Navigation and service

BSI - Federal Office for Information Security (Link to homepage)

BSI TR-03125 Preservation of Evidence of Cryptographically Signed Documents

See also the German version of TR-ESOR V. 1.3
The English version of TR-ESOR V. 1.3 is under developement.

Description of the Technical Guideline

The increasing digitalisation of business processes, procedures and documents in electronic form is creating new challenges that did not exist in the "old world" of paper documents -- or were at least much easier to deal with:

  • Electronic documents in and of themselves can be neither perceived nor read. Furthermore, as a rule they do not in and of themselves offer any evidence for their integrity and authenticity or for protecting and keeping the legal claims of the issuer or third parties, or proof of their propriety for electronic legal and business transactions. Rather, additional technical and organisational measures must be taken in order to generate and maintain these characteristics over the long term, especially for the purpose of the long-term preservation of electronic documents.
  • Despite the ever-shorter information technology innovation cycles, the readability and availability of business-relevant information must be guaranteed for the duration of the required long retention periods -- without dependency on individual products and manufacturers.
  • Also and especially in the electronic world, the access to the data and documents must comply with the requirements for data protection and data security, even over long periods of time and when systems are changed.

Thus, both the public administration and companies face the challenge of having to guarantee availability and, in particular, readability, integrity and authenticity for an increasing volume of data and documents created, processed and stored electronically, even in the distant future.

With the Technical Guideline BSI TR 03125 "Preservation of Evidence of Cryptographically Signed Documents", the BSI is providing a guide that describes how electronically signed data and documents can be stored in a trustworthy manner -- that is, in the sense of the legally valid preservation of evidence -- over long periods of time until the end of the respective retention periods.

However, TR 03125 is not intended to replace known and established requirements and definitions. Rather, the requirements for proper preservation must be complied with for electronically signed documents, too. Generally speaking, they are a prerequisite of TR 03125. The proposed reference architecture of TR 03125 is thus not to be understood as a replacement for an archive system, but rather as middleware that describes a possible implementation of the requirements for the legally valid preservation of evidence of both cryptographically signed and unsigned documents during the legally required retention period.

The Technical Guideline is intended primarily for public authorities. Furthermore, the Technical Guideline is a recommendation, because the need for the legally compliant preservation of evidence of cryptographically signed documents is increasingly gaining importance in nearly all public and private sectors. Electronic documents such as in the health care sector or medication approvals, replacement scanned documents, electronic invoices and receipts in day-to-day business transactions, civil registers, digital technical documents for the technical approval of aeroplanes and many other areas require adequate solutions for the long-term preservation of evidence in the context of the advancing digitalisation of business processes. Even these few examples show the great relevance of the preservation of evidence of electronic documents.

The BSI used the following design criteria:

  • Consideration of the relevant national and international standards
  • Consistent and complete platform and manufacturer neutrality
  • Description of a multi-client-capable reference architecture that is suitable for developing cross-application and cross-product archive infrastructure services
  • Focus on implementation by including concrete help for developing components and interfaces (in particular in the realm of cryptographic security measures with the eCard API Framework)

Concretely, this Technical Guideline describes a differentiated catalogue of obligatory (shall), recommended (should) and optional (can) requirements with regard to all elements and areas in which there is a need to design in order for public authorities and institutions to develop effective, sustainable and economical technical scenarios for the storage of electronically signed documents and data with the preservation of evidence.

These are primarily

  • Recommended data and document formats
  • A recommended exchange format for archival information packages
  • Recommendations for a reference architecture or alternative architectures
  • Requirements for components (upstream application systems) and modules of the reference architecture as well as their dependencies
  • Provision of testing tools and test data

Now, providers and product manufacturers can develop solutions that comply with this Guideline on the basis of the specifications at hand.

eIDAS Regulation

Since 1 July 2016, the legal framework for electronic signatures, electronic seals and electronic time stamps has been defined by Regulation (EU No) 910/2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (the eIDAS Regulation for short). The Regulation and the implementing acts based on it serve, inter alia, to harmonise the internal market for electronic signatures, seals and time stamps, as well as the trust services based on them, within the European Union (EU) and the European Free Trade Association (EFTA).

