SIST-TS ETSI/TS 101 733 V1.3.1:2005
(Main)Electronic signature formats
Electronic signature formats
The scope of this activity is to elaborate on the basic concepts and concerns regarding signature policies as presented in ETSI ES 201 733 and make such concepts accessible to application developers and potential users. This work item shall take advantage of the study on signature policies made under the ISIS program. This deliverable shall be an explanatory part that will be partly tutorial and partly descriptive that translates the standard into real world terms. The deliverable shall be included into TS 101 733 as an informative annex.
Formati elektronskega podpisa
General Information
Standards Content (Sample)
SLOVENSKI STANDARD
SIST-TS ETSI/TS 101 733 V1.3.1:2005
01-maj-2005
Formati elektronskega podpisa
Electronic signature formats
Ta slovenski standard je istoveten z: TS 101 733 Version 1.3.1
ICS:
35.040 Nabori znakov in kodiranje Character sets and
informacij information coding
SIST-TS ETSI/TS 101 733 V1.3.1:2005 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
---------------------- Page: 1 ----------------------
SIST-TS ETSI/TS 101 733 V1.3.1:2005
---------------------- Page: 2 ----------------------
SIST-TS ETSI/TS 101 733 V1.3.1:2005
ETSI TS 101 733 V1.3.1 (2002-02)
Technical Specification
Electronic signature formats
---------------------- Page: 3 ----------------------
SIST-TS ETSI/TS 101 733 V1.3.1:2005
2 ETSI TS 101 733 V1.3.1 (2002-02)
Reference
RTS/SEC-004009
Keywords
IP, electronic signature, security
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE
Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16
Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88
Important notice
Individual copies of the present document can be downloaded from:
http://www.etsi.org
The present document may be made available in more than one electronic version or in print. In any case of existing or
perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF).
In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive
within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
http://portal.etsi.org/tb/status/status.asp
If you find errors in the present document, send your comment to:
editor@etsi.fr
Copyright Notification
No part may be reproduced except as authorized by written permission.
The copyright and the foregoing restriction extend to reproduction in all media.
© European Telecommunications Standards Institute 2002.
All rights reserved.
ETSI
---------------------- Page: 4 ----------------------
SIST-TS ETSI/TS 101 733 V1.3.1:2005
3 ETSI TS 101 733 V1.3.1 (2002-02)
Contents
Intellectual Property Rights.7
Foreword.7
Introduction .7
1 Scope.8
2 References.9
3 Definitions and abbreviations.10
3.1 Definitions.10
3.2 Abbreviations.11
4 Overview.11
4.1 Major parties.11
4.2 Electronic signatures and validation data .12
4.3 Forms of validation data.13
4.4 Extended forms of validation data.15
4.5 Archive validation data.16
4.6 Arbitration.17
4.7 Validation process.17
4.8 Example validation sequence .18
4.9 Additional optional features.21
5 General description.21
5.1 The signature policy .21
5.2 Signed information.22
5.3 Components of an electronic signature .22
5.3.1 Reference to the signature policy.22
5.3.2 Commitment type indication.23
5.3.3 Certificate identifier from the signer.23
5.3.4 Role attributes.24
5.3.4.1 Claimed role.24
5.3.4.2 Certified role.24
5.3.5 Signer location.24
5.3.6 Signing time.24
5.4 Components of validation data.25
5.4.1 Revocation status information .25
5.4.2 CRl information.25
5.4.3 OCSP information.26
5.4.4 Certification path.26
5.4.5 Timestamping for long life of signature .26
5.4.6 Timestamping for long life of signature before CA key compromises.27
5.4.6.1 Timestamping the ES with complete validation data .27
5.4.6.2 Timestamping certificates and revocation information references.28
5.4.7 Timestamping for long life of signature .28
5.4.8 Reference to additional data.29
5.4.9 Timestamping for mutual recognition.29
5.4.10 TSA key compromise .29
5.5 Multiple signatures.30
6 Signature policy and signature validation policy .30
6.1 Identification of signature policy.31
6.2 General signature policy information.32
6.3 Recognized commitment types.32
6.4 Rules for use of certification authorities.33
6.4.1 Trust points.33
6.4.2 Certification path.33
6.5 Rules for the use of timestamping and timemarking .34
ETSI
---------------------- Page: 5 ----------------------
SIST-TS ETSI/TS 101 733 V1.3.1:2005
4 ETSI TS 101 733 V1.3.1 (2002-02)
6.5.1 Trust points and certificate paths .34
6.5.2 Timestamping authority names.34
6.5.3 Timing constraints - cautionary period .34
6.5.4 Timing constraints - time-stamp delay.34
