<menu id="guoca"></menu>
<nav id="guoca"></nav><xmp id="guoca">
  • <xmp id="guoca">
  • <nav id="guoca"><code id="guoca"></code></nav>
  • <nav id="guoca"><code id="guoca"></code></nav>
    GB/T 25064—2010信息安全技術 公鑰基礎設施 電子簽名格式規范
    展開或關閉
    前言
    前言
    引言
    引言
    1 范圍
    范圍
    2 規范性引用文件
    規范性引用文件
    3 術語和定義
    術語和定義
    4 縮略語
    縮略語
    5 電子簽名組成
    5.1 電子簽名的主要參與方 5.2 電子簽名的類型 5.3 電子簽名的驗證
    6 電子簽名的數據格式
    6.1 基本數據格式 6.2 驗證數據格式 6.3 簽名策略要求
    附錄A(規范性附錄)電子簽名格式的抽象語法記法一(ASN.1)表示
    電子簽名格式的抽象語法記法一(ASN.1)表示
    附錄B(規范性附錄)簽名策略的抽象語法記法一(ASN.1)表示
    簽名策略的抽象語法記法一(ASN.1)表示 33

    電子簽名格式的抽象語法記法一(ASN.1)表示

    GB/T 25064—2010信息安全技術 公鑰基礎設施 電子簽名格式規范 /

    本附錄給出符合GB/T16262.1-2006規定的電子簽名格式的ASN.1表示。

    ETS-ElectronicSignatureFormats-97Syntax { iso(1) member-body(2)

us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-mod(0) 6}

DEFINITIONS EXPLICIT TAGS ::=

BEGIN

-- EXPORTS All -

IMPORTS

-- Crypographic Message Syntax (CMS): RFC 2630

ContentInfo, ContentType, id-data, id-signedData, SignedData,

EncapsulatedContentInfo, SignerInfo,

id-contentType, id-messageDigest, MessageDigest, id-signingTime, SigningTime,

id-countersignature, Countersignature

FROM CryptographicMessageSyntax

{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) cms(1) }

-- ESS Defined attributes: RFC 2634 (Enhanced Security Services for S/MIME)

id-aa-signingCertificate, SigningCertificate, IssuerSerial,

id-aa-contentReference, ContentReference, id-aa-contentIdentifier, ContentIdentifier

FROM ExtendedSecurityServices

{ iso(1) member-body(2) us(840) rsadsi(113549)

  pkcs(1) pkcs-9(9) smime(16) modules(0) ess(2) }

-- Internet X.509 Public Key Infrastructure - Certificate and CRL Profile: RFC 2459

Certificate, AlgorithmIdentifier, CertificateList, Name, GeneralNames, GeneralName,

DirectoryString, Attribute, AttributeTypeAndValue, AttributeType, AttributeValue,

PolicyInformation

  FROM PKIX1Explicit93

{iso(1) identified-organization(3) dod(6) internet(1)

security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-explicit-88(1)}

-- X.509 '97 Authentication Framework

AttributeCertificate

  FROM AuthenticationFramework

{joint-iso-ccitt ds(5) module(1) authenticationFramework(7) 3}

-- OCSP 2560

BasicOCSPResponse, ResponderID

FROM OCSP

-- { OID not assigned }

-- Time Stamp Protocol Internet Draft

TimeStampToken

FROM TSP

-- { OID not assigned }

;

-- S/MIME Object Identifier arcs used in the present document

-- ==================================================================

-- S/MIME OID arc used in the present document

-- id-smime OBJECT IDENTIFIER ::= { iso(1) member-body(2)

-- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) 16 }

-- S/MIME Arcs

-- id-mod OBJECT IDENTIFIER ::= { id-smime 0 }

-- modules

-- id-ct OBJECT IDENTIFIER ::= { id-smime 1 }

-- content types

-- id-aa OBJECT IDENTIFIER ::= { id-smime 2 }

-- attributes

-- id-spq OBJECT IDENTIFIER ::= { id-smime 5 }

-- signature policy qualifier

-- id-cti OBJECT IDENTIFIER ::= { id-smime 6 }

-- commitment type identifier

-- Definitions of Object Identifier arcs used in the present document

-- ==================================================================

-- The allocation of OIDs to specific objects are given below with the associated

