ETSI EN 319 102-1 V1.1.1 (2016-05)

EUROPEAN STANDARD
Electronic Signatures and Infrastructures (ESI);
Procedures for Creation and Validation
of AdES Digital Signatures;
Part 1: Creation and Validation

2 ETSI EN 319 102-1 V1.1.1 (2016-05)

Reference
DEN/ESI-0019102-1
Keywords
electronic signature, security, trust services
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88

Important notice
The present document can be downloaded from:
http://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the
print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying
and microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.

© European Telecommunications Standards Institute 2016.
All rights reserved.
TM TM TM
DECT , PLUGTESTS , UMTS and the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members.
TM
3GPP and LTE™ are Trade Marks of ETSI registered for the benefit of its Members and
of the 3GPP Organizational Partners.
GSM® and the GSM logo are Trade Marks registered and owned by the GSM Association.
ETSI
3 ETSI EN 319 102-1 V1.1.1 (2016-05)
Contents
Intellectual Property Rights . 6
Foreword . 6
Modal verbs terminology . 6
Introduction . 6
1 Scope . 7
2 References . 7
2.1 Normative references . 7
2.2 Informative references . 8
3 Definitions and abbreviations . 9
3.1 Definitions . 9
3.2 Abbreviations . 11
4 Signature creation . 12
4.1 Signature creation model . 12
4.2 Signature creation information model . 13
4.2.1 Introduction. 13
4.2.2 Signature Creation Constraints . 14
4.2.3 Signer's document (SD) . 14
4.2.4 Signer's document representation (SDR) . 15
4.2.5 Signature attributes . 15
4.2.5.1 General requirements . 15
4.2.5.2 Signing certificate identifier . 15
4.2.5.3 Signature policy identifier . 16
4.2.5.4 Signature policy store . 16
4.2.5.5 Data content type . 16
4.2.5.6 Commitment type indication . 16
4.2.5.7 Counter signatures . 17
4.2.5.8 Claimed signing time . 17
4.2.5.9 Claimed signer location . 17
4.2.5.10 Signer's attributes . 17
4.2.6 Data to be signed (DTBS) . 17
4.2.7 Data to be signed (formatted) (DTBSF) . 18
4.2.8 Data to be signed representation (DTBSR) . 18
4.2.9 Signature . 18
4.2.10 Signed data object (SDO) . 18
4.2.11 Validation data . 18
4.3 Signature Classes and Creation Processes . 19
4.3.1 Introduction. 19
4.3.2 Creation of Basic Signatures . 20
4.3.2.1 Description . 20
4.3.2.2 Inputs . 20
4.3.2.3 Outputs . 20
4.3.2.4 Processing . 20
4.3.2.4.1 Selection of documents to sign . 20
4.3.2.4.2 Signature attribute and parameters selection . 21
4.3.2.4.3 Pre-signature presentation . 21
4.3.2.4.4 Signature invocation . 21
4.3.2.4.5 Signing. 22
4.3.2.4.6 Signer authentication . 22
4.3.2.4.7 SDO composition . 22
4.3.3 Creation of a Signature with Time . 22
4.3.3.1 Description . 22
4.3.3.2 Inputs . 23
4.3.3.3 Outputs . 23
4.3.3.4 Process . 23
4.3.4 Creation of Signatures with Long-Term Validation Material . 24
ETSI
4 ETSI EN 319 102-1 V1.1.1 (2016-05)
4.3.4.1 Description . 24
4.3.4.2 Inputs . 24
4.3.4.3 Outputs . 24
4.3.4.4 Process . 24
4.3.5 Creation of Signatures providing Long Term Availability and Integrity of Validation Material . 25
4.3.5.1 Description . 25
4.3.5.2 Inputs . 25
4.3.5.3 Outputs . 26
4.3.5.4 Process . 26
5 Signature validation . 26
5.1 Signature validation model . 26
5.1.1 General requirements . 26
5.1.2 Selecting validation processes . 29
