 6962 - Certificate Transparency — Public, append-only logs of issued certificates.
RFC 7515 - JSON Web Signature (JWS) — Detached and compact JSON-based signatures.
RFC 7518 - JSON Web Algorithms — Cryptographic algorithms for JOSE.
RFC 8017 - PKCS #1 v2.2 — RSA cryptography primitives, encoding, and signature schemes.
RFC 8032 - EdDSA — Edwards-curve Digital Signature Algorithm (Ed25519, Ed448).
RFC 8410 - Algorithm IDs for Edwards curves — X.509 OIDs for Ed25519, Ed448, X25519, X448.
RFC 8551 - S/MIME 4.0 — Secure/Multipurpose Internet Mail Extensions message specification.
RFC 8809 - JOSE registries — Profiles and registries for JOSE algorithms.

Standards and Specifications — NIST

FIPS 180-4 - Secure Hash Standard — SHA-1, SHA-2 family hash algorithms.
FIPS 186-5 - Digital Signature Standard — DSA, ECDSA, EdDSA signature schemes.
FIPS 197 - AES — Advanced Encryption Standard block cipher.
FIPS 202 - SHA-3 — Permutation-based hash and extendable-output functions.
NIST Cybersecurity Framework — Risk-based controls referenced by trust service auditors.
NIST SP 800-22 - RNG testing — Statistical test suite for random number generators used in signing.
NIST SP 800-56A - DH/ECDH key establishment — Pair-wise key establishment using discrete-logarithm cryptography.
NIST SP 800-56B - RSA key establishment — Pair-wise key establishment using integer-factorization cryptography.
NIST SP 800-57 - Key management — General key-management recommendations including signing keys.
NIST SP 800-78 - PKI cryptographic algorithms — Algorithms and key sizes for PIV credentials.
NIST SP 800-89 - Digital signature assurances — Recommendation for obtaining assurances for digital signature applications.
NIST SP 800-186 - Elliptic curves — Recommendations for discrete logarithm-based cryptography.
NIST SP 800-208 - Hash-based signatures — Stateful hash-based signature schemes (LMS, XMSS).

Standards and Specifications — ISO/IEC

ISO 14533-1 - Long-term signature CAdES profiles — Long-term signature profiles for CAdES.
ISO 14533-2 - Long-term signature XAdES profiles — Long-term signature profiles for XAdES.
ISO 14533-3 - Long-term signature PAdES profiles — Long-term signature profiles for PAdES.
ISO/IEC 27001 - ISMS — Information security management systems requirements.
ISO/IEC 27018 - Cloud privacy — Code of practice for protection of PII in public clouds.
ISO 32000-2 - PDF 2.0 — Document management portable document format including signature dictionary.

Standards and Specifications — W3C and others

ITU-T X.509 — Public-key and attribute certificate frameworks.
ITU-T X.660 - OID Tree — General procedures and top arcs of the international object identifier tree.
Adobe Approved Trust List (AATL) — Adobe's curated list of trusted CAs for Acrobat/Reader signature validation.
BSI TR-03145 - Secure CA Operation — German technical guideline for secure CA operation.
W3C DID Core 1.0 — Decentralized identifiers data model and syntax.
W3C JSON-LD 1.1 — JSON for linking data, used in verifiable credentials.
W3C Verifiable Credentials Data Model 2.0 — Core data model for cryptographically verifiable credentials.
W3C Verifiable Credentials JOSE/COSE — Securing VCs with JOSE and COSE signature suites.
W3C XML Signature 1.1 — Syntax and processing for XML digital signatures.

Legal Frameworks by Region — International

UNCITRAL Model Law on Electronic Commerce (1996) — Model law influencing most national e-commerce statutes.
UNCITRAL Model Law on Electronic Signatures (2001) — UN model law that shaped most national e-signature statutes.

