P3 CAdES-A
General Information
“Long-term and CRL Controlled Secure Electronic Signature Policies (Profile P3)” is defined by Information and Communication Technologies Authority (ICTA) in Electronic Signature Usage Profiles which is a guide of signature profiles for Turkey. In this profile, long term compatibility is provided with ES-X LONG and ES-A signature formats. In addition, this profile requires the use of CRL for end-user certification revocation control. These requirements are provided by the CAdES-A signature format in accordance with the P3 profile.
ES-A (Archival Electronic Signature) is the signature format that should be used in cases where signed documents need to be stored longer than the validity period of the certificate authority's root / sub-root, CRL and timestamp certificates.
Archiving is done when the CA’s certificate is near to the end of the validity period or the certificates are revoked or if announced that the used algorithms become invalid or is changed. There is no inconvenience in making archival before the above situations occur. Archival should be repeated by entering timestamp settings published by a new hierarchy by TSP if the validity of the last archive timestamp in the currently signed archive documents is compromised. On the application side, the relevant infrastructure should be provided.
The following table specifies the signature properties that must be included in the signature file for P3 CAdES-A signature format:
| Signature Properties | P3 CAdES-A | |
|---|---|---|
| Signed Attributes | Content-type | M |
| Message-digest | M | |
| ESS signing-certificate v2 | M | |
| Signing-time | M | |
| Content-hints | O | |
| Mime-type | M | |
| Content-reference | O | |
| Content-identifier | O | |
| Commitment-type-indication | O | |
| Signer-location | O | |
| Content-time-stamp | O | |
| Signature-policy-identifier | M | |
| -SigPolicyQualifiers | M | |
| -SigPolicyId | M | |
| -SigPolicyHash | M | |
| -spuri | M | |
| -sp-user-notice | O | |
| Unsigned Attributes | CounterSignature | O |
| Signature-time-stamp | M | |
| -SignedData/certificates | M | |
| -SignedData/crls | M | |
| Complete-certificate-references | M | |
| Complete-revocation-references | M | |
| Certificate-values | M | |
| Revocation-values | M | |
| Archive-time-stamp | M |
M: Must - It is mandatory to provide the specified substance. If the substance is not provided, the e-signature evaluation will result in a negative.
O: Optional – If the substance is not provided, the e-signature assessment will not result in a negative
- : This means that the feature is not in the signature format.
It is recommended not to use optional attributes unless needed.