5.1.3 Status indication of the signature validation process and signature validation report. 30
5.1.4 Validation constraints . 35
5.1.4.1 General requirements . 35
5.1.4.2 X.509 Validation Constraints . 36
5.1.4.3 Cryptographic Constraints . 36
5.1.4.4 Signature Elements Constraints . 36
5.2 Basic building blocks . 37
5.2.1 Description . 37
5.2.2 Format Checking . 37
5.2.2.1 Description . 37
5.2.2.2 Inputs . 37
5.2.2.3 Outputs . 37
5.2.3 Identification of the signing certificate . 38
5.2.3.1 Description . 38
5.2.3.2 Inputs . 38
5.2.3.3 Outputs . 38
5.2.3.4 Processing . 38
5.2.4 Validation context initialization . 38
5.2.4.1 Description . 38
5.2.4.2 Inputs . 39
5.2.4.3 Outputs . 39
5.2.4.4 Processing . 39
5.2.5 Revocation freshness checker . 40
5.2.5.1 Description . 40
5.2.5.2 Inputs . 40
5.2.5.3 Output . 41
5.2.5.4 Processing . 41
5.2.6 X.509 certificate validation . 41
5.2.6.1 Description . 41
5.2.6.2 Inputs . 42
5.2.6.3 Outputs . 42
5.2.6.4 Processing . 42
5.2.7 Cryptographic verification . 44
5.2.7.1 Description . 44
5.2.7.2 Inputs . 44
5.2.7.3 Outputs . 44
5.2.7.4 Processing . 44
5.2.8 Signature acceptance validation (SAV) . 45
5.2.8.1 Description . 45
5.2.8.2 Inputs . 45
5.2.8.3 Outputs . 45
5.2.8.4 Processing . 46
5.2.8.4.1 General requirements . 46
5.2.8.4.2 Processing AdES attributes . 46
5.2.9 Signature validation presentation building block . 48
5.3 Validation process for Basic Signatures . 48
5.3.1 Description . 48
5.3.2 Inputs . 48
ETSI
5 ETSI EN 319 102-1 V1.1.1 (2016-05)
5.3.3 Outputs . 48
5.3.4 Processing . 49
5.4 Time-stamp validation building block . 51
5.4.1 Description . 51
5.4.2 Inputs . 51
5.4.3 Outputs . 51
5.4.4 Processing . 51
5.5 Validation process for Signatures with Time and Signatures with Long-Term Validation Material . 51
5.5.1 Description . 51
5.5.2 Inputs . 52
5.5.3 Outputs . 52
5.5.4 Processing . 52
5.6 Validation process for Signatures providing Long Term Availability and Integrity of Validation
Material . 54
5.6.1 Introduction. 54
5.6.2 Additional building blocks . 55
5.6.2.1 Past certificate validation . 55
5.6.2.1.1 Description . 55
5.6.2.1.2 Input . 55
5.6.2.1.3 Output . 55
5.6.2.1.4 Processing . 56
5.6.2.2 Validation time sliding process . 56
5.6.2.2.1 Description . 56
5.6.2.2.2 Input . 56
5.6.2.2.3 Output . 57
5.6.2.2.4 Processing . 57
5.6.2.3 POE extraction . 58
5.6.2.3.1 Description . 58
5.6.2.3.2 Input . 58
5.6.2.3.3 Output . 59
5.6.2.3.4 Processing . 59
5.6.2.4 Past signature validation building block . 59
5.6.2.4.1 Description . 59
5.6.2.4.2 Input . 59
5.6.2.4.3 Output . 59
5.6.2.4.4 Processing . 59
5.6.3 Validation Process for Signatures providing Long Term Availability and Integrity of Validation
Material . 60
5.6.3.1 Description . 60
5.6.3.2 Input . 61
5.6.3.3 Output . 61
5.6.3.4 Processing . 61
Annex A (informative): Validation examples . 64
A.1 General remarks and assumptions . 64
A.2 Symbols . 64
A.3 Example 1: Revoked certificate . 65
A.3.1 Introduction . 65
A.3.2 Basic signature validation . 65
A.3.3 Validating a Signature with Time . 65
A.3.4 Example 2: Revoked CA certificate . 66
A.3.5 Basic signature validation . 67
A.3.6 Validation of a Signature with Time . 67
A.3.7 Long-Term Validation . 67
Annex B (informative): Signature Classes and AdES Signatures . 71
Annex C (informative): Conformance Checking . 72
History . 74

