ETSI TS 101 733 V1.7.4 (2008-07)

ETSI TS 101 733 V1.7.4 (2008-07)
Technical Specification


Electronic Signatures and Infrastructures (ESI);
CMS Advanced Electronic Signatures (CAdES)

---------------------- Page: 1 ----------------------
2 ETSI TS 101 733 V1.7.4 (2008-07)



Reference
RTS/ESI-000061
Keywords
e-commerce, electronic signature, security
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88

Important notice
Individual copies of the present document can be downloaded from:
http://www.etsi.org
The present document may be made available in more than one electronic version or in print. In any case of existing or
perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF).
In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive
within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
http://portal.etsi.org/tb/status/status.asp
If you find errors in the present document, please send your comment to one of the following services:
http://portal.etsi.org/chaircor/ETSI_support.asp
Copyright Notification
No part may be reproduced except as authorized by written permission.
The copyright and the foregoing restriction extend to reproduction in all media.

© European Telecommunications Standards Institute 2008.
All rights reserved.

TM TM TM TM
DECT , PLUGTESTS , UMTS , TIPHON , the TIPHON logo and the ETSI logo are Trade Marks of ETSI registered
for the benefit of its Members.
TM
3GPP is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners.
ETSI

---------------------- Page: 2 ----------------------
3 ETSI TS 101 733 V1.7.4 (2008-07)
Contents
Intellectual Property Rights.7
Foreword.7
Introduction .7
1 Scope.8
2 References.9
2.1 Normative references.9
2.2 Informative references.10
3 Definitions and abbreviations.12
3.1 Definitions.12
3.2 Abbreviations.14
4 Overview.15
4.1 Major Parties.15
4.2 Signature Policies.16
4.3 Electronic Signature Formats .16
4.3.1 CAdES Basic Electronic Signature (CAdES-BES) .16
4.3.2 CAdES Explicit Policy-based Electronic Signatures (CAdES-EPES).18
4.4 Electronic Signature Formats with Validation Data.19
4.4.1 Electronic Signature with Time (CAdES-T).19
4.4.2 ES with Complete Validation Data References (CAdES-C) .20
4.4.3 Extended Electronic Signature Formats.21
4.4.3.1 EXtended Long Electronic Signature (CAdES-X Long) .22
4.4.3.2 EXtended Electronic Signature with Time Type 1 (CAdES-X Type 1) .22
4.4.3.3 EXtended Electronic Signature with Time Type 2 (CAdES-X Type 2) .23
4.4.3.4 EXtended Long Electronic Signature with Time (CAdES-X Long Type 1 or 2).23
4.4.4 Archival Electronic Signature (CAdES-A).24
4.5 Arbitration.24
4.6 Validation Process.24
5 Electronic Signature Attributes .25
5.1 General Syntax.25
5.2 Data Content Type.25
5.3 Signed-data Content Type .25
5.4 SignedData Type.25
5.5 EncapsulatedContentInfo Type.26
5.6 SignerInfo Type.26
5.6.1 Message Digest Calculation Process.26
5.6.2 Message Signature Generation Process .26
5.6.3 Message Signature Verification Process.26
5.7 Basic ES Mandatory Present Attributes .26
5.7.1 content-type.27
5.7.2 Message Digest.27
5.7.3 Signing Certificate Reference Attributes .27
5.7.3.1 ESS signing-certificate Attribute Definition .27
5.7.3.2 ESS signing-certificate-v2 Attribute Definition.28
5.7.3.3 Other signing-certificate Attribute Definition.28
5.8 Additional Mandatory Attributes for Explicit Policy-based Electronic Signatures.29
5.8.1 signature-policy-identifier.29
5.9 CMS Imported Optional Attributes .30
5.9.1 signing-time.30
5.9.2 countersignature.30
5.10 ESS-Imported Optional Attributes .30
5.10.1 content-reference Attribute.31
5.10.2 content-identifier Attribute.31
5.10.3 content-hints Attribute.31
ETSI

---------------------- Page: 3 ----------------------
4 ETSI TS 101 733 V1.7.4 (2008-07)
5.11 Additional Optional Attributes Defined in the Present Document .32
5.11.1 commitment-type-indication Attribute.32
5.11.2 signer-location Attribute.33
5.11.3 signer-attributes Attribute.33
5.11.4 content-time-stamp Attribute.34
5.12 Support for Multiple Signatures .34
5.12.1 Independent Signatures.34
5.12.2 Embedded Signatures.34
6 Additional Electronic Signature Validation Attributes .35
6.1 signature time-stamp Attribute (CAdES-T) .36
6.1.1 signature-time-stamp Attribute Definition.36
6.2 Complete Validation Data References (CAdES-C).36
6.2.1 complete-certificate-references Attribute Definition .37
6.2.2 complete-revocation-references Attribute Definition .37
6.2.3 attribute-certificate-references Attribute Definition .38
6.2.4 attribute-revocation-references Attribute Definition.39
6.3 Extended Validation Data (CAdES-X).39
6.3.1 Time-Stamped Validation Data (CAdES-X Type 1 or Type 2).39
6.3.2 Long Validation Data (CAdES-X Long, CAdES-X Long Type 1 or 2) .39
6.3.3 certificate-values Attribute Definition .40
6.3.4 revocation-values Attribute Definition .40
6.3.5 CAdES-C-time-stamp Attribute Definition .41
6.3.6 time-stamped-certs-crls-references Attribute Definition .41
6.4 Archive Validation Data.42
6.4.1 archive-time-stamp Attribute Definition.42
7 Other Standard Data Structures.43
7.1 Public Key Certificate Format.43
7.2 Certificate Revocation List Format .43
7.3 OCSP Response Format .44
7.4 Time-Stamp Token Format .44
7.5 Name and Attribute Formats .44
7.6 Attribute Certificate.44
8 Conformance Requirements.44
8.1 CAdES-Basic Electronic Signature (CAdES-BES).45
8.2 CAdES-Explicit Policy-based Electronic Signature.45
8.3 Verification Using Time-Stamping .45
8.4 Verification Using Secure Records .46
Annex A (normative): ASN.1 Definitions.47
A.1 Signature Format Definitions Using X.208 ASN.1 Syntax.47
A.2 Signature Format Definitions Using X.680 ASN.1 Syntax.52
Annex B (informative): Extended Forms of Electronic Signatures .58
B.1 Extended Forms of Validation Data.58
B.1.1 CAdES-X Long.58
B.1.2 CAdES-X Type 1 .59
B.1.3 CAdES-X Type 2 .60
B.1.4 CAdES-X Long Type 1 and CAdES-X Long Type 2 .61
B.2 Time-Stamp Extensions.62
B.3 Archive Validation Data (CAdES-A).62
B.4 Example Validation Sequence.64
B.5 Additional Optional Features .67
Annex C (informative): General Description.68
C.1 The Signature Policy .68
ETSI

---------------------- Page: 4 ----------------------
5 ETSI TS 101 733 V1.7.4 (2008-07)
C.2 Signed Information.69
C.3 Components of an Electronic Signature.69
C.3.1 Reference to the Signature Policy .69
C.3.2 Commitment Type Indication.69
C.3.3 Certificate Identifier from the Signer .70
C.3.4 Role Attributes.70
C.3.4.1 Claimed Role.70
C.3.4.2 Certified Role.70
C.3.5 Signer Location.71
C.3.6 Signing Time.71
C.3.7 Content Format.71
C.3.8 content-hints.71
C.3.9 Content Cross-Referencing.71
C.4 Components of Validation Data.71
C.4.1 Revocation Status Information .71
C.4.1.1 CRL Information.72
C.4.1.2 OCSP Information.72
C.4.2 Certification Path.72
C.4.3 Time-Stamping for Long Life of Signatures .73
C.4.4 Time-Stamping for Long Life of Signature before CA Key Compromises .73
C.4.4.1 Time-Stamping the ES with Complete Validation Data (CAdES-X Type 1).74
C.4.4.2 Time-Stamping Certificates and Revocation Information References (CAdES-X Type 2).74
C.4.5 Time-Stamping for Archive of Signature.75
C.4.6 Reference to Additional Data .75
C.4.7 Time-Stamping for Mutual Recognition .76
C.4.8 TSA Key Compromise.76
C.5 Multiple Signatures .76
Annex D (informative): Data Protocols to Interoperate with TSPs.78
D.1 Operational Protocols.78
D.1.1 Certificate Retrieval.78
D.1.2 CRL Retrieval.78
D.1.3 Online Certificate Status .78
D.1.4 Time-Stamping.78
D.2 Management Protocols.78
D.2.1 Request for Certificate Revocation .78
Annex E (informative): Security Considerations .79
E.1 Protection of Private Key .79
E.2 Choice of Algorithms.79
Annex F (informative): Example Structured Contents and MIME .80
F.1 Use of MIME to Encode Data.80
F.1.1 Header Information.80
F.1.2 Content Encoding.81
F.1.3 Multi-Part Content.81
F.2 S/MIME.81
F.2.1 Using application/pkcs7-mime.82
F.2.2 Using application/pkcs7-signature.83
Annex G (informative): Relationship to the European Directive and EESSI .84
G.1 Introduction.84
G.2 Electronic Signatures and the Directive .84
G.3 ETSI Electronic Signature Formats and the Directive .85
ETSI

---------------------- Page: 5 ----------------------
6 ETSI TS 101 733 V1.7.4 (2008-07)
G.4 EESSI Standards and Classes of Electronic Signature.85
G.4.1 Structure of EESSI Standardization .85
G.4.2 Classes of Electronic Signatures .85
G.4.3 Electronic Signature Classes and the ETSI Electronic Signature Format .86
Annex H (informative): APIs for the Generation and Verification of Electronic Signatures
Tokens.87
H.1 Data Framing.87
H.2 IDUP-GSS-APIs Defined by the IETF.88
H.3 CORBA Security Interfaces Defined by the OMG .89
Annex I (informative): Cryptographic Algorithms.90
I.1 Digest Algorithms .90
I.1.1 SHA-1.90
I.1.2 General.90
I.2 Digital Signature Algorithms .91
I.2.1 DSA.91
I.2.2 RSA.91
I.2.3 General.91
Annex J (informative): Guidance on Naming .93
J.1 Allocation of Names.93
J.2 Providing Access to Registration Information .93
J.3 Naming Schemes.94
J.3.1 Naming Schemes for Individual Citizens.94
J.3.2 Naming Schemes for Employees of an Organization.94
Annex K (informative): Changes from the previous version.95
Annex L (informative): Bibliography.96
History .97

ETSI

---------------------- Page: 6 ----------------------
7 ETSI TS 101 733 V1.7.4 (2008-07)
Intellectual Property Rights
IPRs es
...