1
/
of
7
www.ChineseStandard.us -- Field Test Asia Pte. Ltd.
GB/T 38540-2020 English PDF (GB/T38540-2020)
GB/T 38540-2020 English PDF (GB/T38540-2020)
Regular price
$205.00
Regular price
Sale price
$205.00
Unit price
/
per
Shipping calculated at checkout.
Couldn't load pickup availability
GB/T 38540-2020: Information Security Technology - Technical Specification of Secure Electronic Seal Signature Cryptography
Delivery: 9 seconds. Download (& Email) true-PDF + Invoice.
Get Quotation: Click GB/T 38540-2020 (Self-service in 1-minute)
Historical versions (Master-website): GB/T 38540-2020
Preview True-PDF (Reload/Scroll-down if blank)
GB/T 38540-2020
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Information Security Technology - Technical
Specification of Secure Electronic Seal Signature
Cryptography
ISSUED ON: MARCH 06, 2020
IMPLEMENTED ON: OCTOBER 01, 2020
Issued by: State Administration for Market Regulation;
Standardization Administration of PRC.
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative References ... 4
3 Terms and Definitions ... 4
4 Abbreviations ... 6
5 Overview ... 6
6 Electronic Seal ... 7
6.1 Data format ... 7
6.2 Generation process of electronic seal ... 11
6.3 Verification process of electronic seal ... 12
7 Electronic Seal Signature ... 13
7.1 Data format ... 13
7.2 Generation process of electronic seal signature ... 15
7.3 Verification process of electronic seal signature ... 16
Information Security Technology - Technical
Specification of Secure Electronic Seal Signature
Cryptography
1 Scope
This Standard specifies the definition of the data structure of electronic seals and
electronic signatures using cryptographic technology, and the corresponding
generation and verification process.
This Standard is applicable to the development and use of electronic seal systems and
may also be used to guide the detection of such systems.
2 Normative References
The following documents are essential to the application of this document. For the
dated documents, only the versions with the dates indicated are applicable to this
document; for the undated documents, only the latest version (including all the
amendments) are applicable to this document.
GB/T 20518 Information Security Technology - Public Key Infrastructure - Digital
Certificate Format
GB/T 20520 Information Security Technology - Public Key Infrastructure - Time
Stamp Specification
GB/T 32905 Information Security Technology SM3 Cryptographic Hash Algorithm
GB/T 32918 (all parts) Information Security Techniques – SM2 Elliptic Curve Public
Key Cryptography
GB/T 33560 Information Security Technology - Cryptographic Application Identifier
Criterion Specification
GB/T 35276 Information Security Technology - SM2 Cryptography Algorithm
Usage Specification
3 Terms and Definitions
For the purpose of this document, the following terms and definitions apply.
electronic seal.
3.8 SM2 algorithm
An elliptic curve cryptographic algorithm that is defined by GB/T 32918.
3.9 SM3 algorithm
A hash algorithm that is defined by GB/T 32905.
4 Abbreviations
For the purpose of this document, the following abbreviations apply.
ANS.1: Abstract Syntax Notation One
BMP: Bitmap
DER: Distinguished Encoding Rules
GIF Graphics Interchange Format
JPG: Joint Photographic Experts Group
OID: Object Identifier
PKI: Public Key Infrastructure
SVG: Scalable Vector Graphics
5 Overview
Secure electronic seal signature is a combination of digital image processing
technology and electronic signature technology by using PKI public key cryptography
technology to digitally sign electronic documents with stamped image data in electronic
form, to ensure the authenticity of the document source and the document Integrity,
prevent unauthorized tampering of documents, and ensure the non-repudiation of
signatures.
In order to ensure the integrity, unforgeability of the electronic seal, and only legal users
can use it, a secure electronic seal data format needs to be defined. Through digital
signature, the image data of the seal is securely bound to the seal attributes such as
the signer to form a secure electronic seal. In the process of using the seal, the
electronic seal shall be verified for security.
