1、 ETSI TS 102 778-4 V1.1.2 (2009-12)Technical Specification Electronic Signatures and Infrastructures (ESI);PDF Advanced Electronic Signature Profiles;Part 4: PAdES Long Term - PAdES-LTV ProfileETSI ETSI TS 102 778-4 V1.1.2 (2009-12)2Reference RTS/ESI-000082-4 Keywords e-commerce, electronic signatur
2、e, security ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice Individual copies of the present do
3、cument can be downloaded from: http:/www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dis
4、pute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other
5、ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced except as authorized by wr
6、itten permission. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2009. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTM, TIPHONTM, the TIPHON logo and the ETSI logo are Trade Marks of ETSI registered for the benefit of
7、 its Members. 3GPPTM is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. LTE is a Trade Mark of ETSI currently being registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks register
8、ed and owned by the GSM Association. ETSI ETSI TS 102 778-4 V1.1.2 (2009-12)3Contents Intellectual Property Rights 4g3Foreword . 4g3Introduction 4g31 Scope 5g32 References 5g32.1 Normative references . 6g32.2 Informative references 6g33 Definitions and abbreviations . 7g33.1 Definitions 7g33.2 Abbre
9、viations . 7g34 Profile for PAdES-LTV 8g34.1 Overview 8g34.2 General Requirements 9g34.3 Validation Process 10g34.4 Extensions Dictionary 10g3Annex A (normative): ISO 32000-1 LTV Extensions 11g3A.1 Document Security Store 11g3A.2 Document Time-stamp . 15g3Annex B (informative): Matching of PAdES-LTV
10、-profiles to CAdES . 17g3Annex C (informative): Change history . 19g3History 20g3ETSI ETSI TS 102 778-4 V1.1.2 (2009-12)4Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if
11、 any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are availabl
12、e on the ETSI Web server (http:/webapp.etsi.org/IPR/home.asp). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server
13、) which are, or may be, or may become, essential to the present document. Foreword This Technical Specification (TS) has been produced by ETSI Technical Committee Electronic Signatures and Infrastructures (ESI). The present document is part 4 of a multi-part deliverable. Full details of the entire s
14、eries can be found in part 1 i.3. Introduction Electronic documents are a major part of a modern companies business. Trust in this way of doing business is essential for the success and continued development of electronic business. It is, therefore, important that companies using electronic document
15、s have suitable security controls and mechanisms in place to protect their documents and to ensure trust and confidence with their business practices. In this respect the electronic signature is an important security component that can be used to protect information and provide trust in electronic b
16、usiness. The present document is intended to cover electronic signatures for electronic documents. This includes evidence as to its validity even if the signer or verifying party later attempts to deny (i.e. repudiates; see ISO/IEC 10181-4 i.1) the validity of the signature. Thus, the present docume
17、nt can be used for any document encoded in a portable document format produced by an individual and a company, and exchanged between companies, between an individual and a governmental body, etc. The present document is independent of any environment; it can be applied to any environment, e.g. smart
18、 cards, GSM SIM cards, special programs for electronic signatures, etc. The European Directive on a community framework for Electronic Signatures defines an electronic signature as: “Data in electronic form which is attached to or logically associated with other electronic data and which serves as a
19、 method of authentication“. The formats defined in the present document, are able to support advanced electronic signatures as defined in the Directive. ISO 32000-1 1 specifies a digital form for representing documents called the Portable Document Format (PDF) that enables users to exchange and view
20、 electronic documents easily and reliably, independent of the environment in which they were created or the environment in which they are viewed or printed. ISO 32000-1 1 identifies the ways in which an electronic signature, in the form of a digital signature, may be incorporated into a PDF document
21、 to authenticate the identity of the user and validate integrity of the documents content. This profile specifies digital signatures in PDF to provide Advanced Electronic Signature with long term validation equivalent to the, CAdES-X-Long and CAdES-A forms. ETSI ETSI TS 102 778-4 V1.1.2 (2009-12)51
22、Scope The present document profiles the electronic signature formats found in ISO 32000-1 1 to support Long Term Validation (LTV) of PDF Signatures. This profile does not repeat the base requirements of the referenced standards, but instead aims to disambiguate between the techniques used in the dif
23、ferent referenced standards. The present document specifies how to include validation information in a PDF Document and to further protect the document using time-stamps so that it is possible to subsequently verify a PDF Signature long after it was signed. This profile may be used to support long t
24、erm validation of: a) PDF Signatures to profiles specified in TS 102 778-2 i.4; or b) PDF Signatures to profiles specified in TS 102 778-3 i.5; or c) PDF Signatures to profiles specified in TS 102 778-5 i.6. The present document specifies a profile to support the equivalent functionality to the sign
25、ature forms CAdES-X Long and CAdES-A as specified in TS 101 733 2 in a single profile PAdES-LTV (see annex B for further information on matching this profile to CAdES signature forms). The same LTV mechanism specified in this profile is used to support the equivalent to all the signature forms XAdES
26、-XL and XAdES-A as specified in TS 101 903 3, by upgrading XAdES signatures aligned with the profile defined in clause 5.2 of TS 102 778-5 i.6 (see annex A of TS 102 778-5 i.6 for further information on matching this profile to XAdES signature forms). The present document also specifies extensions t
27、o ISO 32000-1 1 to provides features required to support LTV (see annex A). NOTE: It is planned to submit these extensions to ISO as a proposal for a revision to ISO 32000-1 1. If accepted, future versions of this profile may reference any future ISO standard instead of the extensions specified in a
