Foreword
1 Scope
2 Normative references
3 Terms and definitions
4 Symbols and abbreviations
5 Signature application
5.1 Application Flow
5.2 Trusted environment versus untrusted environment
5.3 Selection of ESIGN application
5.4 Selection of cryptographic information application
5.5 Concurrent usage of signature applications
5.6 Security environment selection
5.7 Key selection
5.8 Basic Security Services
6 User verification
6.1 General
6.2 Knowledge based user verification
6.3 Biometric user verification
7 Digital Signature Service
7.1 Signature generation algorithms
7.2 Activation of digital signature service
7.3 General aspects
7.4 Signature Generation
7.5 Selection of different keys, algorithms and input formats
7.6 Read certificates and certificate related information
8 Device authentication
8.1 Certification authorities and certificates
8.2 Authentication environments
8.3 Key transport and key agreement mechanisms
8.4 Key transport protocol based on RSA
8.5 Device authentication with privacy protection
8.6 Privacy constrained Modular EAC (mEAC) protocol with
non-traceability feature (based on elliptic curves)
8.7 Asymmetric Authentication summary
8.8 Symmetric authentication scheme
8.9 Compute Session keys from key seed K[IFD/ICC]
8.10 Compute send sequence counter SSC
8.11 Post-authentication phase
8.12 Ending the secure session
8.13 Reading the Display Message
8.14 Updating the Display Message
9 Secure messaging
9.1 CLA byte
9.2 TLV coding of command and response message
9.3 Treatment of SM-Errors
9.4 Padding for checksum calculation
9.5 Send sequence counter (SSC)
9.6 Message structure of Secure Messaging APDUs
9.7 Response APDU protection
9.8 Use of TDES and AES
10 Key Generation
10.1 Key generation and export using PrK.ICC.AUT
10.2 Key generation and export with dynamic or static SM
10.3 Write certificates
10.4 Setting keys in static secure messaging
11 Key identifiers and parameters
11.1 Key identifiers
11.2 Public Key parameters
11.3 DSA with ELC public key parameters
11.4 RSA Diffie-Hellman key exchange parameters
11.5 ELC key exchange parameters
12 Data structures
12.1 CRTs
12.2 Key transport device authentication protocol
12.3 Privacy device authentication protocol
13 AlgIDs, Hash- and DSI Formats
13.1 Algorithm Identifiers and OIDs
13.2 Hash Input-Formats
13.3 Formats of the Digital Signature Input (DSI)
14 CV_Certificates and Key Management
14.1 Level of trust in a certificate
14.2 Key Management
14.3 Card Verifiable Certificates
14.4 Use of the public key extracted from the certificate
14.5 Validity of the key extracted from a certificate
14.6 Structure of CVC
14.7 Certificate Content
14.8 Certificate signature
14.9 Coding of the certificate content
14.10 Steps of CVC verification
14.11 Commands to handle the CVC
14.12 C_CV.IFD.AUT (non self-descriptive)
14.13 C_CV.CA.CS-AUT (non self-descriptive)
14.14 C.ICC.AUT
14.15 Self-descriptive CV Certificate (Example)
15 Files
15.1 File structure
15.2 File IDs
15.3 EF.DIR
15.4 EF.SN.ICC
15.5 EF.DH
15.6 EF.ELC
15.7 EF.C.ICC.AUT
15.8 EF.C.CA[ICC].CS-AUT
15.9 EF.C_X509.CH
15.10 EF.C_X509.CA.CS (DF.ESIGN)
15.11 EF.DM
16 Cryptographic Information Application
16.1 ESIGN cryptographic information layout example
Annex A (informative) - Device authentication - Cryptographic
view
A.1 Algorithms for authentication with key exchange or key
negotiation
A.2 Device authentication with key transport
A.2.1 Conformance to ISO/IEC 11770-3
A.2.2 Using min(SIG, N-SIG) for the signature token
A.3 Device authentication with key negotiation
A.3.1 Diffie-Hellman Key Exchange
A.4 Device authentication with privacy protection
A.4.1 The authenticity of the public DH parameters
A.5 Device authentication with non traceability
A.5.1 Diffie-Hellman Key Exchange
A.6 The 'Grandmaster Chess Attack'
Annex B (informative) - Personalization scenarios
Annex C (informative) - Build scheme for mEAC Object Identifiers
Bibliography