Electronic Signatures and Infrastructures (ESI); CAdES digital signatures - Testing Conformance and Interoperability; Part 2: Test suites for testing interoperability of CAdES baseline signatures

DTS/ESI-0019124-2

General Information

Status
Published
Publication Date
23-Jun-2016
Current Stage
12 - Completion
Due Date
06-Jul-2016
Completion Date
24-Jun-2016
Mandate
Ref Project

Buy Standard

Standard
ETSI TS 119 124-2 V1.1.1 (2016-06) - Electronic Signatures and Infrastructures (ESI); CAdES digital signatures - Testing Conformance and Interoperability; Part 2: Test suites for testing interoperability of CAdES baseline signatures
English language
18 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

ETSI TS 119 124-2 V1.1.1 (2016-06)






TECHNICAL SPECIFICATION
Electronic Signatures and Infrastructures (ESI);
CAdES digital signatures -
Testing Conformance and Interoperability;
Part 2: Test suites for testing interoperability
of CAdES baseline signatures

---------------------- Page: 1 ----------------------
2 ETSI TS 119 124-2 V1.1.1 (2016-06)



Reference
DTS/ESI-0019124-2
Keywords
CAdES, e-commerce, electronic signature,
interoperability, profile, security, testing
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88

Important notice
The present document can be downloaded from:
http://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the
print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying
and microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.

© European Telecommunications Standards Institute 2016.
All rights reserved.

TM TM TM
DECT , PLUGTESTS , UMTS and the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members.
TM
3GPP and LTE™ are Trade Marks of ETSI registered for the benefit of its Members and
of the 3GPP Organizational Partners.
GSM® and the GSM logo are Trade Marks registered and owned by the GSM Association.
ETSI

---------------------- Page: 2 ----------------------
3 ETSI TS 119 124-2 V1.1.1 (2016-06)
Contents
Intellectual Property Rights . 4
Foreword . 4
Modal verbs terminology . 4
1 Scope . 5
2 References . 5
2.1 Normative references . 5
2.2 Informative references . 5
3 Definitions and abbreviations . 6
3.1 Definitions . 6
3.2 Abbreviations . 6
4 Overview . 6
5 Testing interoperability of CAdES-B-B signatures . 6
6 Testing interoperability of CAdES-B-T signatures . 8
7 Testing interoperability of CAdES-B-LT signatures . 9
8 Testing interoperability of CAdES-B-LTA signatures . 10
9 Testing CAdES baseline signatures augmentation interoperability . 13
10 Negative test cases for CAdES baseline signatures . 14
10.1 CAdES-B-B signatures test cases . 14
10.2 CAdES-B-T signatures test cases . 16
10.3 CAdES-B-LTA signatures test cases . 17
History . 18


ETSI

---------------------- Page: 3 ----------------------
4 ETSI TS 119 124-2 V1.1.1 (2016-06)
Intellectual Property Rights
IPRs essential or potentially essential to the present document may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (https://ipr.etsi.org/).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
Foreword
This Technical Specification (TS) has been produced by ETSI Technical Committee Electronic Signatures and
Infrastructures (ESI).
The present document is part 2 of a multi-part deliverable covering CAdES digital signatures - Testing Conformance
and Interoperability. Full details of the entire series can be found in part 1 [i.1].
Modal verbs terminology
In the present document "shall", "shall not", "should", "should not", "may", "need not", "will", "will not", "can" and
"cannot" are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of
provisions).
"must" and "must not" are NOT allowed in ETSI deliverables except when used in direct citation.
ETSI

