RFC 5126
CMS Advanced Electronic Signatures (CAdES)
7. Other Standard Data Structures
7.1. Public Key Certificate Format
The X.509 v3 certificate basis syntax is defined in ITU-T Recommendation X.509 [1]. A profile of the X.509 v3 certificate is defined in RFC 3280 [2].7.2. Certificate Revocation List Format
The X.509 v2 CRL syntax is defined in ITU-T Recommendation X.509 [1]. A profile of the X.509 v2 CRL is defined in RFC 3280 [2].7.3. OCSP Response Format
The format of an OCSP token is defined in RFC 2560 [3].7.4. Time-Stamp Token Format
The format of a TimeStampToken type is defined in RFC 3161 [7] and profiled in ETSI TS 101 861 [TS101861].7.5. Name and Attribute Formats
The syntax of the naming and other attributes is defined in ITU-T Recommendation X.509 [1]. NOTE: The name used by the signer, held as the subject in the signer's certificate, is allocated and verified on registration with the Certification Authority, either directly or indirectly through a Registration Authority, before being issued with a Certificate.
The present document places no restrictions on the form of the name. The subject's name may be a distinguished name, as defined in ITU-T Recommendation X.500 [12], held in the subject field of the certificate, or any other name form held in the subjectAltName certificate extension field, as defined in ITU-T Recommendation X.509 [1]. In the case that the subject has no distinguished name, the subject name can be an empty sequence and the subjectAltName extension shall be critical. All Certification Authorities, Attribute Authorities, and Time-Stamping Authorities shall use distinguished names in the subject field of their certificate. The distinguished name shall include identifiers for the organization providing the service and the legal jurisdiction (e.g., country) under which it operates. Where a signer signs as an individual, but wishes to also identify him/herself as acting on behalf of an organization, it may be necessary to provide two independent forms of identification. The first identity, which is directly associated with the signing key, identifies him/her as an individual. The second, which is managed independently, identifies that person acting as part of the organization, possibly with a given role. In this case, one of the two identities is carried in the subject/subjectAltName field of the signer's certificate as described above. The present document does not specify the format of the signer's attribute that may be included in public key certificates. NOTE: The signer's attribute may be supported by using a claimed role in the CMS signed attributes field or by placing an attribute certificate containing a certified role in the CMS signed attributes field; see Section 7.6.7.6. AttributeCertificate
The syntax of the AttributeCertificate type is defined in RFC 3281 [13].8. Conformance Requirements
For implementations supporting signature generation, the present document defines conformance requirements for the generation of two forms of basic electronic signature, one of the two forms must be implemented.
For implementations supporting signature verification, the present document defines conformance requirements for the verification of two forms of basic electronic signature, one of the two forms must be implemented. The present document only defines conformance requirements up to an ES with Complete validation data (CAdES-C). This means that none of the extended and archive forms of the electronic signature (CAdES-X, CAdES-A) need to be implemented to get conformance to the present document. On verification the inclusion of optional signed and unsigned attributes must be supported only to the extent that the signature is verifiable. The semantics of optional attributes may be unsupported, unless specified otherwise by a signature policy.8.1. CAdES-Basic Electronic Signature (CAdES-BES)
A system supporting CAdES-BES signers, according to the present document, shall, at a minimum, support generation of an electronic signature consisting of the following components: - The general CMS syntax and content type, as defined in RFC 3852 [4] (see Sections 5.1 and 5.2); - CMS SignedData, as defined in RFC 3852 [4], with the version set to 3 and at least one SignerInfo present (see Sections 5.3 to 5.6); - The following CMS attributes, as defined in RFC 3852 [4]: - content-type; this shall always be present (see Section 5.7.1); and - message-digest; this shall always be present (see Section 5.7.2). - One of the following attributes, as defined in the present document: - signing-certificate: as defined in Section 5.7.3.1; or - signing-certificate v2 : as defined in Section 5.7.3.2. NOTE: RFC 3126 was using the other signing-certificate attribute (see Section 5.7.3.3). Its use is now deprecated, since the structure of the signing-certificate v2 attribute is simpler than the other signing-certificate attribute.
