XAdES長期署名プロファイル(案)

Size: px

Start display at page:

Download "XAdES長期署名プロファイル(案)"

ときさかわ
5 years ago
Views:

1 XAdES ECOM 1/33

2 XML XML ETSI 1 TS V1.3.1( ), XML Advanced Electronic Signatures(XAdES) CMS ETSI TS V1.5.1( ) Electronic Signature Formats XML CMS ETSI TS V1.5.1( ) Electronic Signature Formats XAdES ETSI TS V1.5.1( ) Electronic Signature Formats XAdES CMS XAdES W3C Note 2 V1.1.1 ( ) ETSI ETSI TS V1.2.2(2004-4) ETSI TS V1.3.1( ) 3 V1.1.1 ( ) W3C Note V1.3.1( ) Basic Electronic Signature (XAdES-BES) Explicit Policy based Electronic Signature (XAdES-EPES) ETSI TR V1.1.1( ), "XML format for signature policies" XML CMS RFC3125, "Electronic Signature Policies" W3C/IETF Recommendation (February 2002): XML-Signature Syntax and Processing XMLDSIG XML XML XMLDSIG 1 XML /33

3 1 XML <Object> XML XML <ds:reference> URI XML <ds:signature> Enveloped <ds:object>enveloping <ds:signature> XML Detached XML Detached XML XAdES(V1.3.1) Basic Electronic Signature (XAdES-BES) Explicit Policy based Electronic Signature (XAdES-EPES) Electronic Signature with Time(XAdES-T) Electronic Signature with Complete Validation Data References(XAdES-C) 4 XAdES XAdES XMLDSIG <ds:object> 3/33

4 2 XAdES 2XAdES-BES (1) QualifyingProperties <ds:object> 3 QualifyingProperties XMLSchema 4/33

5 3QualifyingProperties XMLSchema QualifyingProperties SignedProperties UnsignedProperties SignedProperties Target ds:signature Id (2) SignedProperties XMLDSIG ds:reference SignedSignatureProperties SignedDataObjectProperties 4 SignedProperties XMLSchema 4SignedProperties XMLSchema SignedProperties ds:reference Type 5/33

6 (3) UnsignedProperties 5 UnsignedProperties XMLSchema 5UnsignedProperties XMLSchema (4) SignedSignatureProperties QualifyingProperties Target XML XML 6 SignedSignatureProperties XMLSchema 6SignedSignatureProperties XMLSchema 6/33

7 (5) UnsignedSignatureProperties QualifyingProperties Target XML XML 7 UnsignedSignatureProperties XMLSchema 7UnsignedSignatureProperties XMLSchema XAdES (6) SignedDataObjectProperties 8 SignedDataObjectProperties XMLSchema 7/33

8 8SignedDataObjectProperties XMLSchema (7) UnsignedDataObjectProperties 9 UnsignedDataObjectProperties XMLSchema UnsignedDataObjectProperties ETSI TS V1.5.1( ) 9UnsignedDataObjectProperties XMLSchema 8/33

9 (1) AnyType 10 AnyType XMLShema 10AnyType XMLSchema (2) ObjectIdentifierType (OID) 11 ObjectIdentifierType XMLSchema Identifier ASN.1 OID XML URI XML Identifier URI Qualifier ASN.1 OID URN URI Qualifier OIDAsURNOIDAsURI Description DocumentationReferences 9/33

10 11ObjectIdentifier XMLSchema (3) EncapsulatedPKIDataType ASN.1 XML X.509 base64 Encoding ASN.1 URI URI 1 12 EncapsulatedPKIDataType XMLSchema 1ASN.1 URI URI DER BER CER 10/33

11 PER XER EncapsulatedPKIDataType XMLSchema (4) XAdESTimeStampType XAdESTimeStampType GenericTimeStampType GenericTimeStampType XAdESTimeStampType OtherTimeStampType OtherTimeStampType 13 GenericTimeStampType XMLSchema XAdESTimeStampType XMLSchema 14 11/33

12 13GenericTimeStampType XMLSchema 12/33

13 14XAdESTimeStampType XMLSchema XAdESTimeStampType TSA 2 Implicit Mode XAdESTimeStampType Include TSA XAdES Signed Properties 1. XAdESTimeStampType 2. XAdESTimeStampType ds:canonicalization ds:canonicalization XMLDSIG 3. Unsigned Properties 1. 13/33

14 UnsignedSignatureProperties 2. XAdESTimeStampType ds:canonicalization ds:canonicalization XMLDSIG 3. TSA SignatureTimeStamp RefsOnlyTimeStamp SigAndRefsTimeStamp Include Mode XAdESTimeStampType Include TSA XAdES Include URI TSA ds:reference XAdESTimeStampType referenceddata ture XMLDSIG ds:reference referenceddata false ds:refernece Include 1. URI 2. ds:reference refernecedata true ds:reference XMLDSIG referenceddata false ds:reference 3. XML ds:canonicalization ds:canonicalization 14/33

