ESYAE-imza Kütüphaneleri

BES signature is the simplest type of electronic signature. As demonstrated in the figure, signature document only includes signed document, signed attributes and signature. It does not have any information about the signing time. Therefore it is not suitable for the documents that are required to be stored for a long time. The documents that are kept for a period of time that is longer than the validity period of the signing certificate should not be signed in BES format. Otherwise, the signatures can not be verified after the signing certificate gets expired.

CAdES-EPES is very similar to the BES type. As shown in the figure, the only difference is the additional signed attribute which indicates the signature policy. In order to use EPES signature type, you must create the signed document in accordance with a previously specified policy. The accordance of the signature with a specific policy can be verified by signature policy identifier (Signature Policy ID) included in the signature document.

CAdES-t, as shown in the figure, is generated from BES or EPES signatures by adding a timestamp indicating the signing time. It is mandatory that the timestamp is taken from an authorized electronic certificate service provider in Turkey. Upon verification of the signature, the time in the timestamp is used as validation time. Timestamp guarantees that the signature is created before the time indicated by the timestamp. Lomgterm documents must at least be signed in CAdES-T format. It is recommended that the timestamp is taken just after the signing operation.

CAdES-C is generated from ES-T signature. The difference from ES-T is the additional reference information to validation data. This validation data includes CA and Sub-CA certificates of the signing certificate and CRL or OCSP response data for revocation status control of the signing certificate. As the word reference implies, the validation data itself not included in the signature document. Only uniquely defined reference values are added to the document. The validation data needs to be retrieved from external sources by using the referential information. For example, the external source may be a database storing certificates and crls with their referential information. Though there may be such cases that using ES-C format is acceptable, it is not a recommended signature format.

The signature of this format is generated from ES-C signature. The difference is that ES-X-Long signatures includes the validation data itself rather than only including referential information to validation data.This makes ES-X-Long signatures do not require any external system or data source in order to be verified. All the data to be used in the signature verification process is already included in the signature document which makes verification of ES-X-Long signatures very easy and portable. Thus it is the most recommended signature format especially the portability of the signature documents is an issue. ES-X-Long signatures can be created when the signing performed.

ES-X-Type 1 is also generated from the ES-C signature. First a timestamp for the whole content of the ES-C signature is taken and then the timestamp is added to the signature document which makes ES-C signature an ES-X-Type 1 signature. Timestamp is a protection over the referential information to validation data and indicates before when those reference values are added to the document. Since this format requires an additional timestamp, it is not a commonly used signature type.

It is very similer to the ES-X-Type 1. The only difference is the scope of the additional timestamp. Unlike Type 1, the timestamp is taken for only the referential data in the signature document rather than for the whole document.

CAdES-X-Type 1 ve Type 2 ile çok benzer yapıdadır. Aralarındaki tek fark CAdES-X-Long-Tip 1 veya Tip 2'de imza doğrulamada kullanılan sertifikalar, SİL ve OCSP cevaplarının da imza dosyasına eklenmesidir.

Doğrulama verilerinin tamamını içerdiğinden CAdES-X-Long ile de benzerlik göstermektedir. Ancak CAdES-X-Long'dan farklı olarak fazladan bir zaman damgası alınmasını gerektirmektedir. Kullanımı çok fazla önerilmemektedir. Kullanımının uygun olduğu durumlar oluşabilir ancak genel olarak CAdES-X-Long tipinin kullanılması daha uygundur.

E-imzalı belgelerin ESHS'ye ait kök/alt kök ve zaman damgası sertifikalarının geçerlilik süresinden daha uzun bir süre saklanması gerektiği durumlarda kullanılması gereken bir imza formatıdır. ES-A imza formatı tüm doğrulama verileri eklenmiş imza formatları üzerine oluşturulur. ES-A tipinde imza dosyası aşağıdaki imza dosyalarından birisinin üzerine arşiv zaman damgası alınması yoluyla yapılır:

• CAdES-X-Long
• CAdES-X-Long-Type 1
• CAdES-X-Long-Type 2

Arşivleme ESHS'ye ait sertifikaların geçerlilik süresinin sonuna yaklaşılması, sertifikaların iptal olması veya kullanılan algoritmaların kırıldığının duyurulması durumlarında yapılır. Arşivlemenin yukarıdaki durumlar oluşmadan önce yapılmasında bir sakınca yoktur. Arşivleme, yukarıda belirtilen imza dosyalarına alınan arşiv zaman damgası sertifikasının geçerliğinin sona ermesi üzerine gerektikçe tekrarlanmalıdır. Uygulamada bununla ilgili altyapı sağlanmış olmalıdır.