Türkçe
EnglishSidebar
en:p3_paketler
Profile 3 (P3) Packages
This section has been created to test the compliance of ECP files with various standards. The structural features of the ECP should be conformed with “e-Correspondence Technical Guide”. Signatures in the package must comply with the ETSI TS 101 733 standard, in which the CAdES signature type is defined, and the “Long Term and CRL Controlled Secure Electronic Signature Policies (Profile 3)” in Digital Signature Usage Profiles Guide published by the Information Technologies and Communication Authority. In this context, Paraph Electronic Signature, Electronic Signature, Electronic Seal and package structure controls are specified in the procedure table. For details on archiving operations in ECP Applications, the ECP Archival section can be reviewed.
Procedure
You can access ECP P3 Test Package from here.
You can access Test Root Certificates from here.
The following table provides the names and properties of the ECP files to be used in the procedures. Packages in the procedure have been prepared according with the current version of the “e-Correspondence Technical Guide”.
ECP files have been created to cover only the scenarios related to Electronic Signature or Electronic Seal components. Paraph Electronic Signature, which is optional, is only available in scenarios specific to the relevant component.
| M/O | Package Name | Package Property | Package Validation Result | Explanation |
|---|---|---|---|---|
| M | P3_1 | Valid ECP (Includes paraph e-signature and all signed features have been added for the e-signature component.) | VALID | All signed attributes must be displayed in the validation result. |
| O | P3_2.doc | “Cover Letter” component of the package is Word document with a macro | INVALID | Verification details must be shown. |
| M | P3_3 | Package has a contradictory e-signature component including “mime-type” attribute with “image/jpeg” value although the actual content type is XML | INVALID | Electronic Signature must not be verified. Verification details must be shown. |
| M | P3_4 | Package has an e-signature component including “SigPolicyId” having another value than P3 OID (2.16.792.1.61.0.1.5070.3.2.1) | INVALID | Electronic Signature must not be verified. Verification details must be shown. |
| M | P3_5 | Package has an e-signature component including “SigPolicyHash” having another hash value than P3 hash value | INVALID | Electronic Signature must not be verified. Verification details must be shown. |
| M | P3_6 | Package has an e-signature component including “SPUserNotice” having P3 user notice | VALID | P3 user notice must be shown. |
| M | P3_7 | Package has an e-signature component including “ESS-Signing-Certificate” hash algorithm is SHA-1 | INVALID | Electronic Signature must not be verified. Verification details must be shown. |
| M | P3_8 | Package has an e-signature component without “SigningTime” attribute | INVALID | Electronic Signature must not be verified. Verification details must be shown. |
| M | P3_9 | Package has an e-signature component contains the “SigningTime” attribute which indicates the time 3 hours before the “SignatureTimeStamp” attribute | INVALID | Electronic Signature must not be verified. Signature TimeStamp must be taken within two hours as of the signing time. |
| M | P3_10 | Package has an e-signature component with qualified certificate revocation value OCSP rather than CRL | INVALID | Electronic Signature must not be verified. Verification details must be shown. |
| O | P3_11 | e-signature Component: “SignatureTimeStamp” which does not have “signatureTimeStamp” root certificate (TS server is TSC1) | INVALID | Electronic Signature must not be verified. Verification details must be shown. |
| M | P3_12 | e-signature Component: Signature file with “SignatureTimeStamp” which does not have “signatureTimeStamp” CRL (TS server is TSC1) | INVALID | Electronic Signature must not be verified. Verification details must be shown. |
| M | P3_13 | Package has an e-signature component including a forged “ESS Signing-Certificate-v2” attribute | INVALID | Electronic Signature must not be verified. Verification details must be shown. |
| M | P3_14 | Package has an e-signature component including a forged “message-digest” attribute | INVALID | Electronic Signature must not be verified. Verification details must be shown. |
| M | P3_15 | Package has an e-signature component in which SHA-1 digest algorithm is used | VALID | |
| M | P3_16 | Package has an e-signature component with a forged signature | INVALID | Electronic Signature must not be verified. Verification details must be shown. |