---------------------- Page: 4 ----------------------
5 ETSI TS 119 124-2 V1.1.1 (2016-06)
1 Scope
The present document defines a number of test suites to assess the interoperability between implementations claiming
conformance to CAdES baseline signatures [1].
The test suites are defined with four different layers reflecting the four different levels of CAdES baseline signatures:
• Tests suite addressing interoperability between applications claiming B-B level conformance.
• Tests suite addressing interoperability between applications claiming B-T level conformance.
• Tests suite addressing interoperability between applications claiming B-LT level conformance.
• Tests suite addressing interoperability between applications claiming B-LTA level conformance.
Test suites also cover augmentation of CAdES baseline signatures and negative test cases.
These test suites are agnostic of the PKI infrastructure. Any PKI infrastructure can be used including the one based on
EU Member States Trusted Lists.
2 References
2.1 Normative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
Referenced documents which are not found to be publicly available in the expected location might be found at
https://docbox.etsi.org/Reference/.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are necessary for the application of the present document.
[1] ETSI EN 319 122-1: "Electronic Signatures and Infrastructures (ESI); CAdES digital signatures;
Part 1: Building blocks and CAdES baseline signatures".
2.2 Informative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are not necessary for the application of the present document but they assist the
user with regard to a particular subject area.
[i.1] ETSI TR 119 124-1: "Electronic Signatures and Infrastructures (ESI); CAdES digital signatures -
Testing Conformance and Interoperability; Part 1: Overview".
[i.2] ETSI TR 119 001: "Electronic Signatures and Infrastructures (ESI); The framework for
standardization of signatures; Definitions and abbreviations".
[i.3] ETSI EN 319 102-1: "Electronic Signatures and Infrastructures (ESI); Procedures for Creation and
Validation of AdES Digital Signatures; Part 1: Creation and Validation".
ETSI

---------------------- Page: 5 ----------------------
6 ETSI TS 119 124-2 V1.1.1 (2016-06)
3 Definitions and abbreviations
3.1 Definitions
For the purposes of the present document, the terms and definitions given in ETSI TR 119 001 [i.2] and the following
apply:
negative test case: test case for a signature whose validation according to ETSI EN 319 102-1 [i.3] would not result in
TOTAL-PASSED
3.2 Abbreviations
For the purposes of the present document, the abbreviations given in ETSI TR 119 001 [i.2] apply.
4 Overview
This clause describes the overall approach used throughout the present document to specify test suites for CAdES
baseline signatures interoperability testing.
ETSI EN 319 122-1 [1] defines four different levels of CAdES baseline signatures.
The test suites are defined with different layers reflecting the levels of CAdES baseline signatures specified in [1]:
• Testing CAdES signatures interoperability between applications claiming B-B level conformance.
• Testing CAdES signatures interoperability between applications claiming B-T level conformance.
• Testing CAdES signatures interoperability between applications claiming B-LT level conformance.
• Testing CAdES signatures interoperability between applications claiming B-LTA level conformance.
• Testing augmentation of CAdES signatures from B-T level to B-LTA level.
• Negative test cases for CAdES baseline signatures:
- CAdES-B-B signatures test cases.
- CAdES-B-T signatures test cases.
- CAdES-B-LTA signatures test cases.
5 Testing interoperability of CAdES-B-B signatures
The test cases in this clause have been defined for different combinations of CAdES-B-B signatures attributes.
Mandatory attributes for CAdES-B-B signatures described in [1], clause 6.3, shall be present.
Table 1 shows which attributes are required to generate CAdES-B-B signatures for each test case.
ETSI

