ETSI TS 101 733 V1.2.2 (2000-12)

SLOVENSKI STANDARD
01-maj-2005
Formati elektronskega podpisa
Electronic signature formats
Ta slovenski standard je istoveten z: TS 101 733 Version 1.2.2
ICS:
35.040 Nabori znakov in kodiranje Character sets and
informacij information coding
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

Technical Specification
Electronic signature formats
2 ETSI TS 101 733 V1.2.2 (2000-12)
Reference
DTS/SEC-004001
Keywords
IP, electronic signature, security
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE
Tel.: +33492 94 4200 Fax: +33493 65 4716
Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88
Important notice
Individual copies of the present document can be downloaded from:
http://www.etsi.org
The present document may be made available in more than one electronic version or in print. In any case of existing or
perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF).
In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive
within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at http://www.etsi.org/tb/status/
If you find errors in the present document, send your comment to:
editor@etsi.fr
Copyright Notification
No part may be reproduced except as authorized by written permission.
The copyright and the foregoing restriction extend to reproduction in all media.
© European Telecommunications Standards Institute 2000.
All rights reserved.
ETSI
3 ETSI TS 101 733 V1.2.2 (2000-12)
Contents
Intellectual Property Rights .7
Foreword.7
Introduction.7
1 Scope.8
2 References.9
3 Definitions and abbreviations.10
3.1 Definitions . 10
3.2 Abbreviations. 11
4 Overview.11
4.1 Major Parties. 11
4.2 Electronic Signatures and Validation Data . 12
4.3 Forms of Validation Data . 13
4.4 Extended Forms of Validation Data . 14
4.5 Archive Validation Data. 16
4.6 Arbitration . 17
4.7 Validation Process. 17
4.8 Example Validation Sequence . 18
4.9 Additional optional features of an ES. 21
5 General Description.21
5.1 The Signature Policy . 21
5.2 Signed Information. 22
5.3 Components of an Electronic Signature. 22
5.3.1 Reference to the Signature Policy. 22
5.3.2 Commitment Type Indication. 23
5.3.3 Certificate Identifier from the Signer . 23
5.3.4 Role Attributes. 24
5.3.4.1 Claimed Role. 24
5.3.4.2 Certified Role. 24
5.3.5 Signer Location. 24
5.3.6 Signing Time . 24
5.3.7 Content Format. 25
5.4 Components of Validation Data. 25
5.4.1 Revocation Status Information . 25
5.4.2 CRL Information. 25
5.4.3 OCSP Information . 26
5.4.4 Certification Path . 26
5.4.5 Timestamping for Long Life of Signature. 26
5.4.6 Timestamping for Long Life of Signature before CA Key Compromises. 27
5.4.6.1 Timestamping the ES with Complete Validation Data . 27
5.4.6.2 Timestamping Certificates and Revocation Information References. 28
5.4.7 Timestamping for Long Life of Signature. 28
5.4.8 Reference to Additional Data . 29
5.4.9 Timestamping for Mutual Recognition . 29
5.4.10 TSA Key Compromise. 29
5.5 Multiple Signatures . 30
6 Signature Policy and Signature Validation Policy.30
6.1 Identification of Signature Policy. 31
6.2 General Signature Policy Information . 32
6.3 Recognized Commitment Types . 32
6.4 Rules for Use of Certification Authorities . 32
6.4.1 Trust Points . 33
6.4.2 Certification Path . 33
ETSI
4 ETSI TS 101 733 V1.2.2 (2000-12)
6.5 Revocation Rules . 33
6.6 Rules for the Use of Roles . 34
6.6.1 Attribute Values. 34
6.6.2 Trust Points for Certified Attributes. 34
6.6.3 Certification Path for Certified Attributes . 34
6.7 Rules for the Use of Timestamping and Timing . 34
6.7.1 Trust Points and Certificate Paths. 34
6.7.2 Timestamping Authority Names. 34
6.7.3 Timing Constraints - Caution Period. 35
6.7.4 Timing Constraints - Timestamp Delay . 35