8.2. CAdES-Explicit Policy-based Electronic Signature
A system supporting Policy-based signers, according to the present document, shall, at a minimum, support the generation of an electronic signature consisting of the previous components defined for the basic signer, plus: - The following attributes, as defined in Section 5.9: - signature-policy-identifier; this shall always be present (see Section 5.8.1).8.3. Verification Using Time-Stamping
A system supporting verifiers, according to the present document, with time-stamping facilities shall, at a minimum, support: - verification of the mandated components of an electronic signature, as defined in Section 8.1; - signature-time-stamp attribute, as defined in Section 6.1.1; - complete-certificate-references attribute, as defined in Section 6.2.1; - complete-revocation-references attribute, as defined in Section 6.2.2; - Public Key Certificates, as defined in ITU-T Recommendation X.509 [1] (see Section 8.1); and - either of: - Certificate Revocation Lists, as defined in ITU-T Recommendation X.509 [1] (see Section 8.2); or - Online Certificate Status Protocol, as defined in RFC 2560 [3] (see Section 8.3).8.4. Verification Using Secure Records
A system supporting verifiers, according to the present document, shall, at a minimum, support: - verification of the mandated components of an electronic signature, as defined in Section 8.1;
- complete-certificate-references attribute, as defined in Section
6.2.1;
- complete-revocation-references attribute, as defined in Section
6.2.2;
- a record of the electronic signature and the time when the
signature was first validated, using the referenced certificates
and revocation information, must be maintained, such that
records cannot be undetectably modified;
- Public Key Certificates, as defined in ITU-T Recommendation
X.509 [1] (see Section 8.1); and
- either of:
- Certificate Revocation Lists, as defined in ITU-T
Recommendation X.509 [1] (see Section 8.2); or
- online Certificate Status Protocol, as defined in RFC 2560
[3] (see Section 8.3).
9. References
9.1. Normative References
[1] ITU-T Recommendation X.509 (2000)/ISO/IEC 9594-8 (2001):
"Information technology - Open Systems Interconnection - The
Directory: Public key and Attribute Certificate framework".
[2] Housley, R., Polk, W., Ford, W., and D. Solo, "Internet X.509
Public Key Infrastructure Certificate and Certificate
Revocation List (CRL) Profile", RFC 3280, April 2002.
[3] Myers, M., Ankney, R., Malpani, A., Galperin, S., and C.
Adams, "X.509 Internet Public Key Infrastructure Online
Certificate Status Protocol - OCSP", RFC 2560, June 1999.
[4] Housley, R., "Cryptographic Message Syntax (CMS)", RFC 3852,
July 2004.
[5] Hoffman, P., Ed., "Enhanced Security Services for S/MIME", RFC
2634, June 1999.
[6] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
Extensions (MIME) Part One: Format of Internet Message
Bodies", RFC 2045, November 1996.
[7] Adams, C., Cain, P., Pinkas, D., and R. Zuccherato, "Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP)", RFC 3161, August 2001. [8] ITU-T Recommendation X.680 (1997): "Information technology - Abstract Syntax Notation One (ASN.1): Specification of basic notation". [9] ITU-T Recommendation X.501 (2000)/ISO/IEC 9594-1 (2001): "Information technology - Open Systems Interconnection - Directory models". [10] Housley, R., "Cryptographic Message Syntax (CMS) Algorithms", RFC 3370, August 2002. [11] ITU-T Recommendation F.1: "Operational provisions for the international public telegram service". [12] ITU-T Recommendation X.500: "Information technology - Open Systems Interconnection - The Directory: Overview of concepts, models and services". [13] Farrell, S. and R. Housley, "An Internet Attribute Certificate Profile for Authorization", RFC 3281, April 2002. [14] ITU-T Recommendation X.208 (1988): "Specification of Abstract Syntax Notation One (ASN.1)". [15] Schaad, J., "Enhanced Security Services (ESS) Update: Adding CertID Algorithm Agility", RFC 5035, August 2007. [16] ITU-T Recommendation X.690 (2002): "Information technology ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER)".9.2. Informative References
[EUDirective] Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a community framework for Electronic Signatures. [TS101733] ETSI Standard TS 101 733 V.1.7.3 (2005-06) Electronic Signature Formats. [TS101861] ETSI TS 101 861: "Time stamping profile".
[TS101903] ETSI TS 101 903: "XML Advanced Electronic Signatures (XAdES)". [TR102038] ETSI TR 102 038: "Electronic Signatures and Infrastructures (ESI); XML format for signature policies". [TR102272] ETSI TR 102 272 V1.1.1 (2003-12). "Electronic Signatures and Infrastructures (ESI); ASN.1 format for signature policies". [RFC2479] Adams, C., "Independent Data Unit Protection Generic Security Service Application Program Interface (IDUP- GSS-API)", RFC 2479, December 1998. [RFC2743] Linn, J., "Generic Security Service Application Program Interface Version 2, Update 1", RFC 2743, January 2000. [RFC3125] Ross, J., Pinkas, D., and N. Pope, "Electronic Signature Policies", RFC 3125, September 2001. [RFC3447] Jonsson, J. and B. Kaliski, "Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1", RFC 3447, February 2003. [RFC3494] Zeilenga, K., "Lightweight Directory Access Protocol version 2 (LDAPv2) to Historic Status", RFC 3494, March 2003. [RFC3851] Ramsdell, B., Ed., "Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Message Specification", RFC 3851, July 2004. [RFC4210] Adams, C., Farrell, S., Kause, T., and T. Mononen, "Internet X.509 Public Key Infrastructure Certificate Management Protocol (CMP)", RFC 4210, September 2005. [RFC4346] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.1", RFC 4346, April 2006. [RFC4523] Zeilenga, K., "Lightweight Directory Access Protocol (LDAP) Schema Definitions for X.509 Certificates", RFC 4523, June 2006.
