Skip to product information
1 of 12

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GM/T 0015-2012 English PDF (GMT0015-2012)

GM/T 0015-2012 English PDF (GMT0015-2012)

Regular price $455.00 USD
Regular price Sale price $455.00 USD
Sale Sold out
Shipping calculated at checkout.
Quotation: In 1-minute, 24-hr self-service. Click here GM/T 0015-2012 to get it for Purchase Approval, Bank TT...

GM/T 0015-2012: Digital certificate format based on SM2 algorithm

This Standard specifies the basic structures of the digital certificate and certificate revocation list AND describes the content of each data entry in the digital certificate and certificate revocation list. This Standard is applicable to the research and development of digital certificate authentication system, operation of the digital certification authority, and security application based on digital certificate.
GM/T 0015-2012
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE REPUBLIC OF CHINA
ICS 35.040
L 80
File No.. 38313-2013
Digital certificate format based on SM2 algorithm
ISSUED ON. NOVEMBER 22, 2012
IMPLEMENTED ON. NOVEMBER 22, 2012
Issued by. State Cryptography Administration
Table of Contents
Foreword ... 3
1 Scope .. 4
2 Normative references ... 4
3 Terms and definitions ... 4
4 Abbreviations .. 5
5 Digital certificate and CRL .. 5
5.1 General .. 5
5.2 Digital certificate format ... 6
5.3 CRL format ... 35
Annex A (Normative) Certificate structure .. 42
A.1 Certificate composition (SEE Table A.1) ... 42
A.2 Basic certificate domain (SEE Table A.2) ... 42
A.3 Standard extension domain (SEE Table A.3) ... 42
Annex B (Normative) Structural examples of the certificates .. 45
B.1 Structural example of the user certificate (SEE Table B.1) ... 45
B.2 Structural example of the server certificate (SEE Table B.2) ... 45 Annex C (Normative) Certificate content tables .. 47
C.1 -- Self-signed CA certificate content table (SEE Table C.1) ... 48 C.2 Subordinate CA certificate content table (SEE Table C.2) ... 50
C.3 Entity signature certificate content table (SEE Table C.3) ... 54
C.4 Entity encryption certificate content table (SEE Table C.4) .. 58
C.5 Certificate revocation list content table (SEE Table C.5) ... 62
Annex D (Informative) Examples of digital certificate encoding ... 66
D.1 RSA digital certificate encoding ... 66
D.2 SM2 digital certificate encoding ... 70
Foreword
This Standard was drafted in accordance with the rules given in GB/T 1.1-2009. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. The issuing authority shall not be held responsible for identifying any or all such patent rights.
In this Standard, Annex A, Annex B and Annex C are normative; Annex D is informative.
This Standard was proposed by and shall be under the jurisdiction of State Cryptography Administration.
Drafting organizations of this Standard. Shanghai Koal Software Co., Ltd, Beijing Certificate Authority, Beijing Haitai Fangyuan Technologies Co., Ltd, Wuxi Jiangnan Information Security Engineering Technology Center, Shanghai Electronic Certificate Authority Center Co., Ltd, Changchun Jida Zhengyuan Information Technology Co., Ltd, Chengdu Westone Information Industry Inc., Xingtang Telecommunications Technology Co., Ltd, Beijing HuaDa ZhiBao
Electronic System Co., Ltd, Shandong DEAN Information Technology Co., Ltd, National Information Security Engineering Center, Commercial Cryptography Testing Center of State Cryptography Administration.
Drafters of this Standard. Liu Ping, Tan Wuzheng, Li Shusheng, Liu Zengshou, Xu Qiang, Liu Cheng, Zhao Lili, Li Yuanzheng, Wang Nina, Chen Yue, Kong Fanyu, Yuan Feng, Li Zhiwei.
The cryptographic algorithm involved in this Standard shall be used in
accordance with the requirements of national cryptography authority.
Digital certificate format based on SM2 algorithm
1 Scope
This Standard specifies the basic structures of the digital certificate and certificate revocation list AND describes the content of each data entry in the digital certificate and certificate revocation list.
This Standard is applicable to the research and development of digital
certificate authentication system, operation of the digital certification authority, and security application based on digital certificate.
2 Normative references
The following documents are essential to the application of this document. For dated references, only the editions with the dates indicated are applicable to this document. For undated references, only the latest editions (including all the amendments) are applicable to this document.
GB/T 16264.8 Information technology - Open systems interconnection - The directory - Part 8. Public-key and attribute certificate frameworks
GM/T 0006 Cryptographic application identifier criterion specification
