THE ORDER OF THE STATE COMMITTEE OF UKRAINE CONCERNING SCIENCE, INNOVATIONS AND INFORMATIZATION OF ADMINISTRATION OF PUBLIC SERVICE OF SPECIAL COMMUNICATION AND INFORMATION SECURITY OF UKRAINE

of August 13, 2010 No. 8/229

About approval of technical specifications of formats of representation of basic objects of national system of the digital signature

According to Procedure for certification of availability of the electronic document (electronic data) on certain timepoint approved by the resolution of the Cabinet of Ministers of Ukraine of 26.05.2004 for N 680, the Procedure for accreditation of the center of certification of keys approved by the resolution of the Cabinet of Ministers of Ukraine of 13.07.2004 for N 903, of the subitem 41 of item 4 of the Regulations on the State committee of Ukraine concerning science, innovations and informatization approved by the resolution of the Cabinet of Ministers of Ukraine of 21.07.2010 of N 675, and for the purpose of creation of conditions of technological compatibility of software and hardware complexes of the accredited centers of certification of keys and means of the digital signature we ORDER:

1. Approve applied:

1.1. Technical specifications of formats of representation of basic objects of national system of the digital signature (format of signed data).

1.2. Technical specifications of formats of representation of basic objects of national system of the digital signature (protocol of fixation of time).

1.3. Technical specifications of formats of representation of basic objects of national system of the digital signature (protocol of determination of the status of the certificate).

2. To the state committee of Ukraine concerning science, innovations and informatization to post the order on the website of the central zaveritelny body.

3. Control of observance of requirements of technical specifications in software and hardware complexes of the accredited centers of certification of keys and means of the digital signature is performed by Administration of Public service of special communication and information security of Ukraine.

4. This order becomes effective in 6 months after its state registration in the Ministry of Justice of Ukraine.

5. To impose control over the implementation of the order on the First Deputy Chairman of the State committee of Ukraine concerning science, innovations and informatization Mezentseva N. B. and the First Deputy Chairman of Public service of special communication and information security of Ukraine Tsurkan O. G.

Approved by the Order of the State committee of Ukraine concerning science of innovations and informatization of Administration of Public service of special communication and information security of Ukraine of August 13, 2010 No. 8/229

Technical specifications of formats of representation of basic objects of national system of the digital signature (format of signed data)

I. General provisions

1.1. These Technical specifications determine requirements to submission of the digital signature in the form of the DER coded block (further - the EDS format) containing directly value of the digital signature (further - the EDS) as result of cryptographic transformation of set of electronic data, and also set of the additional data necessary for verification of the digital signature and recognition of its reality.

1.2. The EDS format is provided to notations of ASN.1, "to Information technology determined in the international standard ISO/IEC 8824 - Open Systems Interconnection - Specification of Abstract Syntax Notation One (ASN.1)".

1.3. All structures of data of the EDS format code by the rules DER according to the international standards ISO/IEC 8825-1:2002 "Information technology - ASN.1 encoding Rules - Part 1: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER)" and AMD1:2004 "Support for EX-TENDED-XER".

1.4. These Technical specifications are based on the international standards RFC 3852 "Cryptographic Message Syntax (CMS)", RFC 5126 "CMS Advanced Electronic Signatures" and ETSI TS 101 733 "by Technical Specification. Electronic Signatures and Infrastructures (ESI); CMS Advanced Electronic Signatures (CAdES)".

1.5. The EDS is calculated on the cryptographic algorithms determined in GSTU 4145-2002 "Information technology. Cryptographic information security. The digital signature which is based on elliptic curves". The hash function is calculated in accordance with GOST 34.311-95 "Information technology. Cryptographic information security. Hashing function" (further - GOST 34.311-95).

1.6. In one EDS format use of several cryptographic algorithms according to national standards or which are recommended by Administration of Gosspetssvyaz is possible.

1.7. Requirements of these Technical specifications are obligatory for well-tried remedies of the digital signature, software and hardware complexes of the accredited centers of certification of keys. Realization of the given formats in means of the EDS shall be validated by the certificate of conformity or the positive expert opinion by results of state examination in the field of cryptographic information security. The type of the EDS format is chosen depending on requirements to storage of signed data.

The structure of data of the EDS format is given in appendix.

1.8. In these Technical specifications terms are used in the following value:

attributes which are not signed, - the additional data included in the DER coded block of logical submission of the EDS;

attributes which are signed, - the additional data included in the DER coded block of logical submission of the EDS concerning which together with set of electronic data which are signed the EDS by the technique determined in this specification is calculated;

the verifier - person checking the EDS by means of well-tried remedy of the EDS;

value of the digital signature - the DER coded block containing result of cryptographic transformation of set of electronic data which are signed;

set of additional data (these checks) - the data necessary for recognition of reality (reliability) of the EDS, that is coded on statutory rules of the data field of the EDS which are intended for establishment of validity of the EDS, including in the long-term period.

Other terms are applied in the values given in the Law of Ukraine "About the digital signature", the Procedure for accreditation of the center of certification of keys approved by the resolution of the Cabinet of Ministers of Ukraine of 13.07.2004 of N 903, the Rules of the strengthened certification approved by the order of Department of special telecommunication systems and information security of the Security Service of Ukraine from 13.01.2005 N 3 (in edition of the order of Department of special telecommunication systems and information security of the Security Service of Ukraine of 10.05.2006 N 50) registered in the Ministry of Justice of Ukraine 27.01.2005 for N 104/10384, other regulatory legal acts concerning cryptographic and technical information security.

1.9. For determination of algorithm of hashing the field "algorithm" shall matter:

Gost34311 OBJECT IDENTIFIER:: = { iso (1) member-body (2) Ukraine (804) root (2) security (1) cryptography (1) pki (1) pki-alg (1) pki-alg-hash (2) 1 }

The field "parameters" shall be absent, but for compatibility with the previous decisions can be also coded as ASN.1 NULL.

In transactions of forming and verification of the signature in case of value calculation the hash function according to GOST 34.311-95 shall be used long-term crucial element (further - DKE) which is specified in signature key parameters.

In all other transactions of calculation of value the hash function according to GOST 34.311-95 shall be used by DKE N 1, given in appendix 1 to the Instruction about procedure for delivery and use of keys to means of the cryptographic information security approved by the order of Administration of Public service of special communication and information security of Ukraine, of 12.06.2007 N 114, of Ukraine registered in the Ministry of Justice 25.06.2007 for N 729/13996 (further - DKE N1).

DKE N 1 is used as DKE "by default".

II. Types of the EDSs formats

2.1. These Technical specifications determine the following types of the EDSs formats:

"The basic EDS" (CAdES Basic Electronic Signature - CAdES-BES, according to ETSI TS 101 733);

"The basic EDS with certain policy of the signature" (Explicit Policy-based Electronic Signature - CAdES-EPES according to ETSI TS 101 733);

"The EDS with reference to full range of data of check" (ES with Complete validation data references (CAdES-C) according to ETSI TS 101 733);

"The EDS with full range of data of check" (CAdES-X Long according to ETSI TS 101 733).

2.2. Types of the EDSs formats are given according to the procedure of increase in requirements to structure of data in such a way that the EDS below-stated format, provides fulfillment of requirements of all above-stated formats.

2.3. Basic EDS format:

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info