---------------------- Page: 6 ----------------------
7 ETSI TS 119 124-2 V1.1.1 (2016-06)
Table 1: Test cases for CAdES-B-B signatures
TC ID Description Pass criteria Signature attributes
CAdES/BB/1 This is the simplest CAdES- Positive validation. • Certificates
B-B signatures The signature shall contain
o SigningCertificate
interoperability test case. ContentType, SigningTime,
• SignedAttributes
The signature ONLY MessageDigest,
o MessageDigest
CONTAINS the mandatory ESSSigningCertificateV2 and
o ContentType
CAdES attributes. SigningCertificate (included in
o SigningTime
SignedData.certificates field)
o ESSSigningCertificateV2
attributes.
CAdES/BB/2 In this CAdES-B-B Positive validation.
• Certificates
signatures interoperability The signature shall contain
o SigningCertificate
test case the signature ContentType, SigningTime,
• SignedAttributes
contains a MessageDigest,
o MessageDigest
CertifiedAttributeV2 in ESSSigningCertificateV2,
o ContentType
addition to the CAdES/BB/1 CertifiedAttributesV2 (included in
o SigningTime
test case attributes. SignerAttributesV2) and
o ESSSigningCertificateV2
SigningCertificate (included in
o SignerAttributesV2
SignedData.certificates field)
(CertifiedAttributeV2)
attributes.
CAdES/BB/3 In this CAdES-B-B Positive validation.
• Certificates
signatures interoperability The signature shall contain
o SigningCertificate
test case the signature ContentType, SigningTime,
• SignedAttributes
contains a ClaimedAttribute MessageDigest,
o MessageDigest
in addition to the ESSSigningCertificateV2,
o ContentType
CAdES/BB/1 test case ClaimedAttribute (included in
o SigningTime
attributes. SignerAttributesV2) and
o ESSSigningCertificateV2
SigningCertificate (included in
o SignerAttributesV2
SignedData.certificates field)
(CertifiedAttributeV2)
attributes.
CAdES/BB/4 This test case tests a Positive validation.
• Certificates
CAdES-B-B signature with The signature shall contain 2
o SigningCertificate
multiple independent SigningCertificates attributes
• SignedAttributes
signatures. The input to this (included in
o MessageDigest
test is a CAdES signature SignedData.certificates field) and
o ESSSigningCertificateV2
as specified in CAdES/BB/1 2 signerInfos containing
o ContentType
test case. ContentType, SigningTime,
o SigningTime
MessageDigest and
ESSSigningCertificateV2
attributes.
CAdES/BB/5 This test case tests a Positive validation.
• Certificates
CAdES-B-B signature with The signature shall contain
o SigningCertificate
a CounterSignature ContentType, SigningTime,
• SignedAttributes
attribute. The input to this MessageDigest,
o MessageDigest
test is a CAdES signature ESSSigningCertificateV2,
o ContentType
as specified in CAdES/BB/1 CounterSignature and
o SigningTime
test case. SigningCertificate (included in
o ESSSigningCertificateV2
SignedData.certificates field)
• UnsignedAttributes
attributes.
o CounterSignature
CAdES/BB/6 This test case tests a Positive validation.
• Certificates
CAdES-B-B signature that The signature shall contain o SigningCertificate
contains SignerLocation and ContentType, SigningTime,
• SignedAttributes
CommitmentTypeIndication MessageDigest,
o MessageDigest
attributes in addition to the ESSSigningCertificateV2,
o ContentType
CAdES/BB/1 test case SignerLocation (containing at
o SigningTime
attributes. least the countryName and
o ESSSigningCertificateV2
localityName values),
o SignerLocation
CommitmentTypeIndication and
o CommitmentTypeIndication
SigningCertificate (included in
SignedData.certificates field)
attributes.
ETSI

---------------------- Page: 7 ----------------------
8 ETSI TS 119 124-2 V1.1.1 (2016-06)
TC ID Description Pass criteria Signature attributes
CAdES/BB/7 This test case tests a Positive validation.
• Certificates
CAdES-B-B signature that The signature shall contain
o SigningCertificate
contains a ContentType, SigningTime,
• SignedAttributes
ContentTimeStamp attribute MessageDigest,
o MessageDigest
in addition to the ESSSigningCertificateV2,
o ContentType
CAdES/BB/1 test case ContentTimeStamp and
o SigningTime
attributes. SigningCertificate (included in
o ESSSigningCertificateV2
SignedData.certificates field)
o ContentTimeStamp
attributes.
CAdES/BB/8 This test case tests a Positive validation. • Certificates
CAdES-B-B signature that The signature shall contain
o SigningCertificate
contains an explicit ContentType, SigningTime,
• SignedAttributes
SignaturePolicyIdentifier MessageDigest,
o MessageDigest
attribute in addition to the ESSSigningCertificateV2,
o ContentType
CAdES/BB/1 test case SignaturePolicyIdentifier and
o SigningTime
attributes. SigningCertificate (included in
o ESSSigningCertificateV2
SignedData.certificates field)
o SignaturePolicyIdentifier
attributes.
CAdES/BB/9 This test case tests a Positive validation.
• Certificates
CAdES-B-B signature in The signature shall contain o SigningCertificate
which digest algorithm ContentType, SigningTime,
• SignedAttributes
SHA1 is used to digest data MessageDigest,
o MessageDigest
to be signed. The signature ESSSigningCertificate and
o ContentType
ONLY CONTAINS the SigningCertificate (included in
o SigningTime
mandatory CAdES SignedData.certificates field)
o ESSSigningCertificate
attributes. attributes.

