{"id":350081,"date":"2024-10-20T00:40:19","date_gmt":"2024-10-20T00:40:19","guid":{"rendered":"https:\/\/pdfstandards.shop\/product\/uncategorized\/bs-en-419212-22017\/"},"modified":"2024-10-26T00:24:52","modified_gmt":"2024-10-26T00:24:52","slug":"bs-en-419212-22017","status":"publish","type":"product","link":"https:\/\/pdfstandards.shop\/product\/publishers\/bsi\/bs-en-419212-22017\/","title":{"rendered":"BS EN 419212-2:2017"},"content":{"rendered":"

This part specifies mechanisms for SEs to be used as qualified signature creation devices covering: \u2022 Signature creation and mobile signature creation \u2022 User verification \u2022 Password based authentication The specified mechanisms are suitable for other purposes like services in the context of EU Regulation 910\/2014 of the European Parliament and the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999\/93\/EC. The particular case of seal is also covered by the specification. The differences between seal and signature are exposed in Annex B. Annex B also explains how the mechanisms for SEs as qualified signature creation devices can be used for SEs as qualified seal creation devices. Mobile signature is an alternative to the classical signature case which is performed by a secure element. Mobile signature is encouraged by the large widespread of mobile devices and the qualification authorized by the eIDAS Regulation. The particular case of remote signature (or server signing) is covered by this specification in Annex C. In the rest of this document, except Annex B, there will be no particular notion of a seal since it technically compares to the signature.<\/p>\n

PDF Catalog<\/h4>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
PDF Pages<\/th>\nPDF Title<\/th>\n<\/tr>\n
2<\/td>\nNational foreword <\/td>\n<\/tr>\n
4<\/td>\nEuropean foreword
European foreword <\/td>\n<\/tr>\n
5<\/td>\nIntroduction <\/td>\n<\/tr>\n
9<\/td>\nEuropean foreword <\/td>\n<\/tr>\n
10<\/td>\nIntroduction <\/td>\n<\/tr>\n
11<\/td>\n1 Scope
2 Normative references <\/td>\n<\/tr>\n
12<\/td>\n3 Terms and definitions
4 Symbols and abbreviations
5 Signature application
5.1 Application Flow <\/td>\n<\/tr>\n
14<\/td>\n5.2 Trusted environment versus untrusted environment
5.3 Selection of ESIGN application
5.3.1 General <\/td>\n<\/tr>\n
15<\/td>\n5.3.2 Exceptions for Secure Messaging
5.4 Selection of cryptographic information application <\/td>\n<\/tr>\n
16<\/td>\n5.5 Concurrent usage of signature applications
5.5.1 General
5.5.2 Methods of channel selection
5.5.3 Security issues on multiple channels
5.6 Security environment selection <\/td>\n<\/tr>\n
17<\/td>\n5.7 Key selection
5.8 Security Services
6 User verification
6.1 General <\/td>\n<\/tr>\n
18<\/td>\n6.2 Knowledge based user verification
6.2.1 General
6.2.2 Explicit user verification <\/td>\n<\/tr>\n
19<\/td>\n6.2.3 Password-based mechanisms
6.2.4 Presentation formats <\/td>\n<\/tr>\n
20<\/td>\n6.2.5 Retry and Usage counters
6.2.6 Password Change <\/td>\n<\/tr>\n
21<\/td>\n6.2.7 Reset of RC and setting a new password <\/td>\n<\/tr>\n
22<\/td>\n6.3 Biometric user verification
6.3.1 General
6.3.2 Retrieval of the Biometric Information Template <\/td>\n<\/tr>\n
23<\/td>\n6.3.3 Performing the biometric user verification <\/td>\n<\/tr>\n
