SIST EN 319 102-1 V1.4.1:2024
(Main)Electronic Signatures and Trust Infrastructures (ESI) - Procedures for Creation and Validation of AdES Digital Signatures - Part 1: Creation and Validation
Electronic Signatures and Trust Infrastructures (ESI) - Procedures for Creation and Validation of AdES Digital Signatures - Part 1: Creation and Validation
The present document specifies procedures for:
• the creation of AdES digital signatures (specified in ETSI EN 319 122-1 [i.2], ETSI EN 319 132-1 [i.4], ETSI EN 319 142-1 [i.6] respectively);
• establishing whether an AdES digital signature is technically valid;
whenever the AdES digital signature is based on public key cryptography and supported by Public Key
Certificates (PKCs). To improve readability of the present document, AdES digital signatures are meant when the term signature is being used.
NOTE 1: Regulation (EU) No 910/2014 [i.15] defines the terms electronic signature, advanced electronic signature, electronic seals and advanced electronic seal. These signatures and seals are usually created using digital signature technology. The present document aims at supporting the Regulation (EU) No 910/2014 [i.15] for creation and validation of advanced electronic signatures and seals when they are implemented as AdES digital signatures.
The present document introduces general principles, objects and functions relevant when creating or validating signatures based on signature creation and validation constraints and defines general classes of signatures that allow for verifiability over long periods.
The following aspects are considered to be out of scope:
• generation and distribution of Signature Creation Data (keys, etc.), and the selection and use of cryptographic algorithms;
• format, syntax or encoding of data objects involved, specifically format or encoding for documents to be signed or signatures created; and
• the legal interpretation of any signature, especially the legal validity of a signature.
NOTE 2: The signature creation and validation procedures specified in the present document provide several options and possibilities. The selection of these options is driven by a signature creation policy, a signature augmentation policy or a signature validation policy respectively. Note that legal requirements can be provided through specific policies, e.g. in the context of qualified electronic signatures as defined in the Regulation (EU) 910/2014 [i.15].
Elektronski podpisi in infrastrukture zaupanja (ESI) - Postopki za oblikovanje in validacijo digitalnih podpisov AdES - 1. del: Oblikovanje in validacija
Ta dokument določa postopke za:
• oblikovanje digitalnih podpisov AdES (določenih v standardih ETSI EN 319 122-1 [i.2], ETSI EN 319 132-1 [i.4], ETSI EN 319 142-1 [i.6]);
• ugotavljanje, ali je digitalni podpis AdES tehnično veljaven;
kadar koli digitalni podpis AdES temelji na kriptografiji javnih ključev in je podprt z digitalnimi potrdili javnih
ključev (PKC). Za izboljšanje berljivosti tega dokumenta je namesto izraza digitalni podpisi AdES uporabljen izraz podpis.
OPOMBA 1: Uredba (EU) št. 910/2014 [i.15] opredeljuje izraze elektronski podpis, napredni elektronski podpis, elektronski žigi in napredni elektronski žig. Ti podpisi in žigi so običajno oblikovani s tehnologijo za digitalne podpise. Namen tega dokumenta je zagotavljanje podpore za Uredbo (EU) št. 910/2014 [i.15] za oblikovanje in validacijo naprednih elektronskih podpisov ter žigov, ko se uporabljajo kot digitalni podpisi AdES.
Ta dokument uvaja splošna načela, objekte in funkcije pri oblikovanju ali validaciji podpisov, ki temeljijo na omejitvah pri oblikovanju in validaciji podpisov, ter opredeljuje splošne razrede podpisov, ki omogočajo preverljivost v daljšem časovnem obdobju.
Področje uporabe ne zajema naslednjih vidikov:
• ustvarjanje in distribucija podatkov za ustvarjanje podpisa (ključi itd.) ter izbor in uporaba kriptografskih algoritmov;
• oblika, skladnja ali kodiranje vključenih podatkovnih objektov, še posebej oblika ali kodiranje za dokumente, ki jih je treba podpisati, ali za oblikovane podpise; in
• pravna razlaga podpisov, še posebej pravna veljavnost podpisa.
OPOMBA 2: Postopki za oblikovanje in validacijo podpisov, podani v tem dokumentu, zagotavljajo več možnosti. Razlog za številne možnosti je politika oblikovanja podpisov, politika razširitve podpisov ali politika validacije podpisov. Pravne zahteve so lahko podane v določenih politikah, npr. v kontekstu kvalificiranih elektronskih podpisov, kot je opredeljeno v Uredbi (EU) št. 910/2014 [i.15].
General Information
- Status
- Published
- Public Enquiry End Date
- 31-May-2024
- Publication Date
- 01-Jul-2024
- Technical Committee
- SPN - Services and Protocols for Networks
- Current Stage
- 6060 - National Implementation/Publication (Adopted Project)
- Start Date
- 24-Jun-2024
- Due Date
- 29-Aug-2024
- Completion Date
- 02-Jul-2024
Overview
SIST EN 319 102-1 V1.4.1:2024 (identical to ETSI EN 319 102-1 V1.4.1) defines procedures for the creation and validation of AdES digital signatures (Advanced Electronic Signatures) when they are implemented using public key cryptography and supported by Public Key Certificates (PKCs). The standard supports compliance with Regulation (EU) No 910/2014 (eIDAS) by describing models, objects and functions needed to create verifiable AdES signatures and to determine their technical validity over short and long timeframes.
Key Topics and Technical Requirements
- Signature creation model and information model: Defines the structure and attributes involved in signature creation, including the Signer’s Document (SD), Data To Be Signed (DTBS), signature attributes and Validation Data.
- Signature classes and creation processes: Describes classes of signatures and stepwise creation processes such as Basic Signatures, Signatures with Time, Signatures with Long-Term Validation Material, and Signatures offering long-term availability and integrity of validation material.
- Validation model and processes: Specifies how to select validation processes, constraints for validation (format, cryptographic, X.509-related), and how to report validation status.
- Core building blocks for validation:
- Format checking and structure validation
- Identification of the signing certificate
- Validation context initialization
- Revocation freshness checking (checking recency of revocation evidence)
- X.509 certificate validation and cryptographic constraint checks
- Policies and constraints: Outlines how signature creation/validation options are selected via signature creation, augmentation or validation policies. Legal interpretation is out of scope, but the standard facilitates regulatory compliance.
- Out of scope: Key generation/distribution, choice of cryptographic algorithms, data encoding/format specifics, and legal validity interpretation.
Practical Applications and Who Uses It
- Trust Service Providers (TSPs) and Certification Authorities (CAs) implementing signature creation and long-term validation services.
- Software vendors and integrators building digital signing or signature validation components for e-government, banking, healthcare and enterprise document workflows.
- Security architects and PKI operators designing trust infrastructures that require verifiable, long-lived AdES signatures.
- Compliance and audit teams ensuring signature solutions meet eIDAS-related technical requirements.
Keywords: AdES, digital signature, electronic signatures, trust infrastructures, signature creation, signature validation, PKC, eIDAS, SIST EN 319 102-1, ETSI EN 319 102-1.
Related Standards
- ETSI EN 319 122-1, ETSI EN 319 132-1, ETSI EN 319 142-1 (AdES profiles referenced)
- Regulation (EU) No 910/2014 (eIDAS) - legal framework referenced for advanced electronic signatures
ETSI EN 319 102-1 V1.4.0 (2024-03) - Electronic Signatures and Trust Infrastructures (ESI); Procedures for Creation and Validation of AdES Digital Signatures; Part 1: Creation and Validation
ETSI EN 319 102-1 V1.4.1 (2024-06) - Electronic Signatures and Trust Infrastructures (ESI); Procedures for Creation and Validation of AdES Digital Signatures; Part 1: Creation and Validation
Frequently Asked Questions
SIST EN 319 102-1 V1.4.1:2024 is a standard published by the Slovenian Institute for Standardization (SIST). Its full title is "Electronic Signatures and Trust Infrastructures (ESI) - Procedures for Creation and Validation of AdES Digital Signatures - Part 1: Creation and Validation". This standard covers: The present document specifies procedures for: • the creation of AdES digital signatures (specified in ETSI EN 319 122-1 [i.2], ETSI EN 319 132-1 [i.4], ETSI EN 319 142-1 [i.6] respectively); • establishing whether an AdES digital signature is technically valid; whenever the AdES digital signature is based on public key cryptography and supported by Public Key Certificates (PKCs). To improve readability of the present document, AdES digital signatures are meant when the term signature is being used. NOTE 1: Regulation (EU) No 910/2014 [i.15] defines the terms electronic signature, advanced electronic signature, electronic seals and advanced electronic seal. These signatures and seals are usually created using digital signature technology. The present document aims at supporting the Regulation (EU) No 910/2014 [i.15] for creation and validation of advanced electronic signatures and seals when they are implemented as AdES digital signatures. The present document introduces general principles, objects and functions relevant when creating or validating signatures based on signature creation and validation constraints and defines general classes of signatures that allow for verifiability over long periods. The following aspects are considered to be out of scope: • generation and distribution of Signature Creation Data (keys, etc.), and the selection and use of cryptographic algorithms; • format, syntax or encoding of data objects involved, specifically format or encoding for documents to be signed or signatures created; and • the legal interpretation of any signature, especially the legal validity of a signature. NOTE 2: The signature creation and validation procedures specified in the present document provide several options and possibilities. The selection of these options is driven by a signature creation policy, a signature augmentation policy or a signature validation policy respectively. Note that legal requirements can be provided through specific policies, e.g. in the context of qualified electronic signatures as defined in the Regulation (EU) 910/2014 [i.15].
