Feb 29, 2016 — print of the Portable Document Format (PDF) version kept on a the creation of AdES digital signatures (specified in ETSI EN 319 122-1 [i.2],

149 KB – 74 Pages

PAGE – 2 ============
ETSI ETSI EN 319 102 -1 V1.1.1 (2016 -05) 2 Reference DEN/ESI-0019102-1 Keywords electronic signature, security, trust services ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex – FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N° 348 623 562 00017 – NAF 742 C Association à but non lucratif enregistrée à la Sous-Préfecture de Grasse (06) N° 7803/88 Important notice The present document can be downloaded from: http://www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https://portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. © European Telecommunications Standards Institute 2016. All rights reserved. DECTTM, PLUGTESTSTM, UMTS TM and the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPP TM and LTEŽ are Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM® and the GSM logo are Trade Marks registered and owned by the GSM Association.

PAGE – 3 ============
ETSI ETSI EN 319 102 -1 V1.1.1 (2016 -05) 3 Contents Intellectual Prop erty Rights .. 6Foreword . 6Modal verbs te rminology . .. 6Introduction .. 61 Scope .. 72 References 72.1 Normative references .. 72.2 Informative references . 83 Definitions and abbreviations .. .. 93.1 Definitions . 93.2 Abbreviations . .. 114 Signature creation . . 124.1 Signature creation model .. .. 124.2 Signature creation information model .. 134.2.1 Introduction. 134.2.2 Signature Creation Constraints . 144.2.3 Signer’s document (SD) .. . 144.2.4 Signer’s document representation (SDR) . 154.2.5 Signature attributes . 154.2.5.1 General requirements .. .. 154.2.5.2 Signing certificate identifier . .. 154.2.5.3 Signature policy identifier . .. 164.2.5.4 Signature policy store . 164.2.5.5 Data content type .. .. 164.2.5.6 Commitment type indication .. 164.2.5.7 Counter signatures . .. 174.2.5.8 Claimed signing time .. .. 174.2.5.9 Claimed signer location .. .. 174.2.5.10 Signer’s attributes .. .. 174.2.6 Data to be signed (DTBS) 174.2.7 Data to be signed (formatted) (DTBSF) .. 184.2.8 Data to be signed representation (DTBSR) .. .. 184.2.9 Signature .. 184.2.10 Signed data object (SDO) .. . 184.2.11 Validation data .. 184.3 Signature Classes and Creation Processes . . 194.3.1 Introduction. 194.3.2 Creation of Basic Signatures .. 204.3.2.1 Description .. 204.3.2.2 Inputs . . 204.3.2.3 Outputs .. 204.3.2.4 Processing 204.3.2.4.1 Selection of documents to sign .. 204.3.2.4.2 Signature attribute and parameters selection .. 214.3.2.4.3 Pre-signature presentation 214.3.2.4.4 Signature invocation 214.3.2.4.5 Signing.. . 224.3.2.4.6 Signer authentication .. 224.3.2.4.7 SDO composition .. .. 224.3.3 Creation of a Signature with Time .. 224.3.3.1 Description .. 224.3.3.2 Inputs . . 234.3.3.3 Outputs .. 234.3.3.4 Process .. 234.3.4 Creation of Signatures with Long-Term Validation Material 24

PAGE – 4 ============
ETSI ETSI EN 319 102 -1 V1.1.1 (2016 -05) 4 4.3.4.1 Description .. 244.3.4.2 Inputs . . 244.3.4.3 Outputs .. 244.3.4.4 Process .. 244.3.5 Creation of Signatures providing Long Term Av ailability and Integrity of Validation Material 25 4.3.5.1 Description .. 254.3.5.2 Inputs . . 254.3.5.3 Outputs .. 264.3.5.4 Process .. 265 Signature validat ion .. 265.1 Signature validation model . 265.1.1 General requirements . 265.1.2 Selecting validation processes .. 295.1.3 Status indication of the signature valida tion process and signature validation report 30 5.1.4 Validation constraints .. . 355.1.4.1 General requirements .. .. 355.1.4.2 X.509 Validation Constraints . 365.1.4.3 Cryptographic Constraints .. 365.1.4.4 Signature Elements Constraints . .. 365.2 Basic building blocks .. . 375.2.1 Description . . 375.2.2 Format Checking . 375.2.2.1 Description .. 375.2.2.2 Inputs . . 375.2.2.3 Outputs .. 375.2.3 Identification of th e signing certificate . 385.2.3.1 Description .. 385.2.3.2 Inputs . . 385.2.3.3 Outputs .. 385.2.3.4 Processing 385.2.4 Validation cont ext initiali zation 385.2.4.1 Description .. 385.2.4.2 Inputs . . 395.2.4.3 Outputs .. 395.2.4.4 Processing 395.2.5 Revocation freshness checker .. . 405.2.5.1 Description .. 405.2.5.2 Inputs . . 405.2.5.3 Output . .. 415.2.5.4 Processing 415.2.6 X.509 certificate validation .. .. 415.2.6.1 Description .. 415.2.6.2 Inputs . . 425.2.6.3 Outputs .. 425.2.6.4 Processing 425.2.7 Cryptographic verification . . 445.2.7.1 Description .. 445.2.7.2 Inputs . . 445.2.7.3 Outputs .. 445.2.7.4 Processing 445.2.8 Signature acceptan ce validation (SAV) .. . 455.2.8.1 Description .. 455.2.8.2 Inputs . . 455.2.8.3 Outputs .. 455.2.8.4 Processing 465.2.8.4.1 General requirements .. 465.2.8.4.2 Processing AdES attributes . 465.2.9 Signature validation presentation building block . 485.3 Validation process for Basic Signatures .. 485.3.1 Description . . 485.3.2 Inputs . 48

PAGE – 5 ============
ETSI ETSI EN 319 102 -1 V1.1.1 (2016 -05) 5 5.3.3 Outputs .. 485.3.4 Processing .. . 495.4 Time-stamp validation building block .. 515.4.1 Description . . 515.4.2 Inputs . 515.4.3 Outputs .. 515.4.4 Processing .. . 515.5 Validation process for Signatures with Time and Signatures with Long-Term Validation Material 51 5.5.1 Description . . 515.5.2 Inputs . 525.5.3 Outputs .. 525.5.4 Processing .. . 525.6 Validation process for Signatures providing Long Term Availability and Integrity of Validation Material 545.6.1 Introduction. 545.6.2 Additional building blocks . . 555.6.2.1 Past certificate validation . 555.6.2.1.1 Description .. 555.6.2.1.2 Input 555.6.2.1.3 Output .. .. 555.6.2.1.4 Processing . 565.6.2.2 Validation time sliding process . 565.6.2.2.1 Description .. 565.6.2.2.2 Input 565.6.2.2.3 Output .. .. 575.6.2.2.4 Processing . 575.6.2.3 POE extraction .. 585.6.2.3.1 Description .. 585.6.2.3.2 Input 585.6.2.3.3 Output .. .. 595.6.2.3.4 Processing . 595.6.2.4 Past signature validation building block .. 595.6.2.4.1 Description .. 595.6.2.4.2 Input 595.6.2.4.3 Output .. .. 595.6.2.4.4 Processing . 595.6.3 Validation Process for Signatures providing Long Term Availability and Integrity of Validation Material . 605.6.3.1 Description .. 605.6.3.2 Input .. . 615.6.3.3 Output . .. 615.6.3.4 Processing 61Annex A (informative): Validation examples 64A.1 General remarks and assumptions . 64A.2 Symbols . . 64A.3 Example 1: Re voked certi ficate .. .. 65A.3.1 Introduction 65A.3.2 Basic signature validation . . 65A.3.3 Validating a Signature with Time . .. 65A.3.4 Example 2: Revoked CA certificate .. 66A.3.5 Basic signature validation . . 67A.3.6 Validation of a Signature with Time . 67A.3.7 Long-Term Validation . . 67Annex B (informative): Signature Classes and AdES Signatures 71 Annex C (informative): Conformance Checking 7 2History .. 74

PAGE – 6 ============
ETSI ETSI EN 319 102 -1 V1.1.1 (2016 -05) 6 Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members , and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards” , which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server ( https://ipr.etsi.org/ ). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This European Standard (EN) has been produced by ETSI Technical Committee Electronic Signatures and Infrastructures (ESI). The present document is part 1 of a multi-part deliverable covering Procedures for Creation and Validation of AdES Digital Signatures, as identified below: Part 1: “Creation and Validation”; Part 2: “Signature Validation Report”. National transposition dates Date of adoption of this EN: 29 April 2016 Date of latest announcement of this EN (doa): 31 July 2016 Date of latest publication of new National Standard or endorsement of this EN (dop/e): 31 January 2017 Date of withdrawal of any conflicting National Standard (dow): 31 January 2017 Modal verbs terminology In the present document ” shall “, ” shall not “, ” should “, ” should not “, ” may “, ” need not”, ” will “, ” will not “, “can” and “cannot ” are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must ” and ” must not ” are NOT allowed in ETSI deliverables except when used in direct citation. Introduction The present document aims to meet the general requirements of the international community to provide trust and confidence in electronic transactions, including, amongst other, applicable requirements from Regulation (EU) No 910/2014 [i.15].