ETSI
6 ETSI EN 319 102-1 V1.1.1 (2016-05)
Intellectual Property Rights
IPRs essential or potentially essential to the present document may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (https://ipr.etsi.org/).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
Foreword
This European Standard (EN) has been produced by ETSI Technical Committee Electronic Signatures and
Infrastructures (ESI).
The present document is part 1 of a multi-part deliverable covering Procedures for Creation and Validation of AdES
Digital Signatures, as identified below:
Part 1: "Creation and Validation";
Part 2: "Signature Validation Report".

National transposition dates
Date of adoption of this EN: 29 April 2016
Date of latest announcement of this EN (doa): 31 July 2016
Date of latest publication of new National Standard
or endorsement of this EN (dop/e): 31 January 2017
Date of withdrawal of any conflicting National Standard (dow): 31 January 2017

Modal verbs terminology
In the present document "shall", "shall not", "should", "should not", "may", "need not", "will", "will not", "can" and
"cannot" are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of
provisions).
"must" and "must not" are NOT allowed in ETSI deliverables except when used in direct citation.
Introduction
The present document aims to meet the general requirements of the international community to provide trust and
confidence in electronic transactions, including, amongst other, applicable requirements from Regulation (EU)
No 910/2014 [i.15].
ETSI
7 ETSI EN 319 102-1 V1.1.1 (2016-05)
1 Scope
The present document specifies procedures for:
• the creation of AdES digital signatures (specified in ETSI EN 319 122-1 [i.2], ETSI EN 319 132-1 [i.4], ETSI
EN 319 142-1 [i.6] respectively);
• establishing whether an AdES digital signature is technically valid;
whenever the AdES digital signature is based on public key cryptography and supported by public key certificates. To
improve readability of the present document, AdES digital signatures are meant when the term signature is being used.
NOTE 1: Regulation (EU) No 910/2014 [i.15] defines the terms electronic signature, advanced electronic signature,
electronic seals and advanced electronic seal. These signatures and seals are usually created using digital
signature technology. The present document aims at supporting the Regulation (EU) No 910/2014 [i.15]
for creation and validation of advanced electronic signatures and seals when they are implemented as
AdES digital signatures.
The present document introduces general principles, objects and functions relevant when creating or validating
signatures based on signature creation and validation constraints and defines general classes of signatures that allow for
verifiability over long periods.
The following aspects are considered to be out of scope:
• generation and distribution of Signature Creation Data (keys, etc.), and the selection and use of cryptographic
algorithms;
• format, syntax or encoding of data objects involved, specifically format or encoding for documents to be
signed or signatures created; and
• the legal interpretation of any signature, especially the legal validity of a signature.
NOTE 2: The signature creation and validation procedures specified in the present document provide several
options and possibilities. The selection of these options is driven by a signature creation policy, a
signature augmentation policy or a signature validation policy respectively. Note that legal requirements
can be provided through specific policies, e.g. in the context of qualified electronic signatures as defined
in the Regulation (EU) 910/2014 [i.15].
2 References
2.1 Normative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
Referenced documents which are not found to be publicly available in the expected location might be found at
http://docbox.etsi.org/Reference.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are necessary for the application of the present document.
[1] IETF RFC 5280: "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation
List (CRL) Profile".
[2] ISO/IEC 9594-8:2014: "Information technology -- Open Systems Interconnection -- The
Directory -- Part 8: Public-key and attribute certificate frameworks".
[3] IETF RFC 3161: "Internet X.509 Public Key Infrastructure; Time Stamp Protocol (TSP)".
ETSI
8 ETSI EN 319 102-1 V1.1.1 (2016-05)
[4] ETSI TS 119 172-1: "Electronic Signatures and Infrastructures (ESI); Signature Policies;
Part 1: Building blocks and table of contents for human readable signature policy documents".
[5] Common PKI Specifications for Interoperable Applications from T7 & Teletrust, Specification
Part 9 SigG-Profile, Version 2.0, 20 January 2009.
2.2 Informative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are not necessary for the application of the present document but they assist the
user with regard to a particular subject area.
[i.1] IETF RFC 4158: "Internet X.509 Public Key Infrastructure: Certification Path Building".
[i.2] ETSI EN 319 122-1: "Electronic Signatures and Infrastructures (ESI); CAdES digital signatures;
Part 1: Building blocks and CAdES baseline signatures".
[i.3] ETSI EN 319 122-2: "Electronic Signatures and Infrastructures (ESI); CAdES digital signatures;
Part 2: Extended CAdES signatures".
[i.4] ETSI EN 319 132-1: "Electronic Signatures and Infrastructures (ESI); XAdES digital signatures;
Part 1: Building blocks and XAdES baseline signatures".
[i.5] ETSI EN 319 132-2: "Electronic Signatures and Infrastructures (ESI); XAdES digital signatures;
Part 2: Extended XAdES signatures".
[i.6] ETSI EN 319 142-1: "Electronic Signatures and Infrastructures (ESI); PAdES digital signatures;
Part 1: Building blocks and PAdES baseline signatures".
[i.7] ETSI EN 319 142-2: "Electronic Signatures and Infrastructures (ESI); PAdES digital signatures;
Part 2: Additional PAdES signatures profiles".
[i.8] IETF RFC 5652: "Cryptographic Message Syntax (CMS)".
[i.9] IETF RFC 4998: "Evidence Record Syntax (ERS)".
[i.10] IETF RFC 6283: "Extensible Markup Language Evidence Record Syntax (XMLERS)".
[i.11] Void.
[i.12] IETF RFC 6960: "X.509 Internet Public Key Infrastructure Online Certificate Status
Protocol - OCSP".
[i.13] ETSI EN 319 422: "Electronic Signatures and Infrastructures (ESI); Time-stamping protocol and