In the process of electronically signing various documents using electronic seals, the
signature operation on the seal information field of procedure a) above to form a
signature value;
c) The data of procedures a) and b) above, as well as the electronic seal marker
certificate and the signature algorithm identification, form the electronic seal data
format defined in 6.1.1.
6.3 Verification process of electronic seal
The verification process of electronic seal is as follows:
a) Verify the correctness of the electronic seal data format
Analyze the electronic seal according to the electronic seal format and verify
whether it conforms to the electronic seal data format defined in 6.1.
If the data format of the electronic seal is incorrect, the verification fails, then it
shall return an error code and exit the verification process.
b) Verify whether the electronic seal signature value is correct
Verify whether the signature value in the electronic seal is correct based on the
seal information, electronic seal maker certificate, and signature algorithm
identification.
If the verification of the electronic seal signature fails, it shall return an error code
and exit the verification process.
c) Verify the validity of the electronic seal maker certificate
To verify the validity of the seal maker certificate, the verification items include at
least: verification of the seal maker certificate trust chain, verification of the
validity period of the electronic seal maker certificate, whether the electronic seal
maker certificate is revoked, and whether the key usage is correct.
If the verification of the electronic seal maker certificate fails, it shall return an
error code and the exit verification process.
d) Verify the validity of the electronic seal
According to the start time and end time of the seal validity period the in the seal
attributes, verify whether the electronic seal has expired.
If the electronic seal has expired, the verification fails, it shall return an error code
and exit the verification process.
If the verification of the above procedures is successful, the electronic seal verification
is correct and effective, and the verification process may be exited normally.
the electronic seal signer; note that the algorithm used for the original text hash in the
signature process shall be coordinated with the signature algorithm. If the signature
algorithm is SM2, the hash algorithm shall use the SM3 algorithm.
If the signature algorithm uses SM2, it shall comply with the provisions of GB/T 35276.
7.1.6 Time stamp
timeStamp: time stamp on signature value shall comply with the provisions of GB/T
20520; the time stamp format shall be stored in the DER encoding.
7.2 Generation process of electronic seal signature
The generation process of electronic seal signature is as follows:
a) Prepare the electronic seal; and verify the correctness and validity of the
electronic seal. The specific procedures are as follows:
1) Verify the electronic seal. Verify the correctness and validity of the electronic
seal in accordance with 6.3.
2) Select the electronic seal signer certificate to be electronically signed and
verify the validity of the certificate. The verification items include at least:
certificate trust chain, verification of certificate validity period, whether the
certificate is revoked, and whether the key usage is correct.
3) According to the certificate list type of electronic seal signer in the electronic
seal, extract the certificate information list of electronic seal signer in the
electronic seal and use it to judge whether the selected electronic seal signer
certificate in procedure 2) is in the list. If the value of the certificate information
type is 1, the certificate is directly compared; if the value is 2, the hash of the
certificate in procedure 2) is calculated and then compared:
--- If the person who intends to sign the seal is in the list of electronic seal
signers of the electronic seal, the subsequent process will be carried out;
--- If the comparison fails, it shall return an error code and exit the seal
signature process. According to the error code, if the comparison fails
because the electronic seal signer's certificate is updated and reissued,
the program shall prompt to re-make the seal.
b) Electronically sign the original text, the specific procedures are as follows:
1) Prepare the original text to be signed according to the signature protection
scope in propertyInfo;
2) Perform a hash calculation on the original text data to be signed to form the
certificates in certificate information list of electronic seal signer in the
electronic seal. If both of the comparisons fail, it shall return an error code and
exit the verification process.
3) If the certificate information type of the above-mentioned electronic seal signer
is 2, then compare the hash value of the certificate. Firstly, calculate
procedure a) to analyze the hash value of the electronic seal signer certificate;
and then compare it with the hash values in the certificate information list of
the electronic seal signer in the electronic seal one by one. If the comparisons
fail, then it shall return an error code and exit the verification process.
d) Verify the validity of the electronic seal
1) Extract the electronic seal from the electronic seal signature information; and
verify the validity of the seal according to the 6.3 verification process of
electronic seal. If the verification fails, it shall be comprehensively judge based
on the seal signature time in the seal signature information.
