1
/
of
12
PayPal, credit cards. Download editable-PDF & invoice in 1 second!
GM/T 0071-2019 English PDF (GMT0071-2019)
GM/T 0071-2019 English PDF (GMT0071-2019)
Regular price
$230.00 USD
Regular price
Sale price
$230.00 USD
Unit price
/
per
Shipping calculated at checkout.
Couldn't load pickup availability
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GM/T 0071-2019
Historical versions: GM/T 0071-2019
Preview True-PDF (Reload/Scroll if blank)
GM/T 0071-2019: Guidance of cryptographic application for electronic records
GM/T 0071-2019
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Guidance of cryptographic application for electronic
records
ISSUED ON: JULY 12, 2019
IMPLEMENTED ON: JULY 12, 2019
Issued by: State Cryptography Administration
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative references ... 4
3 Terms and definitions ... 5
4 Abbreviations ... 6
5 Overview ... 6
6 Cryptographic operation method for electronic records ... 10
7 Cryptographic application method for application system ... 16
8 Reference of cryptographic application for electronic records ... 21
Appendix A (Informative) Example of cryptographic application for
administrative electronic records creation and transaction system ... 22
Guidance of cryptographic application for electronic
records
1 Scope
This Standard proposes the technical framework and security goals of the
cryptographic application for electronic records, and describes the method of
performing cryptographic operations for electronic records and the method of
using cryptographic technique in the application system of electronic records.
This Standard applies to the development and use of application system of
electronic records.
2 Normative references
The following documents are indispensable for the application of this document.
For dated references, only the dated version applies to this document. For
undated references, the latest edition (including all amendments) applies to this
document.
GB/T 20518, Information security technology - Public key infrastructure -
Digital certificate format
GB/T 25069-2010, Information security technology glossary
GB/T 31913-2015, General functional requirements for administrative
electronic records creation and transaction system
GB/T 32905, Information security techniques - SM3 cryptographic hash
algorithm
GB/T 32907, Information security technology - SM4 block cipher algorithm
GB/T 32918, Information security technology - Public key cryptographic
algorithm SM2 based on elliptic curves
GB/T 35275, Information security technology - SM2 cryptographic algorithm
encrypted signature message syntax specification
GM/T 0019, Universal cryptography service interface specification
GM/T 0031, Secure electronic seal cryptography technical specification
GM/T 0033, Interface specifications of time stamp
In order to achieve the security goal of electronic record management,
cryptographic technology shall be used to ensure the security of the entire life
cycle of electronic records. That is, ensure that the formation process of
electronic records is true and reliable; ensure that electronic records are not
tampered during transmission (exchange), reception and storage; ensure that
electronic records are not leaked to unauthorized visitors; ensure that operators
of electronic records cannot deny their operating behaviors and processing
results.
The security of electronic records is guaranteed by the security of record
content and the security of record attributes.
5.3 Application system
Follow GB/T 31913-2015; in the whole life cycle of electronic records, three
types of systems are generally experienced, namely business system,
electronic records management system, and electronic records long-term
preservation system.
The business system is also called the electronic records creation and
transaction system, which mainly provides business functions that are involved
in the process from creation to transaction for electronic records, and provides
the data interface that is connected to other systems. The electronic records
management system is responsible for capturing electronic records from the
business system, maintaining various associations between records, record
and business, supporting inquiry and utilization, and disposing them in an
orderly, systematic, and auditable manner. The electronic records long-term
preservation system maintains and provides use of electronic records in a
correct and long-term effective way.
5.4 Data user
The user is the operator of the application system, including the business
operator of the electronic records and the system manager of the application
system.
Business operators refer to the personnel who performs specific operations
such as creation, modification, authorization, reading, signing, stamping,
printing, circulation, archiving and destruction of electronic records in the
business system, electronic records management system and electronic
records long-term preservation system.
System managers refer to the personnel who manages and maintains the
application system, including system manager, audit manager and
confidentiality manager.
