Navigation and service

BSI - Federal Office for Information Security (Link to homepage)

BSI TR 03125 TR-ESOR Preservation of Evidence of Cryptographically Signed Document V. 1.3

With the Technical Guideline BSI-TR 03125 "Preservation of Evidence of Cryptographically Signed Documents", the Federal Office for Information Security (BSI) provides a guideline that describes how electronically signed data and documents can be stored in a trustworthy manner in the sense of legally valid preservation of evidence over long periods of time - until the end of the retention periods.

Description of the Technical Guideline BSI TR 03125 TR-ESOR

The increasing digitalisation of business processes, procedures and documents in electronic form results in new challenges that did not exist in the "old world" of paper documents - or were at least significantly milder:

  • Electronic documents in and of themselves can be neither perceived nor read. Furthermore, as a rule they do not in and of themselves offer any evidence for their integrity and authenticity and for protecting and keeping the legal claims of the issuer or third parties and proof of their propriety of electronic legal and business transactions. Rather, additional technical and organisational measures must be taken in order to generate and maintain these characteristics over the long term for the purposes of the long-term preservation of electronic documents.
  • Despite the ever-shorter information technology innovation cycles, the readability and availability of business relevant information must be guaranteed for the duration of the required long retention periods - without dependency on individual products and manufacturers.
  • Also and especially in the electronic world, the access to the data and documents must comply with the requirements for data protection and data security, even over long periods of time and when systems are changed.

Thus, both the public administration and companies face the challenge of having to guarantee the readability, availability, integrity, and authenticity for increasing numbers of data and documents created, processed, and stored electronically, even in the distant future.

With the Technical Guideline (TR) BSI-TR 03125 "Preservation of Evidence of Cryptographically Signed Documents", the Federal Office for Information Security (BSI) is providing a guide that describes how both cryptographically signed or unsigned data and documents can be stored in a trustworthy manner in the sense of legally valid preservation of evidence over long periods of time - until the end of the retention periods.

In doing so, TR 03125 is not intended to replace known and established requirements and definitions. Rather, the requirements for proper preservation must be complied with for electronically signed documents, too. They are a pre-requisite for TR 03125. The proposed Reference Architecture of TR 03125 is thus not to be understood as a replacement for an archive system, but rather as a middleware that describes a possible execution of the requirements for the legally valid preservation of evidence of both cryptographically signed or unsigned documents during the legally required retention period.

The Technical Guideline is intended primarily for public authorities. Furthermore, the Technical Guideline is a recommendation, because the need for the legally compliant preservation of evidence of cryptographically signed documents is increasingly gaining importance in nearly all public and private sectors. Electronic documents such as in the health care sector or medication approvals, scanned documents, electronic invoices and receipts in day-to-day business transactions, civil registers, digital technical documents for the technical approval of aeroplanes, and many other areas require adequate solutions for long-term preservation of evidence in the scope of the advancing digitalisation of business processes. Already these few examples show the great relevance of preservation of evidence of electronic data and documents.

In doing so, BSI used the following design criteria:

  • Consideration of the relevant national and international standards
  • Consistent and complete platform and manufacturer neutrality
  • Description of a multi-client capable reference architecture that is suitable for developing cross-application and cross-product archive infrastructure services
  • Implementation orientation on execution by means of the inclusion of concrete help for developing components and interfaces (in particular in the realm of cryptographic security measures with the eCard-API-Framework and ETSI TS 119 512)

Concretely, this Technical Guideline describes a differentiated catalogue of obligatory (shall), recommended (should), and optional (can) requirements with regard to all elements and areas in which there is a need to design in order for agencies and institutions to develop effective, sustainable, and economical technical scenarios for the storage of electronically signed documents and data with the preservation of evidence.

In essence, these are:

  • Recommended data and document formats
  • A recommended exchange format for archival information packages
  • Recommendations for a reference architecture or how to deal with alternative architectures
  • Requirements for components (upstream application systems) and modules of the reference architecture as well as their dependencies
  • Provision of testing tools and test data.

