GM/T 0056-2018 English PDF (GMT0056-2018)
GM/T 0056-2018 English PDF (GMT0056-2018)
Regular price
$430.00 USD
Regular price
Sale price
$430.00 USD
Unit price
/
per
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GM/T 0056-2018
Historical versions: GM/T 0056-2018
Preview True-PDF (Reload/Scroll if blank)
GM/T 0056-2018: Specification of cryptography application interface with nulti-applications equipment
GM/T 0056-2018
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
File No.: 62991-2018
Specification of cryptography application
interface with multi-applications equipment
ISSUED ON: MAY 02, 2018
IMPLEMENTED ON: MAY 02, 2018
Issued by: State Cryptography Administration
Table of Contents
Foreword ... 3
Introduction ... 4
1 Scope ... 5
2 Normative references ... 5
3 Terms and definitions ... 6
4 Abbreviations ... 7
5 Multi-applications equipment system framework ... 7
6 Multi-applications equipment’s cryptography application interface call flow .. 8
6.1 Cryptography application interface call flow ... 8
6.2 Cryptographic algorithm capability identity ... 10
6.3 Cryptography application interface specification ... 10
7 Cryptography application interfaces of Java technology solution ... 11
7.1 Introduction ... 11
7.2 Cryptographic algorithm capability identity ... 11
7.3 Cryptography application package definition ... 12
7.4 Cryptography application interface definition ... 12
7.5 Cryptography application class information ... 13
Annex A (Informative) Cryptography application requirements for multi-
application security management ... 43
Annex B (Informative) Multi-application security management certificate format
... 50
Bibliography ... 52
Specification of cryptography application
interface with multi-applications equipment
1 Scope
This Standard specifies the cryptography application interface of SM2/3/4
series of algorithms in multi-applications equipment, including:
- defines the identity of SM2/SM3/SM4 algorithms in multi-applications
equipment.
- defines the cryptography application interface specifications of SM2/SM3/
SM4 algorithms.
This Standard is applicable to the development of various multi-applications
equipment, and can also be used to guide the cryptography application test of
multi-applications equipment.
2 Normative references
The following documents are indispensable for the application of this document.
For dated references, only the dated version applies to this document. For
undated references, the latest edition (including all amendments) applies to this
document.
GB/T 32905-2016 Information security techniques - SM3 cryptographic hash
algorithm
GB/T 32907-2016 Information security technology - SM4 block cipher
algorithm
GB/T 32918 Information security technology - Public key cryptographic
algorithm SM2 based on elliptic curves
ISO 9797 Information technology - Security techniques - Message
authentication codes (MACs)
RFC 2898 Specification of PKCS # 5
SM4 algorithm
An algorithm defined by GB/T 32907-2016.
3.8
SM9 algorithm
A public key cryptographic algorithm based on elliptic curves, using bilinear
pairings.
4 Abbreviations
For the purpose this document, the following abbreviations apply.
AID: Application Identifier
AKEY: Auxiliary Key
API : Application Programming Interface
CBC: Cipher-block chaining
COS: Chip Operating System
ECB: Electronic Codebook
ISO : International Organization for Standardization
MAC: Message Authentication Code
MKEY: Message Key
OFB: Output Feedback
5 Multi-applications equipment system framework
Multi-applications equipment is composed of hardware layer, driver layer, OS
layer and application layer, as shown in Figure 1.
algorithmic capability of the equipment.
c) Call the cryptography application interface: If the equipment supports the
cryptographic algorithm, the upper computer software calls the user
application on the equipment. After the user application receives the call
command on the equipment, it processes according to the command.
d) Call the cryptography application interface: If the processing of the
command requires the use of the cryptography function, the call is made
through the cryptography application interface of the equipment’s
operating system.
e) Return the cryptography application interface call result: After the
cryptography application API is called, process by the algorithm and the
processing result is returned to the user application on the equipment.
f) Return the application call result: The user application on the equipment
returns the call result to the upper computer software. The process ends.
6.2 Cryptographic algorithm capability identity
Multi-applications equipment shall identify the supported cryptographic
algorithm capability so that the outer-equipment entity can know the algorithm
supported by the equipment.
Since the multi-applications equipment can be implemented by using different
technical solutions, such as Java technical solution, C technical solution, etc.,
the algorithm capability identity of the corresponding technical solutions is
described in Clause 7.