The present document specifies procedures for: • the creation of AdES digital signatures (specified in ETSI EN 319 122-1 [i.2], ETSI EN 319 132-1 [i.4], ETSI EN 319 142-1 [i.6] respectively); • establishing whether an AdES digital signature is technically valid; whenever the AdES digital signature is based on public key cryptography and supported by Public Key Certificates (PKCs). To improve readability of the present document, AdES digital signatures are meant when the term signature is being used. NOTE 1: Regulation (EU) No 910/2014 [i.15] defines the terms electronic signature, advanced electronic signature, electronic seals and advanced electronic seal. These signatures and seals are usually created using digital signature technology. The present document aims at supporting the Regulation (EU) No 910/2014 [i.15] for creation and validation of advanced electronic signatures and seals when they are implemented as AdES digital signatures. The present document introduces general principles, objects and functions relevant when creating or validating signatures based on signature creation and validation constraints and defines general classes of signatures that allow for verifiability over long periods. The following aspects are considered to be out of scope: • generation and distribution of Signature Creation Data (keys, etc.), and the selection and use of cryptographic algorithms; • format, syntax or encoding of data objects involved, specifically format or encoding for documents to be signed or signatures created; and • the legal interpretation of any signature, especially the legal validity of a signature. NOTE 2: The signature creation and validation procedures specified in the present document provide several options and possibilities. The selection of these options is driven by a signature creation policy, a signature augmentation policy or a signature validation policy respectively. Note that legal requirements can be provided through specific policies, e.g. in the context of qualified electronic signatures as defined in the Regulation (EU) 910/2014 [i.15].
SIST EN 319 102-1 V1.4.1:2024 is classified under the following ICS (International Classification for Standards) categories: 35.040.01 - Information coding in general. The ICS classification helps identify the subject area and facilitates finding related standards.
You can purchase SIST EN 319 102-1 V1.4.1:2024 directly from iTeh Standards. The document is available in PDF format and is delivered instantly after payment. Add the standard to your cart and complete the secure checkout process. iTeh Standards is an authorized distributor of SIST standards.
Standards Content (Sample)
Draft ETSI EN 319 102-1 V1.4.0 (2024-03)
EUROPEAN STANDARD
Electronic Signatures and Trust Infrastructures (ESI);
Procedures for Creation and Validation
of AdES Digital Signatures;
Part 1: Creation and Validation
2 Draft ETSI EN 319 102-1 V1.4.0 (2024-03)
Reference
REN/ESI-0019102-1V1.4.1
Keywords
electronic signature, security, trust services
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE
Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16
Siret N° 348 623 562 00017 - APE 7112B
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° w061004871
Important notice
The present document can be downloaded from:
https://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the prevailing version of an ETSI
deliverable is the one made publicly available in PDF format at www.etsi.org/deliver.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
If you find a security vulnerability in the present document, please report it through our
Coordinated Vulnerability Disclosure Program:
https://www.etsi.org/standards/coordinated-vulnerability-disclosure
Notice of disclaimer & limitation of liability
The information provided in the present deliverable is directed solely to professionals who have the appropriate degree of
experience to understand and interpret its content in accordance with generally accepted engineering or
other professional standard and applicable regulations.
No recommendation as to products and services or vendors is made or should be implied.
In no event shall ETSI be held liable for loss of profits or any other incidental or consequential damages.
Any software contained in this deliverable is provided "AS IS" with no warranties, express or implied, including but not
limited to, the warranties of merchantability, fitness for a particular purpose and non-infringement of intellectual property
rights and ETSI shall not be held liable in any event for any damages whatsoever (including, without limitation, damages
for loss of profits, business interruption, loss of information, or any other pecuniary loss) arising out of or related to the use
of or inability to use the software.
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and
microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.
© ETSI 2024.
All rights reserved.
ETSI
3 Draft ETSI EN 319 102-1 V1.4.0 (2024-03)
Contents
Intellectual Property Rights . 7
Foreword . 7
Modal verbs terminology . 7
Introduction . 8
1 Scope . 9
2 References . 9
2.1 Normative references . 9
2.2 Informative references . 10
3 Definition of terms, symbols and abbreviations . 11
3.1 Terms . 11
3.2 Symbols . 14
3.3 Abbreviations . 14
4 Signature creation . 15
4.1 Signature creation model . 15
4.2 Signature creation information model . 17
4.2.1 Introduction. 17
4.2.2 Signature Creation Constraints . 18
4.2.3 Signer's Document (SD) . 18
4.2.4 Signer's Document Representation (SDR) . 18
4.2.5 Signature attributes . 19
4.2.5.1 General requirements . 19
4.2.5.2 Signing certificate identifier . 19
4.2.5.3 Signature policy identifier . 19
4.2.5.4 Signature policy store . 19
4.2.5.5 Data content type . 20
4.2.5.6 Commitment type indication . 20
4.2.5.7 Counter signatures . 20
4.2.5.8 Claimed signing time . 20
4.2.5.9 Claimed signer location . 20
4.2.5.10 Signer's attributes . 21
4.2.6 Data To Be Signed (DTBS) . 21
4.2.7 Data To Be Signed (Formatted) (DTBSF) . 21
4.2.8 Data To Be Signed Representation (DTBSR) . 21
4.2.9 Signature . 21
4.2.10 Signed Data Object (SDO) . 22
4.2.11 Validation data . 22
4.3 Signature Classes and Creation Processes . 22
4.3.1 Introduction. 22
4.3.2 Creation of Basic Signatures . 23
4.3.2.1 Description . 23
4.3.2.2 Inputs . 24
4.3.2.3 Outputs . 24
4.3.2.4 Processing . 24
4.3.2.4.1 Selection of documents to sign . 24
4.3.2.4.2 Signature attribute and parameters selection . 25
4.3.2.4.3 Pre-signature presentation . 25
4.3.2.4.4 Signature invocation . 25
4.3.2.4.5 Signing. 26
4.3.2.4.6 Signer authentication . 26
4.3.2.4.7 SDO composition . 26
4.3.3 Creation of a Signature with Time . 26
4.3.3.1 Description . 26
4.3.3.2 Inputs . 27
4.3.3.3 Outputs . 27
ETSI
4 Draft ETSI EN 319 102-1 V1.4.0 (2024-03)
4.3.3.4 Process . 27
4.3.4 Creation of Signatures with Long-Term Validation Material . 28
4.3.4.1 Description . 28
4.3.4.2 Inputs . 28
4.3.4.3 Outputs . 28
4.3.4.4 Process . 28
4.3.5 Creation of Signatures providing Long Term Availability and Integrity of Validation Material . 29
4.3.5.1 Description . 29
4.3.5.2 Inputs . 29
4.3.5.3 Outputs . 30
4.3.5.4 Process . 30
5 Signature validation . 30
5.1 Signature validation model . 30
5.1.1 General requirements . 30
5.1.2 Selecting validation processes . 33
5.1.3 Status indication of the signature validation process and signature validation report. 34
5.1.4 Validation constraints . 42
5.1.4.1 General requirements . 42
5.1.4.2 X.509 Validation Constraints . 43
5.1.4.3 Cryptographic Constraints . 43
5.1.4.4 Signature Elements Constraints . 43
5.2 Basic building blocks . 43
5.2.1 Description . 43
5.2.2 Format Checking . 44
5.2.2.1 Description . 44
5.2.2.2 Inputs . 44
5.2.2.3 Outputs . 44
5.2.3 Identification of the signing certificate . 45
5.2.3.1 Description . 45
5.2.3.2 Inputs . 45
5.2.3.3 Outputs . 45
5.2.3.4 Processing . 45
5.2.4 Validation context initialization . 46
5.2.4.1 Description . 46
5.2.4.2 Inputs . 46
5.2.4.3 Outputs . 46
5.2.4.4 Processing . 46
5.2.5 Revocation freshness checker . 47
5.2.5.1 Description . 47
5.2.5.2 Inputs . 47
5.2.5.3 Output . 47
5.2.5.4 Processing . 48
5.2.6 X.509 certificate validation . 48
5.2.6.1 Description . 48
5.2.6.2 Inputs . 49
5.2.6.3 Outputs . 49
5.2.6.4 Processing . 49
5.2.7 Cryptographic verification . 52
5.2.7.1 Description . 52
5.2.7.2 Inputs . 52
5.2.7.3 Outputs . 53
5.2.7.4 Processing . 53
5.2.8 Signature Acceptance Validation (SAV) . 53
5.2.8.1 Description . 53
5.2.8.2 Inputs . 54
5.2.8.3 Outputs . 54
5.2.8.4 Processing . 54
5.2.8.4.1 General requirements . 54
5.2.8.4.2 Processing AdES attributes . 55
5.2.9 Signature validation presentation building block . 56
5.3 Validation process for Basic Signatures . 57
ETSI
5 Draft ETSI EN 319 102-1 V1.4.0 (2024-03)
5.3.1 Description . 57
5.3.2 Inputs . 57
5.3.3 Outputs . 57
5.3.4 Processing . 57
5.4 Time-stamp validation building block . 59
5.4.1 Description . 59
5.4.2 Inputs . 60
5.4.3 Outputs . 60
5.4.4 Processing . 60
5.5 Validation process for Signatures with Time and Signatures with Long-Term Validation Material . 60
5.5.1 Description . 60
5.5.2 Inputs . 61
5.5.3 Outputs . 61
5.5.4 Processing . 61
5.6 Validation process for Signatures providing Long Term Availability and Integrity of Validation
Material . 64
5.6.1 Introduction. 64
5.6.2 Additional building blocks . 65
5.6.2.1 Past certificate validation . 65
5.6.2.1.1 Description . 65
5.6.2.1.2 Input . 65
5.6.2.1.3 Output . 65
5.6.2.1.4 Processing . 66
5.6.2.2 Validation time sliding process . 66
5.6.2.2.1 Description . 66
5.6.2.2.2 Input . 66
5.6.2.2.3 Output . 67
5.6.2.2.4 Processing . 67
5.6.2.3 POE extraction . 68
5.6.2.3.1 Description . 68
5.6.2.3.2 Input . 69
5.6.2.3.3 Output . 69
5.6.2.3.4 Processing . 69
5.6.2.4 Past signature validation building block . 69
5.6.2.4.1 Description . 69
5.6.2.4.2 Input . 69
5.6.2.4.3 Output . 70
5.6.2.4.4 Processing . 70
5.6.3 Validation Process for Signatures providing Long Term Availability and Integrity of Validation
Material . 71
5.6.3.1 Description . 71
5.6.3.2 Input . 72
5.6.3.3 Output . 72
5.6.3.4 Processing . 72
Annex A (informative): Validation examples . 76
A.1 General remarks and assumptions . 76
A.2 Symbols . 76
A.3 Example 1: Revoked certificate . 77
A.3.1 Introduction . 77
A.3.2 Basic signature validation . 77
A.3.3 Validating a Signature with Time . 78
A.3.4 Example 2: Revoked CA certificate . 78
A.3.5 Basic signature validation . 79
A.3.6 Validation of a Signature with Time . 79
A.3.7 Long-Term Validation . 80
Annex B (informative): Signature Classes and AdES Signatures . 83
Annex C (informative): Applicability rules checking and format conformance check . 84
ETSI
6 Draft ETSI EN 319 102-1 V1.4.0 (2024-03)
C.1 Applicability checking . 84
C.2 Format conformance. 84
Annex D (informative): Change history . 86
History . 88
ETSI
7 Draft ETSI EN 319 102-1 V1.4.0 (2024-03)
Intellectual Property Rights
Essential patents
IPRs essential or potentially essential to normative deliverables may have been declared to ETSI. The declarations
pertaining to these essential IPRs, if any, are publicly available for ETSI members and non-members, and can be
found in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to
ETSI in respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the
ETSI Web server (https://ipr.etsi.org/).