6.8 Rules for Verification Data to be followed . 35
6.9 Rules for Algorithm Constraints and Key Lengths. 35
6.10 Other Signature Policy Rules . 35
6.11 Signature Policy Protection. 35
7 Identifiers and roles .36
7.1 Signer Name Forms. 36
7.2 TSP Name Forms . 36
7.3 Roles and Signer Attributes . 36
8 Data structure of an Electronic Signature .37
8.1 General Syntax. 37
8.2 Data Content Type . 37
8.3 Signed-data Content Type. 37
8.4 SignedData Type. 37
8.5 EncapsulatedContentInfo Type . 37
8.6 SignerInfo Type . 37
8.6.1 Message Digest Calculation Process. 38
8.6.2 Message Signature Generation Process. 38
8.6.3 Message Signature Verification Process . 38
8.7 CMS Imported Mandatory Present Attributes. 38
8.7.1 Content Type . 38
8.7.2 Message Digest. 38
8.7.3 Signing Time . 38
8.8 Alternative Signing Certificate Attributes . 38
8.8.1 ESS Signing Certificate Attribute Definition. 39
8.8.2 Other Signing Certificate Attribute Definition . 39
8.9 Additional Mandatory Attributes . 40
8.9.1 Signature policy Identifier. 40
8.10 CMS Imported Optional Attributes . 41
8.10.1 Countersignature. 41
8.11 ESS Imported Optional Attributes. 41
8.11.1 Signed Content Reference Attribute. 41
8.11.2 Content Identifier Attribute . 41
8.11.2 Content Hints Attribute. 42
8.12 Additional Optional Attributes. 42
8.12.1 Commitment Type Indication Attribute . 42
8.12.2 Signer Location. 43
8.12.3 Signer Attributes. 44
8.12.4 Content Timestamp. 44
8.13 Support for Multiple Signatures. 44
8.13.1 Independent Signatures . 44
8.13.2 Embedded Signatures. 44
9 Validation Data.45
9.1 Electronic Signature Timestamp . 45
9.1.1 Signature Timestamp Attribute Definition . 45
9.2 Complete Validation Data. 46
9.2.1 Complete Certificate Refs Attribute Definition . 46
9.2.2 Complete Revocation Refs Attribute Definition. 47
9.3 Extended Validation Data. 48
9.3.1 Certificate Values Attribute Definition . 48
9.3.2 Revocation Values Attribute Definition . 48
ETSI
5 ETSI TS 101 733 V1.2.2 (2000-12)
9.3.3 ES-C Timestamp Attribute Definition. 49
9.3.4 Time-Stamped Certificates and CRLs Attribute Definition. 49
9.4 Archive Validation Data. 49
9.4.1 Archive Timestamp Attribute Definition. 50
10 Other standard data structures .50
10.1 Public-key Certificate Format. 50
10.2 Certificate Revocation List Format . 50
10.3 OCSP Response Format . 51
10.4 Timestamping Token Format. 51
10.5 Name and Attribute Formats. 51
10.6 Attribute Certificate. 51
11 Signature Policy Specification .51
11.1 Overall ASN.1 Structure. 51
11.2 Signature Validation Policy . 52
11.3 Common Rules. 52
11.4 Commitment Rules. 53
11.5 Signer and Verifier Rules . 53
11.5.1 Signer Rules . 53
11.5.2 Verifier Rules . 54
11.6 Certificate and Revocation Requirement . 55
11.6.1 Certificate Requirements. 55
11.6.2 Revocation Requirements. 56
11.7 Signing Certificate Trust Conditions. 56
11.8 TimeStamp Trust Conditions. 57
11.9 Attribute Trust Conditions. 57
11.10 Algorithm Constraints . 58
11.11 Signature Policy Extensions. 58
12 Data protocols to interoperate with TSPs.59
12.1 Operational Protocols . 59
12.1.1 Certificate Retrieval. 59
12.1.2 CRL Retrieval. 59
12.1.3 OnLine Certificate Status . 59
12.1.4 Timestamping. 59
12.2 Management Protocols . 59
12.2.1 Certificate Request. 59
12.2.2 Certificate Distribution to Signer. 60
12.2.3 Request for Certificate Revocation . 60
13 Security considerations .60
13.1 Protection of Private Key. 60
13.2 Choice of Algorithms . 60
14 Conformance Requirements.60
14.1 Signer . 60
14.2 Verifier using timestamping. 61
14.3 Verifier using secure records . 61
14.4 Signature Policy. 61
ETSI
6 ETSI TS 101 733 V1.2.2 (2000-12)
Annex A (normative): ASN.1 Definitions.62
A.1 Signature Format Definitions Using X.208 (1988) ASN.1 Syntax .62
