SIST-TS ETSI/TS 101 733 V1.2.1:2005

SLOVENSKI STANDARD
SIST-TS ETSI/TS 101 733 V1.2.1:2005
01-maj-2005
Formati elektronskega podpisa
Electronic signature formats
Ta slovenski standard je istoveten z: TS 101 733 Version 1.2.2
ICS:
35.040 Nabori znakov in kodiranje Character sets and
informacij information coding
SIST-TS ETSI/TS 101 733 V1.2.1:2005 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------

SIST-TS ETSI/TS 101 733 V1.2.1:2005

---------------------- Page: 2 ----------------------

SIST-TS ETSI/TS 101 733 V1.2.1:2005
ETSI TS 101 733 V1.2.2 (2000-12)
Technical Specification
Electronic signature formats

---------------------- Page: 3 ----------------------

SIST-TS ETSI/TS 101 733 V1.2.1:2005
2 ETSI TS 101 733 V1.2.2 (2000-12)
Reference
DTS/SEC-004001
Keywords
IP, electronic signature, security
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE
Tel.: +33492 94 4200 Fax: +33493 65 4716
Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88
Important notice
Individual copies of the present document can be downloaded from:
http://www.etsi.org
The present document may be made available in more than one electronic version or in print. In any case of existing or
perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF).
In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive
within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at http://www.etsi.org/tb/status/
If you find errors in the present document, send your comment to:
editor@etsi.fr
Copyright Notification
No part may be reproduced except as authorized by written permission.
The copyright and the foregoing restriction extend to reproduction in all media.
© European Telecommunications Standards Institute 2000.
All rights reserved.
ETSI

---------------------- Page: 4 ----------------------

SIST-TS ETSI/TS 101 733 V1.2.1:2005
3 ETSI TS 101 733 V1.2.2 (2000-12)
Contents
Intellectual Property Rights .7
Foreword.7
Introduction.7
1 Scope.8
2 References.9
3 Definitions and abbreviations.10
3.1 Definitions . 10
3.2 Abbreviations. 11
4 Overview.11
4.1 Major Parties. 11
4.2 Electronic Signatures and Validation Data . 12
4.3 Forms of Validation Data . 13
4.4 Extended Forms of Validation Data . 14
4.5 Archive Validation Data. 16
4.6 Arbitration . 17
4.7 Validation Process. 17
4.8 Example Validation Sequence . 18
4.9 Additional optional features of an ES. 21
5 General Description.21
5.1 The Signature Policy . 21
5.2 Signed Information. 22
5.3 Components of an Electronic Signature. 22
5.3.1 Reference to the Signature Policy. 22
5.3.2 Commitment Type Indication. 23
5.3.3 Certificate Identifier from the Signer . 23
5.3.4 Role Attributes. 24
5.3.4.1 Claimed Role. 24
5.3.4.2 Certified Role. 24
5.3.5 Signer Location. 24
5.3.6 Signing Time . 24
5.3.7 Content Format. 25
5.4 Components of Validation Data. 25
5.4.1 Revocation Status Information . 25
5.4.2 CRL Information. 25
5.4.3 OCSP Information . 26
5.4.4 Certification Path . 26
5.4.5 Timestamping for Long Life of Signature. 26
5.4.6 Timestamping for Long Life of Signature before CA Key Compromises. 27
5.4.6.1 Timestamping the ES with Complete Validation Data . 27
5.4.6.2 Timestamping Certificates and Revocation Information References. 28
5.4.7 Timestamping for Long Life of Signature. 28
5.4.8 Reference to Additional Data . 29
5.4.9 Timestamping for Mutual Recognition . 29
5.4.10 TSA Key Compromise. 29
5.5 Multiple Signatures . 30
6 Signature Policy and Signature Validation Policy.30
6.1 Identification of Signature Policy. 31
6.2 General Signature Policy Information . 32
6.3 Recognized Commitment Types . 32
6.4 Rules for Use of Certification Authorities . 32
6.4.1 Trust Points . 33
6.4.2 Certification Path . 33
ETSI

---------------------- Page: 5 ----------------------

SIST-TS ETSI/TS 101 733 V1.2.1:2005
4 ETSI TS 101 733 V1.2.2 (2000-12)
6.5 Revocation Rules . 33
6.6 Rules for the Use of Roles . 34
6.6.1 Attribute Values. 34
6.6.2 Trust Points for Certified Attributes. 34
6.6.3 Certification Path for Certified Attributes . 34
6.7 Rules for the Use of Timestamping and Timing . 34
6.7.1 Trust Points and Certificate Paths. 34
6.7.2 Timestamping Authority Names. 34
6.7.3 Timing Constraints - Caution Period. 35
6.7.4 Timing Constraints - Timestamp Delay . 35
6.8 Rules for Verification Data to be followed . 35
6.9 Rules for Algorithm Constraints and Key Lengths. 35
6.10 Other Signature Policy Rules . 35
6.11 Signature Policy Protection. 35
7 Identifiers and roles .36
7.1 Signer Name Forms. 36
7.2 TSP Name Forms . 36
7.3 Roles and Signer Attributes . 36
8 Data structure of an Electronic Signature .37
8.1 General Syntax. 37
8.2 Data Content Type . 37
8.3 Signed-data Content Type. 37
8.4 SignedData Type. 37
8.5 EncapsulatedContentInfo Type . 37
8.6 SignerInfo Type . 37
8.6.1 Message Digest Calculation Process. 38
8.6.2 Message Signature Generation Process. 38
8.6.3 Message Signature Verification Process . 38
8.7 CMS Imported Mandatory Present Attributes. 38
8.7.1 Content Type . 38
8.7.2 Message Digest. 38
8.7.3 Signing Time . 38
8.8 Alternative Signing Certificate Attributes . 38
8.8.1 ESS Signing Certificate Attribute Definition. 39
8.8.2 Other Signing Certificate Attribute Definition . 39
8.9 Additional Mandatory Attributes . 40
8.9.1 Signature policy Identifier. 40
8.10 CMS Imported Optional Attributes . 41
8.10.1 Countersignature. 41
8.11 ESS Imported Optional Attributes. 41
8.11.1 Signed Content Reference Attribute. 41
8.11.2 Content Identifier Attribute . 41
8.11.2 Content Hints Attribute. 42
8.12 Additional Optional Attributes. 42
8.12.1 Commitment Type Indication Attribute . 42
8.12.2 Signer Location. 43
8.12.3 Signer Attributes. 44
8.12.4 Content Timestamp. 44
8.13 Support for Multiple Signatures. 44
8.13.1 Independent Signatures . 44
8.13.2 Embedded Signatures. 44
9 Validation Data.45
9.1 Electronic Signature Timestamp . 45
9.1.1 Signature Timestamp Attribute Definition . 45
9.2 Complete Validation Data. 46
9.2.1 Complete Certificate Refs Attribute Definition . 46
9.2.2 Complete Revocation Refs Attribute Definition. 47
9.3 Extended Validation Data. 48
9.3.1 Certificate Values Attribute Definition . 48
9.3.2 Revocation Values Attribute Definition . 48
ETSI

---------------------- Page: 6 ----------------------

SIST-TS ETSI/TS 101 733 V1.2.1:2005
5 ETSI TS 101 733 V1.2.2 (2000-12)
9.3.3 ES-C Timestamp Attribute Definition. 49
9.3.4 Time-Stamped Certificates and CRLs Attribute Definition. 49
9.4 Archive Validation Data. 49
9.4.1 Archive Timestamp Attribute Definition. 50
10 Other standard data structures .50
10.1 Public-key Certificate Format. 50
10.2 Certificate Revocation List Format . 50
10.3 OCSP Response Format . 51
10.4 Timestamping Token Format. 51
10.5 Name and Attribute Formats. 51
10.6 Attribute Certificate. 51
11 Signature Policy Specification .51
11.1 Overall ASN.1 Structure. 51
11.2 Signature Validation Policy . 52
11.3 Common Rules. 52
11.4 Commitment Rules. 53
11.5 Signer and Verifier Rules . 53
11.5.1 Signer Rules . 53
11.5.2 Verifier Rules . 54
11.6 Certificate and Revocation Requirement . 55
11.6.1 Certificate Requirements. 55
11.6.2 Revocation Requirements. 56
11.7 Signing Certificate Trust Conditions. 56
11.8 TimeStamp Trust Conditions. 57
11.9 Attribute Trust Conditions. 57
11.10 Algorithm Constraints . 58
11.11 Signature Policy Extensions. 58
12 Data protocols to interoperate with TSPs.59
12.1 Operational Protocols . 59
12.1.1 Certificate Retrieval. 59
12.1.2 CRL Retrieval. 59
12.1.3 OnLine Certificate Status . 59
12.1.4 Timestamping. 59
12.2 Management Protocols . 59
12.2.1 Certificate Request. 59
12.2.2 Certificate Distribution to Signer. 60
12.2.3 Request for Certificate Revocation . 60
13 Security considerations .60
13.1 Protection of Private Key. 60
13.2 Choice of Algorithms . 60
14 Conformance Requirements.60
14.1 Signer . 60
14.2 Verifier using timestamping. 61
14.3 Verifier using secure records . 61
14.4 Signature Policy. 61
ETSI

---------------------- Page: 7 ----------------------

SIST-TS ETSI/TS 101 733 V1.2.1:2005
6 ETSI TS 101 733 V1.2.2 (2000-12)
Annex A (normative): ASN.1 Definitions.62
A.1 Signature Format Definitions Using X.208 (1988) ASN.1 Syntax .62
A.2 Signature Policies Definitions Using X.208 (1988) ASN.1 Syntax .67
A.3 Signature Format Definitions Using X.680 (1997) ASN.1 Syntax .70
A.4 Signature Policy Definitions Using X.680 (1997) ASN.1 Syntax.70
Annex B (informative): Example Structured Contents and MIME.80
B.1 General Description.80
B.2 Header Information.80
B.3 Content Encoding .81
B.4 Multi-Part Content.81
B.5 S/MIME .82
Annex C (informative): Relationship to the European Directive and EESSI .84
C.1 Introduction.84
C.2 Electronic Signatures and the Directive.84
C.3 ETSI Electronic Signature Formats and the Directive.84
C.4 EESSI Standards and Classes of Electronic Signature .85
C.4.1 Structure of EESSI standardization . 85
C.4.2 Classes of electronic signatures. 85
C.4.3 EESSI Classes and the ETSI Electronic Signature Format. 85
Annex D (informative): APIs for the Generation and Verification of Electronic Signatures
Tokens .86
D.1 Data Framing.86
D.2 IDUP-GSS-APIs defined by the IETF.87
D.3 CORBA Security interfaces defined by the OMG.87
Annex E (informative): Cryptographic Algorithms .89
E.1 Digest Algorithms.89
...