TB SiteMapbreadcrumb separatorESIbreadcrumb separatorESI Activities

Electronic Signatures and Infrastructures Activities

July 2019 News

TC ESI is responsible for Electronic Signatures and Infrastructures standardization within ETSI.

What follows is the latest news on ESI activities.

In June 2019, TC ESI re-appointed its chair, Mr Riccardo Genghini, eWitness, and its two vice-chairs, Mr Nick Pope, Security & Standards Associates and Mr Arno Fiedler, Nimbus. 


ESI works in collaboration with CEN TC 224 to provide standards for digital signatures.

A stakeholders' mailing list has been set up to provide regular news and updates on the progress of the execution of the mandate: Subscribe to the E-SIGNATURES_NEWS mailing list

Some draft deliverables are openly available (Draft deliverables) with specific periods for public review notified on the E-SIGNATURES_NEWS mailing list.

ESI deliverables aim at supporting Regulation (EU) No 910/2014 as well as supporting the general requirements of the international community to provide trust and confidence in electronic transactions.

Standards Framework

All standards listed below are the ones developed by TC ESI since 2015 within the standards framework. The full set of published deliverables including old ones can be found here

Introductory deliverables

Link to all published introductory deliverables

TR 119 000 "The framework for standardization of signatures: overview" 
This TR is the enry point for the standards related to digital signatures. It describes the general structure for digital signature standardization and outlines existing and potential standards for such signatures.

TR 119 001 Definitions and abbreviations

Trust Service Providers Supporting Digital Signatures

Link to all published Trust Service Providers deliverables

More information on Certification Authorities (CAs) and other Trust Service Providers (TSPs) can be found on the TSP page.

  • TR 119 400: Guidance on the use of standards for trust service providers supporting digital signatures and related services
  • EN 319 403 (UNDER REVIEW to become 319 403-1): Requirements for conformity assessment bodies assessing Trust Service Providers
  • TS 119 403-2 (PUBLISHED IN APRIL 2019):Trust Service Provider Conformity Assessment;Part 2: Additional requirements for Conformity Assessment Bodies auditing Trust Service Providers that issue Publicly-Trusted Certificates
  • TS 119 403-3 (PUBLISHED IN MARCH 2019):Trust Service Provider Conformity Assessment;Part 3: Requirements for Conformity Assessment Bodies assessing QTSP against eIDAS
  • EN 319 401: General Policy Requirements for Trust Service Providers
  • x19 411: Policy and security requirements for Trust Service Providers issuing certificates
    • EN 319 411-1: General requirements
    • EN 319 411-2: Requirements for trust service providers issuing EU qualified certificates
    • TR 119 411-4: Checklist supporting audit of TSP against ETSI EN 319 411-1 or ETSI EN 319 411-2
  • EN 319 421: Policy and Security Requirements for Trust Service Providers issuing Electronic Time-Stamps
  • TS 119 441: Policy requirements for TSP providing signature validation services
  • TS 119 431-1: Policy and security requirements for trust service providers; Part 1: TSP service components operating a remote QSCD/SCDev (remote signing)
  • TS 119 431-2: Policy and security requirements for trust service providers; Part 2: TSP service components supporting AdES digital signature creation (remote signing)
  • EN 319 412 & TS 119 412 Certificate Profiles (EN 319 412 and TS 119 412 are the same deliverables, but sometimes published as EN, sometimes published as TS to quickly include new features or corrections before a new EN is progressed)
    • Part 1: Overview and common data structures
    • Part 2: Certificate profile for certificates issued to natural persons
    • Part 3: Certificate profile for certificates issued to legal persons
    • Part 4: Certificate profile for web site certificates issued to organisations
    • Part 5: QCStatements
  • EN 319 422: Time-stamping protocol and electronic time-stamp profiles
  • TS 119 432 (PUBLISHED IN MARCH 2019): Protocols for remote digital signature creation
  • TS 119 442 (PUBLISHED IN FEBRUARY 2019): Protocol profiles for trust service providers providing AdES digital signature validation services

Payment Services Directive (PSD2)

TS 119 495 defining Qualified Certificate Profiles and TSP Policy Requirements for Payment Services under the payment services Directive (EU) 2015/2366 (called PSD2) was first published in May 2018, the last publication being in June 2019. As well, ETSI and Open Banking Europe organized a workshop "eIDAS meets PSD2" on 20 March 2018, an event on securing access to financial services with qualified certificates gathering 100 participants.

