Türkçe
EnglishSidebar
en:p4_guncelleme_paketler
Profile 4 (P4) Update Packages
This section has been created to test the compliance of ECP files with various standards. The structural features of the ECP 2.1 should be conformed with “e-Correspondence Technical Guide”. Signatures in the package must comply with the ETSI TS 101 733 standard, in which the CAdES signature type is defined, and the “Long Term and OCSP Controlled Secure Electronic Signature Policies (Profile 4)” in Digital Signature Usage Profiles Guide published by the Information and Communication Technologies Authority. In this context, the controls of Update Seal and package structure are specified in the procedure table.
Test packages, test root certificates and properties of the packages of the P4 Profile created within the scope of ECP 2.1 are given in this section.
Procedure
You can access ECP P4 Update Test Package from here.
You can access Test Root Certificates from here.
The following table provides the names and properties of the ECP files to be used in the procedures. Packages in the procedure have been prepared according with the “ECP 2.1 e-Correspondence Technical Guide”.
ECP files have been created to cover only the scenarios related to Update Seal components.
| M/O | Package Name | Package Property | Package Validation Result | Explanation |
|---|---|---|---|---|
| M | P4_EYPG_1 | Valid update package | VALID | |
| M | P4_EYPG_2 | The hash value of “Core” Component in NihaiOzet.xml file is forged | INVALID | Verification details must be shown. |
| M | P4_EYPG_3 | The hash value of “Update Information” Component in NihaiOzet.xml file is forged | INVALID | Verification details must be shown. |
| M | P4_EYPG_4 | The hash value of “Original Package” Component in NihaiOzet.xml file is forged | INVALID | Verification details must be shown. |
| M | P4_EYPG_5 | The content value within the Update Seal is forged | INVALID | Verification details must be shown. |
| M | P4_EYPG_6_s | Update Seal Component is a counter signature signed by two signers. Second signer has a valid certificate, but the first signer certificate is revoked in OCSP | INVALID | Electronic Seal must not be verified. Verification details must be shown. |
| M | P4_EYPG_6_p | Update Seal Component is a parallel signature signed by two signers. Second signer has a valid certificate, but the first signer is revoked in OCSP | INVALID | Electronic Seal must not be verified. Verification details must be shown. |
| M | P4_EYPG_7 | Hash values of the components within NihaiOzet.xml is created with SHA-1 algorithm | INVALID | Verification details must be shown. |
| M | P4_EYPG_8 | Update Seal Component is signed with a Qualified Certificate instead of a Qualified Electronic Seal Certificate | INVALID | Electronic Seal must not be verified. Verification details must be shown. |
| M | P4_EYPG_9 | Update Seal component is not conform with P4 Profile | INVALID | Electronic Seal must not be verified. Verification details must be shown. |
| M | P4_EYPG_10 | Update Seal is created with an expired Qualified Electronic Seal Certificate | INVALID | Electronic Seal must not be verified. Verification details must be shown. |
| M | P4_EYPG_11 | Update Seal is created with a Qualified Electronic Seal Certificate which is revoked in OCSP | INVALID | Elektronik Mühür doğrulanmamalıdır. Hatanın açıklaması kullanıcıya bildirilmelidir. |
| M | P4_EYPG_12 | Update Seal is created with an Electronic Seal Certificate which is not qualified | INVALID | Electronic Seal must not be verified. Verification details must be shown. |
| M | P4_EYPG_13 | Update Seal is created with a Qualified Electronic Seal Certificate whose signature is forged | INVALID | Electronic Seal must not be verified. Verification details must be shown. |
| M | P4_EYPG_14 | Update package has not an Update Seal Component | INVALID | Verification details must be shown. |
| M | P4_EYPG_15 | Update package has an “encrypted original package” | INVALID | Verification details must be shown. |
| M | P4_EYPG_A16 | “archiveTimeStamp” within the Update Seal has a “TSTInfo” with a forged “messageImprint” field (TS server is TSA1) | INVALID | Electronic Seal must not be verified. Verification details must be shown. |
| M | P4_EYPG_A17 | “archiveTimeStamp” within the Update Seal has a forged signature (TS server is TSA2) | INVALID | Electronic Seal must not be verified. Verification details must be shown. |
| M | P4_EYPG_A18 | “archiveTimeStamp” within the Update Seal is signed by an expired certificate (TS server is TSA3) | INVALID | Electronic Seal must not be verified. Verification details must be shown. |
| M | P4_EYPG_A19 | “archiveTimeStamp” within the Update Seal is signed by a forged certificate (TS server is TSA4) | INVALID | Electronic Seal must not be verified. Verification details must be shown. |
| M | P4_EYPG_A20 | “archiveTimeStamp” within the Update Seal is signed by a revoked certificate. The revocation time is before the signature timestamp (TS server is TSA5) | INVALID | Electronic Seal must not be verified. Verification details must be shown. |
| M | P4_EYPG_A21 | “archiveTimeStamp” within the Update Seal is signed by a revoked certificate. The revocation time is after the signature timestamp (TS server is TSA5) | VALID | |
| M | P4_EYPG_A22 | “archiveTimeStamp” within the Update Seal is signed by a certificate whose issuer certificate is forged (TS server is TSB) | INVALID | Electronic Seal must not be verified. Verification details must be shown. |
| M | P4_EYPG_A23 | “archiveTimeStamp” within the Update Seal is signed by a valid certificate (TS server is TSC1) | VALID | |
| M | P4_EYPG_A24 | “archiveTimeStamp” within the Update Seal is signed by a certificate which references an expired CRL (TS server is TSC2) | INVALID | Electronic Seal must not be verified. Verification details must be shown. |
| M | P4_EYPG_A25 | “archiveTimeStamp” within the Update Seal is signed by a certificate which references a CRL with a forged signature (TS server is TSC3) | INVALID | Electronic Seal must not be verified. Verification details must be shown. |
| O | P4_EYPG_A26 | Update Seal component has two “archiveTimeStamp”. The first one's root certificate is not added to the signature file (TS server TSC1) | INVALID | Electronic Seal must not be verified. Verification details must be shown. |
| M | P4_EYPG_A27 | Update Seal component has two “archiveTimeStamp”. The first one's CRL is not added to the signature file (TS server TSC1) | INVALID | Electronic Seal must not be verified. Verification details must be shown. |
| M | P4_EYPG_A28 | “archiveTimeStamp” certificate is expired after the Update Seal creation date | VALID | The signature must be archived. |
| M | P4_EYPG_A29 | “archiveTimeStamp” within the Update Seal possesses SHA-1 digest algorithm | VALID | The signature must be archived. |
M: Mandatory - The specified items must be provided. In case the item is not provided, ECP evaluation will result in negative.
O: Optional - The specified items must be provided. In case the item is not provided, ECP evaluation will not result in negative.
en/p4_guncelleme_paketler.txt · Last modified: 2025/09/11 11:42
Page Tools
This wiki has been created by TÜBİTAK BİLGEM KAMU SM. All Rights Reserved. Kamu Sertifikasyon Merkezi
