1、 ETSI TS 119 144-5 V1.1.1 (2016-06) Electronic Signatures and Infrastructures (ESI); PAdES digital signatures - Testing Conformance and Interoperability; Part 5: Testing Conformance of additional PAdES signatures TECHNICAL SPECIFICATION ETSI ETSI TS 119 144-5 V1.1.1 (2016-06)2 Reference DTS/ESI-0019
2、144-5 Keywords conformance, e-commerce, electronic signature, PAdES, profile, security, testing ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prf
3、ecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not b
4、e modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretar
5、iat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, ple
6、ase send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written per
7、mission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2016. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand
8、the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TS 11
9、9 144-5 V1.1.1 (2016-06)3 Contents Intellectual Property Rights 4g3Foreword . 4g3Modal verbs terminology 4g31 Scope 5g32 References 5g32.1 Normative references . 5g32.2 Informative references 6g33 Definitions and abbreviations . 6g33.1 Definitions 6g33.2 Abbreviations . 6g34 Overview 6g35 Testing co
10、nformance to CMS signatures in PDF profile . 7g35.1 Introduction 7g35.2 Testing signature dictionary elements 8g35.3 Testing PKCS #7 signature elements . 8g36 Testing conformance to PAdES-E-BES and PAdES-E-EPES additional signatures . 9g36.1 Introduction 9g36.2 Testing PAdES-E-BES signature dictiona
11、ry and CMS signature elements . 9 g36.2.1 Testing signature dictionary elements. 9g36.2.2 Testing CMS signature elements 10g36.3 Testing PAdES-E-EPES signature dictionary and CMS signature elements . 11g36.3.1 Testing signature dictionary elements. 11g36.3.2 Testing CMS signature elements 11g37 Test
12、ing conformance to PAdES-E-LTV additional signatures 11g37.1 General requirements . 11g37.2 Testing DSS dictionary 12g37.3 Testing DTS dictionary 12g38 Testing conformance to profiles for XAdES signatures signing XML content in PDF specification 12g3History 13g3ETSI ETSI TS 119 144-5 V1.1.1 (2016-06
13、)4 Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Prope
14、rty Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR sear
15、ches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Specification (TS) has been produc
16、ed by ETSI Technical Committee Electronic Signatures and Infrastructures (ESI). The present document is part 5 of a multi-part deliverable covering PAdES digital signatures - Testing Conformance and Interoperability. Full details of the entire series can be found in part 1 i.1. A tool implementing t
17、he present document has been developed and is accessible at http:/signatures-conformance-checker.etsi.org/. Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in cl
18、ause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. ETSI ETSI TS 119 144-5 V1.1.1 (2016-06)5 1 Scope The present document defines the set of checks to be performed for tes
19、ting conformance of PAdES signatures against additional PAdES signatures profiles as specified in ETSI EN 319 142-2 3. It defines only the checks that are specific to additional PAdES signatures. The set of checks that are common to both additional and baseline PAdES signatures, are defined in ETSI
20、TS 119 144-4 6. The complete set of checks to be performed by any tool on additional PAdES signatures is the union of the sets defined within the present document and the set of common checks for testing conformance against ETSI EN 319 142-1 1 and ETSI EN 319 142-2 3 defined in ETSI TS 119 144-4 6,
21、as indicated in the normative clauses of the present document. The present document does not specify checks leading to conclude whether a signature is technically valid or not (for instance, it does not specify checks for determining whether the cryptographic material present in the signature may be
22、 considered valid or not). In consequence, no conclusion may be inferred regarding the technical validity of a signature that has been successfully tested by any tool conformant to the present document. Checks specified by the present document are exclusively constrained to elements specified by PAd
23、ES 1. Regarding PAdES attributes, the present document explicitly differentiates between structural requirements that are defined on building blocks, and the requirements specified for additional PAdES signatures conformance. The present document is intentionally not linked to any software developme
24、nt technology and is also intentionally agnostic on implementation strategies. This is one of the reasons why the test assertions set specified in the present document includes tests on the correctness of the structure of all the elements specified by PAdES 1. 2 References 2.1 Normative references R
25、eferences are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. Reference
26、d documents which are not found to be publicly available in the expected location might be found at http:/docbox.etsi.org/Reference. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced docu
27、ments are necessary for the application of the present document. 1 ETSI EN 319 142-1: “Electronic Signatures and Infrastructures (ESI); PAdES digital signatures; Part 1: Building blocks and PAdES baseline signatures“. 2 ETSI EN 319 122-1: “Electronic Signatures and Infrastructures (ESI); CAdES digit
28、al signatures; Part 1: Building blocks and CAdES baseline signatures“. 3 ETSI EN 319 142-2: “Electronic Signatures and Infrastructures (ESI); PAdES digital signatures; Part 2: Additional PAdES signatures profiles“. 4 ETSI TS 119 134-4: “Electronic Signatures and Infrastructures (ESI); XAdES digital
29、signatures - Testing Conformance and Interoperability; Part 4: Testing Conformance of XAdES baseline signatures“. 5 IETF RFC 2315: “PKCS #7: Cryptographic Message Syntax Version 1.5“. 6 ETSI TS 119 144-4: “Electronic Signatures and Infrastructures (ESI); PAdES digital signatures - Testing Conformanc
30、e and Interoperability; Part 4: Testing Conformance against building blocks and PAdES baseline signatures“. ETSI ETSI TS 119 144-5 V1.1.1 (2016-06)6 2.2 Informative references References are either specific (identified by date of publication and/or edition number or version number) or non-specific.
31、For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term vali
32、dity. The following referenced documents are not necessary for the application of the present document but they assist the user with regard to a particular subject area. i.1 ETSI TR 119 144-1: “Electronic Signatures and Infrastructures (ESI); PAdES digital signatures - Testing Conformance and Intero
33、perability; Part 1: Overview“. i.2 OASIS Committee Notes: “Test Assertions Guidelines Version 1.0“ Committee Note 02, 19 June 2013. i.3 ETSI TR 119 001: “Electronic Signatures and Infrastructures (ESI); The framework for standardization of signatures; Definitions and abbreviations“. 3 Definitions an
34、d abbreviations 3.1 Definitions For the purposes of the present document, the terms and definitions given in ETSI TR 119 001 i.3 apply. 3.2 Abbreviations For the purposes of the present document, the abbreviations given in ETSI TR 119 001 i.3 apply. 4 Overview The present clause describes the main a
35、spects of the technical approach used for specifying the set of checks to be performed for testing conformance to ETSI EN 319 142-2 3. ETSI EN 319 142-1 1 defines requirements for building blocks and PAdES baseline signatures. For the purpose of identifying the whole set of test assertions required
36、for testing conformance against additional PAdES signatures as specified in ETSI EN 319 142-2 3, the present document classifies the whole set of requirements specified in ETSI EN 319 142-1 1 and in ETSI EN 319 142-2 3 in two groups as follows: 1) Requirements “PAdES_BB“ (after “PAdES building block
37、s“): requirements defined in clause 4, clause 5, clause 6 of ETSI EN 319 142-1 1 to be satisfied by both PAdES baseline signatures as specified in ETSI EN 319 142-1 1 and additional PAdES signatures as specified in ETSI EN 319 142-2 3. The checks for these requirements are defined in ETSI TS 119 144
38、-4 6. When needed in the present document, such checks are referred by their TA_id. 2) Requirements “PAdES_AS“ (after “Additional PAdES signatures“): requirements defined in clauses 4, 5 and 6 of ETSI EN 319 142-2 3. These are requirements specific to Extended CAdES signatures. a) In order to test c
39、onformance to ETSI EN 319 142-2 3, several types of tests are identified, namely: 1) Tests on the signature structure. 2) Tests on values of specific elements and/or attributes. 3) Tests on interrelationship between different elements present in the signature. ETSI ETSI TS 119 144-5 V1.1.1 (2016-06)
40、7 4) Tests on computations reflected in the contents of the signatures (message imprints for a time-stamping service, computed by digesting the concatenation of a number of elements of the signature, for instance). b) No tests are included testing actual validity of the cryptographic material that m
41、ight be present at the signature or to be used for its verification (status of certificates for instance). c) Tests are defined as test assertions following the work produced by OASIS in “Test Assertions Guidelines Version 1.0“ i.2. Each test assertion includes: 1) Unique identifier for further refe
42、rencing. The identifiers start with “PAdES_AS“, after “Additional PAdES signature“. 2) Reference to the Normative source for the test. 3) The Target of the assertion. In the normative part, this field identifies one of the format specified in Additional PAdES signatures specification 3. 4) Prerequis
43、ite (optional) is, according to i.2, “a logical expression (similar to a Predicate) which further qualifies the Target for undergoing the core test (expressed by the Predicate) that addresses the Normative Statement“. It is used for building test assertions corresponding to requirements that are imp
44、osed under certain conditions. 5) Predicate fully and unambiguously defining the assertion to be tested. 6) Prescription level. Three levels are defined: mandatory, recommended and optional, whose semantics is to be interpreted as described in clause 3.1.2 of i.2. 7) Tag: information on the element
45、tested by the assertion. The presentation of the checks is organized following the formats of Additional PAdES signatures specified in ETSI EN 319 142-2 3. The following signature formats is considered: CMS Signatures in PDF. PAdES-E-BES. PAdES-E-EPES. PAdES-E-LTV. XAdES Signatures signing XML conte
46、nt in PDF. 5 Testing conformance to CMS signatures in PDF profile 5.1 Introduction The present clause specifies the set of assertions to be tested on signatures claiming conformance to the CMS signatures in PDF profile as specified by clause 4 of ETSI EN 319 142-2 3. The next clauses specify the ass
47、ertions for testing the elements that are profiled by clause 4 of ETSI EN 319 142-2 3. The constraints imposed by clause 4 of ETSI EN 319 142-2 3 and PKCS #7 syntax 5 to the signature elements are tested. Clause 5.2 specifies the assertions for testing the elements that are profiled by clause 4 of E
48、TSI EN 319 142-2 3. Clause 5.3 specifies the assertions for testing the properties that are specified by the PKCS #7 syntax 5. ETSI ETSI TS 119 144-5 V1.1.1 (2016-06)8 5.2 Testing signature dictionary elements This clause defines the test assertion for signature dictionary elements requirements. PAd
49、ES_BB/SDC/1 check as specified in ETSI TS 119 144-4 6 shall apply. TA id: PAdES_AS/SDC/1 Normative source: 3 Clause 4.2.1 Target: PAdES signature generator claiming conformance to PAdES signatures as specified in 3 Prerequisites: PAdES_BB/DSC/1 Predicate: For new signatures, applications encode the signature, included in the signature dictionary entry with the key Contents, as a DER-encoded PKCS#7 binary data object. Prescription level: mandatory Tag: Additional PAdES signatur
