ETSI - EN 319 102-1
Electronic Signatures and Infrastructures (ESI); Procedures for Creation and Validation of AdES Digital Signatures; Part 1: Creation and Validation
|Publication Date:||1 February 2016|
The present document specifies procedures for:
• the creation of AdES digital signatures (specified in ETSI EN 319 122-1 [i.2], ETSI EN 319 132-1 [i.4], ETSI EN 319 142-1 [i.6] respectively);
• establishing whether an AdES digital signature is technically valid;
whenever the AdES digital signature is based on public key cryptography and supported by public key certificates. To improve readability of the present document, AdES digital signatures are meant when the term signature is being used.
NOTE 1: Regulation (EU) No 910/2014 [i.15] defines the terms electronic signature, advanced electronic signature, electronic seals and advanced electronic seal. These signatures and seals are usually created using digital signature technology. The present document aims at supporting the Regulation (EU) No 910/2014 [i.15] for creation and validation of advanced electronic signatures and seals when they are implemented as AdES digital signatures. The present document introduces general principles, objects and functions relevant when creating or validating signatures based on signature creation and validation constraints and defines general classes of signatures that allow for verifiability over long periods. The following aspects are considered to be out of scope:
• generation and distribution of Signature Creation Data (keys, etc.), and the selection and use of cryptographic algorithms;
• format, syntax or encoding of data objects involved, specifically format or encoding for documents to be signed or signatures created; and
• the legal interpretation of any signature, especially the legal validity of a signature.
NOTE 2: The signature creation and validation procedures specified in the present document provide several options and possibilities. The selection of these options is driven by a signature creation policy, a signature augmentation policy or a signature validation policy respectively. Note that legal requirements can be provided through specific policies, e.g. in the context of qualified electronic signatures as defined in the Regulation (EU) 910/2014 [i.15].