[ISO7498-2] ISO 7498-2 (1989): "Information processing systems - Open Systems Interconnection - Basic Reference Model - Part 2: Security Architecture". [ISO9796-2] ISO/IEC 9796-2 (2002): "Information technology - Security techniques - Digital signature schemes giving message recovery - Part 2: Integer factorization based mechanisms". [ISO9796-4] ISO/IEC 9796-4 (1998): "Digital signature schemes giving message recovery - Part 4: Discrete logarithm based mechanisms". [ISO10118-1] ISO/IEC 10118-1 (2000): "Information technology - Security techniques - Hash-functions - Part 1: General". [ISO10118-2] ISO/IEC 10118-2 (2000): "Information technology - Security techniques - Hash-functions - Part 2: Hash-functions using an n-bit block cipher algorithm". [ISO10118-3] ISO/IEC 10118-3 (2004): "Information technology - Security techniques - Hash-functions - Part 3: Dedicated hash-functions". [ISO10118-4] ISO/IEC 10118-4 (1998): "Information technology - Security techniques - Hash-functions - Part 4: Hash- functions using modular arithmetic". [ISO10181-5] ISO/IEC 10181-5: Security Frameworks in Open Systems. Non-Repudiation Framework. April 1997. [ISO13888-1] ISO/IEC 13888-1 (2004): "IT security techniques - Non-repudiation - Part 1: General". [ISO14888-1] ISO/IEC 14888-1 (1998): "Information technology - Security techniques - Digital signatures with appendix - Part 1: General". [ISO14888-2] ISO/IEC 14888-2 (1999): "Information technology - Security techniques - Digital signatures with appendix - Part 2: Identity-based mechanisms". [ISO14888-3] ISO/IEC 14888-3 (1998): "Information technology - Security techniques - Digital signatures with appendix - Part 3: Certificate-based mechanisms".
[ISO15946-2] ISO/IEC 15946-2 (2002): "Information technology - Security techniques - Cryptographic techniques based on elliptic curves - Part 2: Digital signatures". [CWA14171] CWA 14171 CEN Workshop Agreement: "General Guidelines for Electronic Signature Verification". [XMLDSIG] XMLDSIG: W3C/IETF Recommendation (February 2002): "XML-Signature Syntax and Processing". [X9.30-1] ANSI X9.30-1 (1997): "Public Key Cryptography for the Financial Services Industry - Part 1: The Digital Signature Algorithm (DSA)". [X9.30-2] ANSI X9.30-2 (1997): "Public Key Cryptography for the Financial Services Industry - Part 2: The Secure Hash Algorithm (SHA-1)". [X9.31-1] ANSI X9.31-1 (1997): "Public Key Cryptography Using Reversible Algorithms for the Financial Services Industry - Part 1: The RSA Signature Algorithm". [X9.31-2] ANSI X9.31-2 (1996): "Public Key Cryptography Using Reversible Algorithms for the Financial Services Industry - Part 2: Hash Algorithms". [X9.62] ANSI X9.62 (1998): "Public Key Cryptography for the Financial Services Industry - The Elliptic Curve Digital Signature Algorithm (ECDSA)". [P1363] IEEE P1363 (2000): "Standard Specifications for Public-Key Cryptography". ETSI technical specifications can be downloaded free of charge via the Services and Products Download Area at: http://www.etsi.org/WebSite/Standards/StandardsDownload.aspx
Annex A (Normative): ASN.1 Definitions
This annex provides a summary of all the ASN.1 syntax definitions for new syntax defined in the present document.A.1. Signature Format Definitions Using X.208 ASN.1 Syntax
NOTE: The ASN.1 module defined in Annex A.1 using syntax defined in ITU-T Recommendation X.208 [14] has precedence over that defined in Annex A.2 in the case of any conflict. ETS-ElectronicSignatureFormats-ExplicitSyntax88 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-mod(0) eSignature-explicit88(28)} DEFINITIONS EXPLICIT TAGS ::= BEGIN -- EXPORTS All IMPORTS -- Cryptographic Message Syntax (CMS): RFC 3852 ContentInfo, ContentType, id-data, id-signedData, SignedData, EncapsulatedContentInfo, SignerInfo, id-contentType, id-messageDigest, MessageDigest, id-signingTime, SigningTime, id-countersignature, Countersignature FROM CryptographicMessageSyntax2004 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) cms-2004(24) } -- ESS Defined attributes: ESS Update -- RFC 5035 (Adding CertID Algorithm Agility) id-aa-signingCertificate, SigningCertificate, IssuerSerial, id-aa-contentReference, ContentReference, id-aa-contentIdentifier, ContentIdentifier, id-aa-signingCertificateV2 FROM ExtendedSecurityServices-2006 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-ess-2006(30) } -- Internet X.509 Public Key Infrastructure - Certificate and CRL -- Profile: RFC 3280 Certificate, AlgorithmIdentifier, CertificateList, Name, DirectoryString, Attribute, BMPString, UTF8String
