Skip to product information
1 of 12

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GM/T 0016-2012 English PDF (GMT0016-2012)

GM/T 0016-2012 English PDF (GMT0016-2012)

Regular price $385.00 USD
Regular price Sale price $385.00 USD
Sale Sold out
Shipping calculated at checkout.
Quotation: In 1-minute, 24-hr self-service. Click here GM/T 0016-2012 to get it for Purchase Approval, Bank TT...

GM/T 0016-2012: Smart token cryptography application interface specification

This standard specifies the PKI cryptosystem-based smart token cryptographic application interface, describes the function, the data type, the definition of parameters and equipment security requirements of the cryptographic application interface. This standard applies to the development, use and testing of smart token products.
GM/T 0016-2012
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE REPUBLIC OF CHINA
ICS 35.040
L 80
File No.. 38314-2013
Smart token cryptography
application interface specification
ISSUED ON. NOVEMBER 22, 2012
IMPLEMENTED ON. NOVEMBER 22, 2012
Issued by. State Cryptography Administration
Table of Contents
Foreword ... 3
1 Scope .. 4
2 Normative references ... 4
3 Terms and definitions ... 4
4 Abbreviations .. 5
5 Structural model ... 6
5.1 Hierarchy .. 6
5.2 Device application structure .. 6
6 Data type definition .. 8
6.1 Algorithm identification.. 8
6.2 Basic data types .. 8
6.3 Constant definition .. 9
6.4 Composite data types ... 9
7 Interface function ... 17
7.1 Device management ... 17
7.2 Access control ... 20
7.3 Application management ... 22
7.4 File management .. 24
7.5 Container management ... 26
7.6 Cryptographic service ... 29
8 Device security requirements ... 42
8.1 Device use phase ... 42
8.2 Permission management ... 43
8.3 Key security requirements .. 44
8.4 Device anti-attack requirements .. 45
Appendix A (Normative) Error code definition and description ... 46
Foreword
This Standard was drafted in accordance with the rules given in GB/T 1.1-2009. Attention is drawn to the possibility that some of the elements of this Standard may be the subject of patent rights. The issuing authority shall not be held responsible for identifying any or all such patent rights.
This Standard was proposed by and shall be under the jurisdiction of Code Industry Standardization Technical Committee.
Appendix A of this standard is normative appendix.
Main drafting organizations of this Standard. Beijing Haitai Fangyuan Science and Technology Co., Ltd., Beijing Woqi Smart Technology Co., Ltd., Beijing Daming Wuzhou Technology Co., Ltd., Hublot Co., Ltd., Shenzhen Minghua
Aohan Technology Co., Ltd., Wuhan Tianyu Information Industry Co., Ltd., Beijing Feitian Chengxin Technology Co., Ltd., Huaxiangteng Digital
Technology Co., Ltd.
Main drafters of this Standard. Liu Ping, Guo Baoan, Shi Yuping, Liu Zengshou, Hu Junyi, Guan Yanjun, Xiang Li, Lei Jiye, Hu Peng, Zhao Zaixing, Duan Xiaoyi, Liu Yufeng, Liu Weifeng, Chen Ji, He Yongfu, Li Gaofeng, Huang Dongjie, Wang Jiancheng, Wang Xuelin, Zhao Liming.
This standard involves cryptographic algorithms related content, which is implemented in accordance with the relevant state laws and regulations. Smart token cryptography
application interface specification
1 Scope
This standard specifies the PKI cryptosystem-based smart token cryptographic application interface, describes the function, the data type, the definition of parameters and equipment security requirements of the cryptographic
application interface.
This standard applies to the development, use and testing of smart token products.
2 Normative references
The following documents are essential to the application of this document. For the dated documents, only the versions with the dates indicated are applicable to this document; for the undated documents, only the latest version (including all the amendments) are applicable to this standard.
GM/T 0006 Cryptographic application identifier criterion specification
GM/T 0009 SM2 cryptography algorithm application specification
3 Terms and definitions
The following terms and definitions apply to this document.
3.1
Application
A structure including containers, device certification key and file, which has independent permission management.
3.2
Container
The unique storage space used to store the key in the cryptographic device. 3.3
Device
In this standard the smart token is collectively referred to as device. 3.4
Device authentication
Authentication of the application by the smart token.
3.5
Device authentication key
Key used for device authentication.
3.6
Label
Another name of device, which can be set by the user and stored inside the device.
3.7
Message authentication code; MAC
Message authentication algorithm output.
3.8
Administrator PIN
Administrator password, which is an ASCII string.
3.9
User PIN
The user's password, which is an ASCII string.
4 Abbreviations
The following abbreviations apply to this specification
API. Application Programming Interface
PKI. Public Key Infrastructure
Function prototype ULONG DEVAPI SKF_Encrypt (HANDLE hKey, BYTE * pbData, ULONG ulDataLen, BYTE * pbEncryptedData, ULONG * pulEncryptedLen)
Functional description Single-group data encryption operation. It uses the specified encryption key to encrypt the specified data, the encrypted data only contains one group, the encrypted ciphertext is stored in the specified buffer area. SKF_Encrypt only encrypt a single-group data, the SKF_Encrypt must be called to initialize the encryption operation before calling the SKF_Encrypt. SKF_Encrypt is equivalent to calling SKF_EncryptUpdate first and then SKF_EncryptFinal. Parameter hKey [IN] Encryption key handle.
pbData [IN] Data to be encrypted.
ulDataLen [IN] Length of data to be encrypