1、 ETSI TR 119 300 V1.2.1 (2016-03) Electronic Signatures and Infrastructures (ESI); Guidance on the use of standards for cryptographic suites TECHNICAL REPORT ETSI ETSI TR 119 300 V1.2.1 (2016-03) 2 Reference RTR/ESI-0019300v121 Keywords e-commerce, electronic signature, security, trust services ETSI
2、 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/
3、www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived dif
4、ference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or c
5、hange of status. Information on the current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSuppor
6、tStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorizat
7、ion of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2016. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are
8、Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TR 119 300 V1.2.1 (2016-03) 3 Contents Intellectual Property Rights 4g3Foreword . 4g3Modal verbs terminol
9、ogy 4g31 Scope 5g32 References 5g32.1 Normative references . 5g32.2 Informative references 5g33 Definitions and abbreviations . 6g33.1 Definitions 6g33.2 Abbreviations . 7g34 Introduction to cryptographic suites . 7g34.1 General . 7g34.2 Digital signatures 7g34.3 Signature creation and verification
10、. 8g34.4 Cryptographic algorithms . 8g34.4.1 Hash functions 8g34.4.2 Message encoding and random numbers 8g34.4.3 Asymmetric signature algorithms . 8g34.4.4 Security bits 9g34.5 Standardization . 9g34.5.1 Standardization bodies 9g34.5.2 Technical specifications 9g35 Selecting an appropriate signatur
11、e suite . 9g35.1 Introduction 9g35.2 Evaluating pre-conditions . 10g35.2.1 Trust level . 10g35.2.2 Trust period. 10g35.2.3 Hardware security . 10g35.2.4 Attack potential. 10g35.3 Guidance to selection . 10g35.3.1 National supervisory bodies 10g35.3.2 Trust service providers 11g35.3.3 Manufacturers o
12、f security devices 11g35.3.4 Information to end users . 11g3Annex A: Bibliography 12g3History 13g3ETSI ETSI TR 119 300 V1.2.1 (2016-03) 4 Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these e
13、ssential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest upd
14、ates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web ser
15、ver) which are, or may be, or may become, essential to the present document. Foreword This Technical Report (TR) has been produced by ETSI Technical Committee Electronic Signatures and Infrastructures (ESI). Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should not“
16、, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. ETSI ETSI TR 119 30
17、0 V1.2.1 (2016-03) 5 1 Scope The present document provides business driven guidance on the use of standards for cryptographic suites, and in particular for digital signature creation algorithms. The present document explains the concept of security parameters that helps to choose a proper cryptograp
18、hic suite for digital signature creation. It also gives an overview how to analyze the business needs and how to select a system that satisfies these needs. The purported audience of the present document is mainly the application designers and implementers. The present document provides recommendati
19、ons to trust service providers and manufacturers of security devices. 2 References 2.1 Normative references References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-spe
20、cific references, the latest version of the referenced document (including any amendments) applies. Referenced documents which are not found to be publicly available in the expected location might be found at http:/docbox.etsi.org/Reference. NOTE: While any hyperlinks included in this clause were va
21、lid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are necessary for the application of the present document. Not applicable. 2.2 Informative references References are either specific (identified by date of publication and/or edition nu
22、mber or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. NOTE: While any hyperlinks included in this clause were valid at the time of publication ET
23、SI cannot guarantee their long term validity. The following referenced documents are not necessary for the application of the present document but they assist the user with regard to a particular subject area. i.1 ETSI EN 319 102-1: “Electronic Signatures and Infrastructures (ESI); Procedures for cr
24、eation and validation of AdES digital signatures; Part 1: Creation and validation“. i.2 ETSI TS 103 174: “Electronic Signatures and Infrastructures (ESI); ASiC Baseline Profile“. i.3 ISO/IEC 10118-3 (2004): “Information technology - Security techniques - Hash functions - Part 3: Dedicated hash funct
25、ions“. NOTE: This ISO Standard duplicates FIPS Publication 180-4 i.4. i.4 FIPS Publication 180-4 (2012): “Secure Hash Standard (SHS)“. i.5 Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transact
26、ions in the internal market and repealing Directive 1999/93/EC. i.6 ETSI TS 119 312: “Electronic Signatures and Infrastructures (ESI); Cryptographic Suites“. i.7 ETSI TS 101 733: “Electronic Signatures and Infrastructures (ESI); CMS Advanced Electronic Signatures (CAdES)“. ETSI ETSI TR 119 300 V1.2.
