1、 ETSI TS 119 144-4 V1.1.1 (2016-06) Electronic Signatures and Infrastructures (ESI); PAdES digital signatures - Testing Conformance and Interoperability; Part 4: Testing Conformance of PAdES baseline signatures TECHNICAL SPECIFICATION ETSI ETSI TS 119 144-4 V1.1.1 (2016-06)2 Reference DTS/ESI-001914
2、4-4 Keywords conformance, e-commerce, electronic signature, PAdES, profile, security, testing ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfec
3、ture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be
4、modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretaria
5、t. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, pleas
6、e send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permi
7、ssion of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2016. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand th
8、e ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TS 119
9、144-4 V1.1.1 (2016-06)3 Contents Intellectual Property Rights 4g3Foreword . 4g3Modal verbs terminology 4g31 Scope 5g32 References 5g32.1 Normative references . 5g32.2 Informative references 5g33 Definitions and abbreviations . 6g33.1 Definitions 6g33.3 Abbreviations . 6g34 Overview 6g35 Testing conf
10、ormance to PAdES-B-B signatures 7g35.1 Introduction 7g35.2 Testing signature dictionary elements 7g35.3 Testing CMS signature elements 9g36 Testing conformance to PAdES-B-T signatures 11g36.1 General requirements . 11g36.2 Testing trusted signing time . 11g37 Testing conformance to PAdES-B-LT signat
11、ures 12g37.1 General requirements . 12g37.2 Testing DSS dictionary 12g38 Testing conformance to PAdES-B-LTA signatures . 13g38.1 General requirements . 13g38.2 Testing DTS dictionary 13g3Annex A (informative): Bibliography . 14g3History 15g3ETSI ETSI TS 119 144-4 V1.1.1 (2016-06)4 Intellectual Prope
12、rty Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Es
13、sential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carrie
14、d out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Specification (TS) has been produced by ETSI Technical
15、Committee Electronic Signatures and Infrastructures (ESI). The present document is part 4 of a multi-part deliverable covering PAdES digital signatures - Testing Conformance and Interoperability. Full details of the entire series can be found in part 1 i.1. A tool implementing the present document h
16、as been developed and is accessible at http:/signatures-conformance-checker.etsi.org/. Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI
17、Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. ETSI ETSI TS 119 144-4 V1.1.1 (2016-06)5 1 Scope The present document defines the set of checks to be performed for testing conformance of P
18、AdES signatures against PAdES baseline signatures as specified in ETSI EN 319 142-1 1. The present document does not specify checks leading to conclude whether a signature is technically valid or not (for instance, it does not specify checks for determining whether the cryptographic material present
19、 in the signature may be considered valid or not). In consequence, no conclusion may be inferred regarding the technical validity of a signature that has been successfully tested by any tool conformant to the present document. Checks specified by the present document are exclusively constrained to e
20、lements specified by PAdES 1. Regarding PAdES attributes, the present document explicitly differentiates between structural requirements that are defined on building blocks, and the requirements specified for PAdES baseline signatures conformance. The present document is intentionally not linked to
21、any software development technology and is also intentionally agnostic on implementation strategies. This is one of the reasons why the test assertions set specified in the present document includes tests on the correctness of the structure of all the elements specified by PAdES 1. 2 References 2.1
22、Normative references References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendmen
23、ts) applies. Referenced documents which are not found to be publicly available in the expected location might be found at http:/docbox.etsi.org/Reference. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The fol
24、lowing referenced documents are necessary for the application of the present document. 1 ETSI EN 319 142-1: “Electronic Signatures and Infrastructures (ESI); PAdES digital signatures; Part 1: Building blocks and PAdES baseline signatures“. 2 ETSI EN 319 142-2: “Electronic Signatures and Infrastructu
25、res (ESI); PAdES digital signatures; Part 2: Additional PAdES signatures profiles“. 2.2 Informative references References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-
26、specific references, the latest version of the referenced document (including any amendments) applies. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are not necessary for th
27、e application of the present document but they assist the user with regard to a particular subject area. i.1 ETSI TR 119 144-1: “Electronic Signatures and Infrastructures (ESI); PAdES digital signatures - Testing Conformance and Interoperability; Part 1: Overview“. i.2 ETSI TR 119 001: “Electronic S
28、ignatures and Infrastructures (ESI); The framework for standardization of signatures; Definitions and abbreviations“. ETSI ETSI TS 119 144-4 V1.1.1 (2016-06)6 i.3 OASIS Committee Notes: “Test Assertions Guidelines Version 1.0“ Committee Note 02, 19 June 2013. 3 Definitions and abbreviations 3.1 Defi
29、nitions For the purposes of the present document, the terms and definitions given in ETSI TR 119 001 i.2 apply. 3.3 Abbreviations For the purposes of the present document, the abbreviations given in ETSI TR 119 001 i.2 apply. 4 Overview The present clause describes the main aspects of the technical
30、approach used for specifying the whole set of checks to be performed for testing conformance to ETSI EN 319 142-1 1. ETSI EN 319 142-1 1 defines requirements for building blocks and PAdES baseline signatures. For the purpose of identifying the whole set of test assertions required for testing confor
31、mance against PAdES baseline signatures as specified in ETSI EN 319 142-1 1, the present document classifies the whole set of requirements specified in ETSI EN 319 142-1 1 in two groups as follows: 1) Requirements “PAdES_BS“ (after “PAdES baseline signatures“): requirements defined in clauses 5 and
32、6 of ETSI EN 319 142-1 1. These are requirements specific to PAdES baseline signatures. 2) Requirements “PAdES_BB“ (after “PAdES building blocks“): requirements defined in clauses 4 and 5 of ETSI EN 319 142-1 1 and clauses 4 and 5 of ETSI EN 319 142-2 2 to be satisfied by both PAdES baseline signatu
33、res as specified in ETSI EN 319 142-1 1 and additional PAdES signatures as specified in ETSI EN 319 142-2 2. a) In order to test conformance against the aforementioned specification, several types of tests are identified, namely: 1) Tests on the signature structure. 2) Tests on values of specific el
34、ements and/or attributes. 3) Tests on interrelationship between different elements present in the signature. 4) Tests on computations reflected in the contents of the signatures (message imprints for a time-stamping service, computed by digesting the concatenation of a number of elements of the sign
35、ature, for instance). b) No tests is included testing actual validity of the cryptographic material that might be present at the signature or to be used for its verification (status of certificates for instance). c) Tests are defined as test assertions following the work produced by OASIS in “Test A
36、ssertions Guidelines Version 1.0“ i.3. Each test assertion includes: 1) Unique identifier for further referencing. The identifiers of the assertions start with “PAdES_BS“, after “PAdES baseline signatures“ and with “PAdES_BB“, after “PAdES building blocks“. 2) Reference to the Normative source for t
37、he test. 3) The Target of the assertion. In the normative part, this field identifies one of the four PAdES baseline signatures 1 Conformance Levels. ETSI ETSI TS 119 144-4 V1.1.1 (2016-06)7 4) Prerequisite (optional) is, according to i.3, “a logical expression (similar to a Predicate) which further
38、 qualifies the Target for undergoing the core test (expressed by the Predicate) that addresses the Normative Statement“. It is used for building test assertions corresponding to requirements that are imposed under certain conditions. 5) Predicate fully and unambiguously defining the assertion to be
39、tested. 6) Prescription level. Three levels are defined: mandatory, recommended and permitted, whose semantics is to be interpreted as described in clause 3.1.2 of i.3. 7) Tag: information on the element tested by the assertion. 5 Testing conformance to PAdES-B-B signatures 5.1 Introduction The pres
40、ent clause specifies the whole set of assertions to be tested on applications claiming conformance to PAdES-B-B signatures as specified in ETSI EN 319 142-1 1. Clause 5.2 specifies assertions for testing those constraints imposed by the PAdES building blocks and baseline signatures specification 1 t
41、o the signature dictionary elements. Clause 5.3 specifies assertions for testing those constraints imposed by the PAdES building blocks and baseline signatures specification 1 to the CMS signature included in the signature dictionary entry with the key Contents. 5.2 Testing signature dictionary elem
42、ents This clause defines the test assertions for signature dictionary elements requirements. TA id: PAdES_BS/SDM/1 Normative source: 1 Clause 6.3 Target: PAdES signature generator claiming conformance to PAdES signatures as specified in 1 Predicate: For new signatures, applications include the claim
43、ed time of signing in the signature dictionary entry with the key M. Prescription level: mandatory Tag: PAdES baseline signatures. TA id: PAdES_BB/SDL/1 Normative source: 1 Clause 6.3 Target: PAdES signature generator claiming conformance to PAdES signatures as specified in 1 or in 2 Predicate: For
44、new signatures, applications include the CPU host name or physical location of the signing in the signature dictionary entry with the key Location. Prescription level: permitted Tag: PAdES baseline and additional signatures. TA id: PAdES_BB/SDR/1 Normative source: 1 Clause 6.3 Target: PAdES signatur
45、e generator claiming conformance to PAdES signatures as specified in 1 or in 2 Predicate: For new signatures, applications do not include the reason for the signing in the signature dictionary entry with the key Reason if the signature-policy-identifier attribute is present in the CMS signature. Pre
46、scription level: mandatory Tag: PAdES baseline and additional signatures. TA id: PAdES_BB/SDR/2 Normative source: 1 Clause 6.3 Target: PAdES signature generator claiming conformance to PAdES signatures as specified in 1 or in 2 Predicate: For new signatures, applications do not include the reason fo
47、r the signing in the signature dictionary entry with the key Reason if the commitment-type-indication attribute is present in the CMS signature. Prescription level: mandatory Tag: PAdES baseline and additional signatures. ETSI ETSI TS 119 144-4 V1.1.1 (2016-06)8 TA id: PAdES_BB/SDC/1 Normative sourc
48、e: 1 Clause 4.1 Target: PAdES signature generator claiming conformance to PAdES signatures as specified in 1 or in 2 Predicate: For new signatures, applications include the CMS signature in the signature dictionary entry with the key Contents. Prescription level: mandatory Tag: PAdES baseline and ad
49、ditional signatures. TA id: PAdES_BB/SDCERT/1 Normative source: 1 Clause 6.3 Target: PAdES signature generator claiming conformance to PAdES signatures as specified in 1 or in 2 Predicate: For new signatures, applications do not set the signature dictionary entry with the key Cert. Prescription level: mandatory Tag: PAdES baseline and additional signatures. TA id: PAdES_BB/SDSF/1 Normative source: 1 Clause 6.3 Target: PAdES signature generator claiming conformance to PAdES