PAGE – 8 ============
ETSI ETSI EN 319 102 -1 V1.1.1 (2016 -05) 8 [4] ETSI TS 119 172-1: “Electronic Signatures and Infrastructures (ESI); Signature Policies; Part 1: Building blocks and table of contents for human readable signature policy documents”. [5] Common PKI Specifications for Interoperable Applications from T7 & Teletrust, Specification Part 9 SigG-Profile, Version 2.0, 20 January 2009. 2.2 Informative references References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are not necessary for the application of the present document but they assist the user with regard to a particular subject area. [i.1] IETF RFC 4158: “Internet X.509 Public Key Infrastructure: Certification Path Building”. [i.2] ETSI EN 319 122-1: “Electronic Signatures and Infrastructures (ESI); CAdES digital signatures; Part 1: Building blocks and CAdES baseline signatures”. [i.3] ETSI EN 319 122-2: “Electronic Signatures and Infrastructures (ESI); CAdES digital signatures; Part 2: Extended CAdES signatures”. [i.4] ETSI EN 319 132-1: “Electronic Signatures and Infrastructures (ESI); XAdES digital signatures; Part 1: Building blocks and XAdES baseline signatures”. [i.5] ETSI EN 319 132-2: “Electronic Signatures and Infrastructures (ESI); XAdES digital signatures; Part 2: Extended XAdES signatures”. [i.6] ETSI EN 319 142-1: “Electronic Signatures and Infrastructures (ESI); PAdES digital signatures; Part 1: Building blocks and PAdES baseline signatures”. [i.7] ETSI EN 319 142-2: “Electronic Signatures and Infrastructures (ESI); PAdES digital signatures; Part 2: Additional PAdES signatures profiles”. [i.8] IETF RFC 5652: “Cryptographic Message Syntax (CMS)”. [i.9] IETF RFC 4998: “Evidence Record Syntax (ERS)”. [i.10] IETF RFC 6283: “Extensible Markup Language Evidence Record Syntax (XMLERS)”. [i.11] Void. [i.12] IETF RFC 6960: “X.509 Internet Public Key Infrastructure Online Certificate Status Protocol – OCSP”. [i.13] ETSI EN 319 422: “Electronic Signatures and Infrastructures (ESI); Time-stamping protocol and time-stamp token profiles”. [i.14] ECRYPT II Yearly Report on Algorithms and Keysizes (2010-2011), Revision 1.0, 30. June 2011. [i.15] Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for elect ronic transactions in the internal market and repealing Directive 1999/93/EC. [i.16] IETF RFC 3852: “Cryptographic Message Syntax (CMS)”.

PAGE – 9 ============
ETSI ETSI EN 319 102 -1 V1.1.1 (2016 -05) 9 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the following terms and definitions apply: attribute authority: authority which assigns privileges by issuing attribute certificates attribute certificate: data structure, digitally signed by an attribute authority, that binds some attribute values with identification information about its holder certificate: See public key certificate. certificate identifier: unambiguous identifier of a certificate certificate path (chain) validation: process of verifying and confirming that a certificate path (chain) is valid certificate revocation list: signed list indicating a set of certificates that are no longer considered valid by the certificate issuer certificate validation: process of verifying and confirming that a certificate is valid certification authority: authority trusted by one or more users to create and assign public-key certificates chain model : model for validation of X.509 certificate chains where all CA certificates have to be valid at the time they were used for issuing a certificate and the end-entity certificate was valid when creating the signature claimed signing time: time of signing claimed by the signer which on its own does not provide independent evidence of the actual signing time (signature) commitment type: signer-selected indication of the exact implication of a digital signature (signature) creation constraints: abstract formulation of rules, values, ranges and computation results that are used when creating a digital signature cryptographic suite: combination of a signature scheme with a padding method and a cryptographic hash function detached (digital) signature: digital signature that, with respect to the signed data object, is neither enveloping nor enveloped digital signature: data appended to, or a cryptographic transformation of a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery e.g. by the recipient digital signature value: result of the cryptographic transformation of a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery e.g. by the recipient driving application: application that uses a signature creation system to create a signature or a signature validation application in order to validate digital signatures or a signature augmentation application to augment digital signatures electronic document: any content stored in electronic form, in particular text or sound, visual or audiovisual recording enveloped (digital) signature: digital signature embedded within the signed data object enveloping (digital) signature: digital signature embedding the signed data object evidence: information that can be used to resolve a dispute about various aspects of authenticity of archived data objects evidence record: unit of data, which can be used to prove the existen ce of an archived data object or an archived data object group at a certain time NOTE: See IETF RFC 4998 [i.9] and IETF RFC 6283 [i.10]. proof of existence: evidence that proves that an object existed at a specific date/time