Signature Creation and Validation

Link to all published Signature Creation and Validation deliverables

  • TR 119 100: Guidance on the use of standards for signatures creation and validation
  • TS 119 101: Policy and security requirements for applications for signature creation and signature validation

Technical requirements

  • EN 319 102-1 & TS 119 102-1: Procedures for Creation and Validation of AdES Digital Signatures; Part 1: Creation and Validation
  • TS 119 102-2 (UPDATE PUBLISHED IN FEBRUARY 2019; BEING FURTHER UPDATED, DRAFT TO BE PUBLICLY AVAILABLE DURING SUMMER 2019): Procedures for Creation and Validation of AdES Digital Signatures; Part 2: Signature Validation Report
  • TS 119 112 (NEW IN APRIL 2019): Most significant differences between AdES/ASiC ENs and previous TSs
  • EN 319 122-1: CAdES digital signatures; Part 1: Building blocks and CAdES baseline signatures
  • EN 319 122-2: CAdES digital signatures; Part 2: Extended CAdES signatures
  • TS 119 122-3: CAdES digital signatures; Part 3: Incorporation of Evidence Record Syntax (ERS) in CAdES
  • EN 319 132-1: XAdES digital signatures; Part 1: Building blocks and XAdES baseline signatures
  • EN 319 132-2: XAdES digital signatures; Part 2: Extended XAdES signatures
  • EN 319 142-1: AdES digital signatures; Part 1: Building blocks and PAdES baseline signatures
  • EN 319 142-2: PAdES digital signatures; Part 2: Additional PAdES signatures profiles
  • TS 119 142-3: PAdES digital signatures; Part 3: PAdES Document Time-stamp digital signatures (PAdES-DTS)
  • EN 319 162-1: Associated Signature Containers (ASiC); Part 1: Building blocks and ASiC baseline containers
  • EN 319 162-2: Associated Signature Containers (ASiC); Part 2: Additional ASiC containers
  • TS 119 172-1: Signature policies; Part 1: Building blocks and table of contents for human readable signature policy documents
  • Ongoing work:
    • TS 119 172-2 Signature Policies; Part 2: XML format for signature policies
    • TS 119 172-3 Signature Policies; Part 3: ASN.1 format for signature policies
    • TS 119 172-4: Signature policies; Part 4: Signature validation policy for European qualified electronic signatures/seals using trusted lists

Test specifications

  • TR 119 124-1: CAdES digital signatures Testing; Part 1: Overview
  • TS 119 124-2: CAdES digital signatures Testing; Part 2: Test suites for testing interoperability of CAdES baseline signatures
  • TS 119 124-3: CAdES digital signatures Testing; Part 3: Test suites for testing interoperability of extended CAdES signatures
  • TS 119 124-4: CAdES digital signatures Testing; Part 4: Testing conformance of CAdES baseline signatures
  • TS 119 124-5: CAdES digital signatures Testing; Part 5: Testing conformance of extended CAdES signatures
  • TR 119 134-1: XAdES digital signatures Testing; Part 1: Overview
  • TS 119 134-2: XAdES digital signatures Testing; Part 2: Test suites for testing interoperability of XAdES baseline signatures
  • TS 119 134-3: XAdES digital signatures Testing; Part 3: Test suites for testing interoperability of extended XAdES signatures
  • TS 119 134-4: XAdES digital signatures Testing; Part 4: Testing Conformance of XAdES baseline signatures
  • TS 119 134-5: XAdES digital signatures Testing; Part 5: Testing Conformance of extended XAdES signatures
  • TR 119 144-1: PAdES digital signatures Testing; Part 1: Overview
  • TS 119 144-2: PAdES digital signatures Testing; Part 2: Test suites for testing interoperability of PAdES baseline signatures
  • TS 119 144-3: PAdES digital signatures Testing; Part 3: Test suites for testing interoperability of additional PAdES signatures
  • TS 119 144-4: PAdES digital signatures Testing; Part 4: Testing Conformance of PAdES baseline signatures
  • TS 119 144-5: PAdES digital signatures Testing; Part 5: Testing Conformance of additional PAdES signatures
  • TR 119 164-1: ASiC containers Testing; Part 1: Overview
  • TS 119 164-2: ASiC containers Testing; Part 2: Test suites for testing interoperability of ASiC baseline containers
  • TS 119 164-3: ASiC containers Testing; Part 3: Test suites for testing interoperability of ASiC containers other than baseline
  • TS 119 164-4: ASiC containers Testing; Part 4: Testing Conformance of ASiC baseline containers
  • TS 119 164-5: ASiC containers Testing; Part 5: Testing Conformance of additional ASiC containers