-- ASN.1 syntax definition

-- OID used referencing electronic signature mechanisms based on the present document

-- for use with the IDUP API (see annex D)

id-etsi-es-IDUP-Mechanism-v1 OBJECT IDENTIFIER ::=

{ itu-t(0) identified-organization(4) etsi(0)

 electronic-signature-standard (1733) part1 (1) idupMechanism (4) etsiESv1(1) }

-- CMS Attributes Defined in the present document

-- ==============================================

-- Mandatory Electronic Signature Attributes

-- OtherSigningCertificate

id-aa-ets-otherSigCert OBJECT IDENTIFIER ::= { iso(1)

member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)

smime(16) id-aa(2) 19 }

OtherSigningCertificate ::= SEQUENCE {

certs SEQUENCE OF OtherCertID,

policies SEQUENCE OF PolicyInformation OPTIONAL

-- NOT USED IN THE PRESENT DOCUMENT

}

OtherCertID ::= SEQUENCE {

otherCertHash OtherHash,

issuerSerial IssuerSerial OPTIONAL }

OtherHash ::= CHOICE {

sha1Hash OtherHashValue, -- This contains a SHA-1 hash

otherHash OtherHashAlgAndValue}

OtherHashValue ::= OCTET STRING

OtherHashAlgAndValue ::= SEQUENCE {

hashAlgorithm AlgorithmIdentifier,

hashValue OtherHashValue }

-- Signature Policy Identifier

id-aa-ets-sigPolicyId OBJECT IDENTIFIER ::= { iso(1)

member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)

smime(16) id-aa(2) 15 }

"SignaturePolicy CHOICE {

SignaturePolicyId SignaturePolicyId,

SignaturePolicyImplied SignaturePolicyImplied

}

SignaturePolicyId ::= SEQUENCE {

sigPolicyId SigPolicyId,

sigPolicyHash SigPolicyHash,

sigPolicyQualifiers SEQUENCE SIZE (1..MAX) OF SigPolicyQualifierInfo OPTIONAL

}

SignaturePolicyImplied ::= NULL

SigPolicyId ::= OBJECT IDENTIFIER

SigPolicyHash ::= OtherHashAlgAndValue

SigPolicyQualifierInfo ::= SEQUENCE {

sigPolicyQualifierId SIG-POLICY-QUALIFIER.&id

({SupportedSigPolicyQualifiers}),

qualifier SIG-POLICY-QUALIFIER.&Qualifier

({SupportedSigPolicyQualifiers}

{@sigPolicyQualifierId})OPTIONAL }

SupportedSigPolicyQualifiers SIG-POLICY-QUALIFIER ::= { noticeToUser | pointerToSigPolSpec }

SIG-POLICY-QUALIFIER ::= CLASS {

&id OBJECT IDENTIFIER UNIQUE,

&Qualifier OPTIONAL }

WITH SYNTAX {

SIG-POLICY-QUALIFIER-ID &id

[SIG-QUALIFIER-TYPE &Qualifier] }

noticeToUser SIG-POLICY-QUALIFIER ::= {

SIG-POLICY-QUALIFIER-ID id-sqt-unotice SIG-QUALIFIER-TYPE SPUserNotice }

pointerToSigPolSpec SIG-POLICY-QUALIFIER ::= {

SIG-POLICY-QUALIFIER-ID id-sqt-uri SIG-QUALIFIER-TYPE SPuri }

id-spq-ets-uri OBJECT IDENTIFIER ::= { iso(1)

member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)

smime(16) id-spq(5) 1 }

SPuri ::= IA5String

id-spq-ets-unotice OBJECT IDENTIFIER ::= { iso(1)