PAGE – 10 ============
ETSI ETSI EN 319 102 -1 V1.1.1 (2016 -05) 10 prospective certificate chain: sequence of n certificates which satisfies the conditions (a) to (c) in IETF RFC 5280 [1] clause 6.1, and the trust anchor is trusted according to the signature validation policy in use public key certificate: public key of an entity, together with some other information, rendered unforgeable by digital signature with the private key of the certification authority which issued it shell model: model for validation of X.509 certificate chains where all certificates have to be valid at a given time NOTE: The given time is an input parameter to the validation. signature attribute: signature property signature augmentation: process of incorporating to a digital signature information aiming to maintain the validity of that signature over the long term NOTE: Augmenting signatures is a co-lateral process to the validation of signatures, namely the process by which certain material (e.g. time-stamps, validation data and even archival-related material) is incorporated to the signatures for making them more resilient to change or for enlarging their longevity. signature augmentation policy: set of rules, applicable to one or more digital signatures, that defines the technical and procedural requirements for their augmentation, in order to meet a particular business need, and under which the digital signature(s) can be determined to be conformant (signature) constraints: abstract formulation of rules, values, ranges and computation results that a digital signature can be validated against NOTE: Constraints can be defined in a formal signature policy, can be given in configuration parameter files or implied by the behaviour of the SVA. signature creation application: application within the signature creation system, complementing the signature creation device, that creates a signature data object signature creation data: unique data, such as codes or private cryptographic keys, which are used by the signer to create a digital signature value signature creation device: configured software or hardware used to im plement the signature creation data and to create a digital signature value signature creation environment: physical, geographical and computational environment of the signature creation system signature creation policy: set of rules, applicable to one or more digital signatures, that defines the technical and procedural requirements for their creation, in order to meet a particular business need, and under which the digital signature(s) can be determined to be conformant signature creation system: overall system, consisting of the signature creation application and the signature creation device, that creates a digital signature signature invocation: non-trivial interaction between the signer and the SCA or SCDev that is necessary to invoke the start of the signing process NOTE: It is the ‘Wilful Act’ of the signer. signature policy: signature creation policy, signature augmentation policy, signature validation policy or any combination thereof, appli cable to the same signature or set of signatures signature scheme: triplet of three algorithms composed of a sign ature creation algorithm, a signature verification algorithm and a key generation algorithm signature validation: process of verifying and confirming that a signature is valid signature validation application: application that implements signature validation signature validation policy: set of rules, applicable to one or more digital signatures, that defines the technical and procedural requirements for their validation, in order to meet a particular business need, and under which the digital signature(s) can be determined to be valid

PAGE – 11 ============
ETSI ETSI EN 319 102 -1 V1.1.1 (2016 -05) 11 signature v erification: process of checking the cryptographic value of a signature using signature verification data signature verifi cation data: data, such as codes or public cryptographic keys, used for the purpose of verifying a signature signed data object: data structure containing the signature value, signature attributes and other information (see clause 4.2.10) signer: entity being the creator of a digital signature time-assertion: time-stamp token or evidence record time-stamp token: data object defined in IETF RFC 3161 [3], representing a time-stamp trust anchor: entity that is trusted by a relying party and used for validating certificates in certification paths trust service: electronic service which enhances trust and confidence in electronic transactions trust service status list: form of a signed list as the basis for presentation of trust service status information validation: process of verifying and confirming that a certificate or a digital signature is valid validation data: data that is used to validate a digital signature verifier: entity that wants to validate or verify a digital signature 3.2 Abbreviations For the purposes of the present document, the following abbreviations apply: AC Attribute Certificate CA Certification Authority CMS Cryptographic Message Syntax CRL Certificate Revocation List DA Driving Application DTBS Data To Be Signed DTBSF Data To Be Signed (Formatted) DTBSR Data To Be Signed Representation ER Evidence Record ERS Evidence Record Syntax HTML HyperText Markup Language LDAP Lightweight Directory Access Protocol LT Long Term LTV Long Term Validation OCSP Online Certificate Status Protocol ODA Office Document Architecture OID Object Identifier PC Personal Computer PKC Public Key Certificate PKI Public Key Infrastructure PKIX Public Key Infrastructure X. 509 POE Proof Of Existence RSA Rivest, Shamir and Adleman algorithm SAV Signature Acceptance Validation SCA Signature Creation Application SCDev Signature Creation Device SCE Signature Creation Environment SCS Signature Creation System SD Signer’s Document SDO Signed Data Object SDR Signer’s Document Representation SGML Standard Generalized Markup Language SVA Signature Validation Application TSA Time-Stamping Authority

149 KB – 74 Pages