SIST EN 319 102-1 V1.1.1:2016
(Main)Electronic Signatures and Infrastructures (ESI) - Procedures for Creation and Validation of AdES Digital Signatures - Part 1: Creation and Validation
Electronic Signatures and Infrastructures (ESI) - Procedures for Creation and Validation of AdES Digital Signatures - Part 1: Creation and Validation
The present document specifies procedures for:
• the creation of AdES digital signatures (specified in ETSI EN 319 122-1 [i.2], ETSI EN 319 132-1 [i.4], ETSI
EN 319 142-1 [i.6] respectively);
• establishing whether an AdES digital signature is technically valid;
whenever the AdES digital signature is based on public key cryptography and supported by public key certificates. To
improve readability of the present document, AdES digital signatures are meant when the term signature is being used.
NOTE 1: Regulation (EU) No 910/2014 [i.15] defines the terms electronic signature, advanced electronic signature,
electronic seals and advanced electronic seal. These signatures and seals are usually created using digital
signature technology. The present document aims at supporting the Regulation (EU) No 910/2014 [i.15]
for creation and validation of advanced electronic signatures and seals when they are implemented as
AdES digital signatures.
The present document introduces general principles, objects and functions relevant when creating or validating
signatures based on signature creation and validation constraints and defines general classes of signatures that allow for
verifiability over long periods.
The following aspects are considered to be out of scope:
• generation and distribution of Signature Creation Data (keys, etc.), and the selection and use of cryptographic
algorithms;
• format, syntax or encoding of data objects involved, specifically format or encoding for documents to be
signed or signatures created; and
• the legal interpretation of any signature, especially the legal validity of a signature.
NOTE 2: The signature creation and validation procedures specified in the present document provide several
options and possibilities. The selection of these options is driven by a signature creation policy, a
signature augmentation policy or a signature validation policy respectively. Note that legal requirements
can be provided through specific policies, e.g. in the context of qualified electronic signatures as defined
in the Regulation (EU) 910/2014 [i.15].
Elektronski podpisi in infrastruktura (ESI) - Postopki za oblikovanje in validacijo digitalnih podpisov AdES - 1. del: Oblikovanje in validacija
Ta dokument določa postopke za:
• oblikovanje digitalnih podpisov AdES (določenih v standardih ETSI EN 319 122-1 [i.2], ETSI EN 319 132-1 [i.4], ETSI EN 319 142-1 [i.6]);
• ugotavljanje, ali je digitalni podpis AdES tehnično veljaven;
kadar koli digitalni podpis AdES temelji na kriptografiji javnih ključev in je podprt z digitalnimi potrdili javnih ključev. Za izboljšanje berljivosti tega dokumenta je namesto izraza »digitalni podpisi AdES« uporabljen izraz »podpis«.
OPOMBA 1: Uredba (EU) št. 910/2014 [i.15] opredeljuje izraze elektronski podpis, napredni elektronski podpis, elektronski žigi in napredni elektronski žig. Ti podpisi in žigi so običajno oblikovani s tehnologijo za digitalne podpise. Namen tega dokumenta je zagotavljanje podpore za Uredbo (EU) št. 910/2014 [i.15] za oblikovanje in validacijo naprednih elektronskih podpisov ter žigov, ko se uporabljajo kot digitalni podpisi AdES.
Ta dokument uvaja splošna načela, objekte in funkcije pri oblikovanju ali validaciji podpisov, ki temeljijo na omejitvah pri oblikovanju in validaciji podpisov, ter opredeljuje splošne razrede podpisov, ki omogočajo preverljivost v daljšem časovnem obdobju.
Področje uporabe ne zajema naslednjih vidikov:
• ustvarjanje in distribucija podatkov za ustvarjanje podpisa (ključi itd.) ter izbor in uporaba kriptografskih algoritmov;
• oblika, skladnja ali kodiranje vključenih podatkovnih objektov, še posebej oblika ali kodiranje za dokumente, ki jih je treba podpisati, ali za oblikovane podpise; in
• pravna razlaga podpisov, še posebej pravna veljavnost podpisa.
OPOMBA 2: Postopki za oblikovanje in validacijo podpisov, podani v tem dokumentu, zagotavljajo več možnosti. Razlog za številne možnosti so politika oblikovanja podpisov, politika razširitve podpisov ali politika validacije podpisov. Pravne zahteve so lahko podane v določenih politikah, npr. v kontekstu kvalificiranih elektronskih podpisov, kot je opredeljeno v Uredbi (EU) 910/2014 [i.15].