time-stamp token profiles".
[i.14] ECRYPT II Yearly Report on Algorithms and Keysizes (2010-2011), Revision 1.0, 30. June 2011.
[i.15] Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on
electronic identification and trust services for electronic transactions in the internal market and
repealing Directive 1999/93/EC.
[i.16] IETF RFC 3852: "Cryptographic Message Syntax (CMS)".
ETSI
9 ETSI EN 319 102-1 V1.1.1 (2016-05)
3 Definitions and abbreviations
3.1 Definitions
For the purposes of the present document, the following terms and definitions apply:
attribute authority: authority which assigns privileges by issuing attribute certificates
attribute certificate: data structure, digitally signed by an attribute authority, that binds some attribute values with
identification information about its holder
certificate: See public key certificate.
certificate identifier: unambiguous identifier of a certificate
certificate path (chain) validation: process of verifying and confirming that a certificate path (chain) is valid
certificate revocation list: signed list indicating a set of certificates that are no longer considered valid by the
certificate issuer
certificate validation: process of verifying and confirming that a certificate is valid
certification authority: authority trusted by one or more users to create and assign public-key certificates
chain model: model for validation of X.509 certificate chains where all CA certificates have to be valid at the time they
were used for issuing a certificate and the end-entity certificate was valid when creating the signature
claimed signing time: time of signing claimed by the signer which on its own does not provide independent evidence
of the actual signing time
(signature) commitment type: signer-selected indication of the exact implication of a digital signature
(signature) creation constraints: abstract formulation of rules, values, ranges and computation results that are used
when creating a digital signature
cryptographic suite: combination of a signature scheme with a padding method and a cryptographic hash function
detached (digital) signature: digital signature that, with respect to the signed data object, is neither enveloping nor
enveloped
digital signature: data appended to, or a cryptographic transformation of a data unit that allows a recipient of the data
unit to prove the source and integrity of the data unit and protect against forgery e.g. by the recipient
digital signature value: result of the cryptographic transformation of a data unit that allows a recipient of the data unit
to prove the source and integrity of the data unit and protect against forgery e.g. by the recipient
driving application: application that uses a signature creation system to create a signature or a signature validation
application in order to validate digital signatures or a signature augmentation application to augment digital signatures
electronic document: any content stored in electronic form, in particular text or sound, visual or audiovisual recording
enveloped (digital) signature: digital signature embedded within the signed data object
enveloping (digital) signature: digital signature embedding the signed data object
evidence: information that can be used to resolve a dispute about various aspects of authenticity of archived data
objects
evidence record: unit of data, which can be used to prove the existence of an archived data object or an archived data
object group at a certain time
NOTE: See IETF RFC 4998 [i.9] and IETF RFC 6283 [i.10].
proof of existence: evidence that proves that an object existed at a specific date/time
ETSI
10 ETSI EN 319 102-1 V1.1.1 (2016-05)
prospective certificate chain: sequence of n certificates which satisfies the conditions (a) to (c) in IETF RFC 5280 [1]
clause 6.1, and the trust anchor is trusted according to the signature validation policy in use
public key certificate: public key of an entity, together with some other information, rendered unforgeable by digital
signature with the private key of the certification authority which issued it
shell model: model for validation of X.509 certificate chains where all certificates have to be valid at a given time
NOTE: The given time is an input parameter to the validation.
signature attribute: signature property
signature augmentation: process of incorporating to a digital signature information aiming to maintain the validity of
that signature over the long term
NOTE: Augmenting signatures is a co-lateral process to the validation of signatures, namely the process by which
certain material (e.g. time-stamps, validation data and even archival-related material) is incorporated to
the signatures for making them more resilient to change or for enlarging their longevity.
signature augmentation policy: set of rules, applicable to one or more digital signatures, that defines the technical and
procedural requirements for their augmentation, in order to meet a particular business need, and under which the digital
signature(s) can be determined to be conformant
(signature) constraints: abstract formulation of rules, values, ranges and computation results that a digital signature
can be validated against
NOTE: Constraints can be defined in a formal signature policy, can be given in configuration parameter files or
implied by the behaviour of the SVA.
signature creation application: application within the signature creation system, complementing the signature creation
device, that creates a signature data object
signature creation data: unique data, such as codes or private cryptographic keys, which are used by the signer to
create a digital signature value
signature creation device: configured software or hardware used to implement the signature creation data and to create
a digital signature value
signature creation environment: physical, geographical and computational environment of the signature creation
system
signature creation policy: set of rules, applicable to one or more digital signatures, that defines the technical and
procedural requirements for their creation, in order to meet a particular business need, and under which the digital
signature(s) can be determined to be conformant
signature creation system: overall system, consisting of the sign
...