member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)

smime(16) id-spq(5) 2 }

SPUserNotice ::= SEQUENCE {

noticeRef NoticeReference OPTIONAL,

explicitText DisplayText OPTIONAL}

NoticeReference ::= SEQUENCE {

organization DisplayText,

noticeNumbers SEQUENCE OF INTEGER }

DisplayText ::= CHOICE {

visibleString VisibleString (SIZE (1..200)),

bmpString BMPString (SIZE (1..200)),

utf8String UTF8String (SIZE (1..200)) }

-- Optional Electronic Signature Attributes

-- Commitment Type

id-aa-ets-commitmentType OBJECT IDENTIFIER ::= { iso(1) member-body(2)

us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 16}

CommitmentTypeIndication ::= SEQUENCE {

commitmentTypeId CommitmentTypeIdentifier,

commitmentTypeQualifier SEQUENCE SIZE (1..MAX) OF CommitmentTypeQualifier OPTIONAL}

CommitmentTypeIdentifier ::= OBJECT IDENTIFIER

CommitmentTypeQualifier ::= SEQUENCE {

commitmentQualifierId COMMITMENT-QUALIFIER.&id,

qualifier COMMITMENT-QUALIFIER.&Qualifier OPTIONAL }

COMMITMENT-QUALIFIER ::= CLASS {

&id OBJECT IDENTIFIER UNIQUE,

&Qualifier OPTIONAL }

WITH SYNTAX {

COMMITMENT-QUALIFIER-ID &id

[COMMITMENT-TYPE &Qualifier] }

id-cti-ets-proofOfOrigin OBJECT IDENTIFIER ::= { iso(1) member-body(2)

us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) cti(6) 1}

id-cti-ets-proofOfReceipt OBJECT IDENTIFIER ::= { iso(1) member-body(2)

us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) cti(6) 2}

id-cti-ets-proofOfDelivery OBJECT IDENTIFIER ::= { iso(1) member-body(2)

us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) cti(6) 3}

id-cti-ets-proofOfSender OBJECT IDENTIFIER ::= { iso(1) member-body(2)

us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) cti(6) 4}

id-cti-ets-proofOfApproval OBJECT IDENTIFIER ::= { iso(1) member-body(2)

us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) cti(6) 5}

id-cti-ets-proofOfCreation OBJECT IDENTIFIER ::= { iso(1) member-body(2)

us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) cti(6) 6}

-- Signer Location

id-aa-ets-signerLocation OBJECT IDENTIFIER ::= { iso(1) member-body(2)

us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 17}

SignerLocation ::= SEQUENCE { -- at least one of the following shall be present

countryName [0] DirectoryString OPTIONAL,

-- As used to name a Country in X.500

localityName [1] DirectoryString OPTIONAL,

-- As used to name a locality in X.500

postalAdddress [2] PostalAddress OPTIONAL }

PostalAddress ::= SEQUENCE SIZE(1..6) OF DirectoryString

-- Signer Attributes

id-aa-ets-signerAttr OBJECT IDENTIFIER ::= { iso(1) member-body(2)

us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 18}

SignerAttribute ::= SEQUENCE OF CHOICE {

claimedAttributes [0] ClaimedAttributes,

certifiedAttributes [1] CertifiedAttributes }

ClaimedAttributes ::= SEQUENCE OF Attribute

CertifiedAttributes ::= AttributeCertificate -- As defined in X.509 : see section 10.3

-- Content Timestamp

id-aa-ets-contentTimestamp OBJECT IDENTIFIER ::= { iso(1) member-body(2)

us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 20}

ContentTimestamp::= TimeStampToken

-- Validation Data

-- Signature Timestamp

id-aa-signatureTimeStampToken OBJECT IDENTIFIER ::= { iso(1) member-body(2)

us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 14}

SignatureTimeStampToken ::= TimeStampToken

-- Complete Certificate Refs.

