XAdES-L 是什么东西 (附 xmldsig.xsd & XAdES.xsd)
首先订正,没有XAdES-L ,只有 XAdES-X-L
https://en.wikipedia.org/wiki/XAdES
- XAdES (also named XAdES-BES for "Basic Electronic Signature"), basic form just satisfying Directive legal requirements for advanced signature;
- XAdES-T (timestamp), adding timestamp field to protect against repudiation;
- XAdES-C (complete), adding references to verification data (certificates and revocation lists) to the signed documents to allow off-line verification and verification in future (but does not store the actual data);
- XAdES-X (extended), adding timestamps on the references introduced by XAdES-C to protect against possible compromise of certificates in chain in future;
- XAdES-X-L (extended long-term), adding actual certificates and revocation lists to the signed document to allow verification in future even if their original source is not available;
- XAdES-A (archival), adding possibility for periodical timestamping (e.g. each year) of the archived document to prevent compromise caused by weakening signature during long-time storage period.
XAdES 文档
http://www.etsi.org/deliver/etsi_ts%5C101900_101999%5C101903%5C01.04.02_60%5Cts_101903v010402p.pdf
XAdES 语法
http://uri.etsi.org/01903/v1.4.1/XAdES01903v141-201601.xsd
xmldsig 语法
https://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd#
"?" denotes zero or one occurrence; (0/1)
"+" denotes one or more occurrences;(1/N)
"*" denotes zero or more occurrences.(0/N)
最简 -X-L 示例:
<?xml version="1.0" encoding="utf-8"?> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod/> <ds:SignatureMethod/> <ds:Reference> <ds:DigestMethod/> <ds:DigestValue/> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue/> <ds:Object> <QualifyingProperties> <SignedProperties> <SignedSignatureProperties></SignedSignatureProperties> <SignedDataObjectProperties></SignedDataObjectProperties> </SignedProperties> <UnsignedProperties> <UnsignedSignatureProperties>(CompleteCertificateRefs) (CompleteRevocationRefs) (CertificatesValues) (RevocationValues)</UnsignedSignatureProperties> </UnsignedProperties> </QualifyingProperties> </ds:Object> </ds:Signature>
最简 -BES 示例:
<?xml version="1.0" encoding="utf-8"?> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod/> <ds:SignatureMethod/> <ds:Reference> <ds:DigestMethod/> <ds:DigestValue/> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue/> <ds:Object> <QualifyingProperties> <SignedProperties> <SignedSignatureProperties></SignedSignatureProperties> <SignedDataObjectProperties></SignedDataObjectProperties> </SignedProperties> <UnsignedProperties> <UnsignedSignatureProperties></UnsignedSignatureProperties> </UnsignedProperties> </QualifyingProperties> </ds:Object> </ds:Signature>