ETSI EN 319 102-1 V1.2.3 (2021-08)

Draft ETSI EN 319 102-1 V1.2.3 (2021-07)
EUROPEAN STANDARD
Electronic Signatures and Infrastructures (ESI);
Procedures for Creation and Validation
of AdES Digital Signatures;
Part 1: Creation and Validation
---------------------- Page: 1 ----------------------
2 Draft ETSI EN 319 102-1 V1.2.3 (2021-07)
Reference
REN/ESI-0019102-1v121
Keywords
electronic signature, security, trust services
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE
Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16
Siret N° 348 623 562 00017 - APE 7112B
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° w061004871
Important notice
The present document can be downloaded from:
http://www.etsi.org/standards-search

The present document may be made available in electronic versions and/or in print. The content of any electronic and/or

print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any

existing or perceived difference in contents between such versions and/or in print, the prevailing version of an ETSI

deliverable is the one made publicly available in PDF format at www.etsi.org/deliver.

Users of the present document should be aware that the document may be subject to revision or change of status.

Information on the current status of this and other ETSI documents is available at

If you find errors in the present document, please send your comment to one of the following services:

The information provided in the present deliverable is directed solely to professionals who have the appropriate degree of

experience to understand and interpret its content in accordance with generally accepted engineering or

No recommendation as to products and services or vendors is made or should be implied.

In no event shall ETSI be held liable for loss of profits or any other incidental or consequential damages.

Any software contained in this deliverable is provided "AS IS" with no warranties, express or implied, including but not

limited to, the warranties of merchantability, fitness for a particular purpose and non-infringement of intellectual property

rights and ETSI shall not be held liable in any event for any damages whatsoever (including, without limitation, damages

for loss of profits, business interruption, loss of information, or any other pecuniary loss) arising out of or related to the use

No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and

The content of the PDF version shall not be modified without the written authorization of ETSI.

Intellectual Property Rights ................................................................................................................................ 7

Foreword ............................................................................................................................................................. 7

Modal verbs terminology .................................................................................................................................... 7

Introduction ........................................................................................................................................................ 8

1 Scope ........................................................................................................................................................ 9

2 References ................................................................................................................................................ 9

2.1 Normative references ......................................................................................................................................... 9

2.2 Informative references ...................................................................................................................................... 10

3 Definition of terms, symbols and abbreviations ..................................................................................... 11

3.1 Terms ................................................................................................................................................................ 11

3.2 Symbols ............................................................................................................................................................ 14

3.3 Abbreviations ................................................................................................................................................... 14

4 Signature creation ................................................................................................................................... 15

4.1 Signature creation model .................................................................................................................................. 15

4.2 Signature creation information model .............................................................................................................. 16

4.2.1 Introduction................................................................................................................................................. 16

4.2.2 Signature Creation Constraints ................................................................................................................... 17

4.2.3 Signer's Document (SD) ............................................................................................................................. 17

4.2.4 Signer's Document Representation (SDR) .................................................................................................. 18

4.2.5 Signature attributes ..................................................................................................................................... 18

4.2.5.1 General requirements ............................................................................................................................ 18

4.2.5.2 Signing certificate identifier .................................................................................................................. 19

4.2.5.3 Signature policy identifier ..................................................................................................................... 19

4.2.5.4 Signature policy store ............................................................................................................................ 19

4.2.5.5 Data content type .................................................................................................................................. 19

4.2.5.6 Commitment type indication ................................................................................................................. 19

4.2.5.7 Counter signatures ................................................................................................................................. 20

4.2.5.8 Claimed signing time ............................................................................................................................ 20

4.2.5.9 Claimed signer location ......................................................................................................................... 20

4.2.5.10 Signer's attributes .................................................................................................................................. 20

4.2.6 Data To Be Signed (DTBS) ........................................................................................................................ 21

4.2.7 Data To Be Signed (Formatted) (DTBSF) .................................................................................................. 21

4.2.8 Data To Be Signed Representation (DTBSR) ............................................................................................. 21

4.2.9 Signature ..................................................................................................................................................... 21

4.2.10 Signed Data Object (SDO) ......................................................................................................................... 21

4.2.11 Validation data ............................................................................................................................................ 21