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.Elektronski podpisi in infrastruktura (ESI) - Postopki za oblikovanje in validacijo digitalnih podpisov AdES - 1. del: Oblikovanje in validacijaElectronic Signatures and Infrastructures (ESI) - Procedures for Creation and Validation of AdES Digital Signatures - Part 1: Creation and Validation35.040.01Kodiranje informacij na splošnoInformation coding in generalICS:Ta slovenski standard je istoveten z:ETSI EN 319 102-1 V1.1.1 (2016-05)SIST EN 319 102-1 V1.1.1:2016en01-julij-2016SIST EN 319 102-1 V1.1.1:2016SLOVENSKI
STANDARD
EUROPEAN STANDARD SIST EN 319 102-1 V1.1.1:2016

ETSI ETSI EN 319 102-1 V1.1.1 (2016-05) 2
Reference DEN/ESI-0019102-1 Keywords electronic signature, security, trust services ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE
Tel.: +33 4 92 94 42 00
Fax: +33 4 93 65 47 16
Siret N° 348 623 562 00017 - NAF 742 C Association à but non lucratif enregistrée à la Sous-Préfecture de Grasse (06) N° 7803/88
Important notice The present document can be downloaded from: http://www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https://portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media.
© European Telecommunications Standards Institute 2016. All rights reserved.
DECTTM, PLUGTESTSTM, UMTSTM and the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE™ are Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM® and the GSM logo are Trade Marks registered and owned by the GSM Association. SIST EN 319 102-1 V1.1.1:2016

ETSI ETSI EN 319 102-1 V1.1.1 (2016-05) 3 Contents Intellectual Property Rights . 6 Foreword . 6 Modal verbs terminology . 6 Introduction . 6 1 Scope . 7 2 References . 7 2.1 Normative references . 7 2.2 Informative references . 8 3 Definitions and abbreviations . 9 3.1 Definitions . 9 3.2 Abbreviations . 11 4 Signature creation . 12 4.1 Signature creation model . 12 4.2 Signature creation information model . 13 4.2.1 Introduction. 13 4.2.2 Signature Creation Constraints . 14 4.2.3 Signer's document (SD) . 14 4.2.4 Signer's document representation (SDR) . 15 4.2.5 Signature attributes . 15 4.2.5.1 General requirements . 15 4.2.5.2 Signing certificate identifier . 15 4.2.5.3 Signature policy identifier . 16 4.2.5.4 Signature policy store . 16 4.2.5.5 Data content type . 16 4.2.5.6 Commitment type indication . 16 4.2.5.7 Counter signatures . 17 4.2.5.8 Claimed signing time . 17 4.2.5.9 Claimed signer location . 17 4.2.5.10 Signer's attributes . 17 4.2.6 Data to be signed (DTBS) . 17 4.2.7 Data to be signed (formatted) (DTBSF) . 18 4.2.8 Data to be signed representation (DTBSR) . 18 4.2.9 Signature . 18 4.2.10 Signed data object (SDO) . 18 4.2.11 Validation data . 18 4.3 Signature Classes and Creation Processes . 19 4.3.1 Introduction. 19 4.3.2 Creation of Basic Signatures . 20 4.3.2.1 Description . 20 4.3.2.2 Inputs . 20 4.3.2.3 Outputs . 20 4.3.2.4 Processing . 20 4.3.2.4.1 Selection of documents to sign . 20 4.3.2.4.2 Signature attribute and parameters selection . 21 4.3.2.4.3 Pre-signature presentation . 21 4.3.2.4.4 Signature invocation . 21 4.3.2.4.5 Signing. 22 4.3.2.4.6 Signer authentication . 22 4.3.2.4.7 SDO composition . 22 4.3.3 Creation of a Signature with Time . 22 4.3.3.1 Description . 22 4.3.3.2 Inputs . 23 4.3.3.3 Outputs . 23 4.3.3.4 Process . 23 4.3.4 Creation of Signatures with Long-Term Validation Material . 24 SIST EN 319 102-1 V1.1.1:2016