2) If the invalidity of the electronic seal is caused by the invalidity of the electronic
seal maker certificate, and the electronic seal maker certificate is also invalid
at the time point of seal signature, it shall be recorded as the reminding
information.
3) If the invalidity of the electronic seal is due to expiration or revocation, and the
seal signature time is not within the validity period of the electronic seal, or
the electronic seal is not in a normal state at that time, it shall return an error
code and exit the verification process.
4) Verify whether the electronic seal is in a normal state at the moment of seal
signature. If it is not, it shall return an error code and exit the verification
process.
e) Verify the validity of the electronic seal signer certificate
1) Obtain the electronic seal signer certificate from the electronic seal signature
data and verify the validity of the electronic seal signer certificate. The
verification items include at least: verification of certificate trust chain,
verification of certificate validity period, whether the certificate is revoked, and
whether the key usage is correct.
2) If the validity verification of electronic seal signer certificate fails and is due to
verification of certificate trust chain or key usage is incorrect, it shall return an
error code and the exit the verification process.
3) If the validity verification of the electronic seal signer certificate fails and is due
to the expiration of the certificate or the certificate status has been revoked,
GB/T 38540-2020
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Information Security Technology - Technical
Specification of Secure Electronic Seal Signature
Cryptography
ISSUED ON: MARCH 06, 2020
IMPLEMENTED ON: OCTOBER 01, 2020
Issued by: State Administration for Market Regulation;
Standardization Administration of PRC.
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative References ... 4
3 Terms and Definitions ... 4
4 Abbreviations ... 6
5 Overview ... 6
6 Electronic Seal ... 7
6.1 Data format ... 7
6.2 Generation process of electronic seal ... 11
6.3 Verification process of electronic seal ... 12
7 Electronic Seal Signature ... 13
7.1 Data format ... 13
7.2 Generation process of electronic seal signature ... 15
7.3 Verification process of electronic seal signature ... 16
Information Security Technology - Technical
Specification of Secure Electronic Seal Signature
Cryptography
1 Scope
This Standard specifies the definition of the data structure of electronic seals and
electronic signatures using cryptographic technology, and the corresponding
generation and verification process.
This Standard is applicable to the development and use of electronic seal systems and
may also be used to guide the detection of such systems.
2 Normative References
The following documents are essential to the application of this document. For the
dated documents, only the versions with the dates indicated are applicable to this
document; for the undated documents, only the latest version (including all the
amendments) are applicable to this document.
GB/T 20518 Information Security Technology - Public Key Infrastructure - Digital
Certificate Format
GB/T 20520 Information Security Technology - Public Key Infrastructure - Time
Stamp Specification
GB/T 32905 Information Security Technology SM3 Cryptographic Hash Algorithm
GB/T 32918 (all parts) Information Security Techniques – SM2 Elliptic Curve Public
Key Cryptography
GB/T 33560 Information Security Technology - Cryptographic Application Identifier
Criterion Specification
GB/T 35276 Information Security Technology - SM2 Cryptography Algorithm
Usage Specification
3 Terms and Definitions
For the purpose of this document, the following terms and definitions apply.
electronic seal.
3.8 SM2 algorithm
An elliptic curve cryptographic algorithm that is defined by GB/T 32918.
3.9 SM3 algorithm
A hash algorithm that is defined by GB/T 32905.
4 Abbreviations
For the purpose of this document, the following abbreviations apply.