6 Testing interoperability of CAdES-B-T signatures
The test cases in this clause have been defined for different combinations of CAdES-B-T signatures attributes. CAdES
baseline signatures claiming conformance to B-T level of document [1] shall be built on baseline signatures conformant
to B-B level.
A CAdES baseline signature conformant to B-T level shall be a baseline signature conformant to B-B level for which a
Trust Service Provider has generated a trusted token (time-stamp token) proving that the signature itself actually existed
at a certain date and time.
Mandatory attributes for CAdES-B-T signatures described in document [1], clause 6.3, shall be present.
Table 2 shows which attributes are required to generate CAdES-B-T signatures for each test case.
Table 2: Test cases for CAdES-B-T signatures
TC ID Description Pass criteria Signature attributes
CAdES/BT/1 This is the simplest CAdES- Positive validation.
• Certificates
B-T signatures The signature shall contain o SigningCertificate
interoperability test case. ContentType, SigningTime,
• SignedAttributes
The signature ONLY MessageDigest,
o MessageDigest
CONTAINS the mandatory ESSSigningCertificateV2,
o ESSSigningCertificateV2
CAdES attributes for SignatureTimeStamp and
o ContentType
CAdES-B-B signatures and SigningCertificate (included in
o SigningTime
a SignatureTimeStamp SignedData.certificates field)
• UnsignedAttributes
unsigned attribute. attributes.
o SignatureTimeStamp
CAdES/BT/2 This test case tests the Positive validation. • Certificates
adding of an indipendent The signature shall contain 2
o SigningCertificate
CAdES-B-T signature to an SigningCertificates attributes
• SignedAttributes
already signed document in (included in
o MessageDigest
CAdES-B-T signature SignedData.certificates field) and
o ESSSigningCertificateV2
format. The input to this test 2 signerInfos containing
o ContentType
is a CAdES-B-T signature ContentType, SigningTime,
o SigningTime
as specified in CAdES/BT/1 MessageDigest,
• UnsignedAttributes
test case. ESSSigningCertificateV2 and
o SignatureTimeStamp
SignatureTimeStamp attributes.
ETSI

---------------------- Page: 8 ----------------------
9 ETSI TS 119 124-2 V1.1.1 (2016-06)
TC ID Description Pass criteria Signature attributes
CAdES/BT/3 This test case tests the Positive validation.
• Certificates
adding of an indipendent The signature shall contain 2
o SigningCertificate
CAdES-B-T signature to an SigningCertificates attributes
• SignedAttributes
already signed document in (included in
o MessageDigest
CAdES-B-B signature SignedData.certificates field) and
o ESSSigningCertificateV2
format. The input to this test 2 signerInfos containing
o ContentType
is a CAdES-B-B signature ContentType, SigningTime,
o SigningTime
as specified in CAdES/BB/1 MessageDigest and
• UnsignedAttributes
test case. ESSSigningCertificateV2
o SignatureTimeStamp
attributes. The second signerInfo
contains a SignatureTimeStamp
attribute too.