General Information
Buy Standard
Standards Content (Sample)
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.Elektronski podpisi in infrastruktura (ESI) - Postopki za oblikovanje in validacijo digitalnih podpisov AdES - 1. del: Oblikovanje in validacijaElectronic Signatures and Infrastructures (ESI) - Procedures for Creation and Validation of AdES Digital Signatures - Part 1: Creation and Validation35.040.01Kodiranje informacij na splošnoInformation coding in generalICS:Ta slovenski standard je istoveten z:ETSI EN 319 102-1 V1.1.1 (2016-05)SIST EN 319 102-1 V1.1.1:2016en01-julij-2016SIST EN 319 102-1 V1.1.1:2016SLOVENSKI
STANDARD
SIST EN 319 102-1 V1.1.1:2016
ETSI EN 319 102-1 V1.1.1 (2016-05) Electronic Signatures and Infrastructures (ESI); Procedures for Creation and Validation of AdES Digital Signatures; Part 1: Creation and Validation
EUROPEAN STANDARD SIST EN 319 102-1 V1.1.1:2016
ETSI ETSI EN 319 102-1 V1.1.1 (2016-05) 2
Reference DEN/ESI-0019102-1 Keywords electronic signature, security, trust services ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE
Tel.: +33 4 92 94 42 00
Fax: +33 4 93 65 47 16
Siret N° 348 623 562 00017 - NAF 742 C Association à but non lucratif enregistrée à la Sous-Préfecture de Grasse (06) N° 7803/88
Important notice The present document can be downloaded from: http://www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https://portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media.
© European Telecommunications Standards Institute 2016. All rights reserved.
DECTTM, PLUGTESTSTM, UMTSTM and the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE™ are Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM® and the GSM logo are Trade Marks registered and owned by the GSM Association. SIST EN 319 102-1 V1.1.1:2016
ETSI ETSI EN 319 102-1 V1.1.1 (2016-05) 3 Contents Intellectual Property Rights . 6 Foreword . 6 Modal verbs terminology . 6 Introduction . 6 1 Scope . 7 2 References . 7 2.1 Normative references . 7 2.2 Informative references . 8 3 Definitions and abbreviations . 9 3.1 Definitions . 9 3.2 Abbreviations . 11 4 Signature creation . 12 4.1 Signature creation model . 12 4.2 Signature creation information model . 13 4.2.1 Introduction. 13 4.2.2 Signature Creation Constraints . 14 4.2.3 Signer's document (SD) . 14 4.2.4 Signer's document representation (SDR) . 15 4.2.5 Signature attributes . 15 4.2.5.1 General requirements . 15 4.2.5.2 Signing certificate identifier . 15 4.2.5.3 Signature policy identifier . 16 4.2.5.4 Signature policy store . 16 4.2.5.5 Data content type . 16 4.2.5.6 Commitment type indication . 16 4.2.5.7 Counter signatures . 17 4.2.5.8 Claimed signing time . 17 4.2.5.9 Claimed signer location . 17 4.2.5.10 Signer's attributes . 17 4.2.6 Data to be signed (DTBS) . 17 4.2.7 Data to be signed (formatted) (DTBSF) . 18 4.2.8 Data to be signed representation (DTBSR) . 18 4.2.9 Signature . 18 4.2.10 Signed data object (SDO) . 18 4.2.11 Validation data . 18 4.3 Signature Classes and Creation Processes . 19 4.3.1 Introduction. 19 4.3.2 Creation of Basic Signatures . 20 4.3.2.1 Description . 20 4.3.2.2 Inputs . 20 4.3.2.3 Outputs . 20 4.3.2.4 Processing . 20 4.3.2.4.1 Selection of documents to sign . 20 4.3.2.4.2 Signature attribute and parameters selection . 21 4.3.2.4.3 Pre-signature presentation . 21 4.3.2.4.4 Signature invocation . 21 4.3.2.4.5 Signing. 22 4.3.2.4.6 Signer authentication . 22 4.3.2.4.7 SDO composition . 22 4.3.3 Creation of a Signature with Time . 22 4.3.3.1 Description . 22 4.3.3.2 Inputs . 23 4.3.3.3 Outputs . 23 4.3.3.4 Process . 23 4.3.4 Creation of Signatures with Long-Term Validation Material . 24 SIST EN 319 102-1 V1.1.1:2016
