Tech-invite3GPPspaceIETFspace
959493929190898887868584838281807978777675747372717069686766656463626160595857565554535251504948474645444342414039383736353433323130292827262524232221201918171615141312111009080706050403020100
in Index   Prev   Next

RFC 5126

CMS Advanced Electronic Signatures (CAdES)

Pages: 141
Informational
Obsoletes:  3126
Part 1 of 7 – Pages 1 to 12
None   None   Next

Top   ToC   RFC5126 - Page 1
Network Working Group                                          D. Pinkas
Request for Comments: 5126                                      Bull SAS
Obsoletes: 3126                                                  N. Pope
Category: Informational                                 Thales eSecurity
                                                                 J. Ross
                                                  Security and Standards
                                                           February 2008


               CMS Advanced Electronic Signatures (CAdES)

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Abstract

This document defines the format of an electronic signature that can remain valid over long periods. This includes evidence as to its validity even if the signer or verifying party later attempts to deny (i.e., repudiates) the validity of the signature. The format can be considered as an extension to RFC 3852 and RFC 2634, where, when appropriate, additional signed and unsigned attributes have been defined. The contents of this Informational RFC amount to a transposition of the ETSI Technical Specification (TS) 101 733 V.1.7.4 (CMS Advanced Electronic Signatures -- CAdES) and is technically equivalent to it. The technical contents of this specification are maintained by ETSI. The ETSI TS and further updates are available free of charge at: http://www.etsi.org/WebSite/Standards/StandardsDownload.aspx
Top   ToC   RFC5126 - Page 2

Table of Contents

1. Introduction ....................................................6 2. Scope ...........................................................6 3. Definitions and Abbreviations ...................................8 3.1. Definitions ................................................8 3.2. Abbreviations .............................................11 4. Overview .......................................................12 4.1. Major Parties .............................................13 4.2. Signature Policies ........................................14 4.3. Electronic Signature Formats ..............................15 4.3.1. CAdES Basic Electronic Signature (CAdES-BES) .......15 4.3.2. CAdES Explicit Policy-based Electronic Signatures (CAdES-EPES) ............................18 4.4. Electronic Signature Formats with Validation Data .........19 4.4.1. Electronic Signature with Time (CAdES-T) ...........20 4.4.2. ES with Complete Validation Data References (CAdES-C) ..........................................21 4.4.3. Extended Electronic Signature Formats ..............23 4.4.3.1. EXtended Long Electronic Signature (CAdES-X Long) ............................24 4.4.3.2. EXtended Electronic Signature with Time Type 1 ...............................25 4.4.3.3. EXtended Electronic Signature with Time Type 2 ...............................26 4.4.3.4. EXtended Long Electronic Signature with Time (CAdES-X Long ...................27 4.4.4. Archival Electronic Signature (CAdES-A) ............27 4.5. Arbitration ...............................................28 4.6. Validation Process ........................................29 5. Electronic Signature Attributes ................................30 5.1. General Syntax ............................................30 5.2. Data Content Type .........................................30 5.3. Signed-data Content Type ..................................30 5.4. SignedData Type ...........................................31 5.5. EncapsulatedContentInfo Type ..............................31 5.6. SignerInfo Type ...........................................31 5.6.1. Message Digest Calculation Process .................32 5.6.2. Message Signature Generation Process ...............32 5.6.3. Message Signature Verification Process .............32 5.7. Basic ES Mandatory Present Attributes .....................32 5.7.1. content-type .......................................32 5.7.2. Message Digest .....................................33 5.7.3. Signing Certificate Reference Attributes ...........33 5.7.3.1. ESS signing-certificate Attribute Definition ................................34 5.7.3.2. ESS signing-certificate-v2 Attribute Definition ......................34
Top   ToC   RFC5126 - Page 3
                  5.7.3.3. Other signing-certificate
                           Attribute Definition ......................35
      5.8. Additional Mandatory Attributes for Explicit
           Policy-based Electronic Signatures ........................36
           5.8.1. signature-policy-identifier ........................36
      5.9. CMS Imported Optional Attributes ..........................38
           5.9.1. signing-time .......................................38
           5.9.2. countersignature ...................................39
      5.10. ESS-Imported Optional Attributes .........................39
           5.10.1. content-reference Attribute .......................39
           5.10.2. content-identifier Attribute ......................39
           5.10.3. content-hints Attribute ...........................40
      5.11. Additional Optional Attributes Defined in the
            Present Document .........................................40
           5.11.1. commitment-type-indication Attribute ..............41
           5.11.2. signer-location Attribute .........................43
           5.11.3. signer-attributes Attribute .......................43
           5.11.4. content-time-stamp Attribute ......................44
      5.12. Support for Multiple Signatures ..........................44
           5.12.1. Independent Signatures ............................44
           5.12.2. Embedded Signatures ...............................45
   6. Additional Electronic Signature Validation Attributes ..........45
      6.1. signature time-stamp Attribute (CAdES-T) ..................47
           6.1.1. signature-time-stamp Attribute Definition ..........47
      6.2. Complete Validation Data References (CAdES-C) .............48
           6.2.1. complete-certificate-references Attribute
                  Definition .........................................48
           6.2.2. complete-revocation-references Attribute
                  Definition .........................................49
           6.2.3. attribute-certificate-references Attribute
                  Definition .........................................51
           6.2.4. attribute-revocation-references Attribute
                  Definition .........................................52
      6.3. Extended Validation Data (CAdES-X) ........................52
           6.3.1. Time-Stamped Validation Data (CAdES-X Type
                  1 or Type 2) .......................................53
           6.3.2. Long Validation Data (CAdES-X Long, CAdES-X
                  Long Type 1 or 2) ..................................53
           6.3.3. certificate-values Attribute Definition ............54
           6.3.4. revocation-values Attribute Definition .............54
           6.3.5. CAdES-C-time-stamp Attribute Definition ............56
           6.3.6. time-stamped-certs-crls-references
                  Attribute Definition ...............................57
      6.4. Archive Validation Data ...................................58
           6.4.1. archive-time-stamp Attribute Definition ............58
   7. Other Standard Data Structures .................................60
      7.1. Public Key Certificate Format .............................60
      7.2. Certificate Revocation List Format ........................60
Top   ToC   RFC5126 - Page 4
      7.3. OCSP Response Format ......................................60
      7.4. Time-Stamp Token Format ...................................60
      7.5. Name and Attribute Formats ................................60
      7.6. AttributeCertificate ......................................61
   8. Conformance Requirements .......................................61
      8.1. CAdES-Basic Electronic Signature (CAdES-BES) ..............62
      8.2. CAdES-Explicit Policy-based Electronic Signature ..........63
      8.3. Verification Using Time-Stamping ..........................63
      8.4. Verification Using Secure Records .........................63
   9. References .....................................................64
      9.1. Normative References ......................................64
      9.2. Informative References ....................................65