27、1 (2016-03) 6 i.8 ETSI TS 101 903: “Electronic Signatures and Infrastructures (ESI); XML Advanced Electronic Signatures (XAdES)“. i.9 ETSI TS 102 778: “Electronic Signatures and Infrastructures (ESI); PDF Advanced Electronic Signature Profiles“. i.10 ETSI TS 102 918: “Electronic Signatures and Infra
28、structures (ESI); Associated Signature Containers (ASiC)“. i.11 ETSI TS 103 171: “Electronic Signatures and Infrastructures (ESI); XAdES Baseline Profile“. i.12 ETSI TS 103 172: “Electronic Signatures and Infrastructures (ESI); PAdES Baseline Profile“. i.13 ETSI TS 103 173: “Electronic Signatures an
29、d Infrastructures (ESI); CAdES Baseline Profile“. i.14 ETSI EN 319 122-1: “Electronic Signatures and Infrastructures (ESI); CAdES digital signatures; Part 1: Building blocks and CAdES baseline signatures“. i.15 ETSI EN 319 122-2: “Electronic Signatures and Infrastructures (ESI); CAdES digital signat
30、ures; Part 2: Extended CAdES signatures“. i.16 ETSI EN 319 132-1: “Electronic Signatures and Infrastructures (ESI); XAdES digital signatures; Part 1: Building blocks and XAdES baseline signatures“. i.17 ETSI EN 319 132-2: “Electronic Signatures and Infrastructures (ESI); XAdES digital signatures; Pa
31、rt 2: Extended XAdES signatures“. i.18 ETSI EN 319 142-1: “Electronic Signatures and Infrastructures (ESI); PAdES digital signatures; Part 1: Building blocks and PAdES baseline signatures“. i.19 ETSI EN 319 142-2: “Electronic Signatures and Infrastructures (ESI); PAdES digital signatures; Part 2: Ad
32、ditional PAdES signatures profiles“. i.20 ETSI EN 319 162-1: “Electronic Signatures and Infrastructures (ESI); Associated Signature Containers (ASiC); Part 1: Building blocks and ASiC baseline containers“. i.21 ETSI TR 119 001: “Electronic Signatures and Infrastructures (ESI); The framework for stan
33、dardization of signatures; Definitions and abbreviations“. 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the terms and definitions given in ETSI TR 119 001 i.21 and the following apply: NOTE: The following definitions are being imported in the present docu
34、ment for the sake of readers convenience. advanced electronic signature: As defined in Regulation (EU) No 910/2014 i.5. cryptographic suite: combination of a signature scheme with a padding method and a cryptographic hash function (digital) signature: data appended to, or a cryptographic transformat
35、ion of a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery e.g. by the recipient electronic signature: As defined in Regulation (EU) No 910/2014 i.5. hash function: As defined in ISO/IEC 10118-3 i.3. ETSI ETSI TR 119 300
36、 V1.2.1 (2016-03) 7 signature augmentation policy: set of rules, applicable to one or more digital signatures, that defines the technical and procedural requirements for their augmentation, in order to meet a particular business need, and under which the digital signature(s) can be determined to be
37、conformant NOTE: This covers collection of information and creation of new structures that allows performing, on the long term, validations of a signature. signature creation policy: set of rules, applicable to one or more digital signatures, that defines the technical and procedural requirements fo
38、r their creation, in order to meet a particular business need, and under which the digital signature(s) can be determined to be conformant signature policy: signature creation policy, signature augmentation policy, signature validation policy or any combination thereof, applicable to the same signat
39、ure or set of signatures signature scheme: triplet of three algorithms composed of a signature creation algorithm, a signature verification algorithm and a key generation algorithm signature validation policy: set of rules, applicable to one or more digital signatures, that defines the technical and
40、 procedural requirements for their validation, in order to meet a particular business need, and under which the digital signature(s) can be determined to be valid trust service: electronic service which enhances trust and confidence in electronic transactions trust service provider: natural or a leg
41、al person who provides one or more trust services 3.2 Abbreviations For the purposes of the present document, the abbreviations given in ETSI TS 119 312 i.6 and the following apply: CMS Cryptographic Message Syntax ENISA European Union Agency for Network and Information Security EU European Union IS
42、O International Organization for Standardization PDF Portable Document Format PIN Personal Identification Number TR Technical Report TS Technical Specification XML eXtensible Markup Language NOTE: See http:/ 4 Introduction to cryptographic suites 4.1 General A cryptographic suite is a set of standar
43、dized algorithms which are used to create a digital signature. The creation of a signature usually includes different digital signature creation algorithms. Moreover the creation of certificates, used for signer identification and the integration of timing information is also based on digital signat
44、ure algorithms. Therefore the selection of the cryptographic suite is not a task for a single signature creation but will appear in different business processes as well as in the systems design. In the following the components of a cryptographic suite and how they are related to the overall security
45、 level are considered. 4.2 Digital signatures ETSI EN 319 102-1 i.1 specifies procedures for creating and augmenting digital signatures in a format-agnostic way. It introduces general principles, objects and functions relevant when creating and augmenting signatures. It also defines general forms of
46、 digital signatures that increase their longevity. It is based on the use of public key cryptography to produce such signatures, which are supported by public key certificates. ETSI ETSI TR 119 300 V1.2.1 (2016-03) 8 The policy requirements, the syntax of the signature (XML, CMS or PDF), the relatio
47、nship between the signature and the data object that is signed (enveloped, enveloping or detached), the relationship between signatures (single, parallel or countersignature), the commitment, the timing information, attributes or identity of the signer are not relevant for the cryptographic algorith
48、m for creating a digital signature. Nevertheless the security of the digital signature heavily depends on them. 4.3 Signature creation and verification The digital signature creation consists of a data input encoding, including the formatting, and the cryptographic key (signers private key) applicat
49、ion algorithm. The output will be included as the digital signature of a document, a time-stamp or an archival signature over a (signed or unsigned) document. The digital signature verification consists of the same data input encoding and a cryptographic key (signers public key) application algorithm. The output of the verification is either “valid“ or “invalid“. 4.4 Cryptographic algorithms 4.4.1 Hash functions The data to be signed can be of different n