FROM PKIX1Explicit88
{iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-explicit(18)}
GeneralNames, GeneralName, PolicyInformation
FROM PKIX1Implicit88
{iso(1) identified-organization(3) dod(6) internet(1) security(5)
mechanisms(5) pkix(7) id-mod(0) id-pkix1-implicit (19)}
-- Internet Attribute Certificate Profile for Authorization - RFC 3281
AttributeCertificate
FROM PKIXAttributeCertificate {iso(1) identified-organization(3)
dod(6) internet(1) security(5) mechanisms(5) pkix(7)
id-mod(0) id-mod-attribute-cert(12)}
-- OCSP - RFC 2560
BasicOCSPResponse, ResponderID
FROM OCSP {iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-ocsp(14)}
-- Time Stamp Protocol RFC 3161
TimeStampToken
FROM PKIXTSP
{iso(1) identified-organization(3) dod(6) internet(1) security(5)
mechanisms(5) pkix(7) id-mod(0) id-mod-tsp(13)}
;
-- Definitions of Object Identifier arcs used in the present document
-- ==================================================================
-- OID used referencing electronic signature mechanisms based on
-- the present document for use with the Independent Data Unit
-- Protection (IDUP) API (see Annex D)
id-etsi-es-IDUP-Mechanism-v1 OBJECT IDENTIFIER ::=
{ itu-t(0) identified-organization(4) etsi(0)
electronic-signature-standard (1733) part1 (1) idupMechanism (4)
etsiESv1(1) }
-- Basic ES CMS Attributes Defined in the present document
-- =======================================================
-- OtherSigningCertificate - deprecated
id-aa-ets-otherSigCert OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
smime(16) id-aa(2) 19 }
OtherSigningCertificate ::= SEQUENCE {
certs SEQUENCE OF OtherCertID,
policies SEQUENCE OF PolicyInformation OPTIONAL
-- NOT USED IN THE PRESENT DOCUMENT
}
OtherCertID ::= SEQUENCE {
otherCertHash OtherHash,
issuerSerial IssuerSerial OPTIONAL }
OtherHash ::= CHOICE {
sha1Hash OtherHashValue,
-- This contains a SHA-1 hash
otherHash OtherHashAlgAndValue}
-- Policy ES Attributes Defined in the present document
-- ====================================================
-- Mandatory Basic Electronic Signature Attributes as above,
-- plus in addition.
-- Signature-policy-identifier attribute
id-aa-ets-sigPolicyId OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
smime(16) id-aa(2) 15 }
SignaturePolicy ::= CHOICE {
signaturePolicyId SignaturePolicyId,
signaturePolicyImplied SignaturePolicyImplied
-- not used in this version
}
SignaturePolicyId ::= SEQUENCE {
sigPolicyId SigPolicyId,
sigPolicyHash SigPolicyHash,
sigPolicyQualifiers SEQUENCE SIZE (1..MAX) OF
SigPolicyQualifierInfo OPTIONAL
}
SignaturePolicyImplied ::= NULL
SigPolicyId ::= OBJECT IDENTIFIER
SigPolicyHash ::= OtherHashAlgAndValue
OtherHashAlgAndValue ::= SEQUENCE {
hashAlgorithm AlgorithmIdentifier,
hashValue OtherHashValue }
OtherHashValue ::= OCTET STRING
SigPolicyQualifierInfo ::= SEQUENCE {
sigPolicyQualifierId SigPolicyQualifierId,
sigQualifier ANY DEFINED BY sigPolicyQualifierId }
SigPolicyQualifierId ::= OBJECT IDENTIFIER
id-spq-ets-uri OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
smime(16) id-spq(5) 1 }
SPuri ::= IA5String
id-spq-ets-unotice OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
smime(16) id-spq(5) 2 }
SPUserNotice ::= SEQUENCE {
noticeRef NoticeReference OPTIONAL,
explicitText DisplayText OPTIONAL}
NoticeReference ::= SEQUENCE {
organization DisplayText,
noticeNumbers SEQUENCE OF INTEGER }
DisplayText ::= CHOICE {
visibleString VisibleString (SIZE (1..200)),
bmpString BMPString (SIZE (1..200)),
utf8String UTF8String (SIZE (1..200)) }
-- Optional Electronic Signature Attributes
-- Commitment-type attribute
id-aa-ets-commitmentType OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 16}
CommitmentTypeIndication ::= SEQUENCE {
commitmentTypeId CommitmentTypeIdentifier,
commitmentTypeQualifier SEQUENCE SIZE (1..MAX) OF