28、nnex A. This profile is applicable to any party relying on a signature over a long period (e.g. longer than the lifetime of the signing certificate). It may be applied by a party receiving and verifying the document or the signing party who should also verify the document when applying LTV. The pres
29、ent document is part of a series of profiles for advanced electronic signature formats applied to PDF documents. General information on the series of profiles is specified in TS 102 778-1 i.3. The requirements specified in the present document take precedence over those specified in ISO 32000-1 1. 2
30、 References References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For a specific reference, subsequent revisions do not apply. Non-specific reference may be made only to a complete document or a part thereof and only in the follow
31、ing cases: - if it is accepted that it will be possible to use all future changes of the referenced document for the purposes of the referring document; - for informative references. Referenced documents which are not found to be publicly available in the expected location might be found at http:/do
32、cbox.etsi.org/Reference. NOTE: While any hyperlinks included in this clause were valid at the time of publication ETSI cannot guarantee their long term validity. ETSI ETSI TS 102 778-4 V1.1.2 (2009-12)62.1 Normative references The following referenced documents are indispensable for the application
33、of the present document. For dated references, only the edition cited applies. For non-specific references, the latest edition of the referenced document (including any amendments) applies. 1 ISO 32000-1: “Document management - Portable document format - Part 1: PDF 1.7“. 2 ETSI TS 101 733: “Electro
34、nic Signatures and Infrastructures (ESI); CMS Advanced Electronic Signatures (CAdES)“. 3 ETSI TS 101 903: “XML Advanced Electronic Signatures (XAdES)“. 4 IETF RFC 2315: “PKCS #7: Cryptographic Message Syntax Version 1.5“. 5 IETF RFC 3852 (2004): “Cryptographic Message Syntax (CMS)“. 6 IETF RFC 3161:
35、 “Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP)“. 7 IETF RFC 5280: “Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile“. 8 IETF RFC 2560: “X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP“. 9 W3C R
36、ecommendation (18 July 2002): “Exclusive XML Canonicalization Version 1.0“. NOTE: Available at http:/www.w3.org/TR/xml-exc-c14n/# 2.2 Informative references The following referenced documents are not essential to the use of the present document but they assist the user with regard to a particular su
37、bject area. For non-specific references, the latest version of the referenced document (including any amendments) applies. i.1 ISO/IEC 10181-4: “Information technology - Open Systems Interconnection - Security frameworks for open systems: Non-repudiation framework“. i.2 Adobe XFA: “XML Forms Archite
38、cture (XFA) Specification“ version 2.5, (June 2007), Adobe Systems Incorporated“. i.3 ETSI TS 102 778-1: “Electronic Signatures and Infrastructures (ESI); PDF Advanced Electronic Signature Profiles; Part 1: PAdES Overview - a framework document for PAdES“. i.4 ETSI TS 102 778-2: “Electronic Signatur
39、es and Infrastructures (ESI); PDF Advanced Electronic Signature Profiles; Part 2: PAdES Basic - Profile based on ISO 32000-1“. i.5 ETSI TS 102 778-3: “Electronic Signatures and Infrastructures (ESI); PDF Advanced Electronic Signature Profiles; Part 3: PAdES Enhanced - PAdES-BES and PAdES-EPES Profil
40、es“. i.6 ETSI TS 102 778-5: “Electronic Signatures and Infrastructures (ESI); PDF Advanced Electronic Signature Profiles; Part 5: PAdES for XML Content - Profiles for XAdES signatures“. i.7 ISO 32000-2: “Document management - Portable document format - Part 2: PDF 2.0“. Standard under development“.
41、ETSI ETSI TS 102 778-4 V1.1.2 (2009-12)73 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the terms and definitions given in 1, 2, 3 and the following apply: conforming signature handler: in the context of this profile, software application, or part of a softw
42、are application, that knows how to perform digital signature operations (e.g. signing and/or verifying) in conformance with ISO 32000-1 1 and the requirements of the appropriate profile Document Security Store (DSS): information appended to a PDF document relating to its security including Validatio
43、n-Related Information (VRI) and indirect references to the values of validation data for all signatures document time-stamp: time-stamp applied to a document along with any document security-related information applied to that document PDF Signature: binary data object based on the PKCS#7 (see RFC 2
44、315 4) or related syntax containing a digital signature placed within a PDF document structure as specified in ISO 32000-1 1, clause 12.8 with other information about the signature applied when it was first created signature dictionary: PDF data structure, of type dictionary, as described in ISO 320
45、00-1 1, clause 12.8.1, table 252 that contains all the of information about the Digital Signature signer: entity that creates an electronic signature validation data: data that may be used by a verifier of electronic signatures to determine that the signature is valid (e.g. certificates, CRLs, OCSP
46、responses) Validation Related Information (VRI): indirect references to validation data used to validate a specific signature verifier: entity that validates an electronic signature The present document makes use of certain keywords to signify requirements. Below follows their definitions: may: mean
47、s that a course of action is permissible within this profile shall: means that the definition is an absolute requirement of this profile. It has to strictly be followed in order to conform to the present document should: Means that among several possibilities one is recommended, in this profile, as
48、particularly suitable, without mentioning or excluding others, or that a certain course of action is preferred but not necessarily required. Implementers may know valid reasons in particular circumstances to ignore this recommendation, but the full implications must be understood and carefully weigh
49、ed before choosing a different course. 3.2 Abbreviations For the purposes of the present document, the abbreviations given in 1, 2, 3 and the following apply: BER Basic Encoding Rules BES Basic Encoding Signature CA Certification AuthorityCAdES CMS Advanced Electronic Signature CMS Cryptographic Message Syntax NOTE: As specified in RFC 3852 5. CRL Certificate Revocation List DSS Document Security Store EPES Explicit Policy-based Electronic Signature GSM Global System for Mobile Telecom