15 XMLDSIG 4. Include TSA AllDataObjectsTimeStamp IndividualDataObjectsTimeStamp ArchiveTimeStamp Basic electronic signature ( XAdES-BES ) XAdES-BES <SignedSignatureProperties><SigningCertificate> <ds:signature><ds:keyinfo> (1) SigningCertificate 15 SigningCertificate XMLSchema DN ds:x509issuerserialtype <IssuerSerial> SigndProperties Simple sustitution 15/33

16 15SigningCertificate XMLSchema (2) ds:keyinfo SigningCertificage ds:keyinfo ds:keyinfo ds:x509data ds:keyinfo ds:signedinfo ds:reference ds:keyinfo Explicit policy electronic signatures ( XAdES-EPES ) XAdES-EPES XAdES 1 XAdES-BES SignaturePolicyIdentifier SignaturePolicyIdentifier SignedSignatureProperties XAdES-EPES 6 (1) SignaturePolicyIdentifier 16 SignaturePolicyIdentifier XMLSchema 16/33

17 16SignaturePolicyIdentifier XMLSchema XAdES-BES XAdES-BES SingedSigantureProperties SigningTime SignatureProductionPlace SignerRole SignedDataObjectProperties DataObjectFormat CommitmentTypeIndication AllDataObjectsTimeStamp IndividualDataObjectsTimeStamp 17/33

18 UnsignedSignatureProperties CounterSignature (1) SigningTime W3CRecommendation XML Schema Part2:Datatypes xsd:datetîme 1 17 SigningTime XMLSchema 17SigningTime XMLSchema (2) SignatureProductionPlace 18 SignatureProductionPlace XMLSchema 18SignatureProductionPlace XMLSchema (3) SignerRole 19 SignerRole XMLSchema 18/33

19 ClaimedRoles CertifiedRolses 19SignerRole XMLSchema (4) DataObjectFormat 20 DataObjectFormat XMLShema 19/33

20 20DataObjectFormat XMLSchema ObjectReference ds:signature ds:reference Description ObjectIdentifier MimeType MIME type Encoding enoding Description ObjectIdentifier MimeType 1 DataObjectFomat (5) CommitmentTypeIndication 21 CommitmentTypeIndication XMLSchema 2 20/33

21 21CommitmentTypeIndication XMLSchema 2 Proof of origin Proof of receipt Proof of delivery TSP( Proof of sender Proof of approval Proof of creation (6) AllDataObjectsTimeStamp 21/33

22 22 AllDataObjectsTimeStamp XMLSchema 22AllDataObjectsTimeStamp XMLSchema ds:signedinfo SignedProperties ds:referenece SignedPropeties ds:refernece Include Include referenceddata ture (7) IndividualDataObjectsTimeStamp 23 IndividualDataObjectsTimeStamp XMLSchema 23IndividualDataObjectsTimeStamp XMLSchema ds:signedinfo ds:reference SignedProperties ds:reference SignedPropeties ds:refernece Include Include referenceddata ture XAdES (8) CounterSignature CounterSignature UnsignedSingatureProperties 24 CounterSignature XMLSchema 22/33

23 24CounterSignater XMLSchema Electronic signature with time ( XAdES-T ) XAdES-T ds:signature ds:signedinfo SignatureValue TSA XAdES-T XAdES-BES XAdES-EPES UnSignedSignatureProperties SignatureTimeStamp UnsignedSignatureProperties XMLShema 7 (1) SignatureTimeStamp ds:signaturevalue 1 TSA 1 XAdES SignatureTiemStamp 25 SignatureTimeStamp XMLSchema 25SignatureTimeStamp XMLSchema Implicit Mode ds:signaturevalue TSA 1) 23/33

24 2) Complete Certificate Refs, Complete RevocationRefs, CertificateValues, RevocationValues Electronic signature with complete validation data references ( XAdES-C ) XAdES-C XAdES-T CompleteCertificateRefs CompleteRevocationRefs CompleteCertificateRefs CompleteRevocationRefs CA XAdES-A CompleteCertificateRefs, CompleteRevocationRefs (1) CompleteCertificateRefs XAdES 26 CompleteCertificateRefs XMLSchema 26CompleteCertificateRefs XMLSchema (2) CompleteRevocationRefs 27 CompleteRevocationRefs XMLSchema 24/33