According to the Regulation, as of 1 July 2016, electronic seals are available for legal persons, besides electronic signatures for natural persons and electronic time stamps. In this respect, the seal is an extension to the previous legal situation in Germany. Furthermore, the eIDAS Regulation makes it possible to now use "qualified remote signatures" and corresponding "qualified remote seals" as well, whereby a trusted service provider stores the private keys in a suitable qualified signature or seal creation device based on a hardware security module. This will ensure that the process of creating qualified electronic signatures and seals can be initiated from mobile end devices, for example. The eIDAS Regulation also defines a legal framework for trust services for electronic registered delivery services, certification services, website authentication and the preservation of evidence of electronic signatures and seals by (qualified) preservation services.

Whereas the European Directive 1999/93/EC as well as the Digital Signature Act (SigG) based on it and the Signature Regulation (SigV) were largely technologically neutral, European Regulation (EU No) 910/2014 (eIDAS Regulation) defines the occasional use of specific technical standards in certain implementing acts, with the aim of achieving interoperability throughout Europe.
This includes, for example:

  • (EU) 2015/806 -- laying down specifications relating to the form of the EU trust mark for qualified trust services
  • (EU) 2015/1505 -- laying down technical specifications and formats relating to trusted lists
  • (EU) 2015/1506 -- laying down specifications relating to formats of advanced electronic signatures and advanced seals to be recognised by public sector bodies for electronic transactions in the internal market
  • (EU) 2016/650 -- laying down standards for the security assessment of qualified signature and seal creation devices

The BSI offers additional information on the eIDAS Regulation by following the link below.

TR 03125 from the BSI does not define its own signature formats, but instead uses those from the established ETSI standards, which are mandatory according to Annex F of TR-ESOR and Implementing Act (EU) 2015/1506 "laying down specifications relating to formats of advanced electronic signatures and advanced seals".

Since 1 July 2016, it has also been possible in the context of TR-ESOR to use eIDAS-compliant, qualified time stamps created by qualified trust service providers (see Article 41 and 42 of the eIDAS Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC) to preserve evidence of cryptographically signed documents. Based on these facts and since the entry into force of the Trust Services Act, qualified preservation services based on TR-ESOR for qualified electronic signatures or seals according to Article 34 and 40 of the eIDAS Regulation can be used for the preservation of evidence of electronic signatures or electronic seals beyond their technological validity period. Please keep in mind that neither the eIDAS Regulation nor the relevant ETSI standards, for example, ETSI EN 319 411-2 (see especially section 6.3.10), define precisely how long the revocation status for a related certificate is accessible via OCSP. When selecting time stamp providers for TR-ESOR, therefore, attention should be paid to how long the revocation status for a certificate remains available online. This will ensure that the relevant status information can be retrieved in good time and stored in a way that has evidentiary value.

Trusted lists of qualified trust service providers and trust services

According to Article 22 (1) of the eIDAS Regulation, all Member States have to provide so-called trusted lists, which contain information about qualified trust service providers in the Member State as well as the trust services they provide. They must be published securely in an electronically signed or sealed format suitable for automatic processing (see Article 22 (2) of the eIDAS Regulation). Information on the national bodies responsible for drawing up the lists is provided to the Commission according to Article 22 (3) of the eIDAS Regulation. For its part, the Commission publishes a trusted list of the information provided on the individual national bodies containing, at a minimum, details of where their lists are published and which certificates are used to sign or seal them (see Article 22 (4) of the eIDAS Regulation).

In Germany, the Federal Network Agency for Electricity, Gas, Telecommunications, Post and Railway (BNetzA) is the competent authority for publishing this trusted list. The corresponding trusted list of the European Commission, which links to all national trusted lists, is available here.

Current developments of the ETSI Preservation Standards and TR-ESOR

(1) Concerning the technical requirements for (qualified) preservation services, the responsible ETSI standardisation committee published the

  • ETSI Special Report SR 019510, Electronic Signatures and Infrastructures (ESI); Scoping study and framework for standardization of long-term data preservation services, including preservation of/with digital signatures, V1.1.1 (2017-05)

    The Special Report contains a representative market overview of the preservation solutions used in Europe as well as the relevant national and international standards and, for example, a description of TR 03125 TR-ESOR.

(2) Furthermore, the following ETSI standards concerning (qualified) preservation services are offered by ETSI:

  • ETSI TS 119 511 Electronic Signatures and Infrastructures (ESI): Policy and security requirements for trust service providers providing long-term preservation of digital signatures or general data using digital signature techniques
  • ETSI TS 119 512 Electronic Signatures and Infrastructures (ESI): Protocols for trust service providers providing long-term data preservation

The BSI plays an active role in the responsible standardisation committee (ETSI ESI). The core content of TR-ESOR is included in the European standards for preservation services, so TR-ESOR is fully compatible.