| M | P3_17 | e-signature Component: Signed by a certificate with an omitted “non-repudiation” field in the key usage extension | INVALID | Electronic Signature must not be verified. Verification details must be shown. |
| M | P3_18 | e-signature Component: Signed by a certificate with an omitted “UserNotice” text field in the “CertificatePolicies” extension | INVALID | Electronic Signature must not be verified. Verification details must be shown. |
| M | P3_19 | e-signature Component: Signed by a certificate with an omitted ETSI OID in “QualifiedCertificateStatements” extension | INVALID | Electronic Signature must not be verified. Verification details must be shown. |
| M | P3_20 | e-signature Component: Signed by a certificate with an omitted ICTA OID in “QualifiedCertificateStatements” extension | INVALID | Electronic Signature must not be verified. Verification details must be shown. |
| O | P3_21 | Package has PDF/A-3 type cover letter component whose attachment is a word file | INVALID | Verification details must be shown. |
| M | P3_22 | Package has an e-signature component created with an expired certificate | INVALID | Electronic Signature must not be verified. Verification details must be shown. |
| M | P3_23 | Package has an e-signature component created with a certificate that has a forged signature | INVALID | Electronic Signature must not be verified. Verification details must be shown. |
| M | P3_24 | Package has an e-signature component that was created with the revoked certificate in CRL, the certificate was revoked before the signing time | INVALID | Electronic Signature must not be verified. Verification details must be shown. |
| M | P3_25 | Package has an e-signature component that was created with the revoked certificate in CRL, the certificate was revoked after the signing time | VALID | |
| M | P3_26 | The validity of the certificate of the e-signature component has to be checked via an expired CRL | INVALID | Electronic Signature must not be verified. Verification details must be shown. |
| M | P3_27 | The validity of the certificate of the e-signature component has to be checked via an CRL having a forged signature | INVALID | Electronic Signature must not be verified. Verification details must be shown. |
| M | P3_32 | e-signature Component: Signer certificate has a monetary limit which is equal to “0” | CHOICE* | |
| O | P3_33 | e-signature Component: Signer certificate has a usage restriction defined in “QC Statements” extension | INVALID | Electronic Signature must not be verified. Verification details must be shown. |
| M | P3_35 | Package has an e-signature component that is created by a certificate that is issued by an intermediate CA certificate having a forged signature | INVALID | Electronic Signature must not be verified. Verification details must be shown. |
| M | P3_36 | The root certificate of the e-signature component has a forged signature | INVALID | Electronic Signature must not be verified. Verification details must be shown. |
| M | P3_37 | e-signature Component: Signature timestamp has a “TSTInfo” with a forged “messageImprint” field (TS server is TSA1) | INVALID | Electronic Signature must not be verified. Verification details must be shown. |
| M | P3_38 | e-signature Component: Signature timestamp has a forged signature (TS server is TSA2) | INVALID | Electronic Signature must not be verified. Verification details must be shown. |
| M | P3_39 | e-signature Component: Signature timestamp is signed by an expired certificate (TS server is TSA3) | INVALID | Electronic Signature must not be verified. Verification details must be shown. |
| M | P3_40 | e-signature Component: Signature timestamp is signed by a certificate with a forged signature (TS server is TSA4) | INVALID | Electronic Signature must not be verified. Verification details must be shown. |
| M | P3_41 | e-signature Component: Signature timestamp is signed by a revoked certificate. The revocation time is before the signing time (TS server is TSA5) | INVALID | Electronic Signature must not be verified. Verification details must be shown. |
| M | P3_42 | e-signature Component: Signature timestamp is signed by a revoked certificate. The revocation time is after the signature timestamp (TS server is TSA5) | VALID | |
| M | P3_43 | e-signature Component: Signature timestamp is signed by a certificate whose issuer certificate signature is forged (TS server is TSB) | INVALID | Electronic Signature must not be verified. Verification details must be shown. |