ETSI ETSI EN 319 102-1 V1.1.1 (2016-05) 4 4.3.4.1 Description . 24 4.3.4.2 Inputs . 24 4.3.4.3 Outputs . 24 4.3.4.4 Process . 24 4.3.5 Creation of Signatures providing Long Term Availability and Integrity of Validation Material . 25 4.3.5.1 Description . 25 4.3.5.2 Inputs . 25 4.3.5.3 Outputs . 26 4.3.5.4 Process . 26 5 Signature validation . 26 5.1 Signature validation model . 26 5.1.1 General requirements . 26 5.1.2 Selecting validation processes . 29 5.1.3 Status indication of the signature validation process and signature validation report. 30 5.1.4 Validation constraints . 35 5.1.4.1 General requirements . 35 5.1.4.2 X.509 Validation Constraints . 36 5.1.4.3 Cryptographic Constraints . 36 5.1.4.4 Signature Elements Constraints . 36 5.2 Basic building blocks . 37 5.2.1 Description . 37 5.2.2 Format Checking . 37 5.2.2.1 Description . 37 5.2.2.2 Inputs . 37 5.2.2.3 Outputs . 37 5.2.3 Identification of the signing certificate . 38 5.2.3.1 Description . 38 5.2.3.2 Inputs . 38 5.2.3.3 Outputs . 38 5.2.3.4 Processing . 38 5.2.4 Validation context initialization . 38 5.2.4.1 Description . 38 5.2.4.2 Inputs . 39 5.2.4.3 Outputs . 39 5.2.4.4 Processing . 39 5.2.5 Revocation freshness checker . 40 5.2.5.1 Description . 40 5.2.5.2 Inputs . 40 5.2.5.3 Output . 41 5.2.5.4 Processing . 41 5.2.6 X.509 certificate validation . 41 5.2.6.1 Description . 41 5.2.6.2 Inputs . 42 5.2.6.3 Outputs . 42 5.2.6.4 Processing . 42 5.2.7 Cryptographic verification . 44 5.2.7.1 Description . 44 5.2.7.2 Inputs . 44 5.2.7.3 Outputs . 44 5.2.7.4 Processing . 44 5.2.8 Signature acceptance validation (SAV) . 45 5.2.8.1 Description . 45 5.2.8.2 Inputs . 45 5.2.8.3 Outputs . 45 5.2.8.4 Processing . 46 5.2.8.4.1 General requirements . 46 5.2.8.4.2 Processing AdES attributes . 46 5.2.9 Signature validation presentation building block . 48 5.3 Validation process for Basic Signatures . 48 5.3.1 Description . 48 5.3.2 Inputs . 48 SIST EN 319 102-1 V1.1.1:2016
ETSI ETSI EN 319 102-1 V1.1.1 (2016-05) 5 5.3.3 Outputs . 48 5.3.4 Processing . 49 5.4 Time-stamp validation building block . 51 5.4.1 Description . 51 5.4.2 Inputs . 51 5.4.3 Outputs . 51 5.4.4 Processing . 51 5.5 Validation process for Signatures with Time and Signatures with Long-Term Validation Material . 51 5.5.1 Description . 51 5.5.2 Inputs . 52 5.5.3 Outputs . 52 5.5.4 Processing . 52 5.6 Validation process for Signatures providing Long Term Availability and Integrity of Validation Material . 54 5.6.1 Introduction. 54 5.6.2 Additional building blocks . 55 5.6.2.1 Past certificate validation . 55 5.6.2.1.1 Description . 55 5.6.2.1.2 Input . 55 5.6.2.1.3 Output . 55 5.6.2.1.4 Processing . 56 5.6.2.2 Validation time sliding process . 56 5.6.2.2.1 Description . 56 5.6.2.2.2 Input . 56 5.6.2.2.3 Output . 57 5.6.2.2.4 Processing . 57 5.6.2.3 POE extraction . 58 5.6.2.3.1 Description . 58 5.6.2.3.2 Input . 58 5.6.2.3.3 Output . 59 5.6.2.3.4 Processing . 59 5.6.2.4 Past signature validation building block . 59 5.6.2.4.1 Description . 59 5.6.2.4.2 Input . 59 5.6.2.4.3 Output . 59 5.6.2.4.4 Processing . 59 5.6.3 Validation Process for Signatures providing Long Term Availability and Integrity of Validation Material . 60 5.6.3.1 Description . 60 5.6.3.2 Input . 61 5.6.3.3 Output . 61 5.6.3.4 Processing . 61 Annex A (informative): Validation examples . 64 A.1 General remarks and assumptions . 64 A.2 Symbols . 64 A.3 Example 1: Revoked certificate . 65 A.3.1 Introduction . 65 A.3.2 Basic signature validation . 65 A.3.3 Validating a Signature with Time . 65 A.3.4 Example 2: Revoked CA certificate . 66 A.3.5 Basic signature validation . 67 A.3.6 Validation of a Si
...