(3) References to signatures and time stamps pursuant to the Digital Signature Act (SigG) were replaced by those pursuant to the eIDAS Regulation in Technical Guideline TR 03125 TR-ESOR V1.2.1 and also in related specialised legislation. Reference was made to the possible use of qualified electronic seals in various places too. Apart from those largely editorial changes, no other significant changes needed to be made to the content at the time TR 03125 TR-ESOR V1.2.1 was published.

(4) Additional options were incorporated into TR-ESOR v1.2.2 based on the practical experience of users and manufacturers to ensure even large files and volumes of data can be processed easily and to facilitate interoperability with European preservation services. This was achieved by updating the TR-ESOR main document and annexes TR-ESOR-E and TR-ESOR-F, as well as the scheme specifications. The other TR-ESOR annexes to Version 1.2.1 remain unchanged in TR-ESOR V1.2.2. Particular additions to TR-ESOR V1.2.2 include:

  • The incorporation of a logical XAIP (LXAIP) based on the established XAIP standard
  • The integration of an ASiC AIP (Archival Information Package) based on the European ASiC-E standards (ETSI EN 319 162) and LXAIP
  • The clarification of the central input interface S.4 for using SOAP Message Transmission Optimisation Mechanism (MTOM)
  • The integration of the "Preservation API" from [ETSI TS 119 512] as a functionally largely equivalent interface, which will shortly be internationally standardised, which can be used additionally or instead of the TR-ESOR S.4 interface as an input interface to the TR-ESOR middleware
  • A free testing tool for evidence records under an open source licence (Apache 2.0)
  • TR-ESOR Annex S has been set to the status "obsolete" and will not be updated any more

Therefore, TR-ESOR V1.2.2 provides effective solutions for preserving evidence even for big volumes of data on the one hand, and ensures full interoperability with the ETSI standards for (qualified) preservation services on the other hand.

The Common Criteria Protection Profile (ACMPP): BSI-CC-PP-0049-2014 published in 2014 is obsolete and will not be updated any more, nor will it be transposed to the eIDAS Regulation or the new ETSI Preservation Standards ETSI TS 119 511 and ETSI TS 119 512. Therefore, all the requirements and references relating to the "Common Criteria Protection Profile (ACMPP)" contained in TR-03125 V1.2.1 and TR-03125 V1.2.2 no longer apply, in particular the requirements relating to TR-ESOR M1:A3.3-1 and TR-ESOR C.1:M.1-01.

Certification

TR-ESOR V1.2.2 focuses on effective solutions for preserving evidence even for big volumes of data and full interoperability with the ETSI standards for (qualified) preservation services. There are no plans for a separate certification process according to TR-ESOR V1.2.2. The content of TR-ESOR V1.2.2 will flow into the revision of certification-relevant test specifications, which will be published in the first half of 2020 in TR-ESOR V1.3.

The early publication of TR-ESOR V1.2.2, which ensures a long time frame before the publication of the updated test specifications, gives product manufacturers sufficient time to implement the new technical options, such as the logical XAIP, in their products. The technical changes contained in TR-ESOR V1.2.2 will then be certified based on the revised test specifications published in TR-ESOR V1.3.

It is not currently possible to execute a separate certification according to the specifications of TR-ESOR V1.2.2.

Documents relating to BSI TR-03125 Version 1.2.1

BSI TR-03125 Beweiswerterhaltung kryptographisch signierter Dokumente Version 1.2.1

Modules

Interfaces and formats

Federal Agency profile

Text specifications (English)

XML schemes

Documents relating to BSI TR-03125 Version 1.2.2

BSI Technische Richtlinie 03125 Beweiswerterhaltung kryptographisch signierter Dokumente Version 1.2.2

Modules

Interfaces and formats

Federal Agency profile

Text specifications (English)

XML schemes

Guideline for Digital Signature, Seal and Time Stamp Formats and Evidence Records

Leitlinie für digitale Signatur-, Siegel-, Zeitstempel- formate sowie technische Beweisdaten (Evidence Record)

TR-ESOR previous versions

To the previous versions of TR-ESOR

English version of TR-ESOR

English version of BSI TR 03125 TR-ESOR (V1.3)

Similar topics

Back to State-of-the-art administration