CommitmentTypeQualifier OPTIONAL}
CommitmentTypeIdentifier ::= OBJECT IDENTIFIER
CommitmentTypeQualifier ::= SEQUENCE {
commitmentTypeIdentifier CommitmentTypeIdentifier,
qualifier ANY DEFINED BY commitmentTypeIdentifier }
id-cti-ets-proofOfOrigin OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) cti(6) 1}
id-cti-ets-proofOfReceipt OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) cti(6) 2}
id-cti-ets-proofOfDelivery OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) cti(6) 3}
id-cti-ets-proofOfSender OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) cti(6) 4}
id-cti-ets-proofOfApproval OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) cti(6) 5}
id-cti-ets-proofOfCreation OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) cti(6) 6}
-- Signer-location attribute
id-aa-ets-signerLocation OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 17}
SignerLocation ::= SEQUENCE {
-- at least one of the following shall be present
countryName [0] DirectoryString OPTIONAL,
-- As used to name a Country in X.500
localityName [1] DirectoryString OPTIONAL,
-- As used to name a locality in X.500
postalAdddress [2] PostalAddress OPTIONAL }
PostalAddress ::= SEQUENCE SIZE(1..6) OF DirectoryString
-- Signer-attributes attribute
id-aa-ets-signerAttr OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 18}
SignerAttribute ::= SEQUENCE OF CHOICE {
claimedAttributes [0] ClaimedAttributes,
certifiedAttributes [1] CertifiedAttributes }
ClaimedAttributes ::= SEQUENCE OF Attribute
CertifiedAttributes ::= AttributeCertificate
-- as defined in RFC 3281: see Section 4.1
-- Content-time-stamp attribute
id-aa-ets-contentTimestamp OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) id-aa(2) 20}
ContentTimestamp ::= TimeStampToken
-- Signature-time-stamp attribute
id-aa-signatureTimeStampToken OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) id-aa(2) 14}
SignatureTimeStampToken ::= TimeStampToken
-- Complete-certificate-references attribute
id-aa-ets-certificateRefs OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 21}
CompleteCertificateRefs ::= SEQUENCE OF OtherCertID
-- Complete-revocation-references attribute
id-aa-ets-revocationRefs OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 22}
CompleteRevocationRefs ::= SEQUENCE OF CrlOcspRef
CrlOcspRef ::= SEQUENCE {
crlids [0] CRLListID OPTIONAL,
ocspids [1] OcspListID OPTIONAL,
otherRev [2] OtherRevRefs OPTIONAL
}
CRLListID ::= SEQUENCE {
crls SEQUENCE OF CrlValidatedID}
CrlValidatedID ::= SEQUENCE {
crlHash OtherHash,
crlIdentifier CrlIdentifier OPTIONAL}
CrlIdentifier ::= SEQUENCE {
crlissuer Name,
crlIssuedTime UTCTime,
crlNumber INTEGER OPTIONAL }
OcspListID ::= SEQUENCE {
ocspResponses SEQUENCE OF OcspResponsesID}
OcspResponsesID ::= SEQUENCE {
ocspIdentifier OcspIdentifier,
ocspRepHash OtherHash OPTIONAL
}
OcspIdentifier ::= SEQUENCE {
ocspResponderID ResponderID,
-- As in OCSP response data
producedAt GeneralizedTime
-- As in OCSP response data
}
OtherRevRefs ::= SEQUENCE {
otherRevRefType OtherRevRefType,
otherRevRefs ANY DEFINED BY otherRevRefType
}
OtherRevRefType ::= OBJECT IDENTIFIER
-- Certificate-values attribute
id-aa-ets-certValues OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 23}
CertificateValues ::= SEQUENCE OF Certificate
-- Certificate-revocation-values attribute
id-aa-ets-revocationValues OBJECT IDENTIFIER ::= { iso(1)
member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) id-aa(2) 24}
RevocationValues ::= SEQUENCE {
crlVals [0] SEQUENCE OF CertificateList OPTIONAL,
ocspVals [1] SEQUENCE OF BasicOCSPResponse OPTIONAL,
otherRevVals [2] OtherRevVals OPTIONAL}
OtherRevVals ::= SEQUENCE {
otherRevValType OtherRevValType,
otherRevVals ANY DEFINED BY otherRevValType
}
OtherRevValType ::= OBJECT IDENTIFIER
-- CAdES-C time-stamp attribute
id-aa-ets-escTimeStamp OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 25}
ESCTimeStampToken ::= TimeStampToken
-- Time-Stamped Certificates and CRLs
id-aa-ets-certCRLTimestamp OBJECT IDENTIFIER ::= { iso(1)
member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) id-aa(2) 26}
TimestampedCertsCRLs ::= TimeStampToken
-- Archive time-stamp attribute