ETSI ETSI EN 319 102-1 V1.1.1 (2016-05) 4 4.3.4.1 Description . 24 4.3.4.2 Inputs . 24 4.3.4.3 Outputs . 24 4.3.4.4 Process . 24 4.3.5 Creation of Signatures providing Long Term Availability and Integrity of Validation Material . 25 4.3.5.1 Description . 25 4.3.5.2 Inputs . 25 4.3.5.3 Outputs . 26 4.3.5.4 Process . 26 5 Signature validation . 26 5.1 Signature validation model . 26 5.1.1 General requirements . 26 5.1.2 Selecting validation processes . 29 5.1.3 Status indication of the signature validation process and signature validation report. 30 5.1.4 Validation constraints . 35 5.1.4.1 General requirements . 35 5.1.4.2 X.509 Validation Constraints . 36 5.1.4.3 Cryptographic Constraints . 36 5.1.4.4 Signature Elements Constraints . 36 5.2 Basic building blocks . 37 5.2.1 Description . 37 5.2.2 Format Checking . 37 5.2.2.1 Description . 37 5.2.2.2 Inputs . 37 5.2.2.3 Outputs . 37 5.2.3 Identification of the signing certificate . 38 5.2.3.1 Description . 38 5.2.3.2 Inputs . 38 5.2.3.3 Outputs . 38 5.2.3.4 Processing . 38 5.2.4 Validation context initialization . 38 5.2.4.1 Description . 38 5.2.4.2 Inputs . 39 5.2.4.3 Outputs . 39 5.2.4.4 Processing . 39 5.2.5 Revocation freshness checker . 40 5.2.5.1 Description . 40 5.2.5.2 Inputs . 40 5.2.5.3 Output . 41 5.2.5.4 Processing . 41 5.2.6 X.509 certificate validation . 41 5.2.6.1 Description . 41 5.2.6.2 Inputs . 42 5.2.6.3 Outputs . 42 5.2.6.4 Processing . 42 5.2.7 Cryptographic verification . 44 5.2.7.1 Description . 44 5.2.7.2 Inputs . 44 5.2.7.3 Outputs . 44 5.2.7.4 Processing . 44 5.2.8 Signature acceptance validation (SAV) . 45 5.2.8.1 Description . 45 5.2.8.2 Inputs . 45 5.2.8.3 Outputs . 45 5.2.8.4 Processing . 46 5.2.8.4.1 General requirements . 46 5.2.8.4.2 Processing AdES attributes . 46 5.2.9 Signature validation presentation building block . 48 5.3 Validation process for Basic Signatures . 48 5.3.1 Description . 48 5.3.2 Inputs . 48 SIST EN 319 102-1 V1.1.1:2016

ETSI ETSI EN 319 102-1 V1.1.1 (2016-05) 5 5.3.3 Outputs . 48 5.3.4 Processing . 49 5.4 Time-stamp validation building block . 51 5.4.1 Description . 51 5.4.2 Inputs . 51 5.4.3 Outputs . 51 5.4.4 Processing . 51 5.5 Validation process for Signatures with Time and Signatures with Long-Term Validation Material . 51 5.5.1 Description . 51 5.5.2 Inputs . 52 5.5.3 Outputs . 52 5.5.4 Processing . 52 5.6 Validation process for Signatures providing Long Term Availability and Integrity of Validation Material . 54 5.6.1 Introduction. 54 5.6.2 Additional building blocks . 55 5.6.2.1 Past certificate validation . 55 5.6.2.1.1 Description . 55 5.6.2.1.2 Input . 55 5.6.2.1.3 Output . 55 5.6.2.1.4 Processing . 56 5.6.2.2 Validation time sliding process . 56 5.6.2.2.1 Description . 56 5.6.2.2.2 Input . 56 5.6.2.2.3 Output . 57 5.6.2.2.4 Processing . 57 5.6.2.3 POE extraction . 58 5.6.2.3.1 Description . 58 5.6.2.3.2 Input . 58 5.6.2.3.3 Output . 59 5.6.2.3.4 Processing . 59 5.6.2.4 Past signature validation building block . 59 5.6.2.4.1 Description . 59 5.6.2.4.2 Input . 59 5.6.2.4.3 Output . 59 5.6.2.4.4 Processing . 59 5.6.3 Validation Process for Signatures providing Long Term Availability and Integrity of Validation Material . 60 5.6.3.1 Description . 60 5.6.3.2 Input . 61 5.6.3.3 Output . 61 5.6.3.4 Processing . 61 Annex A (informative): Validation examples . 64 A.1 General remarks and assumptions . 64 A.2 Symbols . 64 A.3 Example 1: Revoked certificate . 65 A.3.1 Introduction . 65 A.3.2 Basic signature validation . 65 A.3.3 Validating a Signature with Time . 65 A.3.4 Example 2: Revoked CA certificate . 66 A.3.5 Basic signature validation . 67 A.3.6 Validation of a Signature with Time . 67 A.3.7 Long-Term Validation . 67 Annex B (informative): Signature Classes and AdES Signatures . 71 Annex C (informative): Conformance Checking . 72 History . 74
ETSI ETSI EN 319 102-1 V1.1.1 (2016-05) 6 Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https://ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This European Standard (EN) has been produced by ETSI Technical Committee Electronic Signatures and Infrastructures (ESI). The present document is part 1 of a multi-part deliverable covering Procedures for Creation and Validation of AdES Digital Signatures, as identified below: Part 1: "Creation and Validation"; Part 2: "Signature Validation Report".
National transposition dates Date of adoption of this EN: 29 April 2016 Date of latest announcement of this EN (doa): 31 July 2016 Date of latest publication of new National Standard or endorsement of this EN (dop/e):
31 January 2017 Date of withdrawal of any conflicting National Standard (dow): 31 January 2017
Modal verbs terminology In the present document "shall", "shall not", "should", "should not", "may", "need not", "will", "will not", "can" and "cannot" are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). "must" and "must not" are NOT allowed in ETSI deliverables except when used in direct citation. Introduction The present document aims to meet the general requirements of the international community to provide trust and confidence in electronic transactions, including, amongst other, applicable requirements from Regulation (EU) No 910/2014 [i.15]. SIST EN 319 102-1 V1.1.1:2016