Pursuant to the ETSI Directives including the ETSI IPR Policy, no investigation regarding the essentiality of IPRs,
including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not
referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become,
essential to the present document.
Trademarks
The present document may include trademarks and/or tradenames which are asserted and/or registered by their owners.
ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no
right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does
not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks.
DECT™, PLUGTESTS™, UMTS™ and the ETSI logo are trademarks of ETSI registered for the benefit of its
Members. 3GPP™ and LTE™ are trademarks of ETSI registered for the benefit of its Members and of the 3GPP
Organizational Partners. oneM2M™ logo is a trademark of ETSI registered for the benefit of its Members and of the ®
oneM2M Partners. GSM and the GSM logo are trademarks registered and owned by the GSM Association.
Foreword
This draft European Standard (EN) has been produced by ETSI Technical Committee Electronic Signatures and
Infrastructures (ESI), and is now submitted for the combined Public Enquiry and Vote phase of the ETSI EN Approval
Procedure.
The present document is part 1 of a multi-part deliverable covering Procedures for Creation and Validation of AdES
Digital Signatures, as identified below:
ETSI EN 319 102-1: "Creation and Validation";
ETSI TS 119 102-2: "Signature Validation Report".
Proposed national transposition dates
Date of latest announcement of this EN (doa): 3 months after ETSI publication
Date of latest publication of new National Standard
or endorsement of this EN (dop/e): 6 months after doa
Date of withdrawal of any conflicting National Standard (dow): 6 months after doa
Modal verbs terminology
In the present document "shall", "shall not", "should", "should not", "may", "need not", "will", "will not", "can" and
"cannot" are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of
provisions).
"must" and "must not" are NOT allowed in ETSI deliverables except when used in direct citation.
ETSI
8 Draft ETSI EN 319 102-1 V1.4.0 (2024-03)
Introduction
The present document aims to meet the general requirements of the international community to provide trust and
confidence in electronic transactions, including, amongst other, applicable requirements from Regulation (EU)
No 910/2014 [i.15].
ETSI
9 Draft ETSI EN 319 102-1 V1.4.0 (2024-03)
1 Scope
The present document specifies procedures for:
• the creation of AdES digital signatures (specified in ETSI EN 319 122-1 [i.2], ETSI EN 319 132-1 [i.4], ETSI
EN 319 142-1 [i.6] respectively);
• establishing whether an AdES digital signature is technically valid;
whenever the AdES digital signature is based on public key cryptography and supported by Public Key
Certificates (PKCs). To improve readability of the present document, AdES digital signatures are meant when the term
signature is being used.
NOTE 1: Regulation (EU) No 910/2014 [i.15] defines the terms electronic signature, advanced electronic signature,
electronic seals and advanced electronic seal. These signatures and seals are usually created using digital
signature technology. The present document aims at supporting the Regulation (EU) No 910/2014 [i.15]
for creation and validation of advanced electronic signatures and seals when they are implemented as
AdES digital signatures.
The present document introduces general principles, objects and functions relevant when creating or validating
signatures based on signature creation and validation constraints and defines general classes of signatures that allow for
verifiability over long periods.
The following aspects are considered to be out of scope:
• generation and distribution of Signature Creation Data (keys, etc.), and the selection and use of cryptographic
algorithms;
• format, syntax or encoding of data objects involved, specifically format or encoding for documents to be
signed or signatures created; and
• the legal interpretation of any signature, especially the legal validity of a signature.
NOTE 2: The signature creation and validation procedures specified in the present document provide several
options and possibilities. The selection of these options is driven by a signature creation policy, a
signature augmentation policy or a signature validation policy respectively. Note that legal requirements
can be provided through specific policies, e.g. in the context of qualified electronic signatures as defined
in the Regulation (EU) 910/2014 [i.15].
2 References
2.1 Normative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
Referenced documents which are not found to be publicly available in the expected location might be found at
https://docbox.etsi.org/Reference/.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are necessary for the application of the present document.
[1] IETF RFC 5280: "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation
List (CRL) Profile".
[2] ISO/IEC 9594-8:2020: "Information technology -- Open Systems Interconnection -- Part 8: The
Directory: Public-key and attribute certificate frameworks".
ETSI
10 Draft ETSI EN 319 102-1 V1.4.0 (2024-03)
[3] IETF RFC 3161: "Internet X.509 Public Key Infrastructure; Time Stamp Protocol (TSP)".
[4] ETSI TS 119 172-1: "Electronic Signatures and Infrastructures (ESI); Signature Policies;
Part 1: Building blocks and table of contents for human readable signature policy documents".
[5] T7 & TeleTrusT: "Common PKI Specifications for Interoperable Applications", Specification
Part 9 SigG-Profile, Version 2.0, 20 January 2009.
2.2 Informative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are not necessary for the application of the present document but they assist the
user with regard to a particular subject area.
[i.1] IETF RFC 4158: "Internet X.509 Public Key Infrastructure: Certification Path Building".
[i.2] ETSI EN 319 122-1: "Electronic Signatures and Infrastructures (ESI); CAdES digital signatures;
Part 1: Building blocks and CAdES baseline signatures".
[i.3] ETSI EN 319 122-2: "Electronic Signatures and Infrastructures (ESI); CAdES digital signatures;
Part 2: Extended CAdES signatures".
[i.4] ETSI EN 319 132-1: "Electronic Signatures and Infrastructures (ESI); XAdES digital signatures;
Part 1: Building blocks and XAdES baseline signatures".
[i.5] ETSI EN 319 132-2: "Electronic Signatures and Infrastructures (ESI); XAdES digital signatures;
Part 2: Extended XAdES signatures".
[i.6] ETSI EN 319 142-1: "Electronic Signatures and Infrastructures (ESI); PAdES digital signatures;
Part 1: Building blocks and PAdES baseline signatures".
[i.7] ETSI EN 319 142-2: "Electronic Signatures and Infrastructures (ESI); PAdES digital signatures;
Part 2: Additional PAdES signatures profiles".
[i.8] IETF RFC 5652: "Cryptographic Message Syntax (CMS)".
[i.9] IETF RFC 4998: "Evidence Record Syntax (ERS)".
[i.10] IETF RFC 6283: "Extensible Markup Language Evidence Record Syntax (XMLERS)".
[i.11] Void.
[i.12] IETF RFC 6960: "X.509 Internet Public Key Infrastructure Online Certificate Status
Protocol - OCSP".
[i.13] ETSI EN 319 422: "Electronic Signatures and Infrastructures (ESI); Time-stamping protocol and
time-stamp token profiles".
[i.14] ETSI TS 119 312: "Electronic Signatures and Infrastructures (ESI); Cryptographic Suites".
[i.15] Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on
electronic identification and trust services for electronic transactions in the internal market and
repealing Directive 1999/93/EC.
[i.16] IETF RFC 3852: "Cryptographic Message Syntax (CMS)".
[i.17] ETSI TS 119 442: "Electronic Signatures and Infrastructures (ESI); Protocol profiles for trust
service providers providing AdES digital signature validation services".
ETSI
11 Draft ETSI EN 319 102-1 V1.4.0 (2024-03)
[i.18] ETSI TS 119 102-2: "Electronic Signatures and Infrastructures (ESI); Procedures for Creation and
Validation of AdES Digital Signatures; Part 2: Signature Validation Report".
[i.19] ETSI EN 319 411-1: "Electronic Signatures and Infrastructures (ESI); Policy and security
requirements for Trust Service Providers issuing certificates; Part 1: General requirements".
[i.20] ISO/IEC 14533-4:2019: "Processes, data elements and documents in commerce, industry and
administration - Long term signature profiles - Part 4: Attributes pointing to (external) proof of
existence objects used in long term signature formats (PoEAttributes)".
[i.21] ETSI EN 319 412-1: "Electronic Signatures and Infrastructures (ESI); Certificate Profiles;
Part 1: Overview and common data structures".
