1、 ETSI SR 003 232 V1.1.1 (2011-02)Special Report Electronic Signatures and Infrastructures (ESI);PDF Advanced Electronic Signature Profiles (PAdES);Printable Representations of Electronic SignaturesETSI ETSI SR 003 232 V1.1.1 (2011-02) 2Reference DSR/ESI-000113 Keywords electronic signatures, PAdES E
2、TSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice Individual copies of the present document can be
3、 downloaded from: http:/www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, the ref
4、erence shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI document
5、s is available at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced except as authorized by written permiss
6、ion. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2011. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTM, TIPHONTM, the TIPHON logo and the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members.
7、 3GPPTM is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. LTE is a Trade Mark of ETSI currently being registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned
8、by the GSM Association. ETSI ETSI SR 003 232 V1.1.1 (2011-02) 3Contents Intellectual Property Rights 4g3Foreword . 4g3Introduction 4g31 Scope 5g32 References 5g32.1 Normative references . 5g32.2 Informative references 5g33 Definitions and abbreviations . 6g33.1 Definitions 6g33.2 Abbreviations . 6g3
9、4 The printable representation of an AdES signature value 7g34.1 Methods of Display 7g34.1.1 Alphanumeric Strings . 7g34.1.2 Barcodes . 8g34.2 Scope of Printable Signature 8g34.3 Where does the actual certificate live? . 8g34.4 Use of incremental updates 9g34.5 Use of Document Timestamps . 9g3Histor
10、y 10g3ETSI ETSI SR 003 232 V1.1.1 (2011-02) 4Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be fou
11、nd in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/webapp.etsi.org/IPR/home.asp). Pursuant to t
12、he ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Fo
13、reword This Special Report (SR) has been produced by ETSI Technical Committee Electronic Signatures and Infrastructures (ESI). Introduction Electronic documents are a major part of a modern companies business. Trust in this way of doing business is essential for the success and continued development
14、 of electronic business. It is, therefore, important that companies using electronic documents have suitable security controls and mechanisms in place to protect their documents and to ensure trust and confidence with their business practices. In this respect the electronic signature is an important
15、 security component that can be used to protect information and provide trust in electronic business. The European Directive 1999/93/EC i.5 on a community framework for Electronic Signatures defines an electronic signature as: “Data in electronic form which is attached to or logically associated wit
16、h other electronic data and which serves as a method of authentication“. TS 102 778 i.8 specifies the use of the advanced electronic signature, as defined in this Directive for documents represented in an electronic format called Portable Document Format (PDF). This includes Part 6 which covers visu
17、al representation of electronic signatures. In producing TS 102 778-6 i.4 a number of points were identified relating to the representation of electronics signatures applied when the signed PDF document has been converted to printed form (termed printable signatures). It was not possible to fully ad
18、dress these points in TS 102 778-6 i.4. The present document looks more specifically at these points, discussing the issues and identifying some potential solutions for the handling of printable signatures. ETSI ETSI SR 003 232 V1.1.1 (2011-02) 51 Scope The present document discusses the techniques
19、that may be used for printable representations of advanced electronic signatures (AdES) in PDFs. Specifically, focusing on the printable representation of the AdES signature value, for example as a alphanumeric string or bar code. A separate document (TS 102 778-6 i.4) covers the issues of visually
20、displaying other information contained in the signature. The printable representation of the advanced electronic signature value is aimed at electronic signatures created on electronic documents which are then printed. It can be used to verify that a printed signature value stored on an authoritativ
21、e printed document equals to that one derived from the electronic version of the document. It does not necessarily enable the authenticity of the printed document to be verified using electronic techniques without reference back to the electronic document from which the printed document was derived.
22、 As such, electronic/digital documents need to be validated using the included electronic signature and the standard methods for verification PDF Advanced Electronic Signature Profiles; Part 1: PadES Overview - a framework document for PadES“. i.3 ETSI TS 102 778-4: “Electronic Signatures and Infras
23、tructures (ESI); PDF Advanced Electronic Signature Profiles; Part 4: PAdES Long Term - PAdES LTV Profile“. i.4 ETSI TS 102 778-6 “Electronic Signatures and Infrastructures (ESI); PDF Advanced Electronic Signature Profiles; Part 6: Visual Representations of Electronic Signatures“. i.5 Directive 1999/
24、93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures. i.6 IETF RFC 3852 (2004): “Cryptographic Message Syntax (CMS)“. ETSI ETSI SR 003 232 V1.1.1 (2011-02) 6i.7 ISO 19005-1:2005: “Document management - Electronic document file for
25、mat for long-term preservation - Part 1: Use of PDF 1.4 (PDF/A-1)“. i.8 ETSI TS 102 778 (all parts): “Electronic Signatures and Infrastructures (ESI); PDF Advanced Electronic Signature Profiles“. 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the terms and
26、definitions given in i.1, i.2 and i.4 and the following apply: PDF Signature: binary data object based on the CMS (RFC 3852 i.6) or related syntax containing a digital signature placed within a PDF document structure as specified in ISO 32000-1 i.1 clause 12.8 with other information about the signat
27、ure applied when it was first created printable signature value: printable representation of, or derived from, the AdES signature value, for example as a alphanumeric string or bar code signature appearance: visual representation of the human act of signing placed within a PDF document at signing ti
28、me and linked to an advanced electronic signature signature dictionary: PDF data structure, of type dictionary, as described in ISO 32000-1 i.1, clause 12.8.1, Table 252 that contains all the of information about the Digital Signature signature verification representation: visual representation of t