| M | P3_44 | e-signature Component: Signature timestamp is signed by a valid certificate (TS server is TSC1) | VALID | |
| M | P3_45 | e-signature Component: Signature timestamp is signed by a certificate which references an expired CRL (TS server is TSC2) | INVALID | Electronic Signature must not be verified. Verification details must be shown. |
| M | P3_46 | e-signature Component: Signature timestamp is signed by a certificate which references a CRL with a forged signature (TS server is TSC3) | INVALID | Electronic Signature must not be verified. Verification details must be shown. |
| M | P3_47 | Package has an e-signature component including a “Complete certificate references” attribute which does not have a root certificate reference | INVALID | Electronic Signature must not be verified. Verification details must be shown. |
| M | P3_48 | Package has an e-signature component including a “Complete certificate references” attribute which has a wrong root certificate reference | INVALID | Electronic Signature must not be verified. Verification details must be shown. |
| M | P3_49 | Package has an e-signature component including a “Complete certificate references” attribute which does not have an intermediate CA certificate reference | INVALID | Electronic Signature must not be verified. Verification details must be shown. |
| M | P3_50 | Package has an e-signature component including a “Complete certificate references” attribute which has a wrong intermediate CA certificate reference | INVALID | Electronic Signature must not be verified. Verification details must be shown. |
| M | P3_51 | Package has an e-signature component including a “Complete revocation references” attribute which does not have a CRL reference for intermediate CA | INVALID | Electronic Signature must not be verified. Verification details must be shown. |
| M | P3_52 | Package has an e-signature component including a “Complete revocation references” attribute which has a wrong CRL reference for intermediate CA | INVALID | Electronic Signature must not be verified. Verification details must be shown. |
| M | P3_53 | Package has an e-signature component including a “Complete revocation references” attribute which does not have an CRL reference for signer certificate | INVALID | Electronic Signature must not be verified. Verification details must be shown. |
| M | P3_54 | Package has an e-signature component including a “Complete revocation references” attribute which has a wrong CRL reference for signer certificate | INVALID | Electronic Signature must not be verified. Verification details must be shown. |
| M | P3_55 | Package has an e-signature component including a “Certificate values” attribute which does not have a root certificate value | INVALID | Electronic Signature should not be verified. Verification details must be shown. |
| M | P3_57 | Package has an e-signature component including a “Certificate values” attribute which does not have an intermediate CA certificate value | INVALID | Electronic Signature must not be verified. Verification details must be shown. |
| M | P3_59 | Package has an e-signature component including a “Revocation Values” attribute which does not have a CRL value for intermediate CA certificate | INVALID | Electronic Signature must not be verified. Verification details must be shown. |
| M | P3_61 | Package has an e-signature component including a “Revocation values” attribute which does not have an OCSP value for signer certificate | INVALID | Electronic Signature must not be verified. Verification details must be shown. |
| M | P3_A75 | “archiveTimeStamp” within the Electronic Seal has a “TSTInfo” with a forged “messageImprint” field (TS server is TSA1) | INVALID | Electronic Seal must not be verified. Verification details must be shown. |
| M | P3_A76 | “archiveTimeStamp” within the Electronic Seal has a forged signature (TS server is TSA2) | INVALID | Electronic Seal must not be verified. Verification details must be shown. |
| M | P3_A77 | “archiveTimeStamp” within the Electronic Seal is signed by an expired certificate (TS server is TSA3) | INVALID | Electronic Seal must not be verified. Verification details must be shown. |
| M | P3_A78 | “archiveTimeStamp” within the Electronic Seal is signed by an forged certificate (TS server is TSA4) | INVALID | Electronic Seal must not be verified. Verification details must be shown. |
| M | P3_A79 | “archiveTimeStamp” within the Electronic Seal is signed by a revoked certificate. The revocation time is before the signing time (TS server is TSA5) | INVALID | Electronic Seal must not be verified. Verification details must be shown. |