ANS.1: Abstract Syntax Notation One
BMP: Bitmap
DER: Distinguished Encoding Rules
GIF Graphics Interchange Format
JPG: Joint Photographic Experts Group
OID: Object Identifier
PKI: Public Key Infrastructure
SVG: Scalable Vector Graphics
5 Overview
Secure electronic seal signature is a combination of digital image processing
technology and electronic signature technology by using PKI public key cryptography
technology to digitally sign electronic documents with stamped image data in electronic
Delivery: 9 seconds. Download (& Email) true-PDF + Invoice.
Get Quotation: Click GB/T 38540-2020 (Self-service in 1-minute)
Historical versions (Master-website): GB/T 38540-2020
Preview True-PDF (Reload/Scroll-down if blank)
GB/T 38540-2020
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Information Security Technology - Technical
Specification of Secure Electronic Seal Signature
Cryptography
ISSUED ON: MARCH 06, 2020
IMPLEMENTED ON: OCTOBER 01, 2020
Issued by: State Administration for Market Regulation;
Standardization Administration of PRC.
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative References ... 4
3 Terms and Definitions ... 4
4 Abbreviations ... 6
5 Overview ... 6
6 Electronic Seal ... 7
6.1 Data format ... 7
6.2 Generation process of electronic seal ... 11
6.3 Verification process of electronic seal ... 12
7 Electronic Seal Signature ... 13
7.1 Data format ... 13
7.2 Generation process of electronic seal signature ... 15
7.3 Verification process of electronic seal signature ... 16
Information Security Technology - Technical
Specification of Secure Electronic Seal Signature
Cryptography
1 Scope
This Standard specifies the definition of the data structure of electronic seals and
electronic signatures using cryptographic technology, and the corresponding
generation and verification process.
This Standard is applicable to the development and use of electronic seal systems and
may also be used to guide the detection of such systems.
2 Normative References
The following documents are essential to the application of this document. For the
dated documents, only the versions with the dates indicated are applicable to this
document; for the undated documents, only the latest version (including all the
amendments) are applicable to this document.
GB/T 20518 Information Security Technology - Public Key Infrastructure - Digital
Certificate Format
GB/T 20520 Information Security Technology - Public Key Infrastructure - Time
Stamp Specification
GB/T 32905 Information Security Technology SM3 Cryptographic Hash Algorithm
GB/T 32918 (all parts) Information Security Techniques – SM2 Elliptic Curve Public
Key Cryptography
GB/T 33560 Information Security Technology - Cryptographic Application Identifier
Criterion Specification
GB/T 35276 Information Security Technology - SM2 Cryptography Algorithm
Usage Specification
3 Terms and Definitions
For the purpose of this document, the following terms and definitions apply.
electronic seal.
3.8 SM2 algorithm
An elliptic curve cryptographic algorithm that is defined by GB/T 32918.
3.9 SM3 algorithm
A hash algorithm that is defined by GB/T 32905.
4 Abbreviations
For the purpose of this document, the following abbreviations apply.
ANS.1: Abstract Syntax Notation One
BMP: Bitmap
DER: Distinguished Encoding Rules
GIF Graphics Interchange Format
JPG: Joint Photographic Experts Group
OID: Object Identifier
PKI: Public Key Infrastructure
SVG: Scalable Vector Graphics
5 Overview
Secure electronic seal signature is a combination of digital image processing
technology and electronic signature technology by using PKI public key cryptography
technology to digitally sign electronic documents with stamped image data in electronic
form, to ensure the authenticity of the document source and the document Integrity,
prevent unauthorized tampering of documents, and ensure the non-repudiation of
signatures.
In order to ensure the integrity, unforgeability of the electronic seal, and only legal users
can use it, a secure electronic seal data format needs to be defined. Through digital
signature, the image data of the seal is securely bound to the seal attributes such as
the signer to form a secure electronic seal. In the process of using the seal, the
electronic seal shall be verified for security.
In the process of electronically signing various documents using electronic seals, the
signature operation on the seal information field of procedure a) above to form a
signature value;
c) The data of procedures a) and b) above, as well as the electronic seal marker
certificate and the signature algorithm identification, form the electronic seal data
format defined in 6.1.1.