Tools implementing the above conformance test specifications have been developed and are accessible as Signatures conformance checkers

Signature creation and other related devices

This area is under the responsibility of CEN TC 224

CEN/TC 224/WG 16 -  Application Interface for smart cards used as Secure Signature Creation Devices

CEN/TC 224/WG 17 -  Protection Profiles in the context of SSCD

Cryptographic Suites

Link to all Cryptographic Suites deliverables

  • TR 119 300: Business guidance on cryptographic suites
  • TS 119 312 (UPDATED IN FEBRUARY 2019): Cryptographic Suites

Trust Application Service Providers

Link to all published eDelivery and Preservation deliverables

Preservation

  • SR 019510: Scoping study and framework for standardization of long-term data preservation services, including preservation of/with digital signatures
  • TS 119 511 (PUBLISHED IN JUNE 2019) Policy & security requirements for trust service providers providing long-term preservation of digital signatures or unsigned data using signature techniques
  • TS 119 512 (approved under processing) Protocols for trust service providers providing long-term preservation of digital signatures or unsigned data using signature techniques

eDelivery

The last eDelivery deliverables were PUBLISHED IN FEBRUARY 2019

  • EN 319 521: Policy and Security Requirements for Electronic Registered Delivery Service Providers
  • EN 319 531: Policy and Security Requirements for Electronic Registered Electronic Mail Service Providers
  • EN 319 522 Electronic Registered Delivery Services
    • Part 1: Framework and Architecture
    • Part 2: Semantic Contents
    • Part 3: Formats
    • Part 4: Bindings
      • 319 522-4-1: message delivery binding
      • 319 522-4-2: evidence and identification binding
      • 319 522-4-3: capability/requirements binding
  • EN 319 532 Registered Electronic Mail (REM) Services
    • Part 1: Framework and Architecture
    • Part 2: Semantic Contents
    • Part 3: Formats
    • Part 4: Interoperability profiles

Trust Service Status Lists Providers

Link to published Trust Service Status Lists Providers deliverables

  • TR 119 600: Business guidance for trust service status lists providers
  • TS 119 612:Trusted Lists
  • TS 119 614-1: Specifications for testing conformance of XML representation of Trusted Lists
  • Ongoing work on TS 119 615 on Use of information within a trusted list

PlugtestsTM and signatures conformance checkers

A remote Plugtests event on signature validation was held from 6 April to 2 June 2016. 98 companies have participated gathering 193 people.

ETSI ran a XAdES Plugtests from 1st October until 23 November 2015 with 63 participating organizations.

In May 2015, a PAdES remote Plugtests™ was held. More than 100 participants from 62 organizations from all over the world took part and included government bodies, public entities and enterprises involved in trust services. See news release.

From 11 June until 24 July 2015, ETSI CTI organised a remote Plugtests™ interoperability event for CAdES digital signatures

Signatures conformance checkers: ETSI Centre for Testing and Interoperability (CTI) provides a free online tool that performs numerous checks in order to verify the conformance of the ETSI AdES Digital Signatures (CAdES, XAdES, PAdES, and ASiC).

ETSI Workshops

eIDAS meets PSD2 workshop, 20 March 2018

As part of the ETSI Security Week 2018, ETSI organized a workshop on Remote Signature Creation Services by TSP: Protocols and Audit Requirements on 13 June 2018

ETSI organized a workshop on eSignature and eSeal Validation on 10 January 2018, Sophia-Antipolis, France

 

For additional information, please contact esisupport@etsi.org

Useful links: