Skip to product information
1 of 7

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GB/T 38540-2020 English PDF (GBT38540-2020)

GB/T 38540-2020 English PDF (GBT38540-2020)

Regular price $205.00 USD
Regular price Sale price $205.00 USD
Sale Sold out
Shipping calculated at checkout.
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GB/T 38540-2020
Historical versions: GB/T 38540-2020
Preview True-PDF (Reload/Scroll if blank)

GB/T 38540-2020: Information security technology -- Technical specification secure electronic seal signature cryptography
GB/T 38540-2020
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Information Security Technology - Technical
Specification of Secure Electronic Seal Signature
Cryptography
ISSUED ON: MARCH 06, 2020
IMPLEMENTED ON: OCTOBER 01, 2020
Issued by: State Administration for Market Regulation;
Standardization Administration of PRC.
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative References ... 4
3 Terms and Definitions ... 4
4 Abbreviations ... 6
5 Overview ... 6
6 Electronic Seal ... 7
6.1 Data format ... 7
6.2 Generation process of electronic seal ... 11
6.3 Verification process of electronic seal ... 12
7 Electronic Seal Signature ... 13
7.1 Data format ... 13
7.2 Generation process of electronic seal signature ... 15
7.3 Verification process of electronic seal signature ... 16
Information Security Technology - Technical
Specification of Secure Electronic Seal Signature
Cryptography
1 Scope
This Standard specifies the definition of the data structure of electronic seals and
electronic signatures using cryptographic technology, and the corresponding
generation and verification process.
This Standard is applicable to the development and use of electronic seal systems and
may also be used to guide the detection of such systems.
2 Normative References
The following documents are essential to the application of this document. For the
dated documents, only the versions with the dates indicated are applicable to this
document; for the undated documents, only the latest version (including all the
amendments) are applicable to this document.
GB/T 20518 Information Security Technology - Public Key Infrastructure - Digital
Certificate Format
GB/T 20520 Information Security Technology - Public Key Infrastructure - Time
Stamp Specification
GB/T 32905 Information Security Technology SM3 Cryptographic Hash Algorithm
GB/T 32918 (all parts) Information Security Techniques – SM2 Elliptic Curve Public
Key Cryptography
GB/T 33560 Information Security Technology - Cryptographic Application Identifier
Criterion Specification
GB/T 35276 Information Security Technology - SM2 Cryptography Algorithm
Usage Specification
3 Terms and Definitions
For the purpose of this document, the following terms and definitions apply.
electronic seal.
3.8 SM2 algorithm
An elliptic curve cryptographic algorithm that is defined by GB/T 32918.
3.9 SM3 algorithm
A hash algorithm that is defined by GB/T 32905.
4 Abbreviations
For the purpose of this document, the following abbreviations apply.
ANS.1: Abstract Syntax Notation One
BMP: Bitmap
DER: Distinguished Encoding Rules
GIF Graphics Interchange Format
JPG: Joint Photographic Experts Group
OID: Object Identifier
PKI: Public Key Infrastructure
SVG: Scalable Vector Graphics
5 Overview
Secure electronic seal signature is a combination of digital image processing
technology and electronic signature technology by using PKI public key cryptography
technology to digitally sign electronic documents with stamped image data in electronic
form, to ensure the authenticity of the document source and the document Integrity,
prevent unauthorized tampering of documents, and ensure the non-repudiation of
signatures.
In order to ensure the integrity, unforgeability of the electronic seal, and only legal users
can use it, a secure electronic seal data format needs to be defined. Through digital
signature, the image data of the seal is securely bound to the seal attributes such as
the signer to form a secure electronic seal. In the process of using the seal, the
electronic seal shall be verified for security.
In the process of electronically signing various documents using electronic seals, the
signature operation on the seal information field of procedure a) above to form a
signature value;
c) The data of procedures a) and b) above, as well as the electronic seal marker
certificate and the signature algorithm identification, form the electronic seal data
format defined in 6.1.1.
6.3 Verification process of electronic seal
The verification process of electronic seal is as follows:
a) Verify the correctness of the electronic seal data format
Analyze the electronic seal according to the electronic seal format and verify
whether it conforms to the electronic seal data format defined in 6.1.
If the data format of the electronic seal is incorrect, the verification fails, then it
shall return an error code and exit the verification process.
b) Verify whether the electronic seal signature value is correct
Verify whether the signature value in the electronic seal is correct based on the
seal information, electronic seal maker certificate, and signature algorithm
identification.
If the verification of the electronic seal signature fails, it shall return an error code
and exit the verification process.
c) Verify the validity of the electronic seal maker certificate
To verify the validity of the seal maker certificate, the verification items include at
least: verification of the seal maker certificate trust chain, verification of the
validity period of the electronic seal maker certificate, whether the electronic seal
maker certificate is revoked, and whether the key usage is correct.
If the verification of the electronic seal maker certificate fails, it shall return an
error code and the exit verification process.
d) Verify the validity of the electronic seal
According to the start time and end time of the seal validity period the in the seal
attributes, verify whether the electronic seal has expired.
If the electronic seal has expired, the verification fails, it shall return an error code
and exit the verification process.
If the verification of the above procedures is successful, the electronic seal verification
is correct and effective, and the verification process may be exited normally.
the electronic seal signer; note that the algorithm used for the original text hash in the
signature process shall be coordinated with the signature algorithm. If the signature
algorithm is SM2, the hash algorithm shall use the SM3 algorithm.
If the signature algorithm uses SM2, it shall comply with the provisions of GB/T 35276.
7.1.6 Time stamp
timeStamp: time stamp on signature value shall comply with the provisions of GB/T
20520; the time stamp format shall be stored in the DER encoding.
7.2 Generation process of electronic seal signature
The generation process of electronic seal signature is as follows:
a) Prepare the electronic seal; and verify the correctness and validity of the
electronic seal. The specific procedures are as follows:
1) Verify the electronic seal. Verify the correctness and validity of the electronic
seal in accordance with 6.3.
2) Select the electronic seal signer certificate to be electronically signed and
verify the validity of the certificate. The verification items include at least:
certificate trust chain, verification of certificate validity period, whether the
certificate is revoked, and whether the key usage is correct.
3) According to the certificate list type of electronic seal signer in the electronic
seal, extract the certificate information list of electronic seal signer in the
electronic seal and use it to judge whether the selected electronic seal signer
certificate in procedure 2) is in the list. If the value of the certificate information
type is 1, the cert...
View full details