   Annex A (normative): ASN.1 Definitions ............................69
           A.1. Signature Format Definitions Using
                X.208 ASN.1 Syntax ...................................69
           A.2. Signature Format Definitions Using
                X.680 ASN.1 Syntax ...................................77
   Annex B (informative): Extended Forms of Electronic Signatures ....86
           B.1. Extended Forms of Validation Data ....................86
                B.1.1. CAdES-X Long ..................................87
                B.1.2. CAdES-X Type 1 ................................88
                B.1.3. CAdES-X Type 2 ................................90
                B.1.4. CAdES-X Long Type 1 and CAdES-X Long Type 2 ...91
           B.2. Time-Stamp Extensions ................................93
           B.3. Archive Validation Data (CAdES-A) ....................94
           B.4. Example Validation Sequence ..........................97
           B.5. Additional Optional Features ........................102
   Annex C (informative): General Description .......................103
           C.1. The Signature Policy ................................103
           C.2. Signed Information ..................................104
           C.3. Components of an Electronic Signature ...............104
                C.3.1. Reference to the Signature Policy ............104
                C.3.2. Commitment Type Indication ...................105
                C.3.3. Certificate Identifier from the Signer .......106
                C.3.4. Role Attributes ..............................106
                       C.3.4.1.  Claimed Role .......................107
                       C.3.4.2.  Certified Role .....................107
                C.3.5. Signer Location ..............................108
                C.3.6. Signing Time .................................108
                C.3.7. Content Format ...............................108
                C.3.8. content-hints ................................109
                C.3.9. Content Cross-Referencing ....................109
           C.4. Components of Validation Data .......................109
                C.4.1. Revocation Status Information ................109
                       C.4.1.1. CRL Information .....................110
                       C.4.1.2. OCSP Information ....................110
                C.4.2. Certification Path ...........................111
                C.4.3. Time-stamping for Long Life of Signatures ....111
Top   ToC   RFC5126 - Page 5
                C.4.4. Time-stamping for Long Life of Signature
                       before CA key Compromises ....................113
                        C.4.4.1. Time-stamping the ES with
                                 Complete Validation Data ...........113
                        C.4.4.2. Time-Stamping Certificates and
                                 Revocation Information References ..114
                C.4.5. Time-stamping for Archive of Signature .......115
                C.4.6. Reference to Additional Data .................116
                C.4.7. Time-Stamping for Mutual Recognition .........116
                C.4.8. TSA Key Compromise ...........................117
           C.5. Multiple Signatures .................................118
   Annex D (informative): Data Protocols to Interoperate with TSPs ..118
           D.1. Operational Protocols ...............................118
                D.1.1. Certificate Retrieval ........................118
                D.1.2. CRL Retrieval ................................118
                D.1.3. Online Certificate Status ....................119
                D.1.4. Time-Stamping ................................119
           D.2. Management Protocols ................................119
                D.2.1. Request for Certificate Revocation ...........119
   Annex E (informative): Security Considerations ...................119
           E.1. Protection of Private Key ...........................119
           E.2. Choice of Algorithms ................................119
   Annex F (informative): Example Structured Contents and MIME ......120
           F.1. General Description .................................120
                F.1.1. Header Information ...........................120
                F.1.2. Content Encoding .............................121
                F.1.3. Multi-Part Content ...........................121
           F.2. S/MIME ..............................................122
                F.2.1. Using application/pkcs7-mime .................123
                F.2.2. Using application/pkcs7-signature ............124
   Annex G (informative): Relationship to the European Directive
                          and EESSI .................................125
           G.1. Introduction ........................................125
           G.2. Electronic Signatures and the Directive .............126
           G.3. ETSI Electronic Signature Formats and the Directive .127
           G.4. EESSI Standards and Classes of Electronic Signature .127
                G.4.1. Structure of EESSI Standardization ...........127
                G.4.2. Classes of Electronic Signatures .............128
                G.4.3. Electronic Signature Classes and the ETSI
                       Electronic Signature Format ..................128
   Annex H (informative): APIs for the Generation and Verification
                          of Electronic Signatures Tokens ...........129
           H.1. Data Framing ........................................129
           H.2. IDUP-GSS-APIs Defined by the IETF ...................131
           H.3. CORBA Security Interfaces Defined by the OMG ........132
   Annex I (informative): Cryptographic Algorithms ..................133
           I.1. Digest Algorithms ...................................133
                I.1.1. SHA-1 ........................................133
Top   ToC   RFC5126 - Page 6
                I.1.2. General ......................................133
           I.2. Digital Signature Algorithms ........................134
                I.2.1. DSA ..........................................134
                I.2.2. RSA ..........................................135
                I.2.3. General ......................................135
   Annex J (informative): Guidance on Naming ........................137
           J.1. Allocation of Names .................................137
           J.2. Providing Access to Registration Information ........138
           J.3. Naming Schemes ......................................138
                J.3.1. Naming Schemes for Individual Citizens .......138
                J.3.2. Naming Schemes for Employees of an
                       Organization .................................139