Legal Frameworks by Region — Americas

Argentina Ley 25.506 - Firma Digital — Argentine digital signature law of 2001.
Brazil MP 2.200-2/2001 (ICP-Brasil) — Establishes the Brazilian Public Key Infrastructure.
Canada PIPEDA — Personal Information Protection and Electronic Documents Act, Part 2 governs e-signatures.
ESIGN Act (15 U.S.C. § 7001) — U.S. federal e-signature law enacted in 2000.
ESIGN Act at U.S.C. Title 15 Chapter 96 — Full text of the Electronic Signatures in Global and National Commerce Act.
Mexico DOF - NOM-151 publications — Mexican federal gazette publishing NOM-151-SCFI on data preservation.
UETA - Uniform Electronic Transactions Act — Model U.S. state law on electronic transactions.

Legal Frameworks by Region — EU member states

Belgium - Federal eJustice portal — Official portal publishing the 2016 Belgian trust services law implementing eIDAS.
French Code civil articles 1366-1369 — French civil code provisions on electronic signature evidence.
German BGB § 126a - Electronic form — Civil code section equating QES with handwritten signature.
German BGB § 126b - Text form — Civil code section defining the text form requirement.
German Vertrauensdienstegesetz (VDG) — German implementation of eIDAS trust services.
Italy Codice dell'amministrazione digitale (D.Lgs. 82/2005) — Italian digital administration code covering electronic signatures.
Netherlands Telecommunicatiewet — Dutch Telecommunications Act incorporating eIDAS provisions.
Poland Ustawa o usługach zaufania (2016) — Polish trust services and electronic identification act.
Spain Ley 6/2020 — Spanish law on electronic trust services complementing eIDAS.

Legal Frameworks by Region — Other Europe

Swiss ZertES — Swiss federal act on electronic signatures.
UK Electronic Communications Act 2000 — UK statutory basis for electronic signatures.
UK Electronic Signatures Regulations 2002 — Implementing the EU 1999/93/EC Directive prior to retained eIDAS.

Legal Frameworks by Region — APAC

Australia Electronic Transactions Act 1999 — Federal law giving legal effect to electronic communications.
China NPC - Electronic Signature Law — National People's Congress portal hosting the 2005 Electronic Signature Law (amended 2019).
India IT Act 2000 — Indian Information Technology Act establishing digital and electronic signatures.
Japan e-Gov - Act on Electronic Signatures — Act on Electronic Signatures and Certification Business (Law No. 102 of 2000).
Singapore Electronic Transactions Act 2010 — Statute governing electronic records and signatures in Singapore.

Legal Frameworks by Region — MEA

South Africa ECT Act 25 of 2002 — Electronic Communications and Transactions Act covering advanced electronic signatures.
UAE legislation portal — Hosts Federal Decree-Law No. 46 of 2021 on electronic transactions and trust services.

Court Cases and Judicial Precedents — United States

Berkson v. Gogo LLC, 97 F. Supp. 3d 359 (E.D.N.Y. 2015) — Modern framework for evaluating click-wrap conspicuousness.
Forrest v. Verizon Communications Inc., 805 A.2d 1007 (D.C. 2002) — Click-wrap forum-selection clause held enforceable.
Long v. Provide Commerce, Inc., 200 Cal. Rptr. 3d 117 (2016) — Found browse-wrap notice insufficient on the proflowers.com site.
Meyer v. Uber Techs., Inc., 868 F.3d 66 (2d Cir. 2017) — Sign-in-wrap upheld; reasonable communication of terms.
Specht v. Netscape Communications Corp., 306 F.3d 17 (2d Cir. 2002) — Browse-wrap unenforceable without unambiguous assent.
Specht v. Netscape (Justia mirror) — Justia copy of the foundational browse-wrap opinion.

Court Cases and Judicial Precedents — United Kingdom and EU

Bassano v. Toft (2014) EWHC 377 (QB) — Electronic signature on lender agreement satisfies statutory form.
Goodman v. J. Eban Ltd (1954) 1 QB 550 — Common law definition of signature, foundational precedent.
Mercury Tax Group Ltd v. HMRC (2008) EWHC 2721 (Admin) — Execution of deeds and the validity of split signature pages.
Neocleous v. Rees (2019) EWHC 2462 (Ch) — Automatic email footer can constitute a binding signature.