ETSI EN 319 102-1 V1.1.1 (2016-05)
EUROPEAN STANDARD
Electronic Signatures and Infrastructures (ESI);
Procedures for Creation and Validation
of AdES Digital Signatures;
Part 1: Creation and Validation
---------------------- Page: 1 ----------------------
2 ETSI EN 319 102-1 V1.1.1 (2016-05)
Reference
DEN/ESI-0019102-1
Keywords
electronic signature, security, trust services
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE
Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16
Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88
Important notice
The present document can be downloaded from:
http://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the
print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying
and microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.
© European Telecommunications Standards Institute 2016.
All rights reserved.
TM TM TM
DECT , PLUGTESTS , UMTS and the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members.
TM
3GPP and LTE™ are Trade Marks of ETSI registered for the benefit of its Members and
of the 3GPP Organizational Partners.
GSM® and the GSM logo are Trade Marks registered and owned by the GSM Association.
ETSI
---------------------- Page: 2 ----------------------
3 ETSI EN 319 102-1 V1.1.1 (2016-05)
Contents
Intellectual Property Rights . 6
Foreword . 6
Modal verbs terminology . 6
Introduction . 6
1 Scope . 7
2 References . 7
2.1 Normative references . 7
2.2 Informative references . 8
3 Definitions and abbreviations . 9
3.1 Definitions . 9
3.2 Abbreviations . 11
4 Signature creation . 12
4.1 Signature creation model . 12
4.2 Signature creation information model . 13
4.2.1 Introduction. 13
4.2.2 Signature Creation Constraints . 14
4.2.3 Signer's document (SD) . 14
4.2.4 Signer's document representation (SDR) . 15
4.2.5 Signature attributes . 15
4.2.5.1 General requirements . 15
4.2.5.2 Signing certificate identifier . 15
4.2.5.3 Signature policy identifier . 16
4.2.5.4 Signature policy store . 16
4.2.5.5 Data content type . 16
4.2.5.6 Commitment type indication . 16
4.2.5.7 Counter signatures . 17
4.2.5.8 Claimed signing time . 17
4.2.5.9 Claimed signer location . 17
4.2.5.10 Signer's attributes . 17
4.2.6 Data to be signed (DTBS) . 17
4.2.7 Data to be signed (formatted) (DTBSF) . 18
4.2.8 Data to be signed representation (DTBSR) . 18
4.2.9 Signature . 18
4.2.10 Signed data object (SDO) . 18
4.2.11 Validation data . 18
4.3 Signature Classes and Creation Processes . 19
4.3.1 Introduction. 19
4.3.2 Creation of Basic Signatures . 20
4.3.2.1 Description . 20
4.3.2.2 Inputs . 20
4.3.2.3 Outputs . 20
4.3.2.4 Processing . 20
4.3.2.4.1 Selection of documents to sign . 20
4.3.2.4.2 Signature attribute and parameters selection . 21
4.3.2.4.3 Pre-signature presentation . 21
4.3.2.4.4 Signature invocation . 21
4.3.2.4.5 Signing. 22
4.3.2.4.6 Signer authentication . 22
4.3.2.4.7 SDO composition . 22
4.3.3 Creation of a Signature with Time . 22
4.3.3.1 Description . 22
4.3.3.2 Inputs . 23
4.3.3.3 Outputs . 23
4.3.3.4 Process . 23
4.3.4 Creation of Signatures with Long-Term Validation Material . 24
ETSI
---------------------- Page: 3 ----------------------
4 ETSI EN 319 102-1 V1.1.1 (2016-05)
4.3.4.1 Description . 24
4.3.4.2 Inputs . 24
4.3.4.3 Outputs . 24
4.3.4.4 Process . 24
4.3.5 Creation of Signatures providing Long Term Availability and Integrity of Validation Material . 25
4.3.5.1 Description . 25
4.3.5.2 Inputs . 25
4.3.5.3 Outputs . 26
