====== e-Correspondence Package ====== ===== Introduction ===== e-Correspondence Package (ECP) is a package structure that is designed to carry out the official correspondence between public institutions and organizations in an electronic environment. The information and components of official letters turn into a single electronic file by specific rules with ECP. This package structure enables cover letters and attachments in official writings can be signed as a whole at once. Updates were made to the existing data structure of the e-Correspondence Package and the use of electronic seals was made technically possible with the [[https://cbddo.gov.tr/SharedFolderServer/Projeler/File/EYP_2.0/EYP2.0_teknik-rehberi.pdf|“ECP 2.0 e-Correspondence Technical Guide”]] published by the Presidency of the Republic of Turkey Digital Transformation Office on August 28th, 2020. ECP consists of components related to the document and package structure that are logically connected. The table below lists the ECP components. ^**M/O**^** Package Components **^ |M|Cover Letter| |M|Metadata| |M|Final Metadata| |O|Paraph Hash| |O|Paraph Electronic Signature| |M|Package Hash| |M|Electronic Signature(e-signature)| |M|Core| |O|Attachment| |M|Final Hash| |M|Electronic Seal| **M:** Mandatory - It is mandatory to include the specified component in the package **O:** Optional - It is optional to include the specified component in the package While ECP must have Electronic Signature and Electronic Seal, the use of Paraph Electronic Signature is optional. [[CAdES P4 X-Long| P4 CAdES X-Long]] signature format is used for Paraph Electronic Signature and Electronic Signature. [[P4 CAdES-A]] signature format is used for Electronic Seal. [[sertifika_kontrolue|Certificate Control]] and [[zaman_damgası|Time Stamp]] verification procedures must be performed before creating the Paraph Electronic Signature, Electronic Signature, and Electronic Seal used in ECP. The "Date" field in the Final Metadata component is expected to be the same as the timestamp information of the most recently created Electronic Signature. Information about all signers should be included in the “Document Signatures” field of the Final Metadata component. **Paraph Electronic Signature:** It is created by signing the "ParafOzeti.xml" file that exists in the Paraph Hash component in the ECP by using Qualified Electronic Certificate. It must be used only in paraph made with an electronic signature. Cover Letter, Metadata, and Attachments components' hash values exist in the “PaketOzeti.xml” file. The presence of Attachments is optional. The following table specifies the components that must be included and not included in the Paraph Electronic Signature. ^** Paraph Electronic Signature **^** Component **^**M/O**^ | Package Components Included in Paraph Electronic Signature | Cover Letter |M| | ::: | Metadata |M| | ::: | Attachment (Internal Electronic File(DED) Attachment) |O| |Paraph Electronic Signature |[[cades_p4_x-long| P4 CAdES-X LONG]] |M| |Package Components Not Included in Paraph Electronic Signature | Unsigned Attachments |O| **Electronic Signature:** It is created by signing the “PaketOzeti.xml” file that exists in the Package Hash component of the ECP by using the Qualified Electronic Certificate by the authorized personnel of the institution. Cover Letter, Metadata, Attachments, Paraph Hash, Paraph Electronic Signature components' hash values exist in the “PaketOzeti.xml” file. The presence of Attachments, Paraph Hash, and Paraph Electronic Signature is optional. The Electronic Signature component can include serial or parallel signers. The following table specifies the components that must be included and not included in the Electronic Signature. ^** Electronic Signature **^** Component **^**M/O**^ | Package Components Included in Electronic Signature | Cover Letter |M| | ::: | Metadata |M| | ::: | Attachment (Internal Electronic File(DED) Attachment) |O| | ::: | Paraph Hash |O| | ::: | Paraph Electronic Signature |O| |Electronic Signature | [[cades_p4_x-long| P4 CAdES-X LONG]] |M| |Package Components Not Included in Electronic Signature| Unsigned Attachments |O| **Electronic Seal:** The purpose of the Electronic Seal is to verify the identity of the institution that created the ECP. Electronic Seal is created by signing the "NihaiOzet.xml" file that exists in the Final Hash component by using