A.2 Signature Policies Definitions Using X.208 (1988) ASN.1 Syntax .67
A.3 Signature Format Definitions Using X.680 (1997) ASN.1 Syntax .70
A.4 Signature Policy Definitions Using X.680 (1997) ASN.1 Syntax.70
Annex B (informative): Example Structured Contents and MIME.80
B.1 General Description.80
B.2 Header Information.80
B.3 Content Encoding .81
B.4 Multi-Part Content.81
B.5 S/MIME .82
Annex C (informative): Relationship to the European Directive and EESSI .84
C.1 Introduction.84
C.2 Electronic Signatures and the Directive.84
C.3 ETSI Electronic Signature Formats and the Directive.84
C.4 EESSI Standards and Classes of Electronic Signature .85
C.4.1 Structure of EESSI standardization . 85
C.4.2 Classes of electronic signatures. 85
C.4.3 EESSI Classes and the ETSI Electronic Signature Format. 85
Annex D (informative): APIs for the Generation and Verification of Electronic Signatures
Tokens .86
D.1 Data Framing.86
D.2 IDUP-GSS-APIs defined by the IETF.87
D.3 CORBA Security interfaces defined by the OMG.87
Annex E (informative): Cryptographic Algorithms .89
E.1 Digest Algorithms.89
E.1.1 SHA-1. 89
E.1.2 MD5 . 89
E.1.3 General . 89
E.2 Digital Signature Algorithms .90
E.2.1 DSA. 90
E.2.2 RSA. 90
E.2.3 General . 90
Annex F (informative): Guidance on Naming .92
F.1 Allocation of Names .92
F.2 Providing Access to Registration Information .92
F.3 Naming Schemes .93
F.3.1 Naming Schemes for Individual Citizens . 93
F.3.2 Naming Schemes for Employees of an Organization .93
Bibliography.94
History .96
ETSI
7 ETSI TS 101 733 V1.2.2 (2000-12)
Intellectual Property Rights
IPRs essential or potentially essential to the present document may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (http://www.etsi.org/ipr).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
Foreword
This Technical Specification (TS) has been produced by ETSI Technical Committee Security (SEC).
Introduction
Electronic commerce is emerging as the future way of doing business between companies across local, wide area and
global networks. Trust in this way of doing business is essential for the success and continued development of
electronic commerce. It is therefore important that companies using this electronic means of doing business have
suitable security controls and mechanisms in place to protect their transactions and to ensure trust and confidence with
their business partners. In this respect the electronic signature is an important security component that can be used to
protect information and provide trust in electronic business.
The present document is intended to cover electronic signatures for various types of transactions, including business
transactions (e.g. purchase requisition, contract, and invoice applications). Thus the present document can be used for
any transaction between an individual and a company, between two companies, between an individual and a
governmental body, etc. The present document is independent of any environment. It can be applied to any environment
e.g. smart cards, GSM SIM cards, special programs for electronic signatures etc.
An electronic signature produced in accordance with the present document provides evidence that can be processed to
get confidence that some commitment has been explicitly endorsed under a Signature policy, at a given time, by a
signer under an identifier, e.g. a name or a pseudonym, and optionally a role.
The European Directive on a community framework for Electronic Signatures defines an electronic signature as: "data
in electronic form which is attached to or logically associated with other electronic data and which serves as a method
of authentication". An electronic signature as used in the current document is a form of advanced electronic signature as
definedintheDirective.