GM/T 0009 SM2 cryptography algorithm application specification
GM/T 0010 SM2 cryptography message syntax specification
PKCS #7 Cryptographic message syntax standard
RFC 5280 Internet X.509 Public key infrastructure certificate and certificate revocation list (CRL) profile
3 Terms and definitions
The following terms and definitions are applicable to this document.
3.1 Digital certificate
A credible digital file that is digitally signed by a state-recognized third-party certification authority (CA) with authority, credibility and impartiality. 3.2 Certificate revocation list; CRL
A list file that is issued by CA for the revoked certificate.
3.3 CA certificate
A certificate that is issued to the digital certification authority.
3.4 Entity certificate
The end entity, also known as the user certificate, is the personal certificate, authority certificate, device certificate, etc. issued by the digital certification authority.
4 Abbreviations
The following abbreviations are applicable to this document.
CA. Certification Authority
CRL. Certificate Revocation List
DIT. Directory Information Tree
OID. Object IDentifier
PKI. Public Key Infrastructure
5 Digital certificate and CRL
5.1 General
The digital certificate has the following characteristics.
?€? Any user who is able to obtain and use the public key of the certification authority may recover the public key certified by the certification authority. ?€? Except for the certification authority, no other authorities are able to change the certificate. The certificate is unforgeable.
Since the certificate is unforgeable, it is able to publish the certificate by placing it in a directory without the need of special protection in future.
NOTE. Despite of the use of a unique name in the DIT for explicit definition of CA, it does not mean that there is any connection between the CA and the DIT.
The certification authority generates a user certificate by signing the information set. The information set includes a distinguishable user name, a public key and an optional unique identifier containing additional user information. The exact 2050.
5.2.3.5.2 UTCTime
This entry is a standard ASN.1 type that is set up for international applications, where only local time is not enough. UTCTime determines the year with two low-order digits. Time is accurate to 1min or 1s. UTCTime contains Z (for Zulu, or Greenwich Mean Time) or time difference.
In this entry, the UTCTime value must be expressed in Greenwich Mean Time (Zulu), and must contain seconds, even if the second value is zero (that is, the time format is YYMMDDHHMMSSZ). The system?€?s year field (YY) must be
interpreted as follows.
When YY is greater than or equal to 50, the year shall be interpreted as 19YY; when YY is less than 50, the year shall be interpreted as 20YY.
5.2.3.5.3 GeneralizedTime
This entry is a standard ASN.1 type that represents the variable precision of time. The GeneralizedTime field is able to contain a time difference between local time and Greenwich Mean Time.
In this entry, the GeneralizedTime value must be expressed in Greenwich Mean Time and must contain seconds, even if the second value is zero (that is, the time format is YYMMDDHHMMSSZ). The GeneralizedTime value must not
contain fractional seconds.
5.2.3.6 Subject
This entry describes the entity that corresponds to the public key in the subject public key entry. The subject name may appear in the subject entry and / or subject alternative name extension (subjectAltName). If the subject is a CA, the subject entry must be a non-null distinguished name that matches the content of the issuer entry. If the subject naming information only appears in the subject alternative name extension (for instance, the key is only bound to an email address or URL), the subject name must be a null sequence, and the subject alternative name extension must be identified as critical.
If the subject entry is non-null, this entry must contain a distinguished name (DN). The distinguished name of each subject entity that is certified by a CA must be unique. A CA is able to issue multiple certificates with the same distinguished name for the same subject entity.
The subject name extension is defined as the name type of ISO / IEC 9594- 2.2001.
5.2.3.7 Subject Public Key Info
This entry is used for identifying the public key and the corresponding public key algorithm. The public key algorithm is represented by the Algorithmldentifier structure of the algorithm identifier.
In case of RSA public key algorithm, the Algorithmldentifier structure is defined as PKCS #7. In case of SM2 public key algorithm, the Algorithmldentifier structure is defined as GM/T 0010.
5.2.3.8 IssuerUniqueID
This en...

View full details