wimaxing 2008-7-24 17:46
RFC5126-CMS Advanced Electronic Signatures (CAdES)
【资料成文时间】: 2007
【语言】:英文
【页数】:141
【何人(公司)所著】:
【文件格式】: PDF
【文件原名】:CMS Advanced Electronic Signatures (CAdES)
【摘要或目录】:
Table of Contents
1. Introduction ....................................................6
2. Scope ...........................................................6
3. Definitions and Abbreviations ...................................8
3.1. Definitions ................................................8
3.2. Abbreviations .............................................11
4. Overview .......................................................12
4.1. Major Parties .............................................13
4.2. Signature Policies ........................................14
4.3. Electronic Signature Formats ..............................15
4.3.1. CAdES Basic Electronic Signature (CAdES-BES) .......15
4.3.2. CAdES Explicit Policy-based Electronic
Signatures (CAdES-EPES) ............................18
4.4. Electronic Signature Formats with Validation Data .........19
4.4.1. Electronic Signature with Time (CAdES-T) ...........20
4.4.2. ES with Complete Validation Data References
(CAdES-C) ..........................................21
4.4.3. Extended Electronic Signature Formats ..............23
4.4.3.1. EXtended Long Electronic Signature
(CAdES-X Long) ............................24
4.4.3.2. EXtended Electronic Signature with
Time Type 1 ...............................25
4.4.3.3. EXtended Electronic Signature with
Time Type 2 ...............................26
4.4.3.4. EXtended Long Electronic Signature
with Time (CAdES-X Long ...................27
4.4.4. Archival Electronic Signature (CAdES-A) ............27
4.5. Arbitration ...............................................28
4.6. Validation Process ........................................29
5. Electronic Signature Attributes ................................30
5.1. General Syntax ............................................30
5.2. Data Content Type .........................................30
5.3. Signed-data Content Type ..................................30
5.4. SignedData Type ...........................................31
5.5. EncapsulatedContentInfo Type ..............................31
5.6. SignerInfo Type ...........................................31
5.6.1. Message Digest Calculation Process .................32
5.6.2. Message Signature Generation Process ...............32
5.6.3. Message Signature Verification Process .............32
5.7. Basic ES Mandatory Present Attributes .....................32
5.7.1. content-type .......................................32
5.7.2. Message Digest .....................................33
5.7.3. Signing Certificate Reference Attributes ...........33
5.7.3.1. ESS signing-certificate Attribute
Definition ................................34
5.7.3.2. ESS signing-certificate-v2
Attribute Definition ......................34
5.7.3.3. Other signing-certificate
Attribute Definition ......................35
5.8. Additional Mandatory Attributes for Explicit
Policy-based Electronic Signatures ........................36
5.8.1. signature-policy-identifier ........................36
5.9. CMS Imported Optional Attributes ..........................38
5.9.1. signing-time .......................................38
5.9.2. countersignature ...................................39
5.10. ESS-Imported Optional Attributes .........................39
5.10.1. content-reference Attribute .......................39
5.10.2. content-identifier Attribute ......................39
5.10.3. content-hints Attribute ...........................40
5.11. Additional Optional Attributes Defined in the
Present Document .........................................40
5.11.1. commitment-type-indication Attribute ..............41
5.11.2. signer-location Attribute .........................43
5.11.3. signer-attributes Attribute .......................43
5.11.4. content-time-stamp Attribute ......................44
5.12. Support for Multiple Signatures ..........................44
5.12.1. Independent Signatures ............................44
5.12.2. Embedded Signatures ...............................45
6. Additional Electronic Signature Validation Attributes ..........45
6.1. signature time-stamp Attribute (CAdES-T) ..................47
6.1.1. signature-time-stamp Attribute Definition ..........47
6.2. Complete Validation Data References (CAdES-C) .............48
6.2.1. complete-certificate-references Attribute
Definition .........................................48
6.2.2. complete-revocation-references Attribute
Definition .........................................49
6.2.3. attribute-certificate-references Attribute
Definition .........................................51
6.2.4. attribute-revocation-references Attribute
Definition .........................................52
6.3. Extended Validation Data (CAdES-X) ........................52
6.3.1. Time-Stamped Validation Data (CAdES-X Type
1 or Type 2) .......................................53
6.3.2. Long Validation Data (CAdES-X Long, CAdES-X
Long Type 1 or 2) ..................................53
6.3.3. certificate-values Attribute Definition ............54
6.3.4. revocation-values Attribute Definition .............54
6.3.5. CAdES-C-time-stamp Attribute Definition ............56
6.3.6. time-stamped-certs-crls-references
Attribute Definition ...............................57
6.4. Archive Validation Data ...................................58
6.4.1. archive-time-stamp Attribute Definition ............58
7. Other Standard Data Structures .................................60
7.1. Public Key Certificate Format .............................60
7.2. Certificate Revocation List Format ........................60
7.3. OCSP Response Format ......................................60
7.4. Time-Stamp Token Format ...................................60
7.5. Name and Attribute Formats ................................60
7.6. AttributeCertificate ......................................61