ETSI
8 ETSI TS 101 733 V1.2.2 (2000-12)
1 Scope
The present document defines an electronic signature that remains valid over long periods. This includes evidence as to
its validity even if the signer or verifying party later attempts to deny (repudiates) the validity of the signature.
The present document specifies use of trusted service providers (e.g. TimeStamping Authorities), and the data that
needs to be archived (e.g. cross certificates and revocation lists) to meet the requirements of long term electronic
signatures. An electronic signature defined by the present document can be used for arbitration in case of a dispute
between the signer and verifier, which may occur at some later time, even years later. The present document uses a
signature policy, referenced by the signer, as the basis for establishing the validity of an electronic signature.
The present document is based on the use of public key cryptography to produce digital signatures, supported by public
key certificates.
The present document also specifies the use of timestamping services to prove the validity of a signature long after the
normal lifetime of critical elements of an electronic signature and to support non-repudiation. It also, as an option,
defines the use of additional timestamps to provide very long-term protection against key compromise or weakened
algorithms.
The present document builds on existing standards that are widely adopted. This includes:
• RFC 2630 [8] "Cryptographic Message Syntax (CMS)";
• ITU-T Recommendation X.509 [1]: "Information technology - Open Systems Interconnection - The Directory:
Authentication framework";
• RFC 2459 [6] "Internet X.509 [23] Public Key Infrastructure (PKIX) Certificate and CRL Profile";
• IETF Internet Draft Time Stamp Protocol (TPS) (to be published) (see bibliography).
NOTE: See clause 2 for a full set of references.
The present document includes:
• format of Electronic Signature tokens;
• format of Signature Policies.
In addition, the present document identifies other documents that define format for Public Key Certificates, Attribute
Certificates, Certificate Revocation Lists and supporting protocols. Including, protocols for use of trusted third parties
to support the operation of electronic signature creation and validation, as well as the management of certificates used to
support electronic signatures.
Informative annexes, describe:
• an example structured content;
• the relationship between the present document and the directive on electronic signature and associated
standardization initiatives;
• APIs to support the generation and the verification of electronic signatures;
• cryptographic algorithms that may be used;
• guidance on naming.
ETSI
9 ETSI TS 101 733 V1.2.2 (2000-12)
2 References
The following documents contain provisions which, through reference in this text, constitute provisions of the present
document.
• References are either specific (identified by date of publication and/or edition number or version number) or
non-specific.
• For a specific reference, subsequent revisions do not apply.
• For a non-specific reference, the latest version applies.
[1] ITU-T Recommendation X.509 (1997) | ISO/IEC 9594-8: "Information technology - Open
Systems Interconnection - The Directory: Authentication framework".
[2] ITU-T Recommendation X.208 (1988): "Specification of Abstract Syntax Notation One (ASN.1)".
[3] ITU-T Recommendation X.690 (1997) | ISO/IEC 8825-1: "Information technology - ASN.1
encoding rules - Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER)
and Distinguished Encoding Rules (DER)".
[4] ITU-T Recommendation F.1 (1998): "Operational provisions for the international public telegram
service".
[5] RFC 1777 (1995): "Lightweight Directory Access Protocol".
[6] RFC 2459 (1999): "Internet X.509 Public Key Infrastructure Certificate and CRL Profile".
[7] RFC 2560 (1999): "X.509 Internet Public Key Infrastructure Online Certificate Status Protocol -
OCSP".
[8] RFC 2630 (1999): "Cryptographic Message Syntax".
[9] RFC 2634 (1999): "Enhanced Security Services for S/MIME".
[10] ISO 7498-2 (1989): "Information processing systems - Open Systems Interconnection - Basic
Reference Model - Part 2: Security Architecture".
[11] ISO/IEC 13888-1 (1997): "Information technology - Security techniques - Non-repudiation -
Part 1: General".
[12] ITU-T Recommendation X.400 (1996): "Message handling system and service overview".
[13] ITU-T Recommendation X.500 (1997): "Information technology - Open Systems Interconnection -
The Directory: Overview of concepts, models and services".