Now, providers and product manufacturers can develop solutions that comply with this Guideline on the basis of the specifications at hand.

The eIDAS-Regulation (EU) No. 910/2014

Since 1 July 2016, the legal framework for electronic signatures, electronic seals and electronic timestamps has been determined by the “Regulation (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC" (eIDAS) , which is commonly known "eIDAS-Regulation".

The eIDAS-Regulation and the implementing acts based on it are intended, inter alia, to harmonise the internal market for and the regulative framework for electronic signatures, seals and time-stamps with the aim:

"(20) Cooperation by Member States should facilitate the technical interoperability of the notified electronic identification schemes with a view to fostering a high level of trust and security appropriate to the degree of risk. The exchange of information and the sharing of best practices between Member States with a view to their mutual recognition should help such cooperation."

According to eIDAS, also electronic seals from legal persons can be employed to electronic documents additionally to electronic signatures from natural persons and electronic time-stamps. The seal is a legal extension in Germany. Furthermore, eIDAS makes it possible to use remote qualified electronic signatures and seals where the private key is stored in a based qualified electronic signature or seal creation device on base of an appropriate hardware security module (HSM). This will ensure that the creation of qualified electronic signatures or seals can be started by mobile devices. eIDAS also defines the legal framework for trust services for electronic registered delivery services, certification services for website authentication and preservation of evidence of electronic signatures and seals by (qualified) Preservation Services.

Whereas the European Directive 1999/93/EG as well as the German signature law, which was based on 1999/93/EG, were technologically neutral, the European Regulation 910/2014 defines in certain implementing acts occasionally the utilization of concrete technical standards to reach interoperability in Europe.

This includes, for example:

  • Whereas the European Directive 1999/93/EG as well as the German signature law, which was based on 1999/93/EG, were technologically neutral the European Regulation 910/2014 defines in certain implementing acts occasionally the utilization of concrete technical standards to reach interoperability in Europe.
  • (EU) 2015/806 – "laying down specifications relating to the form of the EU trust mark for qualified trust services";
  • (EU) 2015/1505 – "laying down technical specifications and formats relating to trusted lists";
  • (EU) 2015/1506 – "laying down specifications relating to formats of advanced electronic signatures and advanced seals to be recognized by public sector bodies... for transactions in the internal market";
  • (EU) 2016/650 – "laying down standards for security assessment of qualified electronic signature- and seal creation devices.

Further information is given by the BSI under the following Link.

The BSI Technical Guideline TR 3125 (TR-ESOR) defines no own signature formats, but uses the established European ETSI-Standards for signature formats, which are mandatory according to Annex TR-ESOR-F of TR-ESOR as well as the Implementing Act 2015/1506 laying down specifications relating to formats of advanced electronic signatures and advanced seals.

Since 01.07.2016 also qualified electronic time-stamps created by qualified trust service providers (see [eIDAS, Article 41 and 42]) can be used for preservation of evidences of cryptographically signed documents in TR-ESOR conform products. Based on these facts and since the entry into force of the German trust service law (Vertrauensdienstegesetz), qualified Preservation Services for qualified electronic signatures or seals according to [eIDAS, Article 34 & 41] can be used for the preservation of evidence of electronic signatures or seals beyond their technological validity period.

Please keep in mind that neither the eIDAS nor the relevant technical standards, e.g. EN 319 411-2 (see especially section 6.3.10.), define precisely how long the revocation status for a related certificate is accessible. Because of this, the relevant online access period of revocation status for certificate should be recognized in selection of time-stamp providers. This will ensure that the relevant status information can be retrieved done and preserved in time.

Trusted lists of qualified Trust Service Providers and Trust Services

According to Article 22 (1) of the eIDAS Regulation all member states have to provide so-called trusted lists, which contain information about qualified trust service providers in the member state as well as their provided trust services.