the Electronic Seal certificate issued by Kamu SM on behalf of the public institutions and organizations within the scope of Prime Ministry Circular no 2017/21. Cover Letter, Metadata, Final Metadata, Core, Package Hash, Electronic Signature, Attachments, Paraph Hash and Paraph Electronic Signature components' hash values exist in the “NihaiOzet.xml” file. The presence of Attachment, Paraph Hash, and Paraph Electronic Signature components are optional. The Electronic Seal component can not include serial or parallel signers. The following table specifies the components that must be included and not included in the Electronic Seal. ^** Electronic Seal **^** Component **^**M/O**^ | Package Components Included in Electronic Seal | Cover Letter |M| | ::: | Metadata |M| | ::: | Final Metadata |M| | ::: | Attachment (Internal Electronic File(DED) Attachment) |O| | ::: | Paraph Hash |O| | ::: | Core |M| | ::: | Paraph Electronic Signature |O| | ::: | Package Hash |M| | ::: | Electronic Hash |M| | Electronic Seal | [[p4_cades-a| P4 CAdES-A]] |M| | Package Components Not Included in Electronic Seal | Unsigned Attachments |O| This section has been created to test the compliance of ECP files with various standards. The structural features of the ECP should be conformed with [[https://cbddo.gov.tr/SharedFolderServer/Projeler/File/EYP_2.0/EYP2.0_teknik-rehberi.pdf|“ECP 2.0 e-Correspondence Technical Guide”]]. Signatures in the package must comply with the [[ https://www.etsi.org/deliver/etsi_ts/101700_101799/101733/01.08.01_60/ts_101733v010801p.pdf |ETSI TS 101 733]] standard, in which the CAdES signature type is defined, and the "Long Term and OCSP Controlled Secure Electronic Signature Policies (Profile P4)" in [[https://kamusm.bilgem.tubitak.gov.tr/dosyalar/mevzuat/kurul_kararlari/elektronik-imza-kullanim-profilleri-rehberi.pdf| Digital Signature Usage Profiles Guide]] published by the Information Technologies and Communication Authority. In this context, Paraph Electronic Signature, Electronic Signature, Electronic Seal and package structure controls are specified in the procedure table. In addition, ECP Archiving structure is briefly explained at the end of the section. ===== Procedures ===== You can access **ECP Test Package** from [[https://yazilim.kamusm.gov.tr/?q=tr/system/files/private/eyp2.0_test_paketleri.rar|here]]. You can access **Test Root Certificates** [[https://yazilim.kamusm.gov.tr/?q=tr/system/files/private/rootcerts.rar|here]]. The following table provides the names and properties of the ECP files to be used in the procedures. Packages in the procedure have been prepared according to [[https://cbddo.gov.tr/SharedFolderServer/Projeler/File/EYP_2.0/EYP2.0_teknik-rehberi.pdf|“ECP 2.0 e-Correspondence Technical Guide”]]. ECP files have been created to cover only the scenarios related to Electronic Signature or Electronic Seal components. Paraph Electronic Signature, which is optional, is only available in scenarios specific to the relevant component. ^** M/O **^** Package Name **^** Package Property **^**Package Validation Result**^**Explanation**^ | M |P4_1 |Valid ECP (Includes paraph e-signature and all signed features have been added for the e-signature component.)| VALID |All signed attributes must be displayed in the validation result.| | O |P4_2.doc|"Cover Letter" component of the package is Word document with a macro| INVALID |Verification details must be shown.| | M |P4_3 |Package has a contradictory e-signature component including “mime-type” attribute with “image/jpeg” value although the actual content type is XML| INVALID |Electronic Signature must not be verified. Verification details must be shown.| | M |P4_4 |Package has an e-signature component including “SigPolicyId” having another value than P4 OID (2.16.792.1.61.0.1.5070.3.3.1)| INVALID |Electronic Signature must not be verified. Verification details must be shown.| | M |P4_5 |Package has an e-signature component including “SigPolicyHash” having another hash value than P4 hash value| INVALID |Electronic Signature must not be verified. Verification details must be shown.| | M |P4_6 |Package has an e-signature component including “SPUserNotice” having P4 user notice | VALID |P4 user notice must be shown.| | M |P4_7 |Package has an e-signature component including “ESS-Signing-Certificate” hash algorithm is SHA-1 | INVALID |Electronic Signature must not be verified. Verification details must be shown.