3 Definition of terms, symbols and abbreviations
3.1 Terms
For the purposes of the present document, the following terms apply:
attribute authority: authority which assigns privileges by issuing attribute certificates
attribute certificate: data structure, digitally signed by an attribute authority, that binds some attribute values with
identification information about its holder
certificate: See Public Key Certificate (PKC).
certificate identifier: unambiguous identifier of a certificate
certificate path (chain) validation: process of verifying and confirming that a certificate path (chain) is valid
Certificate Revocation List (CRL): signed list indicating a set of certificates that are no longer considered valid by the
certificate issuer
certificate validation: process of verifying and confirming that a certificate is valid
certification authority: authority trusted by one or more users to create and assign public-key certificates
chain model: model for validation of X.509 certificate chains where all CA certificates have to be valid at the time they
were used for issuing a certificate and the end-entity certificate was valid when creating the signature
claimed signing time: time of signing claimed by the signer which on its own does not provide independent evidence
of the actual signing time
(signature) commitment type: signer-selected indication of the exact implication of a digital signature
(signature) creation constraint: criteria used when creating a digital signature
cryptographic suite: combination of a signature scheme with a padding method and a cryptographic hash function
detached (digital) signature: digital signature that, with respect to the Signed Data Object, is neither enveloping nor
enveloped
digital signature: data appended to, or a cryptographic transformation of a data unit that allows a recipient of the data
unit to prove the source and integrity of the data unit and protect against forgery, e.g. by the recipient
digital signature value: result of the cryptographic transformation of a data unit that allows a recipient of the data unit
to prove the source and integrity of the data unit
...
EUROPEAN STANDARD
Electronic Signatures and Trust Infrastructures (ESI);
Procedures for Creation and Validation
of AdES Digital Signatures;
Part 1: Creation and Validation
2 ETSI EN 319 102-1 V1.4.1 (2024-06)
Reference
REN/ESI-0019102-1v1.4.1
Keywords
electronic signature, security, trust services
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE
Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16
Siret N° 348 623 562 00017 - APE 7112B
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° w061004871
Important notice
The present document can be downloaded from:
https://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the prevailing version of an ETSI
deliverable is the one made publicly available in PDF format at www.etsi.org/deliver.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
If you find a security vulnerability in the present document, please report it through our
Coordinated Vulnerability Disclosure Program:
https://www.etsi.org/standards/coordinated-vulnerability-disclosure
Notice of disclaimer & limitation of liability
The information provided in the present deliverable is directed solely to professionals who have the appropriate degree of
experience to understand and interpret its content in accordance with generally accepted engineering or
other professional standard and applicable regulations.
No recommendation as to products and services or vendors is made or should be implied.
In no event shall ETSI be held liable for loss of profits or any other incidental or consequential damages.
Any software contained in this deliverable is provided "AS IS" with no warranties, express or implied, including but not
limited to, the warranties of merchantability, fitness for a particular purpose and non-infringement of intellectual property
rights and ETSI shall not be held liable in any event for any damages whatsoever (including, without limitation, damages
for loss of profits, business interruption, loss of information, or any other pecuniary loss) arising out of or related to the use
of or inability to use the software.
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and
microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.
© ETSI 2024.
All rights reserved.
ETSI
3 ETSI EN 319 102-1 V1.4.1 (2024-06)
Contents
Intellectual Property Rights . 7
Foreword . 7
Modal verbs terminology . 7
Introduction . 8
1 Scope . 9
2 References . 9
2.1 Normative references . 9
2.2 Informative references . 10
3 Definition of terms, symbols and abbreviations . 11
3.1 Terms . 11
3.2 Symbols . 14
3.3 Abbreviations . 14
4 Signature creation . 15
4.1 Signature creation model . 15
4.2 Signature creation information model . 17
4.2.1 Introduction. 17
4.2.2 Signature Creation Constraints . 18
4.2.3 Signer's Document (SD) . 18
4.2.4 Signer's Document Representation (SDR) . 18
4.2.5 Signature attributes . 19
4.2.5.1 General requirements . 19
4.2.5.2 Signing certificate identifier . 19
4.2.5.3 Signature policy identifier . 19
4.2.5.4 Signature policy store . 19
4.2.5.5 Data content type . 20
4.2.5.6 Commitment type indication . 20
4.2.5.7 Counter signatures . 20
4.2.5.8 Claimed signing time . 20
4.2.5.9 Claimed signer location . 20
4.2.5.10 Signer's attributes . 21
4.2.6 Data To Be Signed (DTBS) . 21
4.2.7 Data To Be Signed (Formatted) (DTBSF) . 21
4.2.8 Data To Be Signed Representation (DTBSR) . 21
4.2.9 Signature . 21
4.2.10 Signed Data Object (SDO) . 22
4.2.11 Validation data . 22
4.3 Signature Classes and Creation Processes . 22
4.3.1 Introduction. 22
4.3.2 Creation of Basic Signatures . 23
4.3.2.1 Description . 23
4.3.2.2 Inputs . 24
4.3.2.3 Outputs . 24
4.3.2.4 Processing . 24
4.3.2.4.1 Selection of documents to sign . 24
4.3.2.4.2 Signature attribute and parameters selection . 25
4.3.2.4.3 Pre-signature presentation . 25
4.3.2.4.4 Signature invocation . 25
4.3.2.4.5 Signing. 26
4.3.2.4.6 Signer authentication . 26
4.3.2.4.7 SDO composition . 26
4.3.3 Creation of a Signature with Time . 26
4.3.3.1 Description . 26
4.3.3.2 Inputs . 27
4.3.3.3 Outputs . 27
ETSI
4 ETSI EN 319 102-1 V1.4.1 (2024-06)
4.3.3.4 Process . 27
4.3.4 Creation of Signatures with Long-Term Validation Material . 28
4.3.4.1 Description . 28
4.3.4.2 Inputs . 28
4.3.4.3 Outputs . 28
4.3.4.4 Process . 28
4.3.5 Creation of Signatures providing Long Term Availability and Integrity of Validation Material . 29
4.3.5.1 Description . 29
4.3.5.2 Inputs . 29
4.3.5.3 Outputs . 30
4.3.5.4 Process . 30
5 Signature validation . 30
5.1 Signature validation model . 30
5.1.1 General requirements . 30
5.1.2 Selecting validation processes . 33
5.1.3 Status indication of the signature validation process and signature validation report. 34
5.1.4 Validation constraints . 42
5.1.4.1 General requirements . 42
5.1.4.2 X.509 Validation Constraints . 43
5.1.4.3 Cryptographic Constraints . 43
5.1.4.4 Signature Elements Constraints . 43
5.2 Basic building blocks . 43
5.2.1 Description . 43
5.2.2 Format Checking . 44
5.2.2.1 Description . 44
5.2.2.2 Inputs . 44
5.2.2.3 Outputs . 44
5.2.3 Identification of the signing certificate . 45
5.2.3.1 Description . 45
5.2.3.2 Inputs . 45
5.2.3.3 Outputs . 45
5.2.3.4 Processing . 45
5.2.4 Validation context initialization . 46
5.2.4.1 Description . 46
5.2.4.2 Inputs . 46
5.2.4.3 Outputs . 46
5.2.4.4 Processing . 46
5.2.5 Revocation freshness checker . 47
5.2.5.1 Description . 47
5.2.5.2 Inputs . 47
5.2.5.3 Output . 47
5.2.5.4 Processing . 48
5.2.6 X.509 certificate validation . 48
5.2.6.1 Description . 48
5.2.6.2 Inputs . 49
5.2.6.3 Outputs . 49
5.2.6.4 Processing . 49
5.2.7 Cryptographic verification . 52
5.2.7.1 Description . 52
5.2.7.2 Inputs . 52
5.2.7.3 Outputs . 53
5.2.7.4 Processing . 53
5.2.8 Signature Acceptance Validation (SAV) . 53
5.2.8.1 Description . 53
5.2.8.2 Inputs . 54
5.2.8.3 Outputs . 54
5.2.8.4 Processing . 54
5.2.8.4.1 General requirements . 54
5.2.8.4.2 Processing AdES attributes . 55
5.2.9 Signature validation presentation building block . 56
5.3 Validation process for Basic Signatures . 57
ETSI
5 ETSI EN 319 102-1 V1.4.1 (2024-06)
5.3.1 Description . 57
5.3.2 Inputs . 57
5.3.3 Outputs . 57
5.3.4 Processing . 57
5.4 Time-stamp validation building block . 59
5.4.1 Description . 59
5.4.2 Inputs . 60
5.4.3 Outputs . 60
5.4.4 Processing . 60
5.5 Validation process for Signatures with Time and Signatures with Long-Term Validation Material . 60
5.5.1 Description . 60
5.5.2 Inputs . 61
5.5.3 Outputs . 61
5.5.4 Processing . 61
5.6 Validation process for Signatures providing Long Term Availability and Integrity of Validation
Material . 64
5.6.1 Introduction. 64
5.6.2 Additional building blocks . 65
5.6.2.1 Past certificate validation . 65
5.6.2.1.1 Description . 65
5.6.2.1.2 Input . 65
5.6.2.1.3 Output . 65
5.6.2.1.4 Processing . 66
5.6.2.2 Validation time sliding process . 66
5.6.2.2.1 Description . 66
5.6.2.2.2 Input . 66
5.6.2.2.3 Output . 67
5.6.2.2.4 Processing . 67
5.6.2.3 POE extraction . 68
5.6.2.3.1 Description . 68
5.6.2.3.2 Input . 69
5.6.2.3.3 Output . 69
5.6.2.3.4 Processing . 69
5.6.2.4 Past signature validation building block . 69
5.6.2.4.1 Description . 69
5.6.2.4.2 Input . 69
5.6.2.4.3 Output . 70
5.6.2.4.4 Processing . 70
5.6.3 Validation Process for Signatures providing Long Term Availability and Integrity of Validation
Material . 71
5.6.3.1 Description . 71
5.6.3.2 Input . 72
5.6.3.3 Output . 72
5.6.3.4 Processing . 72
Annex A (informative): Validation examples . 76
A.1 General remarks and assumptions . 76
A.2 Symbols . 76
A.3 Example 1: Revoked certificate . 77
A.3.1 Introduction . 77
A.3.2 Basic signature validation . 77
A.3.3 Validating a Signature with Time . 78
A.3.4 Example 2: Revoked CA certificate . 78
A.3.5 Basic signature validation . 79
A.3.6 Validation of a Signature with Time . 79
A.3.7 Long-Term Validation . 80
Annex B (informative): Signature Classes and AdES Signatures . 83
Annex C (informative): Applicability rules checking and format conformance check . 84
ETSI
6 ETSI EN 319 102-1 V1.4.1 (2024-06)
C.1 Applicability checking . 84
C.2 Format conformance. 84
Annex D (informative): Change history . 86
History . 88
ETSI
7 ETSI EN 319 102-1 V1.4.1 (2024-06)
Intellectual Property Rights
Essential patents
IPRs essential or potentially essential to normative deliverables may have been declared to ETSI. The declarations
pertaining to these essential IPRs, if any, are publicly available for ETSI members and non-members, and can be
found in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to
ETSI in respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the
ETSI Web server (https://ipr.etsi.org/).