ETSI ETSI EN 319 102-1 V1.1.1 (2016-05) 7 1 Scope The present document specifies procedures for: • the creation of AdES digital signatures (specified in ETSI EN 319 122-1 [i.2], ETSI EN 319 132-1 [i.4], ETSI EN 319 142-1 [i.6] respectively); • establishing whether an AdES digital signature is technically valid; whenever the AdES digital signature is based on public key cryptography and supported by public key certificates. To improve readability of the present document, AdES digital signatures are meant when the term signature is being used.
NOTE 1: Regulation (EU) No 910/2014 [i.15] defines the terms electronic signature, advanced electronic signature, electronic seals and advanced electronic seal. These signatures and seals are usually created using digital signature technology. The present document aims at supporting the Regulation (EU) No 910/2014 [i.15] for creation and validation of advanced electronic signatures and seals when they are implemented as AdES digital signatures. The present document introduces general principles, objects and functions relevant when creating or validating signatures based on signature creation and validation constraints and defines general classes of signatures that allow for verifiability over long periods. The following aspects are considered to be out of scope: • generation and distribution of Signature Creation Data (keys, etc.), and the selection and use of cryptographic algorithms; • format, syntax or encoding of data objects involved, specifically format or encoding for documents to be signed or signatures created; and • the legal interpretation of any signature, especially the legal validity of a signature. NOTE 2: The signature creation and validation procedures specified in the present document provide several options and possibilities. The selection of these options is driven by a signature creation policy, a signature augmentation policy or a signature validation policy respectively. Note that legal requirements can be provided through specific policies, e.g. in the context of qualified electronic signatures as defined in the Regulation (EU) 910/2014 [i.15]. 2 References 2.1 Normative references References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. Referenced documents which are not found to be publicly available in the expected location might be found at http://docbox.etsi.org/Reference. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are necessary for the application of the present document. [1] IETF RFC 5280: "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile". [2] ISO/IEC 9594-8:2014: "Information technology -- Open Systems Interconnection -- The Directory -- Part 8: Public-key and attribute certificate frameworks". [3] IETF RFC 3161: "Internet X.509 Public Key Infrastructure; Time Stamp Protocol (TSP)". SIST EN 319 102-1 V1.1.1:2016

ETSI ETSI EN 319 102-1 V1.1.1 (2016-05) 8 [4] ETSI TS 119 172-1: "Electronic Signatures and Infrastructures (ESI); Signature Policies; Part 1: Building blocks and table of contents for human readable signature policy documents". [5] Common PKI Specifications for Interoperable Applications from T7 & Teletrust, Specification Part 9 SigG-Profile, Version 2.0, 20 January 2009. 2.2 Informative references References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are not necessary for the application of the present document but they assist the user with regard to a particular subject area. [i.1] IETF RFC 4158: "Internet X.509 Public Key Infrastructure: Certification Path Building". [i.2] ETSI EN 319 122-1: "Electronic Signatures and Infrastructures (ESI); CAdES digital signatures; Part 1: Building blocks and CAdES baseline signatures". [i.3] ETSI EN 319 122-2: "Electronic Signatures and Infrastructures (ESI); CAdES digital signatures; Part 2: Extended CAdES signatures". [i.4] ETSI EN 319 132-1: "Electronic Signatures and Infrastructures (ESI); XAdES digital signatures; Part 1: Building blocks and XAdES baseline signatures". [i.5] ETSI EN 319 132-2: "Electronic Signatures and Infrastructures (ESI); XAdES digital signatures; Part 2: Extended XAdES signatures". [i.6] ETSI EN 319 142-1: "Electronic Signatures and Infrastructures (ESI); PAdES digital signatures; Part 1: Building blocks and PAdES baseline signatures". [i.7] ETSI EN 319 142-2: "Electronic Signatures and Infrastructures (ESI); PAdES digital signatures; Part 2: Additional PAdES signatures profiles". [i.8] IETF RFC 5652: "Cryptographic Message Syntax (CMS)". [i.9] IETF RFC 4998: "Evidence Record Syntax (ERS)". [i.10] IETF RFC 6283: "Extensible Markup Language Evidence Record Syntax (XMLERS)". [i.11] Void. [i.12] IETF RFC 6960: "X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP". [i.13] ETSI EN 319 422: "Electronic Signatures and Infrastructures (ESI); Time-stamping protocol and time-stamp token profiles". [i.14] ECRYPT II Yearly Report on Algorithms and Keysizes (2010-2011), Revision 1.0, 30. June 2011. [i.15] Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC. [i.16] IETF RFC 3852: "Cryptographic Message Syntax (CMS)". SIST EN 319 102-1 V1.1.1:2016