| | M |P4_8 |Package has an e-signature component without “SigningTime” attribute| INVALID |Electronic Signature must not be verified. Verification details must be shown.| | M |P4_9 |Package has an e-signature component contains the “SigningTime” attribute which indicates the time 3 hours before the "SignatureTimeStamp" attribute| INVALID |Electronic Signature must not be verified. Signature TimeStamp must be taken within two hours as of the signing time.| | M |P4_10|Package has an e-signature component with qualified certificate revocation value CRL rather than OCSP| INVALID |Electronic Signature must not be verified. Verification details must be shown.| | O |P4_11| e-signature Component: ”SignatureTimeStamp” which do not have “signatureTimeStamp” root certificate (TS server is TSC1) | INVALID |Electronic Signature must not be verified. Verification details must be shown.| | M |P4_12 |e-signature Component: Signature file with ” SignatureTimeStamp” which do not have “signatureTimeStamp” CRL (TS server is TSC1) | INVALID |Electronic Signature must not be verified. Verification details must be shown.| | M |P4_13 |Package has an e-signature component including a forged “ESS Signing-Certificate-v2” attribute| INVALID |Electronic Signature must not be verified. Verification details must be shown.| | M |P4_14 |Package has an e-signature component including a forged ”message-digest” attribute| INVALID |Electronic Signature must not be verified. Verification details must be shown.| | M |P4_15 |Package has an e-signature component in which SHA-1 digest algorithm is used| VALID | | M |P4_16|Package has an e-signature component with a forged signature| INVALID |Electronic Signature must not be verified. Verification details must be shown.| | M |P4_17|e-signature Component: Signed by a certificate with an omitted “non-repudiation” field in the key usage extension| INVALID |Electronic Signature must not be verified. Verification details must be shown.| | M |P4_18|e-signature Component: Signed by a certificate with an omitted “UserNotice” text field in the “CertificatePolicies” extension| INVALID |Electronic Signature must not be verified. Verification details must be shown.| | M |P4_19|e-signature Component: Signed by a certificate with an omitted ETSI OID in “QualifiedCertificateStatements” extension | INVALID |Electronic Signature must not be verified. Verification details must be shown.| | M |P4_20|e-signature Component: Signed by a certificate with an omitted ICTA OID in “QualifiedCertificateStatements” extension | INVALID |Electronic Signature must not be verified. Verification details must be shown.| | O |P4_21|Package has PDF/A-3 type cover letter component whose attachment is a word file| INVALID |Verification details must be shown.| | M |P4_22|Package has an e-signature component created with an expired certificate| INVALID |Electronic Signature must not be verified. Verification details must be shown.| | M |P4_23|Package has an e-signature component created with a certificate that has a forged signature. | INVALID |Electronic Signature must not be verified. Verification details must be shown.| | M |P4_24|Package has an e-signature component that was created with the revoked certificate in OCSP, the certificate was revoked before the signing time| INVALID |Electronic Signature must not be verified. Verification details must be shown.| | M |P4_25|Package has an e-signature component that was created with the revoked certificate in OCSP, the certificate was revoked after the signing time| VALID | | M |P4_26|The validity of the certificate of the e-signature component has to be checked via an expired OCSP response| INVALID |Electronic Signature must not be verified. Verification details must be shown.| | M |P4_27|The validity of the certificate of the e-signature component has to be checked via an OCSP response having a forged signature.| INVALID |Electronic Signature must not be verified. Verification details must be shown.| | M |P4_28|The validity of the certificate of the e-signature component has to be checked via an OCSP response which is signed by an expired OCSP certificate| INVALID |Electronic Signature must not be verified. Verification details must be shown.| | M |P4_29|The validity of the certificate of the e-signature component has to be checked via an OCSP response which is signed by a signature forged OCSP certificate | INVALID |Electronic Signature must not be verified. Verification details must be shown.| | M |P4_30|The validity of the certificate of the e-signature component has to be checked via an OCSP response which is signed by a revoked OCSP certificate. The OCSP certificate is revoked before signature timestamp| INVALID |Electronic Signature must not be verified. Verification details must be shown.| | M |P4_31|The validity of the certificate of the e-signature component has to be checked via an OCSP response which is signed by a revoked OCSP certificate. The OCSP certificate is revoked after signature timestamp| VALID | | M |P4_32|e-signature Component: Signer certificate has a monetary limit which is equal to “0”| CHOICE* | | O |P4_33|e-signature Component: Signer certificate has a usage restriction defined in “QC Statements” extension| INVALID |Electronic Signature must not be verified. Verification details must be shown.| | M |P4_34|The validity of the certificate of the e-signature component has to be checked via an OCSP response which is generated for a different certificate| INVALID |Electronic Signature must not be verified. Verification details must be shown.| | M |P4_35|Package has an e-signature component that is created by a certificate that is issued by an intermediate CA certificate having a forged signature.| INVALID |Electronic Signature must not be verified. Verification details must be shown.| | M |P4_36|The root certificate of the e-signature component has a forged signature| INVALID |Electronic Signature must not be verified. Verification details must be shown.| | M |P4_37|e-signature Component: Signature timestamp has a “TSTInfo” with a forged “messageImprint” field (TS server is TSA1) | INVALID |Electronic Signature must not be verified. Verification details must be shown.| | M |P4_38|e-signature Component: Signature timestamp has a forged signature (TS server is TSA2)| INVALID |Electronic Signature must not be verified. Verification details must be shown.| | M |P4_39|e-signature Component: Signature timestamp is signed by an expired certificate (TS server is TSA3) | INVALID |Electronic Signature must not be verified. Verification details must be shown.| | M |P4_40|e-signature Component: Signature timestamp is signed by a certificate with a forged signature (TS server is TSA4)| INVALID |Electronic Signature must not be verified. Verification details must be shown.| | M |P4_41|e-signature Component: Signature timestamp is signed by a revoked certificate. The revocation time is before the signing time (TS server is TSA5)| INVALID |Electronic Signature must not be verified. Verification details must be shown.| | M |P4_42|e-signature Component: Signature timestamp is signed by a revoked certificate. The revocation time is after the signature timestamp (TS server is TSA5) | VALID | | M |P4_43|e-signature Component: Signature timestamp is signed by a certificate whose issuer certificate signature is forged (TS server is TSB)| INVALID |Electronic Signature must not be verified. Verification details must be shown.| | M |P4_44|e-signature Component: Signature timestamp is signed by a valid certificate (TS server is TSC1)| VALID | | M |P4_45|e-signature Component: Signature timestamp is signed by a certificate which references an expired CRL (TS server is TSC2)| INVALID |Electronic Signature must not be verified. Verification details must be shown.| | M |P4_46|e-signature Component: Signature timestamp is signed by a certificate which references a CRL with a forged signature (TS server is TSC3)| INVALID |Electronic Signature must not be verified. Verification details must be shown.| | M |P4_47|Package has an e-signature component including a ”Complete certificate references” attribute which does not have a root certificate reference| INVALID |Electronic Signature must not be verified. Verification details must be shown.| | M |P4_48|Package has an e-signature component including a ”Complete certificate references” attribute which has a wrong root certificate reference| INVALID |Electronic Signature must not be verified. Verification details must be shown.| | M |P4_49|Package has an e-signature component including a ”Complete certificate references” attribute which does not have an intermediate CA certificate reference| INVALID |Electronic Signature must not be verified. Verification details must be shown.