4.3.5.4 Process . 26
5 Signature validation . 26
5.1 Signature validation model . 26
5.1.1 General requirements . 26
5.1.2 Selecting validation processes . 29
5.1.3 Status indication of the signature validation process and signature validation report. 30
5.1.4 Validation constraints . 35
5.1.4.1 General requirements . 35
5.1.4.2 X.509 Validation Constraints . 36
5.1.4.3 Cryptographic Constraints . 36
5.1.4.4 Signature Elements Constraints . 36
5.2 Basic building blocks . 37
5.2.1 Description . 37
5.2.2 Format Checking . 37
5.2.2.1 Description . 37
5.2.2.2 Inputs . 37
5.2.2.3 Outputs . 37
5.2.3 Identification of the signing certificate . 38
5.2.3.1 Description . 38
5.2.3.2 Inputs . 38
5.2.3.3 Outputs . 38
5.2.3.4 Processing . 38
5.2.4 Validation context initialization . 38
5.2.4.1 Description . 38
5.2.4.2 Inputs . 39
5.2.4.3 Outputs . 39
5.2.4.4 Processing . 39
5.2.5 Revocation freshness checker . 40
5.2.5.1 Description . 40
5.2.5.2 Inputs . 40
5.2.5.3 Output . 41
5.2.5.4 Processing . 41
5.2.6 X.509 certificate validation . 41
5.2.6.1 Description . 41
5.2.6.2 Inputs . 42
5.2.6.3 Outputs . 42
5.2.6.4 Processing . 42
5.2.7 Cryptographic verification . 44
5.2.7.1 Description . 44
5.2.7.2 Inputs . 44
5.2.7.3 Outputs . 44
5.2.7.4 Processing . 44
5.2.8 Signature acceptance validation (SAV) . 45
5.2.8.1 Description . 45
5.2.8.2 Inputs . 45
5.2.8.3 Outputs . 45
5.2.8.4 Processing . 46
5.2.8.4.1 General requirements . 46
5.2.8.4.2 Processing AdES attributes . 46
5.2.9 Signature validation presentation building block . 48
5.3 Validation process for Basic Signatures . 48
5.3.1 Description . 48
5.3.2 Inputs . 48
ETSI
---------------------- Page: 4 ----------------------
5 ETSI EN 319 102-1 V1.1.1 (2016-05)
5.3.3 Outputs . 48
5.3.4 Processing . 49
5.4 Time-stamp validation building block . 51
5.4.1 Description . 51
5.4.2 Inputs . 51
5.4.3 Outputs . 51
5.4.4 Processing . 51
5.5 Validation process for Signatures with Time and Signatures with Long-Term Validation Material . 51
5.5.1 Description . 51
5.5.2 Inputs . 52
5.5.3 Outputs . 52
5.5.4 Processing . 52
5.6 Validation process for Signatures providing Long Term Availability and Integrity of Validation
Material . 54
5.6.1 Introduction. 54
5.6.2 Additional building blocks . 55
5.6.2.1 Past certificate validation . 55
5.6.2.1.1 Description . 55
5.6.2.1.2 Input . 55
5.6.2.1.3 Output . 55
5.6.2.1.4 Processing . 56
5.6.2.2 Validation time sliding process . 56
5.6.2.2.1 Description . 56
5.6.2.2.2 Input . 56
5.6.2.2.3 Output . 57
5.6.2.2.4 Processing . 57
5.6.2.3 POE extraction . 58
5.6.2.3.1 Description . 58
5.6.2.3.2 Input . 58
5.6.2.3.3 Output . 59
5.6.2.3.4 Processing . 59
5.6.2.4 Past signature validation building block . 59
5.6.2.4.1 Description . 59
5.6.2.4.2 Input . 59
5.6.2.4.3 Output . 59
5.6.2.4.4 Processing . 59
5.6.3 Validation Process for Signatures providing Long Term Availability and Integrity of Validation
Material . 60
5.6.3.1 Description . 60
5.6.3.2 Input . 61
5.6.3.3 Output . 61
5.6.3.4 Processing . 61
Annex A (informative): Validation examples . 64
A.1 General remarks and assumptions . 64
A.2 Symbols . 64
A.3 Example 1: Revoked certificate . 65
A.3.1 Introduction . 65
A.3.2 Basic signature validation . 65
A.3.3 Validating a Signature with Time . 65
A.3.4 Example 2: Revoked CA certificate . 66
A.3.5 Basic signature validation . 67
A.3.6 Validation of a Signature with Time . 67
A.3.7 Long-Term Validation . 67
Annex B (informative): Sig
...