25<\/td>\n6.3.4 Reset of RC
7 Digital Signature Service
7.1 General
7.2 Signature generation algorithms <\/td>\n<\/tr>\n
26<\/td>\n7.3 Activation of digital signature service
7.4 General aspects <\/td>\n<\/tr>\n
27<\/td>\n7.5 Signature Generation
7.5.1 General
7.5.2 No hashing in Card <\/td>\n<\/tr>\n
28<\/td>\n7.5.3 Partial hashing <\/td>\n<\/tr>\n
29<\/td>\n7.5.4 All hashing in ICC <\/td>\n<\/tr>\n
30<\/td>\n7.6 Selection of different keys, algorithms and input formats
7.6.1 General
7.6.2 Restore an existing SE <\/td>\n<\/tr>\n
31<\/td>\n7.6.3 Setting the Hash Template (HT) of a current Security Environment (SE)
7.6.4 Modify the Digital Signature Template (DST) of a current Security Environment (SE) <\/td>\n<\/tr>\n
32<\/td>\n7.7 Read certificates and certificate related information
7.7.1 General
7.7.2 Read certificate related CIOs <\/td>\n<\/tr>\n
33<\/td>\n7.7.3 Read signer’s certificate from ICC <\/td>\n<\/tr>\n
34<\/td>\n7.7.4 Retrieval of the signer’s certificate from a directory service
8 Password-based authentication protocols
8.1 General <\/td>\n<\/tr>\n
35<\/td>\n8.2 Notation
8.3 Authentication steps
8.3.1 General <\/td>\n<\/tr>\n
37<\/td>\n8.3.2 Step 1 \u2014 Reading the protocol relevant public parameters
8.3.3 Step 2 \u2014 Set PBM parameters and generate blinding point <\/td>\n<\/tr>\n
38<\/td>\n8.3.4 Step 3 \u2014 Get encrypted nonce <\/td>\n<\/tr>\n
39<\/td>\n8.3.5 Step 4.1 \u2014 Map nonce and compute generator point for generic mapping <\/td>\n<\/tr>\n
40<\/td>\n8.3.6 Step 4.2 \u2014 Map nonce and compute generator point for integrated mapping <\/td>\n<\/tr>\n
41<\/td>\n8.3.7 Step 5 \u2014 Generate session keys <\/td>\n<\/tr>\n
42<\/td>\n8.3.8 Step 6 \u2014 Explicit key authentication <\/td>\n<\/tr>\n
43<\/td>\n9 Secure Messaging
9.1 General
9.2 CLA byte
9.3 TLV coding of command and response message <\/td>\n<\/tr>\n
44<\/td>\n9.4 Treatment of SM-Errors
9.5 Padding for checksum calculation
9.6 Send sequence counter (SSC)
9.7 Message structure of Secure Messaging APDUs
9.7.1 Cryptograms <\/td>\n<\/tr>\n
46<\/td>\n9.7.2 Cryptographic Checksums <\/td>\n<\/tr>\n
49<\/td>\n9.7.3 Final command APDU construction <\/td>\n<\/tr>\n
50<\/td>\n9.8 Response APDU protection <\/td>\n<\/tr>\n
54<\/td>\n9.9 Use of TDES and AES
9.9.1 TDES\/AES encryption\/decryption
9.9.2 CBC mode <\/td>\n<\/tr>\n
55<\/td>\n9.9.3 Retail MAC with TDES
9.9.4 EMAC with AES <\/td>\n<\/tr>\n
56<\/td>\n9.9.5 CMAC with AES <\/td>\n<\/tr>\n
57<\/td>\n10 Key Generation
10.1 General
10.2 Signature key and certificate generation <\/td>\n<\/tr>\n
59<\/td>\n11 Key identifiers and parameters
11.1 General
11.2 Key identifiers (KID)
11.2.1 General
11.2.2 Secret and private keys
11.3 Public Key parameters
11.3.1 General <\/td>\n<\/tr>\n
60<\/td>\n11.3.2 RSA public key parameters
11.4 Diffie-Hellman key exchange parameters
11.5 Authentication tokens in the protocols mEACv2 and PCA
11.5.1 General
11.5.2 TDES
11.5.3 AES
11.5.4 Ephemeral Public Key Data Object <\/td>\n<\/tr>\n
61<\/td>\n11.6 The compression function Comp()
11.7 DSA with ELC public key parameters
11.7.1 General <\/td>\n<\/tr>\n
62<\/td>\n11.7.2 The plain format of a digital signature
11.7.3 The uncompressed encoding