6.3 Verification process of electronic seal
The verification process of electronic seal is as follows:
a) Verify the correctness of the electronic seal data format
Analyze the electronic seal according to the electronic seal format and verify
whether it conforms to the electronic seal data format defined in 6.1.
If the data format of the electronic seal is incorrect, the verification fails, then it
shall return an error code and exit the verification process.
b) Verify whether the electronic seal signature value is correct
Verify whether the signature value in the electronic seal is correct based on the
seal information, electronic seal maker certificate, and signature algorithm
identification.
If the verification of the electronic seal signature fails, it shall return an error code
and exit the verification process.
c) Verify the validity of the electronic seal maker certificate
To verify the validity of the seal maker certificate, the verification items include at
least: verification of the seal maker certificate trust chain, verification of the
validity period of the electronic seal maker certificate, whether the electronic seal
maker certificate is revoked, and whether the key usage is correct.
If the verification of the electronic seal maker certificate fails, it shall return an
error code and the exit verification process.
d) Verify the validity of the electronic seal
According to the start time and end time of the seal validity period the in the seal
attributes, verify whether the electronic seal has expired.
If the electronic seal has expired, the verification fails, it shall return an error code
and exit the verification process.
If the verification of the above procedures is successful, the electronic seal verification
is correct and effective, and the verification process may be exited normally.
the electronic seal signer; note that the algorithm used for the original text hash in the
signature process shall be coordinated with the signature algorithm. If the signature
algorithm is SM2, the hash algorithm shall use the SM3 algorithm.
If the signature algorithm uses SM2, it shall comply with the provisions of GB/T 35276.
7.1.6 Time stamp
timeStamp: time stamp on signature value shall comply with the provisions of GB/T
20520; the time stamp format shall be stored in the DER encoding.
7.2 Generation process of electronic seal signature
The generation process of electronic seal signature is as follows:
a) Prepare the electronic seal; and verify the correctness and validity of the
electronic seal. The specific procedures are as follows:
1) Verify the electronic seal. Verify the correctness and validity of the electronic
seal in accordance with 6.3.
2) Select the electronic seal signer certificate to be electronically signed and
verify the validity of the certificate. The verification items include at least:
certificate trust chain, verification of certificate validity period, whether the
certificate is revoked, and whether the key usage is correct.
3) According to the certificate list type of electronic seal signer in the electronic
seal, extract the certificate information list of electronic seal signer in the
electronic seal and use it to judge whether the selected electronic seal signer
certificate in procedure 2) is in the list. If the value of the certificate information
type is 1, the certificate is directly compared; if the value is 2, the hash of the
certificate in procedure 2) is calculated and then compared:
--- If the person who intends to sign the seal is in the list of electronic seal
signers of the electronic seal, the subsequent process will be carried out;
--- If the comparison fails, it shall return an error code and exit the seal
signature process. According to the error code, if the comparison fails
because the electronic seal signer's certificate is updated and reissued,
the program shall prompt to re-make the seal.
b) Electronically sign the original text, the specific procedures are as follows:
1) Prepare the original text to be signed according to the signature protection
scope in propertyInfo;
2) Perform a hash calculation on the original text data to be signed to form the
certificates in certificate information list of electronic seal signer in the
electronic seal. If both of the comparisons fail, it shall return an error code and
exit the verification process.
3) If the certificate information type of the above-mentioned electronic seal signer
is 2, then compare the hash value of the certificate. Firstly, calculate
procedure a) to analyze the hash value of the electronic seal signer certificate;
and then compare it with the hash values in the certificate information list of
the electronic seal signer in the electronic seal one by one. If the comparisons
fail, then it shall return an error code and exit the verification process.
d) Verify the validity of the electronic seal
1) Extract the electronic seal from the electronic seal signature information; and
verify the validity of the seal according to the 6.3 verification process of
electronic seal. If the verification fails, it shall be comprehensively judge based
on the seal signature time in the seal signature information.