"If the supervisory body concludes that the trust service provider and the trust services provided by it comply with the requirements referred to in the first subparagraph, the supervisory body shall grant qualified status to the trust service provider and the trust services it provides and inform the body referred to in Article 22(3) for the purposes of updating the trusted lists referred to in Article 22(1),.. " (see [eIDAS, Article 21(2)]).

In Germany, the Federal Network Agency for Electricity, Gas, Telecommunications, Post and Railway (BNetzA) is the competent German authority for establishing, maintaining and publishing the national trusted list and the corresponding trusted list is published on the website of the BNetzA. The corresponding trusted list of the European Commissions, which links to all national trusted lists, is available under the following Link.

Current Developments of the ETSI-Preservation Standards and TR-ESOR

(1) Concerning the technical requirements for (qualified) Preservation Services the responsible ETSI standardization committee published the:

  • Special Report SR 019510, Electronic Signatures and Infrastructures (ESI); Scoping study and framework for standardization of long-term data Preservation Services, including preservation of/with digital signatures, V1.1.1 (2017-05).

The Special Report contains a representative market overview of utilized preservation solutions in Europe as well as the relevant national and international standards and e.g. a description of BSI TR 03125 TR-ESOR.

(2) Furthermore, the following standards concerning (qualified) Preservation Services are finalized and are published:

  • ETSI TS 119 511 Electronic Signatures and Infrastructures (ESI): Policy and security requirements for trust service providers providing long-term preservation of digital signatures or general data using digital signature techniques, V1.1.1 (2019-06);
  • ETSI TS 119 512 Electronic Signatures and Infrastructures (ESI): Protocols for trust service providers providing long-term data preservation, V1.2.1 (2023-05).

The BSI actively takes part in the responsible standardization committee (ETSI ESI).The core contents of TR-ESOR are included in the European standards for Preservation Services, so that TR-ESOR is fully compatible.

(3) Because of eIDAS in the Technical Guideline TR 03125 TR-ESOR v1.2.1 the references to signatures and time-stamps pursuant to Signature Act (SigG) were replaced by those ones pursuant to eIDAS and additional references to the possible utilization of qualified electronic seals were integrated too. Apart from those editorial changes, the TR-03125 TR-ESOR v1.2.1 contains no significant technical changes.

(4) In TR-ESOR v1.2.2 additional options were integrated in the Technical Guideline based on practical experiences of users and TR-ESOR-Product Manufacturers to ensure a performant processing of big data and volume of data and to facilitate the interoperability between to European Preservation Services. This is achieved by updating the TR-ESOR main document, Annex TR-ESOR-E and TR-ESOR-F as well as the scheme specifications. The other TR-ESOR Annexes of Version 1.2.1 remain unchanged in Version 1.2.2. The supplements of TR-ESOR 1.2.2 contain especially:

  • the integration of a Logical XAIP (LXAIP), based on the established XAIP-standard,
  • the integration of an ASiC-AIP, based on the European ASiC-E-Standards (EN 319 162) and LXAIP
  • the clarification of the central input interface S.4 concerning the utilization of SOAP Message Transmission Optimisation Mechanism MTOM
  • the integration of the "Preservation-interface" from (ETSI TS 119 512) as a functionally equivalent interface to the largest extent, which is internationally standardized, which can be used additionally or instead of the TR-ESOR- S.4-interface as a upper central input interface to the TR-ESOR-Middleware
  • a free verification tool for Evidence Records ERVerifyTool under an Open Source License (Apache 2.0)
  • The determination of status "historical" for TR-ESOR Annex S, which won`t be updated anymore.

Therefore, the TR-ESOR v1.2.2 provides for one thing efficient solutions for the preservation of evidences for big volumes of data and on the other hand, it ensures full interoperability to the international standards for (qualified) Preservation Services.