id-aa-ets-archiveTimestampV2 OBJECT IDENTIFIER ::= { iso(1)
member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) id-aa(2) 48}
ArchiveTimeStampToken ::= TimeStampToken
-- Attribute-certificate-references attribute
id-aa-ets-attrCertificateRefs OBJECT IDENTIFIER ::= { iso(1)
member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) id-aa(2) 44}
AttributeCertificateRefs ::= SEQUENCE OF OtherCertID
-- Attribute-revocation-references attribute
id-aa-ets-attrRevocationRefs OBJECT IDENTIFIER ::= { iso(1)
member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) id-aa(2) 45}
AttributeRevocationRefs ::= SEQUENCE OF CrlOcspRef
ENDA.2. Signature Format Definitions Using X.680 ASN.1 Syntax
NOTE: The ASN.1 module defined in Annex A.1 has precedence over that defined in Annex A.2 using syntax defined in ITU-T Recommendation X.680 (1997) [8] in the case of any conflict. ETS-ElectronicSignatureFormats-ExplicitSyntax97 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-mod(0) eSignature-explicit97(29)} DEFINITIONS EXPLICIT TAGS ::= BEGIN -- EXPORTS All - IMPORTS -- Cryptographic Message Syntax (CMS): RFC 3852 ContentInfo, ContentType, id-data, id-signedData, SignedData, EncapsulatedContentInfo, SignerInfo, id-contentType, id-messageDigest, MessageDigest, id-signingTime, SigningTime, id-countersignature, Countersignature FROM CryptographicMessageSyntax2004 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) cms-2004(24) } -- ESS Defined attributes: ESS Update -- RFC 5035 (Adding CertID Algorithm Agility) id-aa-signingCertificate, SigningCertificate, IssuerSerial, id-aa-contentReference, ContentReference, id-aa-contentIdentifier, ContentIdentifier, id-aa-signingCertificateV2 FROM ExtendedSecurityServices-2006 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-ess-2006(30) } -- Internet X.509 Public Key Infrastructure -- Certificate and CRL Profile: RFC 3280 Certificate, AlgorithmIdentifier, CertificateList, Name, Attribute FROM PKIX1Explicit88 {iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0)
id-pkix1-explicit(18)}
GeneralNames, GeneralName, PolicyInformation
FROM PKIX1Implicit88 {iso(1) identified-organization(3) dod(6)
internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
id-pkix1-implicit(19)}
-- Internet Attribute Certificate Profile for Authorization - RFC 3281
AttributeCertificate
FROM PKIXAttributeCertificate {iso(1) identified-organization(3)
dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
id-mod-attribute-cert(12)}
-- OCSP RFC 2560
BasicOCSPResponse, ResponderID
FROM OCSP {iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-ocsp(14)}
-- RFC 3161 Internet X.509 Public Key Infrastructure
-- Time-Stamp Protocol
TimeStampToken
FROM PKIXTSP {iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-tsp(13)}
-- X.520
DirectoryString {}
FROM SelectedAttributeTypes
{joint-iso-itu-t ds(5) module(1) selectedAttributeTypes(5) 4}
;
-- Definitions of Object Identifier arcs used in the present document
-- ==================================================================
-- OID used referencing electronic signature mechanisms based
-- on the present document for use with the IDUP API (see Annex D)
id-etsi-es-IDUP-Mechanism-v1 OBJECT IDENTIFIER ::=
{ itu-t(0) identified-organization(4) etsi(0)
electronic-signature-standard (1733) part1 (1) idupMechanism (4)
etsiESv1(1) }
-- Basic ES Attributes Defined in the present document
-- ===================================================
-- CMS Attributes defined in the present document
-- OtherSigningCertificate - deprecated
id-aa-ets-otherSigCert OBJECT IDENTIFIER ::= { iso(1)
member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
smime(16) id-aa(2) 19 }
OtherSigningCertificate ::= SEQUENCE {
certs SEQUENCE OF OtherCertID,
policies SEQUENCE OF PolicyInformation OPTIONAL
-- NOT USED IN THE PRESENT DOCUMENT
}
OtherCertID ::= SEQUENCE {
otherCertHash OtherHash,
issuerSerial IssuerSerial OPTIONAL }
OtherHash ::= CHOICE {
sha1Hash OtherHashValue,
-- This contains a SHA-1 hash
otherHash OtherHashAlgAndValue}
-- Policy ES Attributes Defined in the present document
-- ====================================================
-- Mandatory Basic Electronic Signature Attributes, plus in addition.