| | M |P4_50|Package has an e-signature component including a ”Complete certificate references” attribute which has a wrong intermediate CA certificate reference | INVALID |Electronic Signature must not be verified. Verification details must be shown.| | M |P4_51|Package has an e-signature component including a ”Complete revocation references” attribute which does not have a CRL reference for intermediate CA| INVALID |Electronic Signature must not be verified. Verification details must be shown.| | M |P4_52|Package has an e-signature component including a ”Complete revocation references” attribute which has a wrong CRL reference for intermediate CA| INVALID |Electronic Signature must not be verified. Verification details must be shown.| | M |P4_53|Package has an e-signature component including a ”Complete revocation references” attribute which does not have an OCSP reference for signer certificate| INVALID |Electronic Signature must not be verified. Verification details must be shown.| | M |P4_54|Package has an e-signature component including a ”Complete revocation references” attribute which has a wrong OCSP reference for signer certificate| INVALID |Electronic Signature must not be verified. Verification details must be shown.| | M |P4_55|Package has an e-signature component including a ”Certificate values” attribute which does not have a root certificate value| INVALID |Electronic Signature should not be verified. Verification details must be shown.| | M |P4_57|Package has an e-signature component including a ”Certificate values” attribute which does not have an intermediate CA certificate value| INVALID |Electronic Signature must not be verified. Verification details must be shown.| | M |P4_59|Package has an e-signature component including a ”Revocation Values” attribute which does not have a CRL value for intermediate CA certificate| INVALID |Electronic Signature must not be verified. Verification details must be shown.| | M |P4_61|Package has an e-signature component including a ”Revocation values” attribute which does not have an OCSP value for signer certificate| INVALID | Electronic Signature must not be verified.Verification details must be shown.| | M |P4_A75|"archiveTimeStamp” within the Electronic Seal has a “TSTInfo” with a forged “messageImprint” field (TS server is TSA1)| INVALID |Electronic Seal must not be verified. Verification details must be shown.| | M |P4_A76 |"archiveTimeStamp” within the Electronic Seal has a forged signature (TS server is TSA2)| INVALID |Electronic Seal must not be verified. Verification details must be shown.| | M |P4_A77 | "archiveTimeStamp” within the Electronic Seal is signed by an expired certificate (TS server is TSA3)| INVALID |Electronic Seal must not be verified. Verification details must be shown.| | M |P4_A78 |"archiveTimeStamp” within the Electronic Seal is signed by an forged certificate (TS server is TSA4)| INVALID |Electronic Seal must not be verified. Verification details must be shown.| | M |P4_A79 | "archiveTimeStamp” within the Electronic Seal is signed by a revoked certificate. The revocation time is before the signing time (TS server is TSA5)| INVALID |Electronic Seal must not be verified. Verification details must be shown.| | M |P4_A80 | "archiveTimeStamp” within the Electronic Seal is signed by a revoked certificate. The revocation time is after the signature timestamp (TS server is TSA5)| VALID | | M |P4_A81 | "archiveTimeStamp” within the Electronic Seal is signed by a certificate whose issuer certificate is forged (TS server is TSB)| INVALID |Electronic Seal must not be verified. Verification details must be shown.| | M |P4_A82 | "archiveTimeStamp” within the Electronic Seal is signed by a valid certificate (TS server is TSC1)| VALID | | M |P4_A83 | "archiveTimeStamp” within the Electronic Seal is signed by a certificate which references an expired CRL (TS server is TSC2)| INVALID |Electronic Seal must not be verified. Verification details must be shown.| | M |P4_A84 | "archiveTimeStamp” within the Electronic Seal is signed by a certificate which references a CRL with a forged signature (TS server is TSC3)| INVALID |Electronic Seal must not be verified. Verification details must be shown.| | O |P4_A85 | Electronic Seal component has two “archiveTimeStamp”. The first one's root certificate is not added to the signature file (TS server TSC1) | INVALID |Electronic Seal must not be verified. Verification details must be shown.