Detail of GB/T 31308.3-2023

Introduction of GB/T 31308.3-2023

Processes, data elements and documents in commerce, industry and administration - Long term signature - Part 3: Long term signature profiles for PDF Advanced Electronic Signatures (PAdES) 1 Scope This document specifies the elements, among those defined in PDF Advanced Electronic Signatures (PAdES), that enable verification of a digital signature over a long period of time. It does not give new technical specifications about the digital signature itself, nor new restrictions of usage of the technical specifications about the digital signatures which already exist. 2 Normative references The following documents are referred to in the text in such a way that some or all of their content constitutes requirements of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO 14533‑1 Processes, data elements and documents in commerce, industry and administration - Long term signature profiles - Part 1: Long term signature profiles for CMS Advanced Electronic Signatures (CAdES) Note: GB/T 31308.1-2014, Processes, data elements and documents incommerce, industry and administration - Long term signature profiles - Part 1: Long term signature profiles for CMS Advanced Electronic Signatures (CadES) (ISO 14533-1:2012, IDT) ISO 32000‑2 Document management - Portable document format - Part 2: PDF 2.0 3 Terms and definitions For the purposes of this document, the terms and definitions given in ISO 14533‑1 and the following apply. 3.1 advanced electronic signature electronic signature which is uniquely linked to the signatory, is capable of identifying the signatory, is created using electronic signature creation data that the signatory can, with high level of confidence, use under his sole control, and is linked to the data signed therewith in such a way that any subsequent change in the data is detectable 4 Abbreviated terms and symbols The following symbols are used for the “required level”: C: Conditional M: Mandatory O: Optional P: Prohibited (creation or modification) CA: Certification Authority CAdES: CMS advanced electronic signature CMS: Cryptographic Message Syntax CRL: Certificate Revocation List DSS: Document Security Store OCSP: Online Certificate Status Protocol PAdES: PDF Advanced Electronic Signatures PAdES-A: PAdES-T using Archive validation data PAdES-DT: PDF file using only Document Timestamp dictionary PAdES-DTA: PAdES-DT using Archive validation data PAdES-T: PadES using Timestamp TSA: Time-Stamping Authority VRI: Validation Related Information 5 Requirements 5.1 The generation or validation of PAdES‑T data conforms to this document, provided that the following requirements are met: a) all processing of elements whose required level is “Mandatory” in the PAdES‑T profile as specified in this document, shall be included; b) detailed specifications pertaining to the processing of any element whose required level is “Conditional” in the PAdES‑T profile, as specified in this document, shall be provided. 5.2 The generation or validation of PAdES‑A data conforms to this document provided that the following requirements are met: a) all processing of elements whose required level is “Mandatory” in the PAdES‑A profile as specified in this document, shall be included; b) detailed specifications pertaining to the processing of any element whose required level is “Conditional” in the PAdES‑A profile as specified in this document, shall be provided. 5.3 The generation or validation of PAdES‑DT and PAdES‑DTA data conforms to this document, provided that the requirements of Figures B.1 and B.2 respectively are met. See Annex B. 5.4 If first‑party conformity assessment is used, the implementer shall make a declaration of conformity to this document by disclosing the supplier's declaration of compliance and its attachment (see Annex A) containing a description of implementation status (and the specifications for any elements “Conditional”). NOTE 1: See ISO/IEC 17050‑1:2004. NOTE 2: Figure 1 shows the positioning of the generation and validation of PAdES‑T data and PAdES‑A data. 6 Long-term signature profiles 6.1 Definition of PAdES profile and positioning In order to make electronic signatures verifiable in the long term: ——signing time shall be identifiable, ——any illegal alterations of information pertaining to signatures, including the subject of information and validation data, shall be detectable, and ——interoperability shall be ensured. To meet these requirements, this document defines the following two profiles with respect to PAdES: a) PAdES‑T profile: a profile pertaining to the generation and validation of the signature with a timestamp for signature. The timestamp is stored in a signature timestamp Attribute of the signature, or in any subsequent object containing the timestamp, covering the signature. The subsequent object is a Document timestamp or a signature with the signature timestamp Attribute. b) PAdES‑A profile: a profile pertaining to the generation and validation in the long‑term availability and integrity of the validation data that protects the PAdES‑T data, including validation data from any illegal alterations. Figure 1 shows the relation between the PAdES‑T data and the PAdES‑A data. Figure 1 - Relation between the PAdES-T data and the PAdES-A data 6.2 Representation of the required level This document defines the following representation methods for the required level (as a profile) of each element constituting PAdES‑T data and PAdES‑A data. a) Mandatory (M): Elements whose required level is “Mandatory” shall be implemented without fail. If such an element has optional sub‑elements, at least one sub‑element shall be selected. Any element whose required level is “Mandatory” and which is one of the sub‑elements of an optional element shall be selected whenever the optional element is selected. b) Optional (O): Elements whose required level is “Optional” may be implemented at the discretion of the implementer. c) Conditional (C): Elements whose required level is “Conditional” may be implemented at the discretion of the implementer, provided that detailed specifications for the processing thereof are provided separately. d) Prohibited (P): Elements whose required level is ‘Prohibited’ shall not be created or modified, but may be read. 6.3 Standard for setting the required level The required level of each element constituting PAdES‑T data and PAdES‑A data shall be set in accordance with the following requirements: a) The required level shall be “Mandatory” for elements whose required level is “Mandatory” in the definition of PAdES, and for elements that are necessary for the generation and validation of long‑term signatures. The elements whose required level is “Optional” in the definition of PAdES are defined as “Mandatory”, “Optional” or “Conditional”. b) The required level shall be “Conditional” for externally defined elements. Example 1: OtherCertificateFormat. c) The required level shall be “Conditional” for elements intended to interact with a certain application. Example 2: CommitmentType. d) The required level shall be “Conditional” for elements with an operation‑dependent factor. Example 3: Attribute certificate; time mark. Note: The archiving‑type timestamp defined in ISO/IEC 18014‑2 is included in “Time mark or other method.” e) The required level shall be “optional” for elements only containing reference information.

Contents of GB/T 31308.3-2023