XAdES elements in OFF-CRYPTO of Microsoft

MURATA Makoto eb2m-mrt at asahi-net.or.jp
Sat Dec 27 10:21:05 CET 2014 

Dear colleagues,

We have already agreed not to introduce
SignatureInfoV1.  The rest of XAdES elements
in OFF-CRYPTO is described in the following
subsection.  We probably have to tweak this
subsection since we would like to allow all
conformance levels of XAdES.

Regards,
Makoto


2.5.2.6 XAdES Elements

XML Advanced Electronic Signatures [XAdES]
extensions to xmldsig signatures MAY<32> be present
in either binary or ECMA-376 documents [ECMA-376]
when using xmldsig signatures. XAdES-EPES through
XAdES-X-L extensions are specified within a
signature. Unless otherwise specified, any optional
elements as specified in [XAdES] are ignored.  The
Object element containing the information as
specified in [XAdES] has a number of optional
elements, and many of the elements have more than
one method specified. A document compliant with this
file format uses the following options:

- The SignedSignatureProperties element MUST contain
  a SigningCertificate property as specified in
  [XAdES] section 7.2.2.

- A SigningTime element MUST be present as specified
  in [XAdES] section 7.2.1.

- A SignaturePolicyIdentifier element MUST be
  present as specified in [XAdES] section 7.2.3.

- If the information as specified in [XAdES]
  contains a time stamp as specified by the
  requirements for XAdES-T, the time stamp
  information MUST be specified as an
  EncapsulatedTimeStamp element containing DER
  encoded ASN.1. data.

- If the information as specified in [XAdES]
  contains references to validation data, the
  certificates used in the certificate chain, except
  for the signing certificate (1), MUST be contained
  within the CompleteCertificateRefs element as
  specified in [XAdES] section 7.4.1. In addition,
  for the signature to be considered a well-formed
  XAdES-C signature, a CompleteRevocationRefs
  element MUST be present, as specified in [XAdES]
  section 7.4.2.

- If the information as specified in [XAdES]
  contains time stamps on references to validation
  data, the SigAndRefsTimestamp element as specified
  in [XAdES] section 7.5.1 and [XAdES] section
  7.5.1.1 MUST be used. The SigAndRefsTimestamp
  element MUST specify the time stamp information as
  an EncapsulatedTimeStamp element containing DER
  encoded ASN.1. data.

- If the information as specified in [XAdES]
  contains properties for data validation values,
  the CertificateValues and RevocationValues
  elements MUST be constructed as specified in
  [XAdES] section 7.6.1 and [XAdES] section
  7.6.2. Except for the signing certificate (1), all
  certificates used in the validation chain MUST be
  entered into the CertificateValues element.

There MUST be a Reference element specifying the
digest of the SignedProperties element, as specified
in [XAdES], section 6.2.1. A Reference element is
placed in one of two parent elements, as specified
in [XMLDSig]:

- The SignedInfo element of the top-level Signature
  XML.

- A Manifest element contained within an Object
  element.

A document compliant with this file format
SHOULD<33> place the Reference element specifying
the digest of the SignedProperties element within
the SignedInfo element. If the Reference element is
instead placed in a Manifest element, the containing
Object element MUST have an id attribute set to
"idXAdESReferenceObject".
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.vse.cz/pipermail/sc34wg4/attachments/20141227/90862de1/attachment.html>

More information about the sc34wg4 mailing list