7 Testing interoperability of CAdES-B-LT signatures
The test cases in this clause have been defined for different combinations of CAdES-B-LT signatures attributes. CAdES
baseline signatures claiming conformance to B-LT level of document [1] shall be built on baseline signatures
conformant to B-T level.
A CAdES baseline signature conformant to B-LT level shall be a baseline signature conformant to B-T level to which
values of certificates and values of certificates status used to validate the signature have been added.
Mandatory attributes for CAdES-B-LT signatures described in document [1], clause 6.3, shall be present.
Table 3 shows which attributes are required to generate test CAdES-B-LT signatures for each test case.
Table 3: Test cases for CAdES-B-LT signatures
TC ID Description Pass criteria Signature attributes
CAdES/BLT/1 This is the simplest CAdES- Positive validation.
• Certificates
B-LT signatures The signature shall contain
• Crls.crl
interoperability test case. ContentType, SigningTime,
• SignedAttributes
The signature contains the MessageDigest, Certificates,
o MessageDigest
mandatory CAdES Crls.crl, ESSSigningCertificateV2
o ESSSigningCertificateV2
attributes for CAdES-B-T and SignatureTimeStamp
o ContentType
signatures. The full set of attributes.
o SigningTime
certificates that have been
• UnsignedAttributes
used to validate the
o SignatureTimeStamp
signature is included. The
revocation material that
have been used in the
validation of the signature is
included. The revocation
data used are CRLs.
CAdES/BLT/2 This CAdES-B-LT Positive validation. • Certificates
signatures interoperability The signature shall contain
• Crls.other
test case is similar to ContentType, SigningTime,
• SignedAttributes
CAdES/BLT/1 one. The MessageDigest, Certificates,
o MessageDigest
signature contains the Crls.other,
o ESSSigningCertificateV2
mandatory CAdES ESSSigningCertificateV2 and
o ContentType
attributes for CAdES-B-T SignatureTimeStamp attributes.
o SigningTime
signatures. The full set of
• UnsignedAttributes
certificates that have been
o SignatureTimeStamp
used to validate the
signature is included. The
revocation material that
have been used in the
validation of the signature is
included. The revocation
data used are OCSP
responses.
ETSI

---------------------- Page: 9 ----------------------
10 ETSI TS 119 124-2 V1.1.1 (2016-06)
TC ID Description Pass criteria Signature attributes
CAdES/BLT/3 In this CAdES-B-LT Positive validation.
• Certificates
signatures interoperability The signature shall contain
• Crls.crl
test case the signature ContentType, SigningTime,
• SignedAttributes
contains a MessageDigest,
o MessageDigest
CertifiedAttributeV2 attribute CertifiedAttributesV2 (included in
o ESSSigningCertificateV2
in addition to the SignerAttributesV2), Certificates,
o ContentType
CAdES/BLT/1 test case Crls.crl, ESSSigningCertificateV2
o SigningTime
attributes. The full set of and SignatureTimeStamp
o SignerAttributesV2
certificates that have been attributes.
(CertifiedAttributeV2)
used to validate the
• UnsignedAttributes
signature is included and
o SignatureTimeStamp
contains the Attribute
Authority certificate too. The
revocation material that
have been used in the
validation of the signature is
included. The revocation
data used are CRLs.
CAdES/BLT/4 In this CAdES-B-LT Positive validation.
• Certificates
signatures interoperability The signature shall contain
• Crls.other
test case the signature ContentType, SigningTime,
• SignedAttributes
contains a MessageDigest,
o MessageDigest
CertifiedAttributeV2 attribute CertifiedAttributesV2 (included in
o ESSSigningCertificateV2
in addition to the SignerAttributesV2), Certificates,
o ContentType
CAdES/BLT/2 test case Crls.other,
o SigningTime
attributes. The full set of ESSSigningCertificateV2 and
o SignerAttributesV2
certificates that have been SignatureTimeStamp attributes.
(CertifiedAttributeV2)
used to validate the
• UnsignedAttributes
signature is included and
o SignatureTimeStamp
contains the Attribute
Authority certificate too. The
revocation material that
have been used in the
validation of the signature is
included. The revocation
data used are OCSP
responses.

8 Testing interoperability of CAdES-B-LTA signatures
The test cases in this clause have been defined for different combinations of CAdES-B-LTA signatures attributes.
CAdES baseline signatures claiming conformance to B-LTA level of document [1] shall be built on baseline signatures
conformant to B-LT level.
A CAdES baseline signature conformant to B-LTA level shall be a baseline signature conformant to B-LT level to
which one or more archive-time-stamp-v3 attributes (each one including one ats-hash-index-v3 unsigned attribute as
specified in document [1]) have been added.
Mandatory attributes for CAdES-B-LTA signatures described in document [1], clause 6.3, shall be present.
Table 4 shows which attributes are required to generate test CAdES-B-LTA signatures for each test case.
ETSI

