1、 ETSI TS 119 124-2 V1.1.1 (2016-06) Electronic Signatures and Infrastructures (ESI); CAdES digital signatures - Testing Conformance and Interoperability; Part 2: Test suites for testing interoperability of CAdES baseline signatures TECHNICAL SPECIFICATION ETSI ETSI TS 119 124-2 V1.1.1 (2016-06)2 Ref
2、erence DTS/ESI-0019124-2 Keywords CAdES, e-commerce, electronic signature, interoperability, profile, security, testing ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucrati
3、f enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the pres
4、ent document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network dr
5、ive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in t
6、he present document, please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as a
7、uthorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2016. All rights reserved. DECTTM,
8、 PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Asso
9、ciation. ETSI ETSI TS 119 124-2 V1.1.1 (2016-06)3 Contents Intellectual Property Rights 4g3Foreword . 4g3Modal verbs terminology 4g31 Scope 5g32 References 5g32.1 Normative references . 5g32.2 Informative references 5g33 Definitions and abbreviations . 6g33.1 Definitions 6g33.2 Abbreviations . 6g34
10、Overview 6g35 Testing interoperability of CAdES-B-B signatures 6g36 Testing interoperability of CAdES-B-T signatures 8g37 Testing interoperability of CAdES-B-LT signatures . 9g38 Testing interoperability of CAdES-B-LTA signatures . 10g39 Testing CAdES baseline signatures augmentation interoperabilit
11、y . 13g310 Negative test cases for CAdES baseline signatures . 14g310.1 CAdES-B-B signatures test cases . 14g310.2 CAdES-B-T signatures test cases . 16g310.3 CAdES-B-LTA signatures test cases 17g3History 18g3ETSI ETSI TS 119 124-2 V1.1.1 (2016-06)4 Intellectual Property Rights IPRs essential or pote
12、ntially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential
13、, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can b
14、e given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Specification (TS) has been produced by ETSI Technical Committee Electronic Signatures a
15、nd Infrastructures (ESI). The present document is part 2 of a multi-part deliverable covering CAdES digital signatures - Testing Conformance and Interoperability. Full details of the entire series can be found in part 1 i.1. Modal verbs terminology In the present document “shall“, “shall not“, “shou
16、ld“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. ET
17、SI ETSI TS 119 124-2 V1.1.1 (2016-06)5 1 Scope The present document defines a number of test suites to assess the interoperability between implementations claiming conformance to CAdES baseline signatures 1. The test suites are defined with four different layers reflecting the four different levels
18、of CAdES baseline signatures: Tests suite addressing interoperability between applications claiming B-B level conformance. Tests suite addressing interoperability between applications claiming B-T level conformance. Tests suite addressing interoperability between applications claiming B-LT level con
19、formance. Tests suite addressing interoperability between applications claiming B-LTA level conformance. Test suites also cover augmentation of CAdES baseline signatures and negative test cases. These test suites are agnostic of the PKI infrastructure. Any PKI infrastructure can be used including th
20、e one based on EU Member States Trusted Lists. 2 References 2.1 Normative references References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the l
21、atest version of the referenced document (including any amendments) applies. Referenced documents which are not found to be publicly available in the expected location might be found at https:/docbox.etsi.org/Reference/. NOTE: While any hyperlinks included in this clause were valid at the time of pu
22、blication, ETSI cannot guarantee their long term validity. The following referenced documents are necessary for the application of the present document. 1 ETSI EN 319 122-1: “Electronic Signatures and Infrastructures (ESI); CAdES digital signatures; Part 1: Building blocks and CAdES baseline signatu
23、res“. 2.2 Informative references References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including
24、any amendments) applies. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are not necessary for the application of the present document but they assist the user with regard to
25、a particular subject area. i.1 ETSI TR 119 124-1: “Electronic Signatures and Infrastructures (ESI); CAdES digital signatures - Testing Conformance and Interoperability; Part 1: Overview“. i.2 ETSI TR 119 001: “Electronic Signatures and Infrastructures (ESI); The framework for standardization of sign
26、atures; Definitions and abbreviations“. i.3 ETSI EN 319 102-1: “Electronic Signatures and Infrastructures (ESI); Procedures for Creation and Validation of AdES Digital Signatures; Part 1: Creation and Validation“. ETSI ETSI TS 119 124-2 V1.1.1 (2016-06)6 3 Definitions and abbreviations 3.1 Definitio
27、ns For the purposes of the present document, the terms and definitions given in ETSI TR 119 001 i.2 and the following apply: negative test case: test case for a signature whose validation according to ETSI EN 319 102-1 i.3 would not result in TOTAL-PASSED 3.2 Abbreviations For the purposes of the pr
28、esent document, the abbreviations given in ETSI TR 119 001 i.2 apply. 4 Overview This clause describes the overall approach used throughout the present document to specify test suites for CAdES baseline signatures interoperability testing. ETSI EN 319 122-1 1 defines four different levels of CAdES b
29、aseline signatures. The test suites are defined with different layers reflecting the levels of CAdES baseline signatures specified in 1: Testing CAdES signatures interoperability between applications claiming B-B level conformance. Testing CAdES signatures interoperability between applications claim