25 27CompleteRevocationRefs XMLSchema 25/33

26 ETSI TS V1.3.1( ) AttributeCertifcateRefs AttributeRevocationRefs AttributeCertificate Extended signatures with time forms ( XAdES-X ) XAdES-X CA XAdES-C 2 XAdES-A XAdES-X SigAndRefsTimeStamp RefsOnlyTimeStamp XAdES-X type1 XAdES-C UnsingedSignatureProperties SigAndRefsTimeStamp UnsignedSignatureProperties XMLSchema 7 TSP SigAndRefsTimeStamp TSP SignatureValue SignatureTimeStamp CompleteCertificateRefs CompleteRevocationRefs XAdES-X type2 26/33

27 UnsignedSignatureProperties RefsOnlyTimeStamp UnsignedSignatureProperties XMLSchema 7 TSP RefsOnlyTimeStamp TSP CompleteCertificateRefs CompleteRevocationRefs (1) SigAndRefsTimeStamp Implicit Mode ds:signaturevalue SignatureTimeStamp CompleteCertificateRefs CompleteRevocationRefs XAdES TSA 28 SigAndRefsTimeStamp XMLSchema 28SigAndRefsTimeStamp XMLSchema (2) RefsOnlyTimeStamp CompleteCertificateRefs CompleteRevocationRefs Implicit Mode CompleteCertificateRefs CompleteRevocationRefs XAdES TSA 29 RefsOnlyTimeStamp XMLSchema 29RefsOnlyTimeStamp XMLSchema 27/33

28 Extended long electronic signatures with time ( XAdES-X-L ) XAdES-X-L XAdES-X type1 type2 UnsingeSignatureProperties CertificateValues RevocationValues UnsignedSignatureProperties XMLSchema 7 XAdES-A XAdES-X type1 type2 XAdES-X-L CeritificateValues RevocationValues (1) CertificateValues CompleteCertificateRefs ds:signature ds:keyinfo CertificateValues 30 CertifiCateValues XMLSchema 30CertificateValues XMLSchema (2) RevocationValues XAdES 31 RevocationValues XMLSchema 28/33

29 31RevocationValues XMLSchema Archival electronic signatures ( XAdES-A ) XAdES-C XAdES-X CertificateValues RevocationValues TSA ArchiveTimeStamp (1) ArchiveTimeStamp 29/33

30 1. ArchiveTimeStamp ds:signedinfo ds:reference Include Inculde URI ds:reference refernecedata ture 2. ds:signedinfo ds:signaturevalue ds:keyinfo 3. XAdES XAdES SignatureTimeStamp CounterSignatureProperties CompleteCertificateRefs CompleteRevocationRefs CertificateValues RevocationValues SigAndRefsTimeStamp RefsOnlyTimeStamp ArchiveTimeStamp QualifyingProperties ds:reference ds:object ArchiveTimeStamp XMLScheme TSA ArchiveTimeStamp 32ArchiveTimeStamp XMLSchema 30/33

31 XAdES XAdES 3 XAdES 31/33

32 3XAdES XAdES-BES XAdES-EPES XAdES-T XAdES-A QualifyingProperties SignedProperties SignedSignatureProperties SigningTime XAdES(V1.1.1) SigningCertificate XAdES(V1.1.1) SignaturePolicyIdentifier 2 2 XAdES(V1.1.1) SignatureProductionPlace SignerRole SignedDataObjectProperties DataObjectFormat CommitmentTypeIndication AllDataObjectsTimeStamp IndividualDataObjectsTimeStamp UnSignedProperties UnSignedSignatureProperties CounterSignature SignatureTimeStamp CompleteCertificateRefs CompleteRevocationRefs AttributeCertificateRefs 3 XAdES(V1.1.1) AttributeRevocationRefs 3 XAdES(V1.1.1) 32/33

33 SigAndRefsTimeStamp 3 RefsOnlyTimeStamp 3 CertificateValues RevocationValues ArchiveTimeStamp () ds:keyinfo ds:keyinfo ds:x509data ds:keyinfo ds:signedinfo ds:reference ds:keyinfo XAdES-EPES XAdES-T XAdES-A SignaturePolicyIdentifier ArchiveTimeStamp ETSI XML Advanced Electronic Signatures(XAdES) 4 4 ETSI XML Advanced Electronic Signatures(XAdES) ETSI TS V1.1.1 ( ) ETSI TS V1.2.2(2004-4) ETSI TS V1.3.1( ) 33/33

CMS長期署名プロファイル（案）

CMS長期署名プロファイル（案） 1/22 RFC3126, Electronic Signature Formats for long term electronic signatures (ETSI TS 101 733 V.1.2.2(2000-12)) ETSI TS 101 733 V1.5.1(2003-12), Electronic Signature Formats draft-pinkas-smime-cades-00.txt(2005-7),