4.3 Signature Classes and Creation Processes ........................................................................................................ 22

4.3.1 Introduction................................................................................................................................................. 22

4.3.2 Creation of Basic Signatures ....................................................................................................................... 23

4.3.2.1 Description ............................................................................................................................................ 23

4.3.2.2 Inputs ..................................................................................................................................................... 23

4.3.2.3 Outputs .................................................................................................................................................. 23

4.3.2.4 Processing ............................................................................................................................................. 24

4.3.2.4.1 Selection of documents to sign ........................................................................................................ 24

4.3.2.4.2 Signature attribute and parameters selection ................................................................................... 24

4.3.2.4.3 Pre-signature presentation ............................................................................................................... 24

4.3.2.4.4 Signature invocation ........................................................................................................................ 25

4.3.2.4.5 Signing............................................................................................................................................. 25

4.3.2.4.6 Signer authentication ....................................................................................................................... 25

4.3.2.4.7 SDO composition ............................................................................................................................ 25

4.3.3 Creation of a Signature with Time .............................................................................................................. 26

4.3.3.1 Description ............................................................................................................................................ 26

4.3.3.2 Inputs ..................................................................................................................................................... 26

4.3.3.3 Outputs .................................................................................................................................................. 26

4.3.3.4 Process .................................................................................................................................................. 27

4.3.4 Creation of Signatures with Long-Term Validation Material ..................................................................... 27

4.3.4.1 Description ............................................................................................................................................ 27

4.3.4.2 Inputs ..................................................................................................................................................... 27

4.3.4.3 Outputs .................................................................................................................................................. 28

4.3.4.4 Process .................................................................................................................................................. 28

4.3.5 Creation of Signatures providing Long Term Availability and Integrity of Validation Material ............... 28

4.3.5.1 Description ............................................................................................................................................ 28

4.3.5.2 Inputs ..................................................................................................................................................... 29

4.3.5.3 Outputs .................................................................................................................................................. 29

4.3.5.4 Process .................................................................................................................................................. 29

5 Signature validation ................................................................................................................................ 30

5.1 Signature validation model ............................................................................................................................... 30

5.1.1 General requirements .................................................................................................................................. 30

5.1.2 Selecting validation processes .................................................................................................................... 32

5.1.3 Status indication of the signature validation process and signature validation report................................. 33

5.1.4 Validation constraints ................................................................................................................................. 41

5.1.4.1 General requirements ............................................................................................................................ 41

5.1.4.2 X.509 Validation Constraints ................................................................................................................ 42

5.1.4.3 Cryptographic Constraints .................................................................................................................... 42

5.1.4.4 Signature Elements Constraints ............................................................................................................ 42

5.2 Basic building blocks ....................................................................................................................................... 42

5.2.1 Description .................................................................................................................................................. 42

5.2.2 Format Checking ........................................................................................................................................ 43

5.2.2.1 Description ............................................................................................................................................ 43

5.2.2.2 Inputs ..................................................................................................................................................... 43

5.2.2.3 Outputs .................................................................................................................................................. 43

5.2.3 Identification of the signing certificate ....................................................................................................... 44

5.2.3.1 Description ............................................................................................................................................ 44

5.2.3.2 Inputs ..................................................................................................................................................... 44

5.2.3.3 Outputs .................................................................................................................................................. 44

5.2.3.4 Processing ............................................................................................................................................. 44

5.2.4 Validation context initialization .................................................................................................................. 45

5.2.4.1 Description ............................................................................................................................................ 45

5.2.4.2 Inputs ..................................................................................................................................................... 45

5.2.4.3 Outputs .................................................................................................................................................. 45

5.2.4.4 Processing ............................................................................................................................................. 45

5.2.5 Revocation freshness checker ..................................................................................................................... 46

5.2.5.1 Description ............................................................................................................................................ 46

5.2.5.2 Inputs ..................................................................................................................................................... 46

5.2.5.3 Output ................................................................................................................................................... 46

5.2.5.4 Processing ............................................................................................................................................. 46

5.2.6 X.509 certificate validation ......................................................................................................................... 47

5.2.6.1 Description ............................................................................................................................................ 47

5.2.6.2 Inputs ..................................................................................................................................................... 47

5.2.6.3 Outputs .................................................................................................................................................. 47