8. Conformance Requirements .......................................61
8.1. CAdES-Basic Electronic Signature (CAdES-BES) ..............62
8.2. CAdES-Explicit Policy-based Electronic Signature ..........63
8.3. Verification Using Time-Stamping ..........................63
8.4. Verification Using Secure Records .........................63
9. References .....................................................64
9.1. Normative References ......................................64
9.2. Informative References ....................................65
Annex A (normative): ASN.1 Definitions ............................69
A.1. Signature Format Definitions Using
X.208 ASN.1 Syntax ...................................69
A.2. Signature Format Definitions Using
X.680 ASN.1 Syntax ...................................77
Annex B (informative): Extended Forms of Electronic Signatures ....86
B.1. Extended Forms of Validation Data ....................86
B.1.1. CAdES-X Long ..................................87
B.1.2. CAdES-X Type 1 ................................88
B.1.3. CAdES-X Type 2 ................................90
B.1.4. CAdES-X Long Type 1 and CAdES-X Long Type 2 ...91
B.2. Time-Stamp Extensions ................................93
B.3. Archive Validation Data (CAdES-A) ....................94
B.4. Example Validation Sequence ..........................97
B.5. Additional Optional Features ........................102
Annex C (informative): General Description .......................103
C.1. The Signature Policy ................................103
C.2. Signed Information ..................................104
C.3. Components of an Electronic Signature ...............104
C.3.1. Reference to the Signature Policy ............104
C.3.2. Commitment Type Indication ...................105
C.3.3. Certificate Identifier from the Signer .......106
C.3.4. Role Attributes ..............................106
C.3.4.1. Claimed Role .......................107
C.3.4.2. Certified Role .....................107
C.3.5. Signer Location ..............................108
C.3.6. Signing Time .................................108
C.3.7. Content Format ...............................108
C.3.8. content-hints ................................109
C.3.9. Content Cross-Referencing ....................109
C.4. Components of Validation Data .......................109
C.4.1. Revocation Status Information ................109
C.4.1.1. CRL Information .....................110
C.4.1.2. OCSP Information ....................110
C.4.2. Certification Path ...........................111
C.4.3. Time-stamping for Long Life of Signatures ....111
C.4.4. Time-stamping for Long Life of Signature
before CA key Compromises ....................113
C.4.4.1. Time-stamping the ES with
Complete Validation Data ...........113
C.4.4.2. Time-Stamping Certificates and
Revocation Information References ..114
C.4.5. Time-stamping for Archive of Signature .......115
C.4.6. Reference to Additional Data .................116
C.4.7. Time-Stamping for Mutual Recognition .........116
C.4.8. TSA Key Compromise ...........................117
C.5. Multiple Signatures .................................118
Annex D (informative): Data Protocols to Interoperate with TSPs ..118
D.1. Operational Protocols ...............................118
D.1.1. Certificate Retrieval ........................118
D.1.2. CRL Retrieval ................................118
D.1.3. Online Certificate Status ....................119
D.1.4. Time-Stamping ................................119
D.2. Management Protocols ................................119
D.2.1. Request for Certificate Revocation ...........119
Annex E (informative): Security Considerations ...................119
E.1. Protection of Private Key ...........................119
E.2. Choice of Algorithms ................................119
Annex F (informative): Example Structured Contents and MIME ......120
F.1. General Description .................................120
F.1.1. Header Information ...........................120
F.1.2. Content Encoding .............................121
F.1.3. Multi-Part Content ...........................121
F.2. S/MIME ..............................................122
F.2.1. Using application/pkcs7-mime .................123
F.2.2. Using application/pkcs7-signature ............124
Annex G (informative): Relationship to the European Directive
and EESSI .................................125
G.1. Introduction ........................................125
G.2. Electronic Signatures and the Directive .............126
G.3. ETSI Electronic Signature Formats and the Directive .127
G.4. EESSI Standards and Classes of Electronic Signature .127
G.4.1. Structure of EESSI Standardization ...........127
G.4.2. Classes of Electronic Signatures .............128
G.4.3. Electronic Signature Classes and the ETSI
Electronic Signature Format ..................128
Annex H (informative): APIs for the Generation and Verification
of Electronic Signatures Tokens ...........129
H.1. Data Framing ........................................129
H.2. IDUP-GSS-APIs Defined by the IETF ...................131
H.3. CORBA Security Interfaces Defined by the OMG ........132
Annex I (informative): Cryptographic Algorithms ..................133
I.1. Digest Algorithms ...................................133
I.1.1. SHA-1 ........................................133
I.1.2. General ......................................133
I.2. Digital Signature Algorithms ........................134
I.2.1. DSA ..........................................134
I.2.2. RSA ..........................................135
I.2.3. General ......................................135
Annex J (informative): Guidance on Naming ........................137
J.1. Allocation of Names .................................137
J.2. Providing Access to Registration Information ........138
J.3. Naming Schemes ......................................138
J.3.1. Naming Schemes for Individual Citizens .......138
J.3.2. Naming Schemes for Employees of an
Organization .................................139