-- Signature Policy Identifier
id-aa-ets-sigPolicyId OBJECT IDENTIFIER ::= { iso(1)
member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
smime(16) id-aa(2) 15 }
SignaturePolicy ::= CHOICE {
signaturePolicyId SignaturePolicyId,
signaturePolicyImplied SignaturePolicyImplied
-- not used in this version
}
SignaturePolicyId ::= SEQUENCE {
sigPolicyId SigPolicyId,
sigPolicyHash SigPolicyHash,
sigPolicyQualifiers SEQUENCE SIZE (1..MAX) OF
SigPolicyQualifierInfo OPTIONAL
}
SignaturePolicyImplied ::= NULL
SigPolicyId ::= OBJECT IDENTIFIER
SigPolicyHash ::= OtherHashAlgAndValue
OtherHashAlgAndValue ::= SEQUENCE {
hashAlgorithm AlgorithmIdentifier,
hashValue OtherHashValue
}
OtherHashValue ::= OCTET STRING
SigPolicyQualifierInfo ::= SEQUENCE {
sigPolicyQualifierId SIG-POLICY-QUALIFIER.&id
({SupportedSigPolicyQualifiers}),
qualifier SIG-POLICY-QUALIFIER.&Qualifier
({SupportedSigPolicyQualifiers}
{@sigPolicyQualifierId})OPTIONAL }
SupportedSigPolicyQualifiers SIG-POLICY-QUALIFIER ::=
{ noticeToUser | pointerToSigPolSpec }
SIG-POLICY-QUALIFIER ::= CLASS {
&id OBJECT IDENTIFIER UNIQUE,
&Qualifier OPTIONAL }
WITH SYNTAX {
SIG-POLICY-QUALIFIER-ID &id
[SIG-QUALIFIER-TYPE &Qualifier] }
noticeToUser SIG-POLICY-QUALIFIER ::= {
SIG-POLICY-QUALIFIER-ID id-spq-ets-unotice SIG-QUALIFIER-TYPE
SPUserNotice }
pointerToSigPolSpec SIG-POLICY-QUALIFIER ::= {
SIG-POLICY-QUALIFIER-ID id-spq-ets-uri SIG-QUALIFIER-TYPE SPuri }
id-spq-ets-uri OBJECT IDENTIFIER ::= { iso(1)
member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
smime(16) id-spq(5) 1 }
SPuri ::= IA5String
id-spq-ets-unotice OBJECT IDENTIFIER ::= { iso(1)
member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
smime(16) id-spq(5) 2 }
SPUserNotice ::= SEQUENCE {
noticeRef NoticeReference OPTIONAL,
explicitText DisplayText OPTIONAL}
NoticeReference ::= SEQUENCE {
organization DisplayText,
noticeNumbers SEQUENCE OF INTEGER }
DisplayText ::= CHOICE {
visibleString VisibleString (SIZE (1..200)),
bmpString BMPString (SIZE (1..200)),
utf8String UTF8String (SIZE (1..200)) }
-- Optional Electronic Signature Attributes
-- Commitment Type
id-aa-ets-commitmentType OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 16}
CommitmentTypeIndication ::= SEQUENCE {
commitmentTypeId CommitmentTypeIdentifier,
commitmentTypeQualifier SEQUENCE SIZE (1..MAX) OF
CommitmentTypeQualifier OPTIONAL}
CommitmentTypeIdentifier ::= OBJECT IDENTIFIER
CommitmentTypeQualifier ::= SEQUENCE {
commitmentQualifierId COMMITMENT-QUALIFIER.&id,
qualifier COMMITMENT-QUALIFIER.&Qualifier OPTIONAL }
COMMITMENT-QUALIFIER ::= CLASS {
&id OBJECT IDENTIFIER UNIQUE,
&Qualifier OPTIONAL }
WITH SYNTAX {
COMMITMENT-QUALIFIER-ID &id
[COMMITMENT-TYPE &Qualifier] }
id-cti-ets-proofOfOrigin OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) cti(6) 1}
id-cti-ets-proofOfReceipt OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) cti(6) 2}
id-cti-ets-proofOfDelivery OBJECT IDENTIFIER ::= { iso(1)
member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16)
cti(6) 3}
id-cti-ets-proofOfSender OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) cti(6) 4}
id-cti-ets-proofOfApproval OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) cti(6) 5}
id-cti-ets-proofOfCreation OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) cti(6) 6}
-- Signer Location
id-aa-ets-signerLocation OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 17}
SignerLocation ::= SEQUENCE {
-- at least one of the following shall be present
countryName [0] DirectoryString{maxSize} OPTIONAL,
-- as used to name a Country in X.520
localityName [1] DirectoryString{maxSize} OPTIONAL,
-- as used to name a locality in X.520
postalAdddress [2] PostalAddress OPTIONAL }
PostalAddress ::= SEQUENCE SIZE(1..6) OF DirectoryString{maxSize}
-- maxSize parametrization as specified in X.683
-- Signer Attributes
id-aa-ets-signerAttr OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 18}
SignerAttribute ::= SEQUENCE OF CHOICE {
claimedAttributes [0] ClaimedAttributes,
certifiedAttributes [1] CertifiedAttributes }
ClaimedAttributes ::= SEQUENCE OF Attribute
CertifiedAttributes ::= AttributeCertificate
-- as defined in RFC 3281: see Section 4.1
-- Content Timestamp
id-aa-ets-contentTimestamp OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) id-aa(2) 20}
ContentTimestamp ::= TimeStampToken
-- Signature Timestamp
id-aa-signatureTimeStampToken OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) id-aa(2) 14}
SignatureTimeStampToken ::= TimeStampToken
-- Complete Certificate Refs.
