1、 ETSI TS 119 124-4 V1.1.1 (2016-06) Electronic Signatures and Infrastructures (ESI); CAdES digital signatures - Testing Conformance and Interoperability; Part 4: Testing conformance of CAdES baseline signatures TECHNICAL SPECIFICATION ETSI ETSI TS 119 124-4 V1.1.1 (2016-06)2 Reference DTS/ESI-001912
2、4-4 Keywords CAdES, conformance, e-commerce, electronic signature, profile, security, testing ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfec
3、ture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be
4、modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretaria
5、t. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, pleas
6、e send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permi
7、ssion of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2016. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand th
8、e ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TS 119
9、124-4 V1.1.1 (2016-06)3 Contents Intellectual Property Rights 5g3Foreword . 5g3Modal verbs terminology 5g31 Scope 6g32 References 6g32.1 Normative references . 6g32.2 Informative references 6g33 Definitions and abbreviations . 7g33.1 Definitions 7g33.2 Abbreviations . 7g34 Overview 7g35 Testing conf
10、ormance to CAdES-B-B signatures 8g35.1 Introduction 8g35.2 Testing CMS Signature elements . 8g35.2.1 Testing algorithm requirements 8g35.2.2 Testing content-type . 8g35.2.2.1 General 8g35.2.2.2 Test assertions common to CAdES baseline and extended signatures 8g35.2.2.3 Test assertions specific to CA
11、dES baseline signatures . 9g35.2.3 Testing message-digest . 9g35.2.4 Testing CMSversion . 9g35.2.5 Testing DigestAlgorithmIdentifiers 9g35.2.6 Testing EncapsulatedContentInfo. 9g35.2.7 Testing SignedData.certificates 10g35.2.7.1 General 10g35.2.7.2 Test assertions common to CAdES baseline and extend
12、ed signatures 10g35.2.7.3 Test assertions specific to CAdES baseline signatures . 10g35.2.8 Testing SignedData.crls 10g35.2.9 Testing SignerInfos . 11g35.3 Testing basic attributes for CAdES signatures . 11g35.3.1 Testing signing-time . 11g35.3.1.1 General 11g35.3.1.2 Test assertions common to CAdES
13、 baseline and extended signatures 11g35.3.1.3 Test assertions specific to CAdES baseline signatures . 11g35.3.2 Testing Enhanced Security Services (ESS) 11g35.3.2.1 General 11g35.3.2.2 Test assertions common to CAdES baseline and extended signatures 11g35.3.2.3 Test assertions specific to CAdES base
14、line signatures . 12g35.3.3 Testing countersignature . 12g35.3.4 Testing content-reference . 12g35.3.5 Testing content-identifier 12g35.3.6 Testing content-hints. 13g35.3.7 Testing commitment-type-indication 13g35.3.8 Testing signer-location . 13g35.3.9 Testing signer-attributes-v2 13g35.3.10 Testin
15、g content-time-stamp 13g35.3.11 Testing mime-type 14g35.3.12 Testing signature-policy-identifier 14g35.3.13 Testing signature-policy-store 14g36 Testing conformance to CAdES-B-T signatures 14g36.1 General . 14g36.2 Testing CAdES attributes . 14g36.2.1 Testing SignatureTimeStamp 14g3ETSI ETSI TS 119
16、124-4 V1.1.1 (2016-06)4 7 Testing conformance to CAdES-B-LT signatures . 15g37.1 General . 15g37.2 Testing CAdES attributes . 15g37.2.1 Testing Certificate and Revocation references and values 15g37.2.2 Testing time-stamp attributes 16g37.2.3 Testing SignedData.certificates attribute 16g37.2.4 Testi
17、ng revocation values . 16g38 Testing conformance to CAdES-B-LTA signatures . 16g38.1 General . 16g38.2 Testing CAdES attributes . 17g38.2.1 Testing ArchiveTimeStampV3 . 17g38.2.2 Testing time-stamp attributes 17g3Annex A (normative): Test assertions derived from attributes definition 18g3A.1 General
18、 . 18g3A.2 Testing CMS defined attributes 18g3A.2.1 Testing content-type attribute . 18g3A.2.2 Testing data content-type . 18g3A.2.3 Testing signed-data content-type 18g3A.2.4 Testing message-digest attribute 18g3A.2.5 Testing CMSVersion 19g3A.2.6 Testing DigestAlgorithmIdentifiers 19g3A.2.7 Testing
19、 SignatureAlgorithmIdentifiers . 19g3A.2.8 Testing EncapsulatedContentInfo 19g3A.2.9 Testing SignedData.certificates 19g3A.2.10 Testing SignedData.crls 20g3A.2.11 Testing SignerInfo attribute 20g3A.2.12 Testing AlgorithmIdentifier 20g3A.3 Testing basic attributes for CAdES signatures . 20g3A.3.1 Tes
20、ting signing-time attribute. 20g3A.3.2 Testing ESS signing-certificate 21g3A.3.3 Testing ESS signing-certificate-v2 . 21g3A.3.4 Testing countersignature 22g3A.3.5 Testing content-reference . 22g3A.3.6 Testing content-identifier . 22g3A.3.7 Testing content-hints 23g3A.3.8 Testing commitment-type-indi
21、cation . 23g3A.3.9 Testing signer-location . 23g3A.3.10 Testing signer-attributes-v2 24g3A.3.11 Testing content-time-stamp 25g3A.3.12 Testing mime-type 25g3A.3.13 Testing signature-policy-identifier . 25g3A.3.14 Testing signature-policy-store 26g3A.3.15 Testing signature-time-stamp . 27g3A.3.16 Test
22、ing complete-certificate-references . 27g3A.3.17 Testing complete-revocation-references . 28g3A.3.18 Testing certificate-values . 29g3A.3.19 Testing revocation-values . 29g3A.3.20 Testing CAdES-C-time-stamp 29g3A.3.21 Testing time-stamped-certs-crls-references 30g3A.3.22 Testing ArchiveTimeStampV3 .
23、 30g3A.3.23 Testing ats-hash-index-v3 30g3A.3.24 Testing long-term-validation 31g3A.3.25 Testing ArchiveTimeStampV2 . 31g3History 32g3ETSI ETSI TS 119 124-4 V1.1.1 (2016-06)5 Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI.
24、The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available
25、from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 31
26、4 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Specification (TS) has been produced by ETSI Technical Committee Electronic Signatures and Infrastructures (ESI). The present document is part 4 of a multi-part d
27、eliverable covering CAdES digital signatures - Testing Conformance and Interoperability. Full details of the entire series can be found in part 1 i.1. A tool implementing the present document has been developed and is accessible at http:/signatures-conformance-checker.etsi.org/. Modal verbs terminol
28、ogy In the present document “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ET
29、SI deliverables except when used in direct citation. ETSI ETSI TS 119 124-4 V1.1.1 (2016-06)6 1 Scope The present document defines the set of checks to be performed for testing conformance of CAdES signatures against CAdES baseline signatures as specified in ETSI EN 319 122-1 1. The present document
30、 does not specify checks leading to conclude whether a signature is technically valid or not (for instance, it does not specify checks for determining whether the cryptographic material present in the signature may be considered valid or not). In consequence, no conclusion may be inferred regarding
31、the technical validity of a signature that has been successfully tested by any tool conformant to the present document. Checks specified by the present document are exclusively constrained to elements specified by CAdES 1. Regarding CAdES attributes, the present document explicitly differentiates be
32、tween structural requirements that are defined on building blocks, and the requirements specified for CAdES baseline signatures conformance. The present document is intentionally not linked to any software development technology and is also intentionally agnostic on implementation strategies. This i
33、s one of the reasons why the test assertions set specified in the present document includes tests on the correctness of the structure of all the elements specified by CAdES 1. 2 References 2.1 Normative references References are either specific (identified by date of publication and/or edition numbe
34、r or version number) or non-specific. For specific references,only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. Referenced documents which are not found to be publicly available in the expected location migh
35、t be found at http:/docbox.etsi.org/Reference. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are necessary for the application of the present document. 1 ETSI EN 319 122-1:
36、“Electronic Signatures and Infrastructures (ESI); CAdES digital signatures; Part 1: Building blocks and CAdES baseline signatures“. 2 ETSI EN 319 122-2: “Electronic Signatures and Infrastructures (ESI); CAdES digital signatures; Part 2: Extended CAdES signatures“. 3 IETF RFC 5652 (09-2009): “Cryptog
37、raphic Message Syntax (CMS)“. 2.2 Informative references References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references,only the cited version applies. For non-specific references, the latest version of the referenc
38、ed document (including any amendments) applies. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are not necessary for the application of the present document but they assist t
39、he user with regard to a particular subject area. i.1 ETSI TR 119 124-1: “Electronic Signatures and Infrastructures (ESI); CAdES digital signatures - Testing Conformance and Interoperability; Part 1: Overview“. i.2 ETSI TR 119 001: “Electronic Signatures and Infrastructures (ESI); The framework for
40、standardization of signatures; Definitions and abbreviations“. ETSI ETSI TS 119 124-4 V1.1.1 (2016-06)7 i.3 OASIS Committee Notes: “Test Assertions Guidelines Version 1.0“ Committee Note 02, 19 June 2013. 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the t
41、erms and definitions given in ETSI TR 119 001 i.2 apply. 3.2 Abbreviations For the purposes of the present document, the abbreviations given in ETSI TR 119 001 i.2 apply. 4 Overview The present clause describes the main aspects of the technical approach used for specifying the whole set of checks to
42、 be performed for testing conformance to ETSI EN 319 122-1 1. ETSI EN 319 122-1 1 defines requirements for building blocks and CAdES baseline signatures. For the purpose of identifying the whole set of test assertions required for testing conformance against CAdES baseline signatures as specified in
43、 ETSI EN 319 122-1 1, the present document classifies the whole set of requirements specified in ETSI EN 319 122-1 1 in two groups as follows: 1) Requirements “CAdES_BS“ (after “CAdES baseline signatures“): requirements defined in clauses 5 and 6 of ETSI EN 319 122-1 1. These are requirements specif
44、ic to CAdES baseline signatures. 2) Requirements “CAdES_BB“ (after “CAdES building blocks“): requirements defined in clauses 4, 5 and annex A of ETSI EN 319 122-1 1 that have to be satisfied by both CAdES baseline signatures as specified in ETSI EN 319 122-1 1 and extended CAdES signatures as specif
45、ied in ETSI EN 319 122-2 2. a) In order to test conformance against the aforementioned specification, several types of tests are identified, namely: 1) Tests on the signature structure. 2) Tests on values of specific elements and/or attributes. 3) Tests on interrelationship between different element
46、s present in the signature. 4) Tests on computations reflected in the contents of the signatures (message imprints for a time-stamping service, computed by digesting the concatenation of a number of elements of the signature, for instance). b) No tests are included testing actual validity of the cry
47、ptographic material that might be present at the signature or to be used for its verification (status of certificates for instance). c) Tests are defined as test assertions following the work produced by OASIS in “Test Assertions Guidelines Version 1.0“ i.3. Each test assertion includes: 1) Unique i
48、dentifier for further referencing. The identifiers of the assertions defined within the present documents start with “CAdES_BS“, after “CAdES baseline signatures“ and “CAdES_BB“, after “CAdES building blocks“. 2) Reference to the Normative source for the test. 3) The Target of the assertion. In the
49、normative part, this field identifies one of the four CAdES baseline signatures 1 levels. ETSI ETSI TS 119 124-4 V1.1.1 (2016-06)8 4) Prerequisite (optional) is, according to i.3, “a logical expression (similar to a Predicate) which further qualifies the Target for undergoing the core test (expressed by the Predicate) that addresses the Normative Statement“. It is used for building test assertions corresponding to requirements that are imposed under certain conditions. 5) Predicate fully and unambiguously defining the assertion.