(4) Building on the technical additions already published to TR-ESOR V1.2.2, the focus of TR-ESOR V1.3 is on adapting the certification process in conjunction with the further development of the TR-ESOR interoperability test environment, in particular on:

  1. New annex TR-ESOR-C.2 with provision of BSI reference test data and integration of new open source test tools:

    o    (X)AIP signature validation tool: tr-esor-AIP-eIDAS-SigValidator and

    o    TR-ESOR Input Interface Test Tool according to TR-ESOR-C.2: TR-ESOR-C.2-Testbed;

  2. Updating Annex TR-ESOR-C.1 while maintaining the basic structure, but with editorial clarifications and the integration of test cases from Annex TR-ESOR-APP, V1.2.1 and V1.2.2;
  3. Updating of the scheme specifications;
  4. Updating the TR-ESOR Preservation Profiles for TR-ESOR V1.3;
  5. Introduction of two new functions according to ETSI TS 119511 and ETSI TS 119512 for the retrieval of “TR-ESOR Preservation Profile” (mandatory) and retrieval of log data (optional);
  6. Provision of the annex TR-ESOR-PEPT “Preservation Evidence Policy Templates” for TR-ESOR product manufacturers and Preservation Services in accordance with ETSI TS 119511.
  7. The annexes TR-ESOR-B and TR-ESOR-XBDP have been set to the status “historical” and will no longer be updated.

Certification

Note: From the date of publication of TR-ESOR V1.3, a certification for TR-ESOR V1.2.1 can no longer be applied for. Current certification procedures for TR-ESOR V1.2.1 remain unaffected by this fact. For TR-ESOR V1.2.2, an application for certification is possible.

New: As of 15.12.2022, an application for certification for TR-ESOR V1.3 is possible for the TR-ESOR interface TR-S4 at the BSI.

An application for certification for TR-ESOR V1.3 for the TR-ESOR interface TR-S.512 according to ETSI TS 119 512 (V1.1.2) in the profiling [TR-TRESOR-TRANS] is currently not yet possible. It is expected that in Q4 2024 the necessary requirements will be met and a corresponding application for certification against TR-ESOR V1.3 for the TR-ESOR interface TR-S.512 according to [ETSI TS 119 512] in the profiling [TR-TRESOR-TRANS] will be possible.

At this point we would also like to refer to the ETSI TS119512 TR-ESOR transformer, which transforms incoming messages in the interface format ETSI TS 119 512 (V1.1.2) to the TR-S4 message format in accordance with eIDAS and then forward them to a connected TR-ESOR V1.3 system without having to make any changes to the TR-ESOR system beforehand..

Further information on the certification of products, processes and services: Technical Guidelines (TR) program (in German language).

The Documents of BSI TR 03125 (TR-ESOR) Version 1.3

BSI Technical Guideline 03125 Preservation of Evidence of Cryptographically Signed Documents Version 1.3

Modules

Interfaces and Formats

Conformity Test Specifications

Preservation Evidence Policy Template

XML-Schemes

  • BSI-TR-ESOR-Schema-1.3.0+Profile

    • BSI-TR-ESOR-v1.3-S4-v1.0-Profile_MAX_LOCAL.xml – included in the preceding .zip
    • BSI-TR-ESOR-v1.3-S4-v1.0-Profile_MIN_LOCAL.xml – included in the preceding .zip
    • BSI-TR-ESOR-v1.3-ETSI-TS-119512-v1.1.2-Profile_MAX_LOCAL.xml – included in the preceding .zip
    • BSI-TR-ESOR-v1.3-ETSI-TS-119512-v1.1.2-Profile_MIN_LOCAL.xml – included in the preceding .zip

Guidelines for Digital Signature Techniques and TR-ESOR and Assessment Criteria for Preservation Services

Guidelines for Digital Signature Techniques and TR-ESOR and Assessment Criteria for Preservation Services

The Documents of BSI TR 03125 (TR-ESOR) Version 1.2.2

Guideline to BSI TR-03125 TR-ESOR

Modules

Interfaces and Formats

German Federal Agency Profiling

Conformity Test Specifications

XML-Schemes

Previous English Version of BSI TR 03125 TR-ESOR (V1.2)