5.5 Electronic records
The cryptographic operation of electronic records requires the use of symmetric,
asymmetric, and hash algorithms. According to the scenario, use GB/T 32918,
GB/T 32905, GB/T 32907, or a cryptographic algorithm that is recognized by
the national cryptographic management authority.
The symmetric algorithm is used to encrypt and decrypt record content and
record attributes. The asymmetric algorithm is used to encrypt and decrypt
symmetric keys, and perform digital signatures and signature verification. The
hash algorithm is used for integrity calculation and verification. The symmetric
algorithm can adopt multiple modes such as CBC, OFB, CFB, CTR. When
using OFB and CFB modes, the application system shall set the number of
feedback bits.
The call to the cryptographic algorithm is completed through the identifier of the
cryptographic algorithm.
5.6.2 Universal cryptography service
Universal cryptography services include digital certificate service,
encryption/decryption services, signature/verification services, hash computing
service. Universal cryptography services are provided by cryptographic
infrastructure such as certificate authentication systems, cryptographic
devices/components, and are implemented by calling related service interfaces.
Certificate authentication systems and cryptographic devices/components that
provide cryptographic services shall comply with relevant national standards
and industry standards, and be certified and approved by the national
cryptographic management authority. The cryptographic service interface shall
follow GM/T 0019. The digital certificate format shall follow GB/T 20518. The
signature syntax shall follow GB/T 35275.
5.6.3 Typical cryptography service
Typical cryptography service includes authentication service, digital stamp
service, time stamp service:
-- The authentication service is used to realize user authentication that is
based on digital certificates;
-- The digital stamp service is used to stamp, verify and read the stamp of
electronic records. The digital stamp service interface shall follow GM/T
0031;
-- The time stamp service is used to provide time information for digital
signatures and digital stamps. The time stamp service interface shall
follow GM/T 0033.
5.6.4 Key
When the record attributes are maintained by the application system, the
application system shall directly perform encryption and decryption of the
specified record content. The symmetric key for encryption shall be randomly
generated; one cypher for one record shall be ensured; and the application
system cannot obtain a clear symmetric key.
The record content encryption method is as follows:...
Get QUOTATION in 1-minute: Click GM/T 0071-2019
Historical versions: GM/T 0071-2019
Preview True-PDF (Reload/Scroll if blank)
GM/T 0071-2019: Guidance of cryptographic application for electronic records
GM/T 0071-2019
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Guidance of cryptographic application for electronic
records
ISSUED ON: JULY 12, 2019
IMPLEMENTED ON: JULY 12, 2019
Issued by: State Cryptography Administration
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative references ... 4
3 Terms and definitions ... 5
4 Abbreviations ... 6
5 Overview ... 6
6 Cryptographic operation method for electronic records ... 10
7 Cryptographic application method for application system ... 16
8 Reference of cryptographic application for electronic records ... 21
Appendix A (Informative) Example of cryptographic application for
administrative electronic records creation and transaction system ... 22
Guidance of cryptographic application for electronic
records
1 Scope
This Standard proposes the technical framework and security goals of the
cryptographic application for electronic records, and describes the method of
performing cryptographic operations for electronic records and the method of
using cryptographic technique in the application system of electronic records.
This Standard applies to the development and use of application system of
electronic records.
2 Normative references
The following documents are indispensable for the application of this document.
For dated references, only the dated version applies to this document. For
undated references, the latest edition (including all amendments) applies to this
document.