Court Cases and Judicial Precedents — Aggregators

BAILII - British and Irish Legal Information Institute — Free database of UK and Irish judgments cited above.
CourtListener - Free Law Project — Free database of U.S. federal and state opinions used for the citations above.

Glossary and Terminology

AATL term — Adobe Approved Trust List of CAs trusted by Acrobat for signature validation.
AdES family — Advanced Electronic Signature umbrella covering CAdES, XAdES, PAdES, JAdES, ASiC.
AES cipher — Advanced Encryption Standard, FIPS 197 symmetric block cipher.
ASiC container — Associated Signature Containers for packaging signed data, ETSI EN 319 162.
CA role — Certificate Authority, defined in RFC 5280 section 3.2.
CAdES profile — CMS Advanced Electronic Signatures, ETSI EN 319 122.
Certificate Transparency log — Public append-only logs of issued X.509 certificates.
CMS structure — Cryptographic Message Syntax, the basis of CAdES.
CRL revocation — Certificate Revocation List defined in RFC 5280 section 5.
DID identifier — Decentralized Identifier, W3C DID Core 1.0.
DSA algorithm — Digital Signature Algorithm specified in FIPS 186-5.
ECDSA algorithm — Elliptic Curve Digital Signature Algorithm in FIPS 186-5.
EdDSA algorithm — Edwards-curve Digital Signature Algorithm, RFC 8032.
eIDAS regulation — EU Regulation 910/2014 on electronic identification and trust services.
e-seal type — Electronic seal under eIDAS Article 35, the organisational analogue of an e-signature.
ESI committee — Electronic Signatures and Infrastructures, ETSI's standards committee.
ESIGN statute — U.S. Electronic Signatures in Global and National Commerce Act.
HSM device — Hardware Security Module for protected key storage, see NIST SP 800-57.
JAdES profile — JSON Advanced Electronic Signatures, ETSI TS 119 182-1.
JOSE registry — JavaScript Object Signing and Encryption umbrella registries.
JSON-LD format — JSON for Linking Data, W3C Recommendation used by Verifiable Credentials.
JWS object — JSON Web Signature, RFC 7515.
LTV mode — Long-Term Validation, PAdES Part 4 / ETSI EN 319 142-2.
OCSP responder — Online Certificate Status Protocol for revocation lookup.
OID arc — Object Identifier, ITU-T X.660 hierarchical identifier scheme.
PGP signature — OpenPGP Message Format for inline and detached signatures, RFC 4880.
PAdES profile — PDF Advanced Electronic Signatures, ETSI EN 319 142.
PKI architecture — Public Key Infrastructure framework specified in RFC 5280.
QES level — Qualified Electronic Signature, eIDAS Article 3(12).
QSCD device — Qualified Signature Creation Device, eIDAS Annex II.
QTSP role — Qualified Trust Service Provider, eIDAS Article 3(20).
SHA-2 family — Secure Hash Algorithm 2 family, FIPS 180-4.
SHA-3 family — Permutation-based hash family, FIPS 202.
S/MIME spec — Secure/Multipurpose Internet Mail Extensions, RFC 8551.
TSA service — Time-Stamp Authority, RFC 3161.
TSP entity — Trust Service Provider, eIDAS Article 3(19).
UETA framework — Uniform Electronic Transactions Act, U.S. model statute on electronic transactions.
VC credential — Verifiable Credential, W3C VC Data Model 2.0.
X.509 certificate — Public-key certificate format, ITU-T X.509 / RFC 5280.
XAdES profile — XML Advanced Electronic Signatures, ETSI EN 319 132.
XML Signature spec — W3C XML Signature 1.1 syntax and processing.
ZertES statute — Swiss Federal Act on Electronic Signatures.