| | M |P4_A86 | Electronic Seal component has two “archiveTimeStamp”. The first one's CRL is not added to the signature file (TS server TSC1) | INVALID |Electronic Seal must not be verified. Verification details must be shown.| | M |P4_A90|“archiveTimeStamp” certificate is expired after the Electronic Seal creation date.| VALID | The signature must be archived.| | M |P4_93_s | e-signature Component is a Counter signature signed by two signers. Second signer has a valid certificate, but the first signer certificate is revoked in OCSP| INVALID |Validation result of the each signer must be shown in a hierarchical order similar to the tree structure. Verification details must be shown.| | M |P4_93_p| e-signature Component is a Parallel signature signed by two signers. Second signer has a valid certificate, but the first signer is revoked in OCSP| INVALID | Each signature validation result must be shown in a hierarchical order similar to the tree structure. The details of the error should be reported to the user.| | M |P4_A94| “archiveTimeStamp” within the Electronic Seal possesses SHA-1 digest algorithm| VALID |The signature must be archived.| | M |P4_95| The hash value of Metadata Component (Üstveri) in PaketOzeti.xml file is forged| INVALID | Verification details must be shown.| | M |P4_96| The hash value of Cover Letter Component (Üst yazı) in PaketOzeti.xml file is forged| INVALID | Verification details must be shown.| | M |P4_97| The hash value of the Attachment Component which is the type of Internal Electronic File (DED) within PaketOzeti.xml is forged | INVALID | Verification details must be shown.| | M |P4_98|The hash value of Paraph Hash Component in PaketOzeti.xml file is forged| INVALID | Verification details must be shown.| | M |P4_99| The hash value of Paraph Electronic Signature Component in PaketOzeti.xml file is forged.| INVALID | Verification details must be shown.| | M |P4_100|The content value within the Electronic Signature is forged.| INVALID | Verification details must be shown.| | M |P4_101| Hash values of the components within PaketOzeti.xml is created with SHA-1 algorithm. | INVALID | Verification details must be shown.| | M |P4_102| The hash value of Metadata Component (Üstveri) In ParafOzeti.xml file is forged | INVALID |Verification details must be shown.| | M |P4_103| The hash value of Cover Letter Component (Üst yazı) in ParafOzeti.xml file is forged | INVALID |Verification details must be shown.| | M |P4_104| The hash value of Attachment Component which is the type of Internal Electronic File (DED) within ParafOzeti.xml is forged.| INVALID |Verification details must be shown.| | M |P4_105| The content value within the Paraph Electronic Signature is forged| INVALID |Verification details must be shown.| | M |P4_106| Hash values of the components within ParafOzeti.xml is created with SHA-1 algorithm. | INVALID |Verification details must be shown.| | M |P4_107| The hash value of Metadata Component (Üstveri) in NihaiOzet.xml file is forged | INVALID |Verification details must be shown.| | M |P4_108| The hash value of Final Metadata Component (Nihai Üstveri) in NihaiOzet.xml file is forged | INVALID |Verification details must be shown.| | M |P4_109| The hash value of Cover Letter Component (Üst yazı) in NihaiOzet.xml file is forged | INVALID |Verification details must be shown.| | M |P4_110| The hash value of Attachment Component which is the type of Internal Electronic File (DED) within NihaiOzet.xml is forged| INVALID |Verification details must be shown.| | M |P4_111| The hash value of Core Component in NihaiOzet.xml file is forged | INVALID |Verification details must be shown.| | M |P4_112| The hash value of Package Hash Component (Paket Özeti) in NihaiOzet.xml file is forged | INVALID |Verification details must be shown.| | M |P4_113| The hash value of Paraph Hash Component (Paraf Özeti) in NihaiOzet.xml file is forged | INVALID |Verification details must be shown.| | M |P4_114| The hash value of e-signature Component in NihaiOzet.xml file is forged | INVALID |Verification details must be shown.| | M |P4_115| The hash value of Paraph Electronic Signature Component in NihaiOzet.xml file is forged | INVALID |Verification details must be shown.| | M |P4_116| The content value within the Electronic Seal is forged | INVALID |Verification details must be shown.