Pursuant to the ETSI Directives including the ETSI IPR Policy, no investigation regarding the essentiality of IPRs,
including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not
referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become,
essential to the present document.
Trademarks
The present document may include trademarks and/or tradenames which are asserted and/or registered by their owners.
ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no
right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does
not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks.
DECT™, PLUGTESTS™, UMTS™ and the ETSI logo are trademarks of ETSI registered for the benefit of its
Members. 3GPP™ and LTE™ are trademarks of ETSI registered for the benefit of its Members and of the 3GPP
Organizational Partners. oneM2M™ logo is a trademark of ETSI registered for the benefit of its Members and of the ®
oneM2M Partners. GSM and the GSM logo are trademarks registered and owned by the GSM Association.
Foreword
This European Standard (EN) has been produced by ETSI Technical Committee Electronic Signatures and
Infrastructures (ESI).
The present document is part 1 of a multi-part deliverable covering Procedures for Creation and Validation of AdES
Digital Signatures, as identified below:
ETSI EN 319 102-1: "Creation and Validation";
ETSI TS 119 102-2: "Signature Validation Report".
National transposition dates
Date of adoption of this EN: 17 June 2024
Date of latest announcement of this EN (doa): 30 September 2024
Date of latest publication of new National Standard
or endorsement of this EN (dop/e): 31 March 2025
Date of withdrawal of any conflicting National Standard (dow): 31 March 2025
Modal verbs terminology
In the present document "shall", "shall not", "should", "should not", "may", "need not", "will", "will not", "can" and
"cannot" are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of
provisions).
ETSI
8 ETSI EN 319 102-1 V1.4.1 (2024-06)
"must" and "must not" are NOT allowed in ETSI deliverables except when used in direct citation.
Introduction
The present document aims to meet the general requirements of the international community to provide trust and
confidence in electronic transactions, including, amongst other, applicable requirements from Regulation (EU)
No 910/2014 [i.15].
ETSI
9 ETSI EN 319 102-1 V1.4.1 (2024-06)
1 Scope
The present document specifies procedures for:
• the creation of AdES digital signatures (specified in ETSI EN 319 122-1 [i.2], ETSI EN 319 132-1 [i.4], ETSI
EN 319 142-1 [i.6] respectively);
• establishing whether an AdES digital signature is technically valid;
whenever the AdES digital signature is based on public key cryptography and supported by Public Key
Certificates (PKCs). To improve readability of the present document, AdES digital signatures are meant when the term
signature is being used.
NOTE 1: Regulation (EU) No 910/2014 [i.15] defines the terms electronic signature, advanced electronic signature,
electronic seals and advanced electronic seal. These signatures and seals are usually created using digital
signature technology. The present document aims at supporting the Regulation (EU) No 910/2014 [i.15]
for creation and validation of advanced electronic signatures and seals when they are implemented as
AdES digital signatures.
The present document introduces general principles, objects and functions relevant when creating or validating
signatures based on signature creation and validation constraints and defines general classes of signatures that allow for
verifiability over long periods.
The following aspects are considered to be out of scope:
• generation and distribution of Signature Creation Data (keys, etc.), and the selection and use of cryptographic
algorithms;
• format, syntax or encoding of data objects involved, specifically format or encoding for documents to be
signed or signatures created; and
• the legal interpretation of any signature, especially the legal validity of a signature.
NOTE 2: The signature creation and validation procedures specified in the present document provide several
options and possibilities. The selection of these options is driven by a signature creation policy, a
signature augmentation policy or a signature validation policy respectively. Note that legal requirements
can be provided through specific policies, e.g. in the context of qualified electronic signatures as defined
in the Regulation (EU) 910/2014 [i.15].
2 References
2.1 Normative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
Referenced documents which are not found to be publicly available in the expected location might be found at
https://docbox.etsi.org/Reference/.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are necessary for the application of the present document.
[1] IETF RFC 5280: "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation
List (CRL) Profile".
[2] ISO/IEC 9594-8:2020: "Information technology -- Open Systems Interconnection -- Part 8: The
Directory: Public-key and attribute certificate frameworks".
ETSI
10 ETSI EN 319 102-1 V1.4.1 (2024-06)
[3] IETF RFC 3161: "Internet X.509 Public Key Infrastructure; Time Stamp Protocol (TSP)".
[4] ETSI TS 119 172-1: "Electronic Signatures and Infrastructures (ESI); Signature Policies;
Part 1: Building blocks and table of contents for human readable signature policy documents".
[5] T7 & TeleTrusT: "Common PKI Specifications for Interoperable Applications", Specification
Part 9 SigG-Profile, Version 2.0, 20 January 2009.
2.2 Informative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are not necessary for the application of the present document but they assist the
user with regard to a particular subject area.
[i.1] IETF RFC 4158: "Internet X.509 Public Key Infrastructure: Certification Path Building".
[i.2] ETSI EN 319 122-1: "Electronic Signatures and Infrastructures (ESI); CAdES digital signatures;
Part 1: Building blocks and CAdES baseline signatures".
[i.3] ETSI EN 319 122-2: "Electronic Signatures and Infrastructures (ESI); CAdES digital signatures;
Part 2: Extended CAdES signatures".
[i.4] ETSI EN 319 132-1: "Electronic Signatures and Infrastructures (ESI); XAdES digital signatures;
Part 1: Building blocks and XAdES baseline signatures".
[i.5] ETSI EN 319 132-2: "Electronic Signatures and Infrastructures (ESI); XAdES digital signatures;
Part 2: Extended XAdES signatures".
[i.6] ETSI EN 319 142-1: "Electronic Signatures and Infrastructures (ESI); PAdES digital signatures;
Part 1: Building blocks and PAdES baseline signatures".
[i.7] ETSI EN 319 142-2: "Electronic Signatures and Infrastructures (ESI); PAdES digital signatures;
Part 2: Additional PAdES signatures profiles".
[i.8] IETF RFC 5652: "Cryptographic Message Syntax (CMS)".
[i.9] IETF RFC 4998: "Evidence Record Syntax (ERS)".
[i.10] IETF RFC 6283: "Extensible Markup Language Evidence Record Syntax (XMLERS)".
[i.11] Void.
[i.12] IETF RFC 6960: "X.509 Internet Public Key Infrastructure Online Certificate Status
Protocol - OCSP".
[i.13] ETSI EN 319 422: "Electronic Signatures and Infrastructures (ESI); Time-stamping protocol and
time-stamp token profiles".
[i.14] ETSI TS 119 312: "Electronic Signatures and Infrastructures (ESI); Cryptographic Suites".
[i.15] Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on
electronic identification and trust services for electronic transactions in the internal market and
repealing Directive 1999/93/EC.
[i.16] IETF RFC 3852: "Cryptographic Message Syntax (CMS)".
[i.17] ETSI TS 119 442: "Electronic Signatures and Infrastructures (ESI); Protocol profiles for trust
service providers providing AdES digital signature validation services".
ETSI
11 ETSI EN 319 102-1 V1.4.1 (2024-06)
[i.18] ETSI TS 119 102-2: "Electronic Signatures and Infrastructures (ESI); Procedures for Creation and
Validation of AdES Digital Signatures; Part 2: Signature Validation Report".
[i.19] ETSI EN 319 411-1: "Electronic Signatures and Infrastructures (ESI); Policy and security
requirements for Trust Service Providers issuing certificates; Part 1: General requirements".
[i.20] ISO/IEC 14533-4:2019: "Processes, data elements and documents in commerce, industry and
administration - Long term signature profiles - Part 4: Attributes pointing to (external) proof of
existence objects used in long term signature formats (PoEAttributes)".
[i.21] ETSI EN 319 412-1: "Electronic Signatures and Infrastructures (ESI); Certificate Profiles;
Part 1: Overview and common data structures".
3 Definition of terms, symbols and abbreviations
3.1 Terms
For the purposes of the present document, the following terms apply:
attribute authority: authority which assigns privileges by issuing attribute certificates
attribute certificate: data structure, digitally signed by an attribute authority, that binds some attribute values with
identification information about its holder
certificate: See Public Key Certificate (PKC).
certificate identifier: unambiguous identifier of a certificate
certificate path (chain) validation: process of verifying and confirming that a certificate path (chain) is valid
Certificate Revocation List (CRL): signed list indicating a set of certificates that are no longer considered valid by the
certificate issuer
certificate validation: process of verifying and confirming that a certificate is valid
certification authority: authority trusted by one or more users to create and assign public-key certificates
chain model: model for validation of X.509 certificate chains where all CA certificates have to be valid at the time they
were used for issuing a certificate and the end-entity certificate was valid when creating the signature
claimed signing time: time of signing claimed by the signer which on its own does not provide independent evidence
of the actual signing time
(signature) commitment type: signer-selected indication of the exact implication of a digital signature
(signature) creation constraint: criteria used when creating a digital signature
cryptographic suite: combination of a signature scheme with a padding method and a cryptographic hash function
detached (digital) signature: digital signature that, with respect to the Signed Data Object, is neither enveloping nor
enveloped
digital signature: data appended to, or a cryptographic transformation of a data unit that allows a recipient of the data
unit to prove the source and integrity of the data unit and protect against forgery, e.g. by the recipient
digital signature value: result of the cryptographic transformation of a data unit that allows a recipient of the data unit
to prove the source and integrity of the data unit and protect against forgery, e.g. by the recipient
Driving Application (DA): application that uses a Signature Creation System (SCS) to create a signature
...
SLOVENSKI STANDARD
01-september-2024
Elektronski podpisi in infrastrukture zaupanja (ESI) - Postopki za oblikovanje in
validacijo digitalnih podpisov AdES - 1. del: Oblikovanje in validacija
Electronic Signatures and Trust Infrastructures (ESI) - Procedures for Creation and
Validation of AdES Digital Signatures - Part 1: Creation and Validation
Ta slovenski standard je istoveten z: ETSI EN 319 102-1 V1.4.1 (2024-06)
ICS:
35.040.01 Kodiranje informacij na Information coding in general
splošno
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
EUROPEAN STANDARD
Electronic Signatures and Trust Infrastructures (ESI);
Procedures for Creation and Validation
of AdES Digital Signatures;
Part 1: Creation and Validation
2 ETSI EN 319 102-1 V1.4.1 (2024-06)
Reference
REN/ESI-0019102-1v1.4.1
Keywords
electronic signature, security, trust services
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE
Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16
Siret N° 348 623 562 00017 - APE 7112B
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° w061004871
Important notice
The present document can be downloaded from:
https://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the prevailing version of an ETSI
deliverable is the one made publicly available in PDF format at www.etsi.org/deliver.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
If you find a security vulnerability in the present document, please report it through our
Coordinated Vulnerability Disclosure Program:
https://www.etsi.org/standards/coordinated-vulnerability-disclosure
Notice of disclaimer & limitation of liability
The information provided in the present deliverable is directed solely to professionals who have the appropriate degree of
experience to understand and interpret its content in accordance with generally accepted engineering or
other professional standard and applicable regulations.
No recommendation as to products and services or vendors is made or should be implied.
In no event shall ETSI be held liable for loss of profits or any other incidental or consequential damages.
Any software contained in this deliverable is provided "AS IS" with no warranties, express or implied, including but not
limited to, the warranties of merchantability, fitness for a particular purpose and non-infringement of intellectual property
rights and ETSI shall not be held liable in any event for any damages whatsoever (including, without limitation, damages
for loss of profits, business interruption, loss of information, or any other pecuniary loss) arising out of or related to the use
of or inability to use the software.
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and
microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.
© ETSI 2024.
All rights reserved.
ETSI
3 ETSI EN 319 102-1 V1.4.1 (2024-06)
Contents
Intellectual Property Rights . 7
Foreword . 7
Modal verbs terminology . 7
Introduction . 8
1 Scope . 9
2 References . 9
2.1 Normative references . 9
2.2 Informative references . 10
3 Definition of terms, symbols and abbreviations . 11
3.1 Terms . 11
3.2 Symbols . 14
3.3 Abbreviations . 14
4 Signature creation . 15
4.1 Signature creation model . 15
4.2 Signature creation information model . 17
4.2.1 Introduction. 17
4.2.2 Signature Creation Constraints . 18
4.2.3 Signer's Document (SD) . 18
4.2.4 Signer's Document Representation (SDR) . 18
4.2.5 Signature attributes . 19
4.2.5.1 General requirements . 19
4.2.5.2 Signing certificate identifier . 19
4.2.5.3 Signature policy identifier . 19
4.2.5.4 Signature policy store . 19
4.2.5.5 Data content type . 20
4.2.5.6 Commitment type indication . 20
4.2.5.7 Counter signatures . 20
4.2.5.8 Claimed signing time . 20
4.2.5.9 Claimed signer location . 20
4.2.5.10 Signer's attributes . 21
4.2.6 Data To Be Signed (DTBS) . 21
4.2.7 Data To Be Signed (Formatted) (DTBSF) . 21
4.2.8 Data To Be Signed Representation (DTBSR) . 21
4.2.9 Signature . 21
4.2.10 Signed Data Object (SDO) . 22
4.2.11 Validation data . 22
4.3 Signature Classes and Creation Processes . 22
4.3.1 Introduction. 22
4.3.2 Creation of Basic Signatures . 23
4.3.2.1 Description . 23
4.3.2.2 Inputs . 24
4.3.2.3 Outputs . 24
4.3.2.4 Processing . 24
4.3.2.4.1 Selection of documents to sign . 24
4.3.2.4.2 Signature attribute and parameters selection . 25
4.3.2.4.3 Pre-signature presentation . 25
4.3.2.4.4 Signature invocation . 25
4.3.2.4.5 Signing. 26
4.3.2.4.6 Signer authentication . 26
4.3.2.4.7 SDO composition . 26
4.3.3 Creation of a Signature with Time . 26
4.3.3.1 Description . 26
4.3.3.2 Inputs . 27
4.3.3.3 Outputs . 27
ETSI
4 ETSI EN 319 102-1 V1.4.1 (2024-06)
4.3.3.4 Process . 27
4.3.4 Creation of Signatures with Long-Term Validation Material . 28
4.3.4.1 Description . 28
4.3.4.2 Inputs . 28
4.3.4.3 Outputs . 28
4.3.4.4 Process . 28
4.3.5 Creation of Signatures providing Long Term Availability and Integrity of Validation Material . 29
4.3.5.1 Description . 29
4.3.5.2 Inputs . 29
4.3.5.3 Outputs . 30
4.3.5.4 Process . 30
5 Signature validation . 30
5.1 Signature validation model . 30
5.1.1 General requirements . 30
5.1.2 Selecting validation processes . 33
5.1.3 Status indication of the signature validation process and signature validation report. 34
5.1.4 Validation constraints . 42
5.1.4.1 General requirements . 42
5.1.4.2 X.509 Validation Constraints . 43
5.1.4.3 Cryptographic Constraints . 43
5.1.4.4 Signature Elements Constraints . 43
5.2 Basic building blocks . 43
5.2.1 Description . 43
5.2.2 Format Checking . 44
5.2.2.1 Description . 44
5.2.2.2 Inputs . 44
5.2.2.3 Outputs . 44
5.2.3 Identification of the signing certificate . 45
5.2.3.1 Description . 45
5.2.3.2 Inputs . 45
5.2.3.3 Outputs . 45
5.2.3.4 Processing . 45
5.2.4 Validation context initialization . 46
5.2.4.1 Description . 46
5.2.4.2 Inputs . 46
5.2.4.3 Outputs . 46
5.2.4.4 Processing . 46
5.2.5 Revocation freshness checker . 47
5.2.5.1 Description . 47
5.2.5.2 Inputs . 47
5.2.5.3 Output . 47
5.2.5.4 Processing . 48
5.2.6 X.509 certificate validation . 48
5.2.6.1 Description . 48
5.2.6.2 Inputs . 49
5.2.6.3 Outputs . 49
5.2.6.4 Processing . 49
5.2.7 Cryptographic verification . 52
5.2.7.1 Description . 52
5.2.7.2 Inputs . 52
5.2.7.3 Outputs . 53
5.2.7.4 Processing . 53
5.2.8 Signature Acceptance Validation (SAV) . 53
5.2.8.1 Description . 53
5.2.8.2 Inputs . 54
5.2.8.3 Outputs . 54
5.2.8.4 Processing . 54
5.2.8.4.1 General requirements . 54
5.2.8.4.2 Processing AdES attributes . 55
5.2.9 Signature validation presentation building block . 56
5.3 Validation process for Basic Signatures . 57
ETSI
5 ETSI EN 319 102-1 V1.4.1 (2024-06)
5.3.1 Description . 57
5.3.2 Inputs . 57
5.3.3 Outputs . 57
5.3.4 Processing . 57
5.4 Time-stamp validation building block . 59
5.4.1 Description . 59
5.4.2 Inputs . 60
5.4.3 Outputs . 60
5.4.4 Processing . 60
5.5 Validation process for Signatures with Time and Signatures with Long-Term Validation Material . 60
5.5.1 Description . 60
5.5.2 Inputs . 61
5.5.3 Outputs . 61
5.5.4 Processing . 61
5.6 Validation process for Signatures providing Long Term Availability and Integrity of Validation
Material . 64
5.6.1 Introduction. 64
5.6.2 Additional building blocks . 65
5.6.2.1 Past certificate validation . 65
5.6.2.1.1 Description . 65
5.6.2.1.2 Input . 65
5.6.2.1.3 Output . 65
5.6.2.1.4 Processing . 66
5.6.2.2 Validation time sliding process . 66
5.6.2.2.1 Description . 66
5.6.2.2.2 Input . 66
5.6.2.2.3 Output . 67
5.6.2.2.4 Processing . 67
5.6.2.3 POE extraction . 68
5.6.2.3.1 Description . 68
5.6.2.3.2 Input . 69
5.6.2.3.3 Output . 69
5.6.2.3.4 Processing . 69
5.6.2.4 Past signature validation building block . 69
5.6.2.4.1 Description . 69
5.6.2.4.2 Input . 69
5.6.2.4.3 Output . 70
5.6.2.4.4 Processing . 70
5.6.3 Validation Process for Signatures providing Long Term Availability and Integrity of Validation
Material . 71
5.6.3.1 Description . 71
5.6.3.2 Input . 72
5.6.3.3 Output . 72
5.6.3.4 Processing . 72
Annex A (informative): Validation examples . 76
A.1 General remarks and assumptions . 76
A.2 Symbols . 76
A.3 Example 1: Revoked certificate . 77
A.3.1 Introduction . 77
A.3.2 Basic signature validation . 77
A.3.3 Validating a Signature with Time . 78
A.3.4 Example 2: Revoked CA certificate . 78
A.3.5 Basic signature validation . 79
A.3.6 Validation of a Signature with Time . 79
A.3.7 Long-Term Validation . 80
Annex B (informative): Signature Classes and AdES Signatures . 83
Annex C (informative): Applicability rules checking and format conformance check . 84
ETSI
6 ETSI EN 319 102-1 V1.4.1 (2024-06)
C.1 Applicability checking . 84
C.2 Format conformance. 84
Annex D (informative): Change history . 86
History . 88
ETSI
7 ETSI EN 319 102-1 V1.4.1 (2024-06)
Intellectual Property Rights
Essential patents
IPRs essential or potentially essential to normative deliverables may have been declared to ETSI. The declarations
pertaining to these essential IPRs, if any, are publicly available for ETSI members and non-members, and can be
found in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to
ETSI in respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the
ETSI Web server (https://ipr.etsi.org/).
Pursuant to the ETSI Directives including the ETSI IPR Policy, no investigation regarding the essentiality of IPRs,
including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not
referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become,
essential to the present document.
Trademarks
The present document may include trademarks and/or tradenames which are asserted and/or registered by their owners.
ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no
right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does
not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks.
DECT™, PLUGTESTS™, UMTS™ and the ETSI logo are trademarks of ETSI registered for the benefit of its
Members. 3GPP™ and LTE™ are trademarks of ETSI registered for the benefit of its Members and of the 3GPP
Organizational Partners. oneM2M™ logo is a trademark of ETSI registered for the benefit of its Members and of the ®
oneM2M Partners. GSM and the GSM logo are trademarks registered and owned by the GSM Association.
Foreword
This European Standard (EN) has been produced by ETSI Technical Committee Electronic Signatures and
Infrastructures (ESI).
The present document is part 1 of a multi-part deliverable covering Procedures for Creation and Validation of AdES
Digital Signatures, as identified below:
ETSI EN 319 102-1: "Creation and Validation";
ETSI TS 119 102-2: "Signature Validation Report".
National transposition dates
Date of adoption of this EN: 17 June 2024
Date of latest announcement of this EN (doa): 30 September 2024
Date of latest publication of new National Standard
or endorsement of this EN (dop/e): 31 March 2025
Date of withdrawal of any conflicting National Standard (dow): 31 March 2025
Modal verbs terminology
In the present document "shall", "shall not", "should", "should not", "may", "need not", "will", "will not", "can" and
"cannot" are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of
provisions).
ETSI
8 ETSI EN 319 102-1 V1.4.1 (2024-06)
"must" and "must not" are NOT allowed in ETSI deliverables except when used in direct citation.
Introduction
The present document aims to meet the general requirements of the international community to provide trust and
confidence in electronic transactions, including, amongst other, applicable requirements from Regulation (EU)
No 910/2014 [i.15].
ETSI
9 ETSI EN 319 102-1 V1.4.1 (2024-06)
1 Scope
The present document specifies procedures for:
• the creation of AdES digital signatures (specified in ETSI EN 319 122-1 [i.2], ETSI EN 319 132-1 [i.4], ETSI
EN 319 142-1 [i.6] respectively);
• establishing whether an AdES digital signature is technically valid;
whenever the AdES digital signature is based on public key cryptography and supported by Public Key
Certificates (PKCs). To improve readability of the present document, AdES digital signatures are meant when the term
signature is being used.
NOTE 1: Regulation (EU) No 910/2014 [i.15] defines the terms electronic signature, advanced electronic signature,
electronic seals and advanced electronic seal. These signatures and seals are usually created using digital
signature technology. The present document aims at supporting the Regulation (EU) No 910/2014 [i.15]
for creation and validation of advanced electronic signatures and seals when they are implemented as
AdES digital signatures.
The present document introduces general principles, objects and functions relevant when creating or validating
signatures based on signature creation and validation constraints and defines general classes of signatures that allow for
verifiability over long periods.
The following aspects are considered to be out of scope:
• generation and distribution of Signature Creation Data (keys, etc.), and the selection and use of cryptographic
algorithms;
• format, syntax or encoding of data objects involved, specifically format or encoding for documents to be
signed or signatures created; and
• the legal interpretation of any signature, especially the legal validity of a signature.
NOTE 2: The signature creation and validation procedures specified in the present document provide several
options and possibilities. The selection of these options is driven by a signature creation policy, a
signature augmentation policy or a signature validation policy respectively. Note that legal requirements
can be provided through specific policies, e.g. in the context of qualified electronic signatures as defined
in the Regulation (EU) 910/2014 [i.15].
2 References
2.1 Normative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
Referenced documents which are not found to be publicly available in the expected location might be found at
https://docbox.etsi.org/Reference/.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are necessary for the application of the present document.
[1] IETF RFC 5280: "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation
List (CRL) Profile".
[2] ISO/IEC 9594-8:2020: "Information technology -- Open Systems Interconnection -- Part 8: The
Directory: Public-key and attribute certificate frameworks".
ETSI
10 ETSI EN 319 102-1 V1.4.1 (2024-06)
[3] IETF RFC 3161: "Internet X.509 Public Key Infrastructure; Time Stamp Protocol (TSP)".
[4] ETSI TS 119 172-1: "Electronic Signatures and Infrastructures (ESI); Signature Policies;
Part 1: Building blocks and table of contents for human readable signature policy documents".
[5] T7 & TeleTrusT: "Common PKI Specifications for Interoperable Applications", Specification
Part 9 SigG-Profile, Version 2.0, 20 January 2009.
2.2 Informative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are not necessary for the application of the present document but they assist the
user with regard to a particular subject area.
[i.1] IETF RFC 4158: "Internet X.509 Public Key Infrastructure: Certification Path Building".
[i.2] ETSI EN 319 122-1: "Electronic Signatures and Infrastructures (ESI); CAdES digital signatures;
Part 1: Building blocks and CAdES baseline signatures".
[i.3] ETSI EN 319 122-2: "Electronic Signatures and Infrastructures (ESI); CAdES digital signatures;
Part 2: Extended CAdES signatures".
[i.4] ETSI EN 319 132-1: "Electronic Signatures and Infrastructures (ESI); XAdES digital signatures;
Part 1: Building blocks and XAdES baseline signatures".
[i.5] ETSI EN 319 132-2: "Electronic Signatures and Infrastructures (ESI); XAdES digital signatures;
Part 2: Extended XAdES signatures".
[i.6] ETSI EN 319 142-1: "Electronic Signatures and Infrastructures (ESI); PAdES digital signatures;
Part 1: Building blocks and PAdES baseline signatures".
[i.7] ETSI EN 319 142-2: "Electronic Signatures and Infrastructures (ESI); PAdES digital signatures;
Part 2: Additional PAdES signatures profiles".
[i.8] IETF RFC 5652: "Cryptographic Message Syntax (CMS)".
[i.9] IETF RFC 4998: "Evidence Record Syntax (ERS)".
[i.10] IETF RFC 6283: "Extensible Markup Language Evidence Record Syntax (XMLERS)".
[i.11] Void.
[i.12] IETF RFC 6960: "X.509 Internet Public Key Infrastructure Online Certificate Status
Protocol - OCSP".
[i.13] ETSI EN 319 422: "Electronic Signatures and Infrastructures (ESI); Time-stamping protocol and
time-stamp token profiles".
[i.14] ETSI TS 119 312: "Electronic Signatures and Infrastructures (ESI); Cryptographic Suites".
[i.15] Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on
electronic identification and trust services for electronic transactions in the internal market and
repealing Directive 1999/93/EC.
[i.16] IETF RFC 3852: "Cryptographic Message Syntax (CMS)".
[i.17] ETSI TS 119 442: "Electronic Signatures and Infrastructures (ESI); Protocol profiles for trust
service providers providing AdES digital signature validation services".
ETSI
11 ETSI EN 319 102-1 V1.4.1 (2024-06)
[i.18] ETSI TS 119 102-2: "Electronic Signatures and Infrastructures (ESI); Procedures for Creation and
Validation of AdES Digital Signatures; Part 2: Signature Validation Report".
[i.19] ETSI EN 319 411-1: "Electronic Signatures and Infrastructures (ESI); Policy and security
requirements for Trust Service Providers issuing certificates; Part 1: General requirements".
[i.20] ISO/IEC 14533-4:2019: "Processes, data elements and documents in commerce, industry and
administration - Long term signature profiles - Part 4: Attributes pointing to (external) proof of
existence objects used in long term signature formats (PoEAttributes)".
[i.21] ETSI EN 319 412-1: "Electronic Signatures and Infrastructures (ESI); Certificate Profiles;
Part 1: Overview and common data structures".
3 Definition of terms, symbols and abbreviations
3.1 Terms
For the purposes of the present document, the following terms apply:
attribute authority: authority which assigns privileges by issuing attribute certificates
attribute certificate: data structure, digitally signed by an attribute authority, that binds some attribute values with
identification information about its holder
certificate: See Public Key Certificate (PKC).
certificate identifier: unambiguous identifier of a certificate
certificate path (chain) validation: process of verifying and confirming that a certificate path (chain) is valid
Certificate Revocation List (CRL): signed list indicating a set of certificates that are no longer considered valid by the
certificate issuer
certificate validation: process of verifying and confirming that a certificate is valid
certification authority: authority trusted by one or more users to create and assign public-key certificates
chain model: model for validation of X.509 certificate chains where all CA certificates have to be valid at the time they
were used for issuing a certificate and the end-entity certificate was vali
...