id-aa-ets-certificateRefs OBJECT IDENTIFIER ::= { iso(1) member-body(2)

us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 21}

CompleteCertificateRefs ::= SEQUENCE OF OtherCertID

-- Complete Revocation Refs

id-aa-ets-revocationRefs OBJECT IDENTIFIER ::= { iso(1) member-body(2)

us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 22}

CompleteRevocationRefs ::= SEQUENCE OF CrlOcspRef

CrlOcspRef ::= SEQUENCE {

crlids [0] CRLListID OPTIONAL,

ocspids [1] OcspListID OPTIONAL,

otherRev [2] OtherRevRefs OPTIONAL

}

CRLListID ::= SEQUENCE {

crls SEQUENCE OF CrlValidatedID}

CrlValidatedID ::= SEQUENCE {

crlHash OtherHash,

crlIdentifier CrlIdentifier OPTIONAL}

CrlIdentifier ::= SEQUENCE {

crlissuer Name,

crlIssuedTime UTCTime,

crlNumber INTEGER OPTIONAL

}

OcspListID ::= SEQUENCE {

ocspResponses SEQUENCE OF OcspResponsesID}

OcspResponsesID ::= SEQUENCE {

ocspIdentifier OcspIdentifier,

ocspRepHash OtherHash OPTIONAL

}

OcspIdentifier ::= SEQUENCE {

ocspResponderID ResponderID, -- As in OCSP response data

producedAt GeneralizedTime -- As in OCSP response data

}

OtherRevRefs ::= SEQUENCE {

otherRevRefType OTHER-REVOCATION-REF.&id,

otherRevRefs SEQUENCE OF OTHER-REVOCATION-REF.&Type

}

OTHER-REVOCATION-REF ::= CLASS {

&Type,

&id OBJECT IDENTIFIER UNIQUE }

  WITH SYNTAX {

WITH SYNTAX &Type ID &id }

-- Certificate Values

id-aa-ets-certValues OBJECT IDENTIFIER ::= { iso(1) member-body(2)

us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 23}

CertificateValues ::= SEQUENCE OF Certificate

-- Certificate Revocation Values

id-aa-ets-revocationValues OBJECT IDENTIFIER ::= { iso(1) member-body(2)

us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 24}

RevocationValues ::= SEQUENCE {

crlVals [0] SEQUENCE OF CertificateList OPTIONAL,

ocspVals [1] SEQUENCE OF BasicOCSPResponse OPTIONAL,

otherRevVals [2] OtherRevVals }

OtherRevVals ::= SEQUENCE {

otherRevValType OTHER-REVOCATION-VAL.&id,

otherRevVals SEQUENCE OF OTHER-REVOCATION-REF.&Type

}

OTHER-REVOCATION-VAL ::= CLASS {

&Type,

&id OBJECT IDENTIFIER UNIQUE }

WITH SYNTAX {

WITH SYNTAX &Type ID &id }

-- ES-C Timestamp

id-aa-ets-escTimeStamp OBJECT IDENTIFIER ::= { iso(1) member-body(2)

us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 25}

ESCTimeStampToken ::= TimeStampToken

-- Time-Stamped Certificates and CRLs

id-aa-ets-certCRLTimestamp OBJECT IDENTIFIER ::= { iso(1) member-body(2)

us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 26}

TimestampedCertsCRLs ::= TimeStampToken

-- Archive Timestamp

id-aa-ets-archiveTimestamp OBJECT IDENTIFIER ::= { iso(1) member-body(2)

us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 27}

ArchiveTimeStampToken ::= TimeStampToken

END-- ETS-ElectronicSignatureFormats-97Syntax

    本文章首發在 網安wangan.com 網站上。

    上一篇 下一篇
    安全俠
    Reserved 1.2k 聲望
    暫無個人描述~
    討論數量: 0
    只看當前版本


    暫無話題~
    ? 2021 WANGAN.COM 幫助網安從業者成長;關注產業發展,做網絡安全忠誠衛士!
    亚洲 欧美 自拍 唯美 另类