| | M |P4_117_s|Electronic Seal is a Counter Signature with two signers| INVALID |Electronic Seal must not be verified. Verification details must be shown.| | M |P4_117_p| Electronic Seal is a Parallel Signature with two signers | INVALID |Electronic Seal must not be verified. Verification details must be shown.| | M |P4_118| Hash values of the components within NihaiOzet.xml is created with SHA-1 algorithm. | INVALID |Verification details must be shown.| | M |P4_119|Electronic Seal Component is signed with Qualified Certificate instead of Qualified Electronic Seal Certificate| INVALID |Electronic Seal must not be verified. Verification details must be shown.| | M |P4_120|The package possesses an unplaced attachment(Konulmamış Ek)| VALID | | M |P4_121| The signer component in the NihaiUstveri.xml file is different from the signer of the Electronic Signature Component | INVALID |Verification details must be shown.| | M |P4_122|e-signature component is not conform with P4 Profile.| INVALID |Electronic Signature must not be verified. Verification details must be shown.| | M |P4_123| Electronic Seal component is not conform with P4 Profile.| INVALID |Electronic Seal must not be verified. Verification details must be shown.| | M |P4_124| Paraph Electronic Signature component is not conform with P4 Profile.| INVALID |Paraph Electronic Signature must not be verified. Verification details must be shown.| | M |P4_125| Electronic Seal is created with an expired Qualified Electronic Seal Certificate. | INVALID |Electronic Seal must not be verified. Verification details must be shown.| | M |P4_126| Electronic Seal is created with a Qualified Electronic Seal Certificate which is revoked in OCSP. | INVALID |Electronic Seal must not be verified. Verification details must be shown.| | M |P4_127| Electronic Seal is created with an Electronic Seal Certificate which is not qualified| INVALID |Electronic Seal must not be verified. Verification details must be shown.| | M |P4_128| Electronic Seal is created with a Qualified Electronic Seal Certificate whose signature is forged. | INVALID |Electronic Seal must not be verified. Verification details must be shown.| | O |P4_129|e-signature component does not have "mime-type" attribute.| INVALID |Electronic Signature must not be verified. Verification details must be shown.| | M |P4_130|The package has not an Electronic Seal Component | INVALID |Verification details must be shown.| **M:** Mandatory - The specified items must be provided. In case the item is not provided, ECP evaluation will result in negative. **O:** Optional - The specified items must be provided. In case the item is not provided, ECP evaluation will not result in negative. * One of the following methods must be selected when verifying the signed document if the signer certificate includes a monetary limit: * “INVALID Signature” message must be displayed. The description of the error should be reported to the user. * The monetary limit of the certificate is compared with the monetary limit of the signed document and if the monetary limit of the certificate is sufficient for the monetary value of the signed document, “VALID Signature” message must be displayed. * In the case where the monetary limit of the certificate is not compared with the monetary limit of the signed document, the user should be warned that the signer certificate has a monetary limit and “VALID Signature” message must be displayed. =====ECP Archival ===== In ECP applications, the archiving infrastructure should be provided. Comprehensive information about archiving can be found in section [[Imza Arsivleme|Signature Archival]]. Since the Electronic Seal component in ECP 2.0 is in the archive signature format, archiving scenarios only cover tests specific to archive signature. Correspondingly, ** P4_A90 ** and ** P4_A94 ** packages in the procedure table should be archived. The Electronic Signature component in ECP 1.3 can be in [[cades_p4_x-long| P4 CAdES-X LONG]] or [[P4 CAdES-A]] signature format. If signature is in [[cades_p4_x-long| P4 CAdES-X LONG]] format, it must be protected with archival. If the signature is in [[P4 CAdES-A]] format, archiving scenarios only cover tests specific to archive signature. Archived signature can be added in the package. If there is a Final Hash component in the package, this component also needs to be rebuilt after archival.