1. Introduction

This document is intended to cover electronic signatures for various types of transactions, including business transactions (e.g., purchase requisition, contract, and invoice applications) where long-term validity of such signatures is important. This includes evidence as to its validity even if the signer or verifying party later attempts to deny (i.e., repudiates; see ISO/IEC 10181-5 [ISO10181-5]) the validity of the signature. Thus, the present document can be used for any transaction between an individual and a company, between two companies, between an individual and a governmental body, etc. The present document is independent of any environment; it can be applied to any environment, e.g., smart cards, Global System for Mobile Communication Subscriber Identity Module (GSM SIM) cards, special programs for electronic signatures, etc. The European Directive on a community framework for Electronic Signatures defines an electronic signature as: "Data in electronic form which is attached to or logically associated with other electronic data and which serves as a method of authentication". An electronic signature, as used in the present document, is a form of advanced electronic signature, as defined in the Directive.

2. Scope

The scope of the present document covers electronic signature formats only. The aspects of Electronic Signature Policies are defined in RFC 3125 [RFC3125] and ETSI TR 102 272 [TR102272]. The present document defines a number of electronic signature formats, including electronic signatures that can remain valid over long periods. This includes evidence as to its validity even if the
Top   ToC   RFC5126 - Page 7
   signer or verifying party later attempts to deny (repudiates) the
   validity of the electronic signature.

   The present document specifies use of Trusted Service Providers
   (e.g., Time-Stamping Authorities) and the data that needs to be
   archived (e.g., cross-certificates and revocation lists) to meet the
   requirements of long-term electronic signatures.

   An electronic signature, as defined by the present document, can be
   used for arbitration in case of a dispute between the signer and
   verifier, which may occur at some later time, even years later.

   The present document includes the concept of signature policies that
   can be used to establish technical consistency when validating
   electronic signatures, but it does not mandate their use.

   The present document is based on the use of public key cryptography
   to produce digital signatures, supported by public key certificates.
   The present document also specifies the use of time-stamping and
   time-marking services to prove the validity of a signature long after
   the normal lifetime of critical elements of an electronic signature.
   This document also, as an option, defines ways to provide very
   long-term protection against key compromise or weakened algorithms.

   The present document builds on existing standards that are widely
   adopted.  These include:

      - RFC 3852 [4]: "Cryptographic Message Syntax (CMS)";

      - ISO/IEC 9594-8/ITU-T Recommendation X.509 [1]: "Information
        technology - Open Systems Interconnection - The Directory:
        Authentication framework";

      - RFC 3280 [2]: "Internet X.509 Public Key Infrastructure (PKIX)
        Certificate and Certificate Revocation List (CRL) Profile";

      - RFC 3161 [7]: "Internet X.509 Public Key Infrastructure
        Time-Stamp Protocol (TSP)".

      NOTE: See Section 11 for a full set of references.

   The present document describes formats for advanced electronic
   signatures using ASN.1 (Abstract Syntax Notation 1) [14].  ASN.1 is
   encoded using X.690 [16].

   These formats are based on CMS (Cryptographic Message Syntax) defined
   in RFC 3852 [4].  These electronic signatures are thus called CAdES,
   for "CMS Advanced Electronic Signatures".
Top   ToC   RFC5126 - Page 8
   Another document, TS 101 903 [TS101903], describes formats for XML
   advanced electronic signatures (XAdES) built on XMLDSIG as specified
   in [XMLDSIG].

   In addition, the present document identifies other documents that
   define formats for Public Key Certificates, Attribute Certificates,
   and Certificate Revocation Lists and supporting protocols, including
   protocols for use by trusted third parties to support the operation
   of electronic signature creation and validation.

   Informative annexes include:

      - illustrations of extended forms of Electronic Signature formats
        that protect against various vulnerabilities and examples of
        validation processes (Annex B);

      - descriptions and explanations of some of the concepts used in
        the present document, giving a rationale for normative parts of
        the present document (Annex C);

      - information on protocols to interoperate with Trusted Service
        Providers (Annex D);

      - guidance on naming (Annex E);

      - an example structured content and MIME (Annex F);

      - the relationship between the present document and the directive
        on electronic signature and associated standardization
        initiatives (Annex G);

      - APIs to support the generation and verification of electronic
        signatures (Annex H);

      - cryptographic algorithms that may be used (Annex I); and

      - naming schemes (see Annex J).

3. Definitions and Abbreviations

3.1. Definitions

For the purposes of the present document, the following terms and definitions apply: Arbitrator: an arbitrator entity may be used to arbitrate a dispute between a signer and verifier when there is a disagreement on the validity of a digital signature.
Top   ToC   RFC5126 - Page 9
   Attribute Authority (AA): an authority that assigns privileges by
   issuing attribute certificates.

   Authority Certificate: a certificate issued to an authority (e.g.,
   either to a certification authority or an attribute authority).

   Attribute Authority Revocation List (AARL): a revocation list
   containing a list of references to certificates issued to AAs that
   are no longer considered valid by the issuing authority.

   Attribute Certificate Revocation List (ACRL): a revocation list
   containing a list of references to attribute certificates that are no
   longer considered valid by the issuing authority.

   Certification Authority Revocation List (CARL): a revocation list
   containing a list of public key certificates issued to certification
   authorities that are no longer considered valid by the certificate
   issuer.

   Certification Authority (CA): an authority trusted by one or more
   users to create and assign public key certificates; optionally, the
   certification authority may create the users' keys.

      NOTE: See ITU-T Recommendation X.509 [1].

   Certificate Revocation List (CRL): a signed list indicating a set of
   public key certificates that are no longer considered valid by the
   certificate issuer.

   Digital Signature: data appended to, or a cryptographic
   transformation of, a data unit that allows a recipient of the data
   unit to prove the source and integrity of the data unit and protect
   against forgery, e.g., by the recipient.

      NOTE: See ISO 7498-2 [ISO7498-2].

   Electronic Signature: data in electronic form that is attached to or
   logically associated with other electronic data and that serves as a
   method of authentication.

      NOTE: See Directive 1999/93/EC of the European Parliament and of
      the Council of 13 December 1999 on a Community framework for
      electronic signatures [EUDirective].

   Extended Electronic Signatures: electronic signatures enhanced by
   complementing the baseline requirements with additional data, such as
   time-stamp tokens and certificate revocation data, to address
   commonly recognized threats.
Top   ToC   RFC5126 - Page 10
   Explicit Policy-based Electronic Signature (EPES): an electronic
   signature where the signature policy that shall be used to validate
   it is explicitly specified.

   Grace Period: a time period that permits the certificate revocation
   information to propagate through the revocation process to relying
   parties.

   Initial Verification: a process performed by a verifier done after an
   electronic signature is generated in order to capture additional
   information that could make it valid for long-term verification.

   Public Key Certificate (PKC): public keys of a user, together with
   some other information, rendered unforgeable by encipherment with the
   private key of the certification authority that issued it.

      NOTE: See ITU-T Recommendation X.509 [1].

   Rivest-Shamir-Adleman (RSA): an asymmetric cryptography algorithm
   based on the difficulty to factor very large numbers using a key
   pair: a private key and a public key.

   Signature Policy: a set of rules for the creation and validation of
   an electronic signature that defines the technical and procedural
   requirements for electronic signature creation and validation, in
   order to meet a particular business need, and under which the
   signature can be determined to be valid.

   Signature Policy Issuer: an entity that defines and issues a
   signature policy.

   Signature Validation Policy: part of the signature policy that
   specifies the technical requirements on the signer in creating a
   signature and verifier when validating a signature.

   Signer: an entity that creates an electronic signature.

   Subsequent Verification: a process performed by a verifier to assess
   the signature validity.

      NOTE: Subsequent verification may be done even years after the
      electronic signature was produced by the signer and completed by
      the initial verification, and it might not need to capture more
      data than those captured at the time of initial verification.

   Time-Stamp Token: a data object that binds a representation of a
   datum to a particular time, thus establishing evidence that the datum
   existed before that time.
Top   ToC   RFC5126 - Page 11
   Time-Mark: information in an audit trail from a Trusted Service
   Provider that binds a representation of a datum to a particular time,
   thus establishing evidence that the datum existed before that time.

   Time-Marking Authority: a trusted third party that creates records in
   an audit trail in order to indicate that a datum existed before a
   particular point in time.

   Time-Stamping Authority (TSA): a trusted third party that creates
   time-stamp tokens in order to indicate that a datum existed at a
   particular point in time.

   Time-Stamping Unit (TSU): a set of hardware and software that is
   managed as a unit and has a single time-stamp token signing key
   active at a time.

   Trusted Service Provider (TSP): an entity that helps to build trust
   relationships by making available or providing some information upon
   request.

   Validation Data: additional data that may be used by a verifier of
   electronic signatures to determine that the signature is valid.

   Valid Electronic Signature: an electronic signature that passes
   validation.

   Verifier: an entity that verifies evidence.

      NOTE 1: See ISO/IEC 13888-1 [ISO13888-1].

      NOTE 2: Within the context of the present document, this is an
      entity that validates an electronic signature.

3.2. Abbreviations

For the purposes of the present document, the following abbreviations apply: AA Attribute Authority AARL Attribute Authority Revocation List ACRL Attribute Certificate Revocation List API Application Program Interface ASCII American Standard Code for Information Interchange ASN.1 Abstract Syntax Notation 1 CA Certification Authority CAD Card Accepting Device CAdES CMS Advanced Electronic Signature CAdES-A CAdES with Archive validation data
Top   ToC   RFC5126 - Page 12
   CAdES-BES    CAdES Basic Electronic Signature
   CAdES-C      CAdES with Complete validation data
   CAdES-EPES   CAdES Explicit Policy Electronic Signature
   CAdES-T      CAdES with Time
   CAdES-X      CAdES with eXtended validation data
   CAdES-X Long CAdES with EXtended Long validation data
   CARL         Certification Authority Revocation List
   CMS          Cryptographic Message Syntax
   CRL          Certificate Revocation List
   CWA          CEN (European Committee for Standardization) Workshop
                Agreement
   DER          Distinguished Encoding Rules (for ASN.1)
   DSA          Digital Signature Algorithm
   EDIFACT      Electronic Data Interchange For Administration,
                Commerce and Transport
   EESSI        European Electronic Signature Standardization
                Initiative
   EPES         Explicit Policy-based Electronic Signature
   ES           Electronic Signature
   ESS          Enhanced Security Services (enhances CMS)
   IDL          Interface Definition Language
   MIME         Multipurpose Internet Mail Extensions
   OCSP         Online Certificate Status Provider
   OID          Object IDentifier
   PKC          Public Key Certificate
   PKIX         Public Key Infrastructure using X.509
                (IETF Working Group)
   RSA          Rivest-Shamir-Adleman
   SHA-1        Secure Hash Algorithm 1
   TSA          Time-Stamping Authority
   TSP          Trusted Service Provider
   TST          Time-Stamp Token
   TSU          Time-Stamping Unit
   URI          Uniform Resource Identifier
   URL          Uniform Resource Locator
   XML          Extensible Markup Language
   XMLDSIG      XML Digital Signature



(page 12 continued on part 2)

Next Section