6.6 Revocation rules.35
6.7 Rules for the use of roles.35
6.7.1 Attribute values.35
6.7.2 Trust points for certified attributes .35
6.7.3 Certification path for certified attributes.35
6.8 Rules for verification data to be followed .36
6.9 Rules for algorithm constraints and key lengths.36
6.10 Other signature policy rules.36
6.11 Signature policy protection.36
7 Identifiers and roles.37
7.1 Signer name forms.37
7.2 TSP name forms.37
7.3 Roles and signer attributes.37
8 Data structure of an electronic signature.37
8.1 General syntax.37
8.2 Data content type.37
8.3 Signed-data content type .38
8.4 SignedData type.38
8.5 EncapsulatedContentInfo type.38
8.6 SignerInfo type.38
8.6.1 Message digest calculation process .38
8.6.2 Message signature generation process .38
8.6.3 Message signature verification process.39
8.7 CMS imported mandatory present attributes.39
8.7.1 Content type.39
8.7.2 Message digest.39
8.7.3 Signing time.39
8.8 Alternative signing certificate attributes.39
8.8.1 ESS signing certificate attribute definition .39
8.8.2 Other signing certificate attribute definition.40
8.9 Additional mandatory attributes.40
8.9.1 Signature policy identifier .40
8.10 CMS imported optional attributes .42
8.10.1 Countersignature.42
8.11 ESS imported optional attributes.42
8.11.1 Signed content reference attribute.42
8.11.2 Content identifier attribute.42
8.12 Additional optional attributes .42
8.12.1 CommitmentTypeIndication attribute.42
8.12.2 Signer location.43
8.12.3 Signer attributes.44
8.12.4 Content timestamp.44
8.13 Support for multiple signatures .45
8.13.1 Independent signatures.45
8.13.2 Embedded signatures.45
9 Validation data.45
9.1 Electronic signature timestamp .46
9.1.1 Signature timestamp attribute definition.46
9.2 Complete validation data.46
9.2.1 Complete Certificate Refs attribute definition .47
9.2.2 Complete Revocation Refs attribute definition.47
9.3 Extended validation data .48
9.3.1 Certificate Values attribute definition.48
9.3.2 Revocation Values attribute definition .49
9.3.3 ES-C Timestamp attribute definition .49
9.3.4 Time-Stamped certificates and crls attribute definition .50
ETSI
---------------------- Page: 6 ----------------------
SIST-TS ETSI/TS 101 733 V1.3.1:2005
5 ETSI TS 101 733 V1.3.1 (2002-02)
9.4 Archive validation data.50
9.4.1 Archive Timestamp attribute definition.50
10 Other standard data structures .51
10.1 Public-key certificate format.51
10.2 Certificate revocation list format.51
10.3 OCSP response format.51
10.4 Timestamping token format.51
10.5 Name and attribute formats .52
10.6 Attribute certificate.52
11 Signature policy specification .52
11.1 Overall ASN.1 structure.52
11.2 Signature validation policy.53
11.3 Common Rules.53
11.4 Commitment Rules.54
11.5 Signer and Verifier Rules .54
11.5.1 Signer rules.54
11.5.2 Verifier rules.55
11.6 Certificate and revocation requirement .55
11.6.1 Certificate requirements.56
11.6.2 Revocation requirements.57
11.7 Signing certificate trust conditions.57
11.8 TimeStamp trust conditions.58
11.9 Attribute trust conditions.58
11.10 Algorithm constraints.59
11.11 Signature policy extensions.59
12 Data protocols to interoperate with TSPs.60
12.1 Operational protocols.60
12.1.1 Certificate retrieval.60
12.1.2 CRL retrieval.60
12.1.3 OnLine certificate status.60
12.1.4 Timestamping.60
12.2 Management protocols.60
12.2.1 Certificate request.60
12.2.2 Certificate distribution to signer .61
12.2.3 Request for certificate revocation .61
13 Security considerations.61
13.1 Protection of private key .61
13.2 Choice of algorithms .61
14 Conformance requirements.61
14.1 Signer.61
14.2 Verifier using timestamping.62
14.3 Verifier using secure records.62
14.4 Signature policy.62
Annex A (normative): ASN.1 definitions .63
A.1 Signature format definitions using X.208 (1988) ASN.1 syntax .63
A.2 Signature policies definitions using X.208 (1988) ASN.1 syntax.68
A.3 Signature format definitions using X.680 (1997) ASN.1 syntax .71
A.4 Signature policy definitions using X.680 (1997) ASN.1 syntax .77
Annex B (informative): Example structured contents and MIME.81
B.1 General description.81
B.2 Header information.81
B.3 Content encoding.82
ETSI
---------------------- Page: 7 ----------------------
SIST-TS ETSI/TS 101 733 V1.3.1:2005
6 ETSI TS 101 733 V1.3.1 (2002-02)
B.4 Multi-part content.82
B.5 S/MIME.83
Annex C (informative): Relationship to the European Directive and EESSI .85
C.1 Introduction.85
C.2 Electronic signatures and the directive.85
C.3 ETSI electronic signature formats and the directive .86
C.4 EESSI standards and classes of electronic signature.86
C.4.1 Structure of EESSI standardization .86
C.4.2 Classes of electronic signatures.
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.