id-aa-ets-certificateRefs OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 21}
CompleteCertificateRefs ::= SEQUENCE OF OtherCertID
-- Complete Revocation Refs
id-aa-ets-revocationRefs OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 22}
CompleteRevocationRefs ::= SEQUENCE OF CrlOcspRef
CrlOcspRef ::= SEQUENCE {
crlids [0] CRLListID OPTIONAL,
ocspids [1] OcspListID OPTIONAL,
otherRev [2] OtherRevRefs OPTIONAL
}
CRLListID ::= SEQUENCE {
crls SEQUENCE OF CrlValidatedID
}
CrlValidatedID ::= SEQUENCE {
crlHash OtherHash,
crlIdentifier CrlIdentifier OPTIONAL }
CrlIdentifier ::= SEQUENCE {
crlissuer Name,
crlIssuedTime UTCTime,
crlNumber INTEGER OPTIONAL
}
OcspListID ::= SEQUENCE {
ocspResponses SEQUENCE OF OcspResponsesID
}
OcspResponsesID ::= SEQUENCE {
ocspIdentifier OcspIdentifier,
ocspRepHash OtherHash OPTIONAL
}
OcspIdentifier ::= SEQUENCE {
ocspResponderID ResponderID,
-- As in OCSP response data
producedAt GeneralizedTime
-- As in OCSP response data
}
OtherRevRefs ::= SEQUENCE {
otherRevRefType OTHER-REVOCATION-REF.&id,
otherRevRefs SEQUENCE OF OTHER-REVOCATION-REF.&Type
}
OTHER-REVOCATION-REF ::= CLASS {
&Type,
&id OBJECT IDENTIFIER UNIQUE }
WITH SYNTAX {
WITH SYNTAX &Type ID &id }
-- Certificate Values
id-aa-ets-certValues OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 23}
CertificateValues ::= SEQUENCE OF Certificate
-- Certificate Revocation Values
id-aa-ets-revocationValues OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) id-aa(2) 24}
RevocationValues ::= SEQUENCE {
crlVals [0] SEQUENCE OF CertificateList OPTIONAL,
ocspVals [1] SEQUENCE OF BasicOCSPResponse OPTIONAL,
otherRevVals [2] OtherRevVals OPTIONAL
}
OtherRevVals ::= SEQUENCE {
otherRevValType OTHER-REVOCATION-VAL.&id,
otherRevVals SEQUENCE OF OTHER-REVOCATION-REF.&Type
}
OTHER-REVOCATION-VAL ::= CLASS {
&Type,
&id OBJECT IDENTIFIER UNIQUE }
WITH SYNTAX {
WITH SYNTAX &Type ID &id }
-- CAdES-C Timestamp
id-aa-ets-escTimeStamp OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 25}
ESCTimeStampToken ::= TimeStampToken
-- Time-Stamped Certificates and CRLs
id-aa-ets-certCRLTimestamp OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) id-aa(2) 26}
TimestampedCertsCRLs ::= TimeStampToken
-- Archive Timestamp
id-aa-ets-archiveTimestampV2 OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) id-aa(2) 48}
ArchiveTimeStampToken ::= TimeStampToken
-- Attribute certificate references
id-aa-ets-attrCertificateRefs OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) id-aa(2) 44}
AttributeCertificateRefs ::= SEQUENCE OF OtherCertID
-- Attribute revocation references
id-aa-ets-attrRevocationRefs OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) id-aa(2) 45}
AttributeRevocationRefs ::= SEQUENCE OF CrlOcspRef
END
(next page on part 5)