| M | P3_A80 | “archiveTimeStamp” within the Electronic Seal is signed by a revoked certificate. The revocation time is after the signature timestamp (TS server is TSA5) | VALID | |
| M | P3_A81 | “archiveTimeStamp” within the Electronic Seal is signed by a certificate whose issuer certificate is forged (TS server is TSB) | INVALID | Electronic Seal must not be verified. Verification details must be shown. |
| M | P3_A82 | “archiveTimeStamp” within the Electronic Seal is signed by a valid certificate (TS server is TSC1) | VALID | |
| M | P3_A83 | “archiveTimeStamp” within the Electronic Seal is signed by a certificate which references an expired CRL (TS server is TSC2) | INVALID | Electronic Seal must not be verified. Verification details must be shown. |
| M | P3_A84 | “archiveTimeStamp” within the Electronic Seal is signed by a certificate which references a CRL with a forged signature (TS server is TSC3) | INVALID | Electronic Seal must not be verified. Verification details must be shown. |
| O | P3_A85 | Electronic Seal component has two “archiveTimeStamp”. The first one's root certificate is not added to the signature file (TS server TSC1) | INVALID | Electronic Seal must not be verified. Verification details must be shown. |
| M | P3_A86 | Electronic Seal component has two “archiveTimeStamp”. The first one's CRL is not added to the signature file (TS server TSC1) | INVALID | Electronic Seal must not be verified. Verification details must be shown. |
| M | P3_A90 | “archiveTimeStamp” certificate is expired after the Electronic Seal creation date | VALID | The signature must be archived. |
| M | P3_93_s | e-signature Component is a Counter signature signed by two signers. Second signer has a valid certificate, but the first signer certificate is revoked in CRL | INVALID | Validation result of the each signer must be shown in a hierarchical order similar to the tree structure. Verification details must be shown. |
| M | P3_93_p | e-signature Component is a Parallel signature signed by two signers. Second signer has a valid certificate, but the first signer is revoked in CRL | INVALID | Each signature validation result must be shown in a hierarchical order similar to the tree structure. The details of the error should be reported to the user. |
| M | P3_A94 | “archiveTimeStamp” within the Electronic Seal possesses SHA-1 digest algorithm | VALID | The signature must be archived. |
| M | P3_95 | The hash value of Metadata Component in PaketOzeti.xml file is forged | INVALID | Verification details must be shown. |
| M | P3_96 | The hash value of Cover Letter Component in PaketOzeti.xml file is forged | INVALID | Verification details must be shown. |
| M | P3_97 | The hash value of the Attachment Component which is the type of Internal Electronic File within PaketOzeti.xml is forged | INVALID | Verification details must be shown. |
| M | P3_98 | The hash value of Paraph Hash Component in PaketOzeti.xml file is forged | INVALID | Verification details must be shown. |
| M | P3_99 | The hash value of Paraph Electronic Signature Component in PaketOzeti.xml file is forged | INVALID | Verification details must be shown. |
| M | P3_100 | The content value within the Electronic Signature is forged | INVALID | Verification details must be shown. |
| M | P3_101 | Hash values of the components within PaketOzeti.xml is created with SHA-1 algorithm | INVALID | Verification details must be shown. |
| M | P3_102 | The hash value of Metadata Component In ParafOzeti.xml file is forged | INVALID | Verification details must be shown. |
| M | P3_103 | The hash value of Cover Letter Component in ParafOzeti.xml file is forged | INVALID | Verification details must be shown. |
| M | P3_104 | The hash value of Attachment Component which is the type of Internal Electronic File within ParafOzeti.xml is forged | INVALID | Verification details must be shown. |
| M | P3_105 | The content value within the Paraph Electronic Signature is forged | INVALID | Verification details must be shown. |
| M | P3_106 | Hash values of the components within ParafOzeti.xml is created with SHA-1 algorithm | INVALID | Verification details must be shown. |
| M | P3_107 | The hash value of Metadata Component in NihaiOzet.xml file is forged | INVALID | Verification details must be shown. |
| M | P3_108 | The hash value of Final Metadata Component in NihaiOzet.xml file is forged | INVALID | Verification details must be shown. |
| M | P3_109 | The hash value of Cover Letter Component in NihaiOzet.xml file is forged | INVALID | Verification details must be shown. |