6.3 Cryptography application interface specification
The interface specification that the cryptography shall call shall be defined in
the multi-applications equipment to facilitate user application calls on the
equipment.
Since the security equipment uses different technical solutions in the
implementation, such as Java technical solution, C technical solution, etc., the
call interface specification of the corresponding technical solutions is described
in Clause 7.
7 Cryptography application interfaces of Java
technology solution
7.1 Introduction
This clause describes the capability identity and application interface
specification definition of the SM2/3/4 series of algorithms in multi-applications
equipment using the Java technology solution. Applications using the SM2/3/4
series of algorithms can call these application interfaces to use cryptographic
functions.
The key object in the cryptographic algorithm needs to create a key instance
by the GMKeyBuilder.buildKey method, and then set the key value used by the
key object by means of setXXX, etc., and the signature algorithm and
encryption and decryption algorithm will use these key objects. Symmetric key
objects include: SM4Key; asymmetric key objects include: SM2PrivateKey,
SM2PublicKey.
The signature and verification algorithm is implemented by the GMSignature
class. Before using signature and verification algorithm, it is required to get the
instance object of the corresponding algorithm by the GMSignature.getlnstance
method, and then the corresponding key object is used to achieve the purpose
of generating signature data and verifying the signature data.
The data encryption and decryption algorithm is implemented by the GMCipher
class. Before using the data encryption and decryption algorithm, it is required
to get the instance object of the corresponding algorithm by the
GMCipher.getInstance method, and then the corresponding key object is used
to achieve the purpose of encrypting or decrypting the data.
The data hash algorithm is implemented by the GMMessageDigest class.
Before using the data hash algorithm, it is required to get the instance object of
the SM3 algorithm by the GMMessageDigest.getInstance method, and then the
data can be hashed.
The GMKeyPair class is defined in the cryptographic algorithm API, for
generating an asymmetric key pair (SM2) in the cryptographic algorithm within
the equipment.
7.2 Cryptographic algorithm capability identity
The definition of multi-applications equipment’s cryptographic algorithm
capability identity is shown in Table 1.
7.5.2.2 getA
7.5.2.2.1 Declarati...
Get QUOTATION in 1-minute: Click GM/T 0056-2018
Historical versions: GM/T 0056-2018
Preview True-PDF (Reload/Scroll if blank)
GM/T 0056-2018: Specification of cryptography application interface with nulti-applications equipment
GM/T 0056-2018
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
File No.: 62991-2018
Specification of cryptography application
interface with multi-applications equipment
ISSUED ON: MAY 02, 2018
IMPLEMENTED ON: MAY 02, 2018
Issued by: State Cryptography Administration
Table of Contents
Foreword ... 3
Introduction ... 4
1 Scope ... 5
2 Normative references ... 5
3 Terms and definitions ... 6
4 Abbreviations ... 7
5 Multi-applications equipment system framework ... 7
6 Multi-applications equipment’s cryptography application interface call flow .. 8
6.1 Cryptography application interface call flow ... 8
6.2 Cryptographic algorithm capability identity ... 10
6.3 Cryptography application interface specification ... 10
7 Cryptography application interfaces of Java technology solution ... 11
7.1 Introduction ... 11
7.2 Cryptographic algorithm capability identity ... 11
7.3 Cryptography application package definition ... 12
7.4 Cryptography application interface definition ... 12
7.5 Cryptography application class information ... 13
Annex A (Informative) Cryptography application requirements for multi-
application security management ... 43
Annex B (Informative) Multi-application security management certificate format
... 50
Bibliography ... 52
Specification of cryptography application
interface with multi-applications equipment
1 Scope
This Standard specifies the cryptography application interface of SM2/3/4
series of algorithms in multi-applications equipment, including:
- defines the identity of SM2/SM3/SM4 algorithms in multi-applications
equipment.
- defines the cryptography application interface specifications of SM2/SM3/
SM4 algorithms.
This Standard is applicable to the development of various multi-applications
equipment, and can also be used to guide the cryptography application test of
multi-applications equipment.
2 Normative references
The following documents are indispensable for the application of this document.
For dated references, only the dated version applies to this document. For
undated references, the latest edition (including all amendments) applies to this
document.