ETSI ETSI EN 319 102-1 V1.1.1 (2016-05) 9 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the following terms and definitions apply: attribute authority: authority which assigns privileges by issuing attribute certificates attribute certificate: data structure, digitally signed by an attribute authority, that binds some attribute values with identification information about its holder certificate: See public key certificate. certificate identifier: unambiguous identifier of a certificate certificate path (chain) validation: process of verifying and confirming that a certificate path (chain) is valid certificate revocation list: signed list indicating a set of certificates that are no longer considered valid by the certificate issuer certificate validation: process of verifying and confirming that a certificate is valid certification authority: authority trusted by one or more users to create and assign public-key certificates chain model: model for validation of X.509 certificate chains where all CA certificates have to be valid at the time they were used for issuing a certificate and the end-entity certificate was valid when creating the signature claimed signing time: time of signing claimed by the signer which on its own does not provide independent evidence of the actual signing time (signature) commitment type: signer-selected indication of the exact implication of a digital signature (signature) creation constraints: abstract formulation of rules, values, ranges and computation results that are used when creating a digital signature cryptographic suite: combination of a signature scheme with a padding method and a cryptographic hash function detached (digital) signature: digital signature that, with respect to the signed data object, is neither enveloping nor enveloped digital signature: data appended to, or a cryptographic transformation of a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery e.g. by the recipient digital signature value: result of the cryptographic transformation of a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery e.g. by the recipient driving application: application that uses a signature creation system to create a signature or a signature validation application in order to validate digital signatures or a signature augmentation application to augment digital signatures electronic document: any content stored in electronic form, in particular text or sound, visual or audiovisual recording enveloped (digital) signature: digital signature embedded within the signed data object enveloping (digital) signature: digital signature embedding the signed data object evidence: information that can be used to resolve a dispute about various aspects of authenticity of archived data objects evidence record: unit of data, which can be used to prove the existence of an archived data object or an archived data object group at a certain time NOTE: See IETF RFC 4998 [i.9] and IETF RFC 6283 [i.10]. proof of existence: evidence that proves that an object existed at a specific date/time SIST EN 319 102-1 V1.1.1:2016

ETSI ETSI EN 319 102-1 V1.1.1 (2016-05) 10 prospective certificate chain: sequence of n certificates which satisfies the conditions (a) to (c) in IETF RFC 5280 [1] clause 6.1, and the trust anchor is trusted according to the signature validation policy in use public key certificate: public key of an entity, together with some other information, rendered unforgeable by digital signature with the private key of the certification authority which issued it shell model: model for validation of X.509 certificate chains where all certificates have to be valid at a given time
NOTE: The given time is an input parameter to the validation. signature attribute: signature property signature augmentation: process of incorporating to a digital signature information aiming to maintain the validity of that signature over the long term NOTE: Augmenting signatures is a co-lateral process to the validation of signatures, namely the process by which certain material (e.g. time-stamps, validation data and even archival-related material) is incorporated to the signatures for making them more resilient to change or for enlarging their longevity. signature augmentation policy: set of rules, applicable to one or more digital signatures, that defines the technical and procedural requirements for their augmentation, in order to meet a particular business need, and under which the digital signature(s) can be determined to be conformant (signature) constraints: abstract formulation of rules, values, ranges and computation results that a digital signature can be validated against NOTE: Constraints can be defined in a formal signature policy, can be given in configuration parameter files or implied by the behaviour of the SVA. signature creation application: application within the signature creation system, complementing the signature creation device, that creates a signature data object signature creation data: unique data, such as codes or private cryptographic keys, which are used by the signer to create a digital signature value signature creation device: configured software or hardware used to implement the signature creation data and to create a digital signature value signature creation environment: physical, geographical and computational environment of the signature creation system signature creation policy: set of rules, applicable to one or more digital signatures, that defines the technical and procedural requirements for their creation, in order to meet a particular business need, and under which the digital signature(s) can be determined to be conformant signature creation system: overall system, consisting of the
...