| M | P3_110 | The hash value of Attachment Component which is the type of Internal Electronic File within NihaiOzet.xml is forged | INVALID | Verification details must be shown. |
| M | P3_111 | The hash value of Core Component in NihaiOzet.xml file is forged | INVALID | Verification details must be shown. |
| M | P3_112 | The hash value of Package Hash Component in NihaiOzet.xml file is forged | INVALID | Verification details must be shown. |
| M | P3_113 | The hash value of Paraph Hash Component in NihaiOzet.xml file is forged | INVALID | Verification details must be shown. |
| M | P3_114 | The hash value of e-signature Component in NihaiOzet.xml file is forged | INVALID | Verification details must be shown. |
| M | P3_115 | The hash value of Paraph Electronic Signature Component in NihaiOzet.xml file is forged | INVALID | Verification details must be shown. |
| M | P3_116 | The content value within the Electronic Seal is forged | INVALID | Verification details must be shown. |
| M | P3_117_s | Electronic Seal is a Counter Signature with two signers | INVALID | Electronic Seal must not be verified. Verification details must be shown. |
| M | P3_117_p | Electronic Seal is a Parallel Signature with two signers | INVALID | Electronic Seal must not be verified. Verification details must be shown. |
| M | P3_118 | Hash values of the components within NihaiOzet.xml is created with SHA-1 algorithm | INVALID | Verification details must be shown. |
| M | P3_119 | Electronic Seal Component is signed with a Qualified Certificate instead of a Qualified Electronic Seal Certificate | INVALID | Electronic Seal must not be verified. Verification details must be shown. |
| M | P3_120 | The package attachments restricted by the distribution list | VALID | |
| M | P3_121 | The signer information in the NihaiUstveri.xml file is different from the signer of the Electronic Signature Component | INVALID | Verification details must be shown. |
| M | P3_122 | e-signature component is not conform with P3 Profile | INVALID | Electronic Signature must not be verified. Verification details must be shown. |
| M | P3_123 | Electronic Seal component is not conform with P3 Profile | INVALID | Electronic Seal must not be verified. Verification details must be shown. |
| M | P3_124 | Paraph Electronic Signature component is not conform with P3 Profile | INVALID | Paraph Electronic Signature must not be verified. Verification details must be shown. |
| M | P3_125 | Electronic Seal is created with an expired Qualified Electronic Seal Certificate | INVALID | Electronic Seal must not be verified. Verification details must be shown. |
| M | P3_126 | Electronic Seal is created with a Qualified Electronic Seal Certificate which is revoked in OCSP | INVALID | Electronic Seal must not be verified. Verification details must be shown. |
| M | P3_127 | Electronic Seal is created with an Electronic Seal Certificate which is not qualified | INVALID | Electronic Seal must not be verified. Verification details must be shown. |
| M | P3_128 | Electronic Seal is created with a Qualified Electronic Seal Certificate whose signature is forged | INVALID | Electronic Seal must not be verified. Verification details must be shown. |
| O | P3_129 | e-signature component does not have “mime-type” attribute | INVALID | Electronic Signature should not be verified. Verification details must be shown. |
| M | P3_130 | The package has not an Electronic Seal Component | INVALID | Verification details must be shown. |
M: Mandatory - The specified items must be provided. In case the item is not provided, ECP evaluation will result in negative.
O: Optional - The specified items must be provided. In case the item is not provided, ECP evaluation will not result in negative.
* One of the following methods must be selected when verifying the signed document if the signer certificate includes a monetary limit:
- “INVALID Signature” message must be displayed. The description of the error should be reported to the user.
- The monetary limit of the certificate is compared with the monetary limit of the signed document and if the monetary limit of the certificate is sufficient for the monetary value of the signed document, “VALID Signature” message must be displayed.
- In the case where the monetary limit of the certificate is not compared with the monetary limit of the signed document, the user should be warned that the signer certificate has a monetary limit and “VALID Signature” message must be displayed.
en/p3_paketler.txt · Last modified: 2025/09/11 11:42
Page Tools
This wiki has been created by TÜBİTAK BİLGEM KAMU SM. All Rights Reserved. Kamu Sertifikasyon Merkezi