2) If the invalidity of the electronic seal is caused by the invalidity of the electronic
seal maker certificate, and the electronic seal maker certificate is also invalid
at the time point of seal signature, it shall be recorded as the reminding
information.
3) If the invalidity of the electronic seal is due to expiration or revocation, and the
seal signature time is not within the validity period of the electronic seal, or
the electronic seal is not in a normal state at that time, it shall return an error
code and exit the verification process.
4) Verify whether the electronic seal is in a normal state at the moment of seal
signature. If it is not, it shall return an error code and exit the verification
process.
e) Verify the validity of the electronic seal signer certificate
1) Obtain the electronic seal signer certificate from the electronic seal signature
data and verify the validity of the electronic seal signer certificate. The
verification items include at least: verification of certificate trust chain,
verification of certificate validity period, whether the certificate is revoked, and
whether the key usage is correct.
2) If the validity verification of electronic seal signer certificate fails and is due to
verification of certificate trust chain or key usage is incorrect, it shall return an
error code and the exit the verification process.
3) If the validity verification of the electronic seal signer certificate fails and is due
to the expiration of the certificate or the certificate status has been revoked,
GB/T 38540-2020
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Information Security Technology - Technical
Specification of Secure Electronic Seal Signature
Cryptography
ISSUED ON: MARCH 06, 2020
IMPLEMENTED ON: OCTOBER 01, 2020
Issued by: State Administration for Market Regulation;
Standardization Administration of PRC.
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative References ... 4
3 Terms and Definitions ... 4
4 Abbreviations ... 6
5 Overview ... 6
6 Electronic Seal ... 7
6.1 Data format ... 7
6.2 Generation process of electronic seal ... 11
6.3 Verification process of electronic seal ... 12
7 Electronic Seal Signature ... 13
7.1 Data format ... 13
7.2 Generation process of electronic seal signature ... 15
7.3 Verification process of electronic seal signature ... 16
Information Security Technology - Technical
Specification of Secure Electronic Seal Signature
Cryptography
1 Scope
This Standard specifies the definition of the data structure of electronic seals and
electronic signatures using cryptographic technology, and the corresponding
generation and verification process.
This Standard is applicable to the development and use of electronic seal systems and
may also be used to guide the detection of such systems.
2 Normative References
The following documents are essential to the application of this document. For the
dated documents, only the versions with the dates indicated are applicable to this
document; for the undated documents, only the latest version (including all the
amendments) are applicable to this document.
GB/T 20518 Information Security Technology - Public Key Infrastructure - Digital
Certificate Format
GB/T 20520 Information Security Technology - Public Key Infrastructure - Time
Stamp Specification
GB/T 32905 Information Security Technology SM3 Cryptographic Hash Algorithm
GB/T 32918 (all parts) Information Security Techniques – SM2 Elliptic Curve Public
Key Cryptography
GB/T 33560 Information Security Technology - Cryptographic Application Identifier
Criterion Specification
GB/T 35276 Information Security Technology - SM2 Cryptography Algorithm
Usage Specification
3 Terms and Definitions
For the purpose of this document, the following terms and definitions apply.
electronic seal.
3.8 SM2 algorithm
An elliptic curve cryptographic algorithm that is defined by GB/T 32918.
3.9 SM3 algorithm
A hash algorithm that is defined by GB/T 32905.
4 Abbreviations
For the purpose of this document, the following abbreviations apply.
ANS.1: Abstract Syntax Notation One
BMP: Bitmap
DER: Distinguished Encoding Rules
GIF Graphics Interchange Format
JPG: Joint Photographic Experts Group
OID: Object Identifier
PKI: Public Key Infrastructure
SVG: Scalable Vector Graphics
5 Overview
Secure electronic seal signature is a combination of digital image processing
technology and electronic signature technology by using PKI public key cryptography
technology to digitally sign electronic documents with stamped image data in electronic
Share