11.8 ELC key exchange public parameters <\/td>\n<\/tr>\n
63<\/td>\n12 AlgIDs, Hash- and DSI Formats
12.1 General
12.2 Algorithm Identifiers and OIDs
12.3 Hash Input-Formats
12.3.1 General <\/td>\n<\/tr>\n
64<\/td>\n12.3.2 PSO:HASH without command chaining
12.3.3 PSO:HASH with command Chaining <\/td>\n<\/tr>\n
65<\/td>\n12.4 Formats of the Digital Signature Input (DSI)
12.4.1 General
12.4.2 DSI according to ISO\/IEC 14888\u20112 (scheme 2) <\/td>\n<\/tr>\n
66<\/td>\n12.4.3 DSI according to PKCS #1 V 1.5 <\/td>\n<\/tr>\n
67<\/td>\n12.4.4 Digest Info for SHA-X Hash:Digest Info SHA:Digest Info <\/td>\n<\/tr>\n
68<\/td>\n12.4.5 DSI according to PKCS #1 V 2.x MGF function <\/td>\n<\/tr>\n
70<\/td>\n12.4.6 DSA with DH key parameters
12.4.7 Elliptic Curve Digital Signature Algorithm \u2014 ECDSA
13 Files
13.1 General
13.2 File structure <\/td>\n<\/tr>\n
71<\/td>\n13.3 File IDs
13.4 EF.DIR <\/td>\n<\/tr>\n
72<\/td>\n13.5 EF.SN.ICC
13.6 EF.DH <\/td>\n<\/tr>\n
73<\/td>\n13.7 EF.ELC
13.8 EF.C.ICC.AUT <\/td>\n<\/tr>\n
74<\/td>\n13.9 EF.C.CAICC.CS-AUT
13.10 EF.C_X509.CH.DS
13.11 EF.C_X509.CA.CS (DF.ESIGN) <\/td>\n<\/tr>\n
75<\/td>\n13.12 EF.DM
14 Cryptographic Information Application
14.1 General <\/td>\n<\/tr>\n
77<\/td>\n14.2 ESIGN cryptographic information layout example
14.2.1 General <\/td>\n<\/tr>\n
78<\/td>\n14.2.2 EF.CIAInfo <\/td>\n<\/tr>\n
80<\/td>\n14.2.3 EF.AOD <\/td>\n<\/tr>\n
83<\/td>\n14.2.4 EF.PrKD <\/td>\n<\/tr>\n
86<\/td>\n14.2.5 EF.PuKD <\/td>\n<\/tr>\n
88<\/td>\n14.2.6 EF.CD <\/td>\n<\/tr>\n
89<\/td>\n14.2.7 EF.DCOD <\/td>\n<\/tr>\n
94<\/td>\nAnnex A (normative) Security environments <\/td>\n<\/tr>\n
101<\/td>\nAnnex B (informative) Seals and Signatures <\/td>\n<\/tr>\n
104<\/td>\nAnnex C (informative) Remote Signatures <\/td>\n<\/tr>\n
107<\/td>\nBibliography <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":"

Application Interface for Secure Elements for Electronic Identification, Authentication and Trusted Services – Signature and Seal Services<\/b><\/p>\n\n\n\n\n
Published By<\/td>\nPublication Date<\/td>\nNumber of Pages<\/td>\n<\/tr>\n
BSI<\/b><\/a><\/td>\n2018<\/td>\n110<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"featured_media":350090,"template":"","meta":{"rank_math_lock_modified_date":false,"ep_exclude_from_search":false},"product_cat":[693,2641],"product_tag":[],"class_list":{"0":"post-350081","1":"product","2":"type-product","3":"status-publish","4":"has-post-thumbnail","6":"product_cat-35-240-15","7":"product_cat-bsi","9":"first","10":"instock","11":"sold-individually","12":"shipping-taxable","13":"purchasable","14":"product-type-simple"},"_links":{"self":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product\/350081","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product"}],"about":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/types\/product"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media\/350090"}],"wp:attachment":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media?parent=350081"}],"wp:term":[{"taxonomy":"product_cat","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_cat?post=350081"},{"taxonomy":"product_tag","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_tag?post=350081"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}