GB/T 32905-2016 Information security techniques - SM3 cryptographic hash
algorithm
GB/T 32907-2016 Information security technology - SM4 block cipher
algorithm
GB/T 32918 Information security technology - Public key cryptographic
algorithm SM2 based on elliptic curves
ISO 9797 Information technology - Security techniques - Message
authentication codes (MACs)
RFC 2898 Specification of PKCS # 5
SM4 algorithm
An algorithm defined by GB/T 32907-2016.
3.8
SM9 algorithm
A public key cryptographic algorithm based on elliptic curves, using bilinear
pairings.
4 Abbreviations
For the purpose this document, the following abbreviations apply.
AID: Application Identifier
AKEY: Auxiliary Key
API : Application Programming Interface
CBC: Cipher-block chaining
COS: Chip Operating System
ECB: Electronic Codebook
ISO : International Organization for Standardization
MAC: Message Authentication Code
MKEY: Message Key
OFB: Output Feedback
5 Multi-applications equipment system framework
Multi-applications equipment is composed of hardware layer, driver layer, OS
layer and application layer, as shown in Figure 1.
algorithmic capability of the equipment.
c) Call the cryptography application interface: If the equipment supports the
cryptographic algorithm, the upper computer software calls the user
application on the equipment. After the user application receives the call
command on the equipment, it processes according to the command.
d) Call the cryptography application interface: If the processing of the
command requires the use of the cryptography function, the call is made
through the cryptography application interface of the equipment’s
operating system.
e) Return the cryptography application interface call result: After the
cryptography application API is called, process by the algorithm and the
processing result is returned to the user application on the equipment.
f) Return the application call result: The user application on the equipment
returns the call result to the upper computer software. The process ends.
6.2 Cryptographic algorithm capability identity
Multi-applications equipment shall identify the supported cryptographic
algorithm capability so that the outer-equipment entity can know the algorithm
supported by the equipment.
Since the multi-applications equipment can be implemented by using different
technical solutions, such as Java technical solution, C technical solution, etc.,
the algorithm capability identity of the corresponding technical solutions is
described in Clause 7.
6.3 Cryptography application interface specification
The interface specification that the cryptography shall call shall be defined in
the multi-applications equipment to facilitate user application calls on the
equipment.
Since the security equipment uses different technical solutions in the
implementation, such as Java technical solution, C technical solution, etc., the
call interface specification of the corresponding technical solutions is described
in Clause 7.
7 Cryptography application interfaces of Java
technology solution
7.1 Introduction
This clause describes the capability identity and application interface
specification definition of the SM2/3/4 series of algorithms in multi-applications
equipment using the Java technology solution. Applications using the SM2/3/4
series of algorithms can call these application interfaces to use cryptographic
functions.
The key object in the cryptographic algorithm needs to create a key instance
by the GMKeyBuilder.buildKey method, and then set the key value used by the
key object by means of setXXX, etc., and the signature algorithm and
encryption and decryption algorithm will use these key objects. Symmetric key
objects include: SM4Key; asymmetric key objects include: SM2PrivateKey,
SM2PublicKey.
The signature and verification algorithm is implemented by the GMSignature
class. Before using signature and verification algorithm, it is required to get the
instance object of the corresponding algorithm by the GMSignature.getlnstance
method, and then the corresponding key object is used to achieve the purpose
of generating signature data and verifying the signature data.
The data encryption and decryption algorithm is implemented by the GMCipher
class. Before using the data encryption and decryption algorithm, it is required
to get the instance object of the corresponding algorithm by the
GMCipher.getInstance method, and then the corresponding key object is used
to achieve the purpose of encrypting or decrypting the data.
The data hash algorithm is implemented by the GMMessageDigest class.
Before using the data hash algorithm, it is required to get the instance object of
the SM3 algorithm by the GMMessageDigest.getInstance method, and then the
data can be hashed.
The GMKeyPair class is defined in the cryptographic algorithm API, for
generating an asymmetric key pair (SM2) in the cryptographic algorithm within
the equipment.
7.2 Cryptographic algorithm capability identity
The definition of multi-applications equipment’s cryptographic algorithm
capability identity is shown in Table 1.
7.5.2.2 getA
7.5.2.2.1 Declarati...