5.2.6.4 Processing ............................................................................................................................................. 48

5.2.7 Cryptographic verification .......................................................................................................................... 50

5.2.7.1 Description ............................................................................................................................................ 50

5.2.7.2 Inputs ..................................................................................................................................................... 50

5.2.7.3 Outputs .................................................................................................................................................. 50

5.2.7.4 Processing ............................................................................................................................................. 51

5.2.8 Signature Acceptance Validation (SAV) .................................................................................................... 51

5.2.8.1 Description ............................................................................................................................................ 51

5.2.8.2 Inputs ..................................................................................................................................................... 51

5.2.8.3 Outputs .................................................................................................................................................. 52

5.2.8.4 Processing ............................................................................................................................................. 52

5.2.8.4.1 General requirements ....................................................................................................................... 52

5.2.8.4.2 Processing AdES attributes ............................................................................................................. 53

5.2.9 Signature validation presentation building block ........................................................................................ 54

5.3 Validation process for Basic Signatures ........................................................................................................... 55

5.3.1 Description .................................................................................................................................................. 55

5.3.2 Inputs .......................................................................................................................................................... 55

5.3.3 Outputs ........................................................................................................................................................ 55

5.3.4 Processing ................................................................................................................................................... 55

5.4 Time-stamp validation building block .............................................................................................................. 57

5.4.1 Description .................................................................................................................................................. 57

5.4.2 Inputs .......................................................................................................................................................... 58

5.4.3 Outputs ........................................................................................................................................................ 58

5.4.4 Processing ................................................................................................................................................... 58

5.5 Validation process for Signatures with Time and Signatures with Long-Term Validation Material ............... 58

5.5.1 Description .................................................................................................................................................. 58

5.5.2 Inputs .......................................................................................................................................................... 59

5.5.3 Outputs ........................................................................................................................................................ 59

5.5.4 Processing ................................................................................................................................................... 59

5.6 Validation process for Signatures providing Long Term Availability and Integrity of Validation

Material ............................................................................................................................................................ 62

5.6.1 Introduction................................................................................................................................................. 62

5.6.2 Additional building blocks .......................................................................................................................... 62

5.6.2.1 Past certificate validation ...................................................................................................................... 62

5.6.2.1.1 Description ...................................................................................................................................... 62

5.6.2.1.2 Input ................................................................................................................................................ 63

5.6.2.1.3 Output .............................................................................................................................................. 63

5.6.2.1.4 Processing ........................................................................................................................................ 63

5.6.2.2 Validation time sliding process ............................................................................................................. 64

5.6.2.2.1 Description ...................................................................................................................................... 64

5.6.2.2.2 Input ................................................................................................................................................ 64

5.6.2.2.3 Output .............................................................................................................................................. 64

5.6.2.2.4 Processing ........................................................................................................................................ 64

5.6.2.3 POE extraction ...................................................................................................................................... 65

5.6.2.3.1 Description ...................................................................................................................................... 65

5.6.2.3.2 Input ................................................................................................................................................ 66

5.6.2.3.3 Output .............................................................................................................................................. 66

5.6.2.3.4 Processing ........................................................................................................................................ 66

5.6.2.4 Past signature validation building block ............................................................................................... 66

5.6.2.4.1 Description ...................................................................................................................................... 66

5.6.2.4.2 Input ................................................................................................................................................ 67

5.6.2.4.3 Output .............................................................................................................................................. 67

5.6.2.4.4 Processing ........................................................................................................................................ 67

5.6.3 Validation Process for Signatures providing Long Term Availability and Integrity of Validation

Material ....................................................................................................................................................... 68

5.6.3.1 Description ............................................................................................................................................ 68

5.6.3.2 Input ...................................................................................................................................................... 68

5.6.3.3 Output ................................................................................................................................................... 68

5.6.3.4 Processing ............................................................................................................................................. 69

Annex A (informative): Validation examples ....................................................................................... 72

A.1 General remarks and assumptions .......................................................................................................... 72

A.2 Symbols .................................................................................................................................................. 72

A.3 Example 1: Revoked certificate ............................................................................................................. 73

A.3.1 Introduction ...................................................................................................................................................... 73

A.3.2 Basic signature validation ...................................................................................................................