[14] ITU-T Recommendation X.501 (1997): "Information technology - Open Systems Interconnection -
The Directory: Models".
[15] ITU-T Recommendation X.520 (1997): "Information technology - Open Systems Interconnection -
The Directory: Selected attribute types".
[16] RFC 2559 (1999): "Internet X.509 Public Key Infrastructure Operational Protocols - LDAPv2".
[17] RFC 2587 (1999): "Internet X.509 Public Key Infrastructure LDAPv2 Schema".
[18] RFC 2510 (1999): "Internet X.509 Public Key Infrastructure Certificate Management Protocols".
[19] RFC 2450 (1998): "Proposed TLA and NLA Assignment Rules".
[20] RFC 2045 (1996): "Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet
Message Bodies".
[21] RFC 2078 (1997): "Generic Security Service Application Program Interface, Version 2".
[22] RFC 2511 (1999): "Internet X.509 Certificate Request Message Format".
ETSI
10 ETSI TS 101 733 V1.2.2 (2000-12)
[23] ITU-T Recommendation X.509 (2000): "Information technology - Open Systems Interconnection -
The directory: Public-key and attribute certificate frameworks".
[24] ITU-T Recommendation X.680 (1997): "Information technology - Abstract Syntax Notation One
(ASN.1): Specification of basic notation".
3 Definitions and abbreviations
3.1 Definitions
For the purposes of the present document, the following terms and definitions apply:
arbitrator: arbitrator entity may be used to arbitrate a dispute between a signer and verifier when there is a
disagreement on the validity of a digital signature
Attribute Authority (AA): authority which assigns privileges by issuing attribute certificates
authority certificate: certificate issued to an authority (e.g. either to a certification authority or to an attribute
authority)
Attribute Authority Revocation List (AARL): references to attribute certificates issued to AAs, that are no longer
considered valid by the issuing authority
Attribute Certificate Revocation List (ARL): revocation list containing a list of references to attribute certificates that
are no longer considered valid by the issuing authority
Certification Authority (CA): authority trusted by one or more users to create and assign certificates. Optionally the
certification authority may create the users' keys (ITU-T Recommendation X.509 [1])
Certificate Revocation List (CRL): signed list indicating a set of certificates that are no longer considered valid by the
certificate issuer
digital signature: data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data
unit to prove the source and integrity of the data unit and protect against forgery, e.g. by the recipient (ISO 7498-2 [10])
public key certificate: public keys of a user, together with some other information, rendered unforgeable by
encipherment with the private key of the certification authority which issued it (ITU-T Recommendation X.509 [1])
signature policy: set of rules for the creation and validation of an electronic signature, under which the signature can be
determined to be valid
signature policy issuer: entity that defines the technical and procedural requirements for electronic signature creation
and validation, in order to meet a particular business need
signature validation policy: part of the signature policy which specifies the technical requirements on the signer in
creating a signature and verifier when validating a signature
signer: entity that creates an electronic signature
TimeStamping Authority (TSA): trusted third party that creates time stamp tokens in order to indicate that a datum
existed at a particular point in time
Trusted Service Provider (TSP): entity that helps to build trust relationships by making available or providing some
information upon request
valid electronic signature: electronic signature which passes validation according to a signature validation policy
verifier: entity that verifies an evidence (ISO/IEC 13888-1 [11])
NOTE: Within the context of the present document this is an entity that validates an electronic signature.
ETSI
11 ETSI TS 101 733 V1.2.2 (2000-12)
3.2 Abbreviations
For the purposes of the present document, the following abbreviations apply:
AA Attribute Authority
API Application Program Interface
ARL Authority Revocation List
ASN.1 Abstract Syntax Notation 1
CA Certification Authority
CMS Cryptographic Message Syntax
CRL Certificate Revocation List
DER Distinguished Encoding Rules (for ASN.1)
DSA Digital Signature Algorithm (see annex E on crytpographic algorithms)
EDIFACT Electronic Data Interchange for Administration, Commerce And Transport
ES Electronic Signature
ES-A ES with Archive Validation Data
ES-C ES with Complete validation data
ESS Enhanced Security Services (enhance
...