Draft ETSI EN 319 102-1 V1.0.0 (2015-07)
EUROPEAN STANDARD
Electronic Signatures and Infrastructures (ESI);
Procedures for Creation and Validation
of AdES Digital Signatures;
Part 1: Creation and Validation
---------------------- Page: 1 ----------------------
2 Draft ETSI EN 319 102-1 V1.0.0 (2015-07)
Reference
DEN/ESI-0019102-1
Keywords
electronic signature, security, trust services
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE
Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16
Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88
Important notice
The present document can be downloaded from:
http://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the
print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
http://portal.etsi.org/tb/status/status.asp
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying
and microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.
© European Telecommunications Standards Institute 2015.
All rights reserved.
TM TM TM
DECT , PLUGTESTS , UMTS and the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members.
TM
3GPP and LTE™ are Trade Marks of ETSI registered for the benefit of its Members and
of the 3GPP Organizational Partners.
GSM® and the GSM logo are Trade Marks registered and owned by the GSM Association.
ETSI
---------------------- Page: 2 ----------------------
3 Draft ETSI EN 319 102-1 V1.0.0 (2015-07)
Contents
Intellectual Property Rights . 6
Foreword . 6
Modal verbs terminology . 6
Introduction . 6
1 Scope . 7
2 References . 8
2.1 Normative references . 8
2.2 Informative references . 8
3 Definitions and abbreviations . 9
3.1 Definitions . 9
3.2 Abbreviations . 11
4 Signature creation . 12
4.1 Signature creation model . 12
4.2 Signature creation information model . 13
4.2.1 Introduction. 13
4.2.2 Signature Creation Constraints . 14
4.2.3 Signer's document (SD) . 14
4.2.4 Signer's document representation (SDR) . 15
4.2.5 Signature attributes . 15
4.2.5.1 General requirements . 15
4.2.5.2 Signing certificate identifier . 15
4.2.5.3 Signature policy identifier . 16
4.2.5.4 Signature policy store . 16
4.2.5.5 Data content type . 16
4.2.5.6 Commitment type indication . 16
4.2.5.7 Counter signatures . 17
4.2.5.8 Claimed signing time . 17
4.2.5.9 Claimed signer location . 17
4.2.5.10 Signer's attributes . 17
4.2.6 Data to be signed (DTBS) . 17
4.2.7 Data to be signed (formatted) (DTBSF) . 17
4.2.8 Data to be signed representation (DTBSR) . 18
4.2.9 Signature . 18
4.2.10 Signed data object (SDO) . 18
4.2.11 Validation data . 18
4.3 Signature Classes and Creation Processes . 19
4.3.1 Introduction. 19
4.3.2 Creation of Basic Signatures . 20
4.3.2.1 Description . 20
4.3.2.2 Inputs . 20
4.3.2.3 Outputs . 20
4.3.2.4 Processing . 21
4.3.2.4.1 Selection of documents to sign . 21
4.3.2.4.2 Signature attribute and parameters selection . 21
4.3.2.4.3 Pre-signature presentation . 21
4.3.2.4.4 Signature invocation . 22
4.3.2.4.5 Signing. 22
4.3.2.4.6 Signer authentication . 22
4.3.2.4.7 SDO composition . 22
4.3.3 Creation of a Signature with Time . 23
4.3.3.1 Description . 23
4.3.3.2 Inputs . 23
4.3.3.3 Outputs . 23
4.3.3.4 Process . 23
4.3.4 Creation of Signatures With Long-Term Validation Data . 24
4.3.4.1 Description . 24
ETSI
---------------------- Page: 3 ----------------------
4 Draft ETSI EN 319 102-1 V1.0.0 (2015-07)
4.3.4.2 Inputs . 24
4.3.4.3 Outputs . 24
4.3.4.4 Process . 24
4.3.5 Creation of Signatures with Archival Data . 25