La norme SIST EN 319 102-1 V1.4.1:2024 se concentre sur les procédures relatives à la création et à la validation des signatures électroniques avancées (AdES). Son champ d'application est crucial dans le contexte actuel de la sécurité numérique, en définissant de manière claire les protocoles essentiels à suivre pour garantir la validité technique des signatures. Un des points forts de cette norme est qu'elle établit des principes généraux ainsi que des fonctions pertinentes pour la création et la validation des signatures. En particulier, elle permet de définir des classes de signatures qui assurent la vérifiabilité sur de longues périodes. Ce cadre est essentiel pour les organisations cherchant à respecter les exigences du règlement (UE) n° 910/2014, qui régit les signatures électroniques. De plus, la norme souligne l'importance de la cryptographie à clé publique et des certificats de clé publique (PKCs) dans le processus de signature digitale. En spécifiant que la norme se concentre sur la validité technique des signatures AdES, elle reflète une approche pratique et axée sur la sécurité pour les opérations électroniques. En outre, il est important de noter que SIST EN 319 102-1 V1.4.1:2024 propose plusieurs options et possibilités quant aux procédures de création et de validation des signatures. Cela permet aux utilisateurs d'adapter les processus en fonction de leurs politiques spécifiques, qu'il s'agisse de politiques pour la création, l'augmentation ou la validation des signatures. Cette flexibilité est un atout majeur qui renforce l'application de la norme dans divers contextes juridiques et commerciaux. Cependant, il est essentiel de mentionner les limites de cette norme, notamment qu'elle ne couvre pas la génération de données de création de signature ni l'interprétation légale des signatures. Cela permet de maintenir un cadre concentré sur les aspects techniques sans s'égarer dans des interprétations juridiques qui pourraient varier d'une juridiction à l'autre. En conclusion, la norme SIST EN 319 102-1 V1.4.1:2024 est un outil fondamental pour les organisations qui cherchent à garantir la sécurité et la validité de leurs signatures électroniques avancées, tout en se conformant aux réglementations européennes. Sa pertinence et ses forces en font un référence incontournable dans le domaine des infrastructures de confiance et des signatures électroniques.
The SIST EN 319 102-1 V1.4.1:2024 standard provides a comprehensive framework for the creation and validation of Advanced Electronic Signatures (AdES), ensuring that they adhere to public key cryptography practices supported by Public Key Certificates (PKCs). This standard is a critical resource for organizations seeking to implement reliable and secure electronic signatures in compliance with Regulation (EU) No 910/2014. One of the notable strengths of this standard is its well-defined scope, which not only specifies the procedures for creating and validating AdES digital signatures but also clarifies the limitations by excluding certain aspects such as key generation and legal interpretations of signatures. This focused approach allows organizations to concentrate on the technical validity and operationalization of electronic signatures without delving into potentially complex legal realms. The standard highlights key processes and principles that are essential for ensuring the long-term verifiability of digital signatures. By defining general classes of signatures that accommodate various signature creation and validation constraints, it enhances the overall robustness of electronic signature infrastructure. This is particularly relevant in today's digital environment where trust and security in electronic transactions are paramount. Moreover, the flexibility embedded in the procedures allows organizations to tailor signature creation and validation to adhere to specific policies. This is particularly advantageous for businesses that need to align their operations with varying legal frameworks or regulatory requirements, including those outlined for qualified electronic signatures under EU laws. In addition, the integration of the standard with established regulations underscores its relevance in promoting best practices for electronic signatures. It supports organizations in leveraging digital signatures to facilitate secure transactions while maintaining compliance with necessary legal standards. Overall, SIST EN 319 102-1 V1.4.1:2024 is an essential standard that strengthens the framework of electronic signatures, offering a reliable foundation that enhances trust in electronic transactions. It is a significant tool for organizations looking to establish robust trust infrastructures in the evolving landscape of electronic communications.
SIST EN 319 102-1 V1.4.1:2024 표준 문서는 전자 서명 및 신뢰 인프라(ESI)의 생성 및 검증 절차를 규정하고 있으며, 특히 AdES 디지털 서명의 생성 및 검증을 위한 구체적인 절차를 명시합니다. 본 문서의 범위는 공개 키 암호화에 기반한 AdES 디지털 서명의 기술적 유효성을 검토하는 데 초점을 맞추고 있습니다. AdES 디지털 서명과 관련하여 문서에서 사용하는 '서명'이라는 용어는 AdES 디지털 서명을 지칭하며, 이는 Regulation (EU) No 910/2014의 지원을 통해 고급 전자 서명 및 봉인을 구현하기 위한 목적을 가지고 있습니다. 이 표준의 강점은 서명의 생성 및 검증에 관한 일반 원칙, 목표 및 기능을 소개하며, 장기적인 검증 가능성을 보장하는 일반적인 서명 클래스들을 정의한다는 점입니다. 또한 본 문서는 서명 생성 및 검증 절차에서 다양한 옵션과 가능성을 제공함으로써, 사용자에게 필요한 서명 생성 정책, 서명 증강 정책 또는 서명 검증 정책에 따라 적절한 선택을 하도록 돕습니다. 또한, 표준은 서명 생성 데이터의 생성 및 배포, 암호화 알고리즘의 선택과 사용, 서명에 대한 법적 해석 등은 범위에서 제외하고 있다는 점이 명시되어 있습니다. 이는 사용자가 표준을 적용할 때 법적 요구 사항을 별도의 정책을 통해 정의할 수 있음을 강조합니다. SIST EN 319 102-1 V1.4.1:2024 표준은 디지털 서명 기술이 지속해서 발전하고 있는 가운데, 관련 법규의 요구에 부합하는 방식으로 서명을 안전하게 만들고 검증할 수 있는 관리 체계를 제공합니다. 이러한 점에서 본 표준은 전자 서명 분야에서 매우 중요한 문서임과 동시에 신뢰성을 보장하는 핵심 역할을 한다고 할 수 있습니다.
SIST EN 319 102-1 V1.4.1:2024の標準は、電子署名と信頼インフラストラクチャに関する手続きを定めており、特にAdESデジタル署名の作成と検証に焦点を当てています。この文書の範囲は、ETSI EN 319 122-1、ETSI EN 319 132-1、ETSI EN 319 142-1で規定されているAdESデジタル署名の作成手続きと、公開鍵暗号方式に基づく署名の技術的な有効性の確認を含んでいます。この標準が特に重要なのは、EU規則910/2014によって定義された電子署名や高度な電子署名に基づき、AdESデジタル署名を作成し検証するための指針を提供する点です。 この標準の強みは、署名作成および検証に関連する一般的な原則、目標、機能を導入し、長期間の検証可能性を持つ署名の一般的なクラスを定義していることです。このアプローチにより、ユーザーは信頼性の高い電子署名を作成するための枠組みを容易に理解できます。また、文書内の手続きは複数の選択肢が提供されるため、署名作成方針、署名拡張方針、署名検証方針に応じて選択可能です。 ただし、署名作成データの生成や配布、暗号アルゴリズムの選択・利用、署名の法律的解釈などは範囲外とされているため、実装に際しては追加の専門的知識が求められます。この文書は、AdESデジタル署名の作成と検証における国際的な標準の整合性を確保し、規制遵守の支援を行う重要な役割を果たしています。
Die Norm SIST EN 319 102-1 V1.4.1:2024 bietet eine umfassende und klar strukturierte Anleitung zur Erstellung und Validierung von AdES-Digitalunterschriften. Sie legt die Verfahren fest, die erforderlich sind, um sicherzustellen, dass eine digitale Unterschrift technisch gültig ist, insbesondere wenn diese auf der öffentlichen Schlüsselkryptografie basiert und von öffentlichen Schlüsseln (PKCs) unterstützt wird. Durch die Fokussierung auf AdES-Digitalunterschriften wird die Norm besonders relevant für Akteure, die im Bereich elektronischer Signaturen und Vertrauensinfrastrukturen tätig sind. Ein herausragendes Merkmal dieser Norm ist die Unterstützung der EU-Verordnung Nr. 910/2014, die spezifische Anforderungen an elektronische und fortgeschrittene elektronische Signaturen definiert. Indem sie allgemeine Prinzipien und Funktionen zur Erstellung und Validierung von Unterschriften einführt, ermöglicht die Norm eine langfristige Verifizierbarkeit dieser Signaturen. Dies ist besonders wichtig in einem dynamischen rechtlichen Umfeld, in dem digitale Signaturen zunehmend Verwendung finden. Die Norm berücksichtigt die ziemliche Komplexität, die mit verschiedenen Möglichkeiten zur Erstellung und Validierung von Unterschriften einhergeht. Die Auswahl der Verfahren wird durch spezifische Politiken wie die Signaturerstellungspolitik, die Signaturerweiterungspolitik oder die Signaturvalidierungspolitik bestimmt, was eine flexible Anpassung an unterschiedliche rechtliche Anforderungen und organisatorische Bedürfnisse ermöglicht. Zudem trennt die Norm klar die Grenzen ihres Geltungsbereichs, indem sie Aspekte wie die Generierung und Verteilung von Signaturerstellungsdaten, die Auswahl und Nutzung kryptografischer Algorithmen sowie die rechtliche Interpretation von Unterschriften ausklammert. Diese Fokussierung auf die operativen Verfahren zur Erstellung und Validierung macht die Norm zu einem praktischen Werkzeug für Fachleute, die sich mit der Anwendung von digitalen Unterschriften in verschiedenen Kontexten beschäftigen. Insgesamt bietet die SIST EN 319 102-1 V1.4.1:2024 eine sehr relevante und notwendige Grundlage zur Gewährleistung der Integrität und Vertraulichkeit bei der Verwendung elektronischer Signaturen, wobei sie klare Richtlinien für die Implementierung in Übereinstimmung mit aktuellen rechtlichen Rahmenbedingungen liefert.
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.
Loading comments...