GB/T 20518, Information security technology - Public key infrastructure -
Digital certificate format
GB/T 25069-2010, Information security technology glossary
GB/T 31913-2015, General functional requirements for administrative
electronic records creation and transaction system
GB/T 32905, Information security techniques - SM3 cryptographic hash
algorithm
GB/T 32907, Information security technology - SM4 block cipher algorithm
GB/T 32918, Information security technology - Public key cryptographic
algorithm SM2 based on elliptic curves
GB/T 35275, Information security technology - SM2 cryptographic algorithm
encrypted signature message syntax specification
GM/T 0019, Universal cryptography service interface specification
GM/T 0031, Secure electronic seal cryptography technical specification
GM/T 0033, Interface specifications of time stamp
In order to achieve the security goal of electronic record management,
cryptographic technology shall be used to ensure the security of the entire life
cycle of electronic records. That is, ensure that the formation process of
electronic records is true and reliable; ensure that electronic records are not
tampered during transmission (exchange), reception and storage; ensure that
electronic records are not leaked to unauthorized visitors; ensure that operators
of electronic records cannot deny their operating behaviors and processing
results.
The security of electronic records is guaranteed by the security of record
content and the security of record attributes.
5.3 Application system
Follow GB/T 31913-2015; in the whole life cycle of electronic records, three
types of systems are generally experienced, namely business system,
electronic records management system, and electronic records long-term
preservation system.
The business system is also called the electronic records creation and
transaction system, which mainly provides business functions that are involved
in the process from creation to transaction for electronic records, and provides
the data interface that is connected to other systems. The electronic records
management system is responsible for capturing electronic records from the
business system, maintaining various associations between records, record
and business, supporting inquiry and utilization, and disposing them in an
orderly, systematic, and auditable manner. The electronic records long-term
preservation system maintains and provides use of electronic records in a
correct and long-term effective way.
5.4 Data user
The user is the operator of the application system, including the business
operator of the electronic records and the system manager of the application
system.
Business operators refer to the personnel who performs specific operations
such as creation, modification, authorization, reading, signing, stamping,
printing, circulation, archiving and destruction of electronic records in the
business system, electronic records management system and electronic
records long-term preservation system.
System managers refer to the personnel who manages and maintains the
application system, including system manager, audit manager and
confidentiality manager.
5.5 Electronic records
The cryptographic operation of electronic records requires the use of symmetric,
asymmetric, and hash algorithms. According to the scenario, use GB/T 32918,
GB/T 32905, GB/T 32907, or a cryptographic algorithm that is recognized by
the national cryptographic management authority.
The symmetric algorithm is used to encrypt and decrypt record content and
record attributes. The asymmetric algorithm is used to encrypt and decrypt
symmetric keys, and perform digital signatures and signature verification. The
hash algorithm is used for integrity calculation and verification. The symmetric
algorithm can adopt multiple modes such as CBC, OFB, CFB, CTR. When
using OFB and CFB modes, the application system shall set the number of
feedback bits.
The call to the cryptographic algorithm is completed through the identifier of the
cryptographic algorithm.
5.6.2 Universal cryptography service
Universal cryptography services include digital certificate service,
encryption/decryption services, signature/verification services, hash computing
service. Universal cryptography services are provided by cryptographic
infrastructure such as certificate authentication systems, cryptographic
devices/components, and are implemented by calling related service interfaces.
Certificate authentication systems and cryptographic devices/components that
provide cryptographic services shall comply with relevant national standards
and industry standards, and be certified and approved by the national
cryptographic management authority. The cryptographic service interface shall
follow GM/T 0019. The digital certificate format shall follow GB/T 20518. The
signature syntax shall follow GB/T 35275.
5.6.3 Typical cryptography service
Typical cryptography service includes authentication service, digital stamp
service, time stamp service:
-- The authentication service is used to realize user authentication that is
based on digital certificates;
-- The digital stamp service is used to stamp, verify and read the stamp of
electronic records. The digital stamp service interface shall follow GM/T
0031;
-- The time stamp service is used to provide time information for digital
signatures and digital stamps. The time stamp service interface shall
follow GM/T 0033.
5.6.4 Key
When the record attributes are maintained by the application system, the
application system shall directly perform encryption and decryption of the
specified record content. The symmetric key for encryption shall be randomly
generated; one cypher for one record shall be ensured; and the application
system cannot obtain a clear symmetric key.
The record content encryption method is as follows:...
Share