4.3.5.1 Description . 25
4.3.5.2 Inputs . 25
4.3.5.3 Outputs . 26
4.3.5.4 Process . 26
5 Signature validation . 26
5.1 Signature validation model . 26
5.1.1 General Requirements . 26
5.1.2 Selecting validation processes . 28
5.1.3 Status indication of the signature validation process and signature validation report. 29
5.1.4 Validation constraints . 34
5.1.4.1 General Requirements . 34
5.1.4.2 Chain Constraints . 35
5.1.4.3 Cryptographic Constraints . 35
5.1.4.4 Signature Elements Constraints . 35
5.2 Basic building blocks . 35
5.2.1 Description . 35
5.2.2 Format Checking . 36
5.2.2.1 Description . 36
5.2.2.2 Inputs . 36
5.2.2.3 Outputs . 36
5.2.3 Identification of the signing certificate . 37
5.2.3.1 Description . 37
5.2.3.2 Inputs . 37
5.2.3.3 Outputs . 37
5.2.3.4 Processing . 37
5.2.4 Validation context initialization . 37
5.2.4.1 Description . 37
5.2.4.2 Inputs . 38
5.2.4.3 Outputs . 38
5.2.4.4 Processing . 38
5.2.5 Revocation freshness checker . 39
5.2.5.1 Description . 39
5.2.5.2 Inputs . 39
5.2.5.3 Output . 40
5.2.5.4 Processing . 40
5.2.6 X.509 certificate validation . 40
5.2.6.1 Description . 40
5.2.6.2 Inputs . 40
5.2.6.3 Outputs . 40
5.2.6.4 Processing . 41
5.2.7 Cryptographic verification . 42
5.2.7.1 Description . 42
5.2.7.2 Inputs . 42
5.2.7.3 Outputs . 43
5.2.7.4 Processing . 43
5.2.8 Signature acceptance validation (SAV) . 43
5.2.8.1 Description . 43
5.2.8.2 Inputs . 43
5.2.8.3 Outputs . 44
5.2.8.4 Processing . 44
5.2.8.4.1 General requirements . 44
5.2.8.4.2 Processing AdES attributes . 45
5.2.9 Signature validation presentation building block . 46
5.3 Validation process for Basic Signatures . 46
5.3.1 Description . 46
5.3.2 Inputs . 47
5.3.3 Outputs . 47
ETSI
---------------------- Page: 4 ----------------------
5 Draft ETSI EN 319 102-1 V1.0.0 (2015-07)
5.3.4 Processing . 47
5.4 Validation process for time-stamps . 48
5.4.1 Description . 48
5.4.2 Inputs . 49
5.4.3 Outputs . 49
5.4.4 Processing . 49
5.5 Validation process for Signatures with Time and Signatures with Long-Term Validation Data . 49
5.5.1 Description . 49
5.5.2 Inputs . 49
5.5.3 Outputs . 50
5.5.4 Processing . 50
5.6 Validation process for Signatures with Archival Data . 51
5.6.1 Introduction. 51
5.6.2 Additional building blocks . 52
5.6.2.1 Past certificate validation . 52
5.6.2.1.1 Description . 52
5.6.2.1.2 Input . 52
5.6.2.1.3 Output . 52
5.6.2.1.4 Processing . 53
5.6.2.2 Validation time sliding process . 53
5.6.2.2.1 Description . 53
5.6.2.2.2 Input . 53
5.6.2.2.3 Output . 54
5.6.2.2.4 Processing . 54
5.6.2.3 POE extraction . 55
5.6.2.3.1 Description . 55
5.6.2.3.2 Input . 55
5.6.2.3.3 Output . 55
5.6.2.3.4 Processing . 55
5.6.2.4 Past signature validation building block . 56
5.6.2.4.1 Description . 56
5.6.2.4.2 Input . 56
5.6.2.4.3 Output . 56
5.6.2.4.4 Processing . 56
5.6.2.5 Evidence record validation building block . 57
5.6.2.5.1 Description . 57
5.6.2.5.2 Input . 57
5.6.2.5.3 Output . 57
5.6.2.5.4 Processing . 57
5.6.3 Long term validation process . 58
5.6.3.1 Description . 58
5.6.3.2 Input . 58
5.6.3.3 Output . 59
5.6.3.4 Processing . 59
Annex A (informative): Validation examples . 61
A.1 General remarks and assumptions . 61
A.2 Symbols . 61
A.3 Example 1: Revoked certificate . 62
A.3.1 Introduction . 62
A.3.2 Basic signature validation . 62
A.3.3 Validating a signature with time . 63
A.3.4 Example 2: Revoked CA certificate .
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.