30、ing B-T level conformance. Testing CAdES signatures interoperability between applications claiming B-LT level conformance. Testing CAdES signatures interoperability between applications claiming B-LTA level conformance. Testing augmentation of CAdES signatures from B-T level to B-LTA level. Negative
31、 test cases for CAdES baseline signatures: - CAdES-B-B signatures test cases. - CAdES-B-T signatures test cases. - CAdES-B-LTA signatures test cases. 5 Testing interoperability of CAdES-B-B signatures The test cases in this clause have been defined for different combinations of CAdES-B-B signatures
32、attributes. Mandatory attributes for CAdES-B-B signatures described in 1, clause 6.3, shall be present. Table 1 shows which attributes are required to generate CAdES-B-B signatures for each test case. ETSI ETSI TS 119 124-2 V1.1.1 (2016-06)7 Table 1: Test cases for CAdES-B-B signatures TC ID Descrip
33、tion Pass criteria Signature attributes CAdES/BB/1 This is the simplest CAdES-B-B signatures interoperability test case. The signature ONLY CONTAINS the mandatory CAdES attributes. Positive validation. The signature shall contain ContentType, SigningTime, MessageDigest, ESSSigningCertificateV2 and S
34、igningCertificate (included in SignedData.certificates field) attributes. Certificates o SigningCertificate SignedAttributes o MessageDigest o ContentType o SigningTime o ESSSigningCertificateV2 CAdES/BB/2 In this CAdES-B-B signatures interoperability test case the signature contains a CertifiedAttr
35、ibuteV2 in addition to the CAdES/BB/1 test case attributes. Positive validation. The signature shall contain ContentType, SigningTime, MessageDigest, ESSSigningCertificateV2, CertifiedAttributesV2 (included in SignerAttributesV2) and SigningCertificate (included in SignedData.certificates field) att
36、ributes. Certificates o SigningCertificate SignedAttributes o MessageDigest o ContentType o SigningTime o ESSSigningCertificateV2 o SignerAttributesV2 (CertifiedAttributeV2) CAdES/BB/3 In this CAdES-B-B signatures interoperability test case the signature contains a ClaimedAttribute in addition to th
37、e CAdES/BB/1 test case attributes. Positive validation. The signature shall contain ContentType, SigningTime, MessageDigest, ESSSigningCertificateV2, ClaimedAttribute (included in SignerAttributesV2) and SigningCertificate (included in SignedData.certificates field) attributes. Certificates o Signin
38、gCertificate SignedAttributes o MessageDigest o ContentType o SigningTime o ESSSigningCertificateV2 o SignerAttributesV2 (CertifiedAttributeV2) CAdES/BB/4 This test case tests a CAdES-B-B signature with multiple independent signatures. The input to this test is a CAdES signature as specified in CAdE
39、S/BB/1 test case. Positive validation. The signature shall contain 2 SigningCertificates attributes (included in SignedData.certificates field) and 2 signerInfos containing ContentType, SigningTime, MessageDigest and ESSSigningCertificateV2 attributes. Certificates o SigningCertificate SignedAttribu
40、tes o MessageDigest o ESSSigningCertificateV2 o ContentType o SigningTime CAdES/BB/5 This test case tests a CAdES-B-B signature with a CounterSignature attribute. The input to this test is a CAdES signature as specified in CAdES/BB/1 test case. Positive validation. The signature shall contain Conten
41、tType, SigningTime, MessageDigest, ESSSigningCertificateV2, CounterSignature and SigningCertificate (included in SignedData.certificates field) attributes. Certificates o SigningCertificate SignedAttributes o MessageDigest o ContentType o SigningTime o ESSSigningCertificateV2 UnsignedAttributes o Co
42、unterSignature CAdES/BB/6 This test case tests a CAdES-B-B signature that contains SignerLocation and CommitmentTypeIndication attributes in addition to the CAdES/BB/1 test case attributes. Positive validation. The signature shall contain ContentType, SigningTime, MessageDigest, ESSSigningCertificat
43、eV2, SignerLocation (containing at least the countryName and localityName values), CommitmentTypeIndication and SigningCertificate (included in SignedData.certificates field) attributes. Certificates o SigningCertificate SignedAttributes o MessageDigest o ContentType o SigningTime o ESSSigningCertif
44、icateV2 o SignerLocation o CommitmentTypeIndication ETSI ETSI TS 119 124-2 V1.1.1 (2016-06)8 TC ID Description Pass criteria Signature attributes CAdES/BB/7 This test case tests a CAdES-B-B signature that contains a ContentTimeStamp attribute in addition to the CAdES/BB/1 test case attributes. Posit
45、ive validation. The signature shall contain ContentType, SigningTime, MessageDigest, ESSSigningCertificateV2, ContentTimeStamp and SigningCertificate (included in SignedData.certificates field) attributes. Certificates o SigningCertificate SignedAttributes o MessageDigest o ContentType o SigningTime
46、 o ESSSigningCertificateV2 o ContentTimeStamp CAdES/BB/8 This test case tests a CAdES-B-B signature that contains an explicit SignaturePolicyIdentifier attribute in addition to the CAdES/BB/1 test case attributes. Positive validation. The signature shall contain ContentType, SigningTime, MessageDige
47、st, ESSSigningCertificateV2, SignaturePolicyIdentifier and SigningCertificate (included in SignedData.certificates field) attributes. Certificates o SigningCertificate SignedAttributes o MessageDigest o ContentType o SigningTime o ESSSigningCertificateV2 o SignaturePolicyIdentifier CAdES/BB/9 This t
48、est case tests a CAdES-B-B signature in which digest algorithm SHA1 is used to digest data to be signed. The signature ONLY CONTAINS the mandatory CAdES attributes. Positive validation. The signature shall contain ContentType, SigningTime, MessageDigest, ESSSigningCertificate and SigningCertificate
49、(included in SignedData.certificates field) attributes. Certificates o SigningCertificate SignedAttributes o MessageDigest o ContentType o SigningTime o ESSSigningCertificate 6 Testing interoperability of CAdES-B-T signatures The test cases in this clause have been defined for different combinations of CAdES-B-T signatures attributes. CAdES baseline signatures claiming conformance to B-T level of document 1 shall be built on baseline signatures conformant to B-B level. A CAdES baseline signatu