---------------------- Page: 10 ----------------------
11 ETSI TS 119 124-2 V1.1.1 (2016-06)
Table 4: Test cases for CAdES-B-LTA signatures
TC ID Description Pass criteria Signature attributes
CAdES/BLTA/1 This is the simplest CAdES- Positive validation. • Certificates
B-LTA signatures The signature shall contain
• Crls.crl
interoperability test case. ContentType, SigningTime,
• SignedAttributes
The signature contains the MessageDigest, Certificates,
o MessageDigest
mandatory CAdES Crls.crl,
o ESSSigningCertificateV2
attributes for CAdES-B-LT ESSSigningCertificateV2,
o ContentType
signatures (the revocation SignatureTimeStamp and
o SigningTime
data used are CRLs). One ArchiveTimeStampV3 (including
• UnsignedAttributes
ArchiveTimeStampV3
one ats-hash-index-v3 unsigned
o SignatureTimeStamp
attribute is included attribute)
o ArchiveTimeStampV3
(including one ats-hash- attributes.
o ats-hash-index-v3
index-v3 unsigned attribute).
CAdES/BLTA/2 This CAdES-B-LTA Positive validation.
• Certificates
signatures interoperability The signature shall contain
• Crls.other
test case is similar to ContentType, SigningTime,
• SignedAttributes
CAdES/BLTA/1 one. The MessageDigest, Certificates,
o MessageDigest
signature contains the Crls.other,
o ESSSigningCertificateV2
mandatory CAdES ESSSigningCertificateV2,
o ContentType
attributes for CAdES-B-LT SignatureTimeStamp and
o SigningTime
signatures (the revocation ArchiveTimeStampV3 (including
• UnsignedAttributes
data used are OCSP one ats-hash-index-v3 unsigned
o SignatureTimeStamp
responses). One
attribute)
o ArchiveTimeStampV3
ArchiveTimeStampV3 attributes.
o ats-hash-index-v3
attribute is included
(including one ats-hash-
index-v3 unsigned attribute).
CAdES/BLTA/3 In this case the CAdES-B- Positive validation. • Certificates
LT signature was time- The signature shall contain
• Crls.crl
stamped with an ContentType, SigningTime,
• SignedAttributes
ArchiveTimeStampV2. MessageDigest, Certificates,
o MessageDigest
Afterwards, the resulting Crls.crl, CompleteCertificateRefs,
o ESSSigningCertificateV2
long-term-validation CompleteRevocationRefs,
o ContentType
signature is time-stamped ESSSigningCertificateV2,
o SigningTime
again with an SignatureTimeStamp,
• UnsignedAttributes
ArchiveTimeStampV3. The
ArchiveTimeStampV2 and
o CompleteCertificateRefs
validation material ArchiveTimeStampV3 (including
o CompleteRevocationRefs
corresponding to the first one ats-hash-index-v3 unsigned
o SignatureTimeStamp
ArchiveTimeStampV2 is attribute)
o ArchiveTimeStampV2
added within time-stamp attributes.
o Certificates
token itself by one of the
o Crls.crl
following methods: (1) the
o ArchiveTimeStampV3
TSU provides the
o ats-hash-index-v3
information in the
SignedData of the time-
stamp token; (2) adding the
certificate-values attribute
and the revocation-values
attribute of the TSP as an
unsigned attribute within the
time-stamp token. The
revocation data used are
CRLs.
ETSI

---------------------- Page: 11 ----------------------
12 ETSI TS 119 124-2 V1.1.1 (2016-06)
TC ID Description Pass criteria Signature attributes
CAdES/BLTA/4 In this case the CAdES-B- Positive validation.
• Certificates
LT signature was time-
The signature shall contain
• Crls.other
stamped with an ContentType, SigningTime,
• SignedAttributes
ArchiveTimeStampV2. MessageDigest, Certificates,
o MessageDigest
Afterwards, the resulting Crls.other,
o ESSSigningCertificateV2
long-term-validation CompleteCertificateRefs,
o ContentType
signature is time-stamped CompleteRevocationRefs,
o SigningTime
again with an ESSSigningCertificateV2, ,
• UnsignedAttributes
ArchiveTimeStampV3. The ArchiveTimeStampV2 and
o CompleteCertificateRefs
validation material ArchiveTimeStampV3 (including
o CompleteRevocationRefs
corresponding to the first one ats-hash-inde
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.