29、he verification of an advanced electronic signature signer: entity that creates an electronic signature verifier: entity that validates an electronic signature 3.2 Abbreviations For the purposes of the present document, the abbreviations given below apply: AdES Advanced Electronic Signature NOTE: As
30、 specified in Directive 1999/93 i.5. CMS Cryptographic Message Syntax NOTE: As specified in RFC 3852 i.6. PAdES PDF Advanced Electronic Signature PDF Portable Document Format ETSI ETSI SR 003 232 V1.1.1 (2011-02) 74 The printable representation of an AdES signature value The AdES signature value is
31、sequence of bytes that is a result of cryptographic algorithms and can be used to mathematically prove the integrity of some data and authenticate the signer who applied the AdES. In the case of a PDF signature, the AdES signature value applies to the complete document at the time of signing. This p
32、roof is done with the aid of computers and therefore is best kept in electronic form as part as the PDF signature. Nevertheless there are use-cases where the inclusion of the signature value in a printable form may be required to provide a reliable proof of equivalence between an electronic document
33、 and the document in printed form. In addition to the signature value, further information could be printed along with the printable signature value. Such information could point to guidelines describing the verification of documents or give further details about the signer. For example, the printab
34、le signature value may serve the purpose of demonstrating that an electronic document version is equivalent to a trusted printed document by comparing a AdES signature value of the electronic document to the printed signature value from a printed document. Alternatively, a printed document (such as
35、an e-ticket) which includes the printable signature value can be presented as proof that the document held is equivalent to an electronic original. The common practice is to include the AdES signature value or a digest of the signature value somewhere in the printable content of the document, usuall
36、y in an area explicitly designated for such a value. This information could be displayed as alphanumeric encoded text or a 2D barcode in order to make a machine-aided reconstruction of the signature value from the printed document possible. By using a digest, the amount of numeric data that needs to
37、 be printed in the document is reduced which is also a benefit. How the signing applications adds the printable signature value to the documents content bears some challenges since the AdES signature value, by definition, is created as the last step of creating a signed document. Since the signature
38、 covers all visible content (“what you see is what you sign“), any change to the document content would invalidate the signature. To address this cyclic dependency between the printable signature value and visible content, a variety of methodologies exist, each with their pros & cons. In the followi
39、ng clauses, we will present some of these and discuss their usability in various workflows. The most important thing when choosing which method to use is that there be a common understanding between creator and processor of the printable signature value on how these values are created and processed
40、to ensure interoperability. This understanding includes: Whether a digest is applied to the signature value and, if one is applied what digest algorithm is used. The mechanism used to encode the signature value (e.g. Alphanumeric text, barcode). If a barcode is used, the identity of the standard bar
41、code “symbology“ which was used. Where the actual certificate used to sign, and any associated revocation information, is to be stored. 4.1 Methods of Display 4.1.1 Alphanumeric Strings The most common visible representation is to convert the digest/hash of the document (or the signature) into a alp
42、hanumeric string using an algorithm such as Base64 or ASCII85 and then add it to the displayed page content. Usually this string is part of a larger block of explanatory or information text that incorporates useful metadata for a human to identify the present document and where it may have come from
43、 and how to validate it. An alphanumeric string is simple to compute and does not take up a large amount of space on the page, mostly determined by the length of the hash and the font and font size chosen for display. It can be read, and if required for verification purposes, typed in by humans and
44、(with some aid to knowing where on the page to look) by machine. ETSI ETSI SR 003 232 V1.1.1 (2011-02) 84.1.2 Barcodes A barcode is an optical machine-readable representation of data where the details of the representation are described through the specification of a symbology. The specification of
45、a symbology includes the encoding of the single digits/characters of the message as well as the start and stop markers into bars and space, the size of the quiet zone required to be before and after the barcode as well as the computation of a checksum. There are numerous symbologies available, both
46、in 1D (linear) or 2D. The choice should be based on what data is chosen to be encoded. A single implementation may choose to, as in the case of alphanumeric strings, encode the digest/hash of the document (or the signature) into a simple 1D barcode. Figure 1 Another option would be to take some (or
47、all) of the pages content, perhaps only the textual data, or a set of variable field values, and encode those into a 2D barcode. One of the problems with such barcodes is that the larger the data being encoded, the larger the barcode - so that it would be possible to have a barcode that takes up mor
48、e physical space on the page than the actual content being encoded! Figure 2 One advantage of PDF when working with barcodes is that it is possible to have them computed dynamically at the time of display by a conforming reader, rather than at signing time, through the use of a barcode field. These
49、are a standard type of form field available in both the XFA and AcroForm form technologies of PDF. NOTE: Since they were introduced in PDF 1.5, they are not compatible with PDF/A-1 (ISO 19005-1 i.7) but would be with PDF/A-2. 4.2 Scope of Printable Signature Currently, standard advanced electronic signatures for PDF, such as specified in ISO 32000-1 i.1 and profiled in TS 102 778 i.8 (PadES), apply to the whole PDF document as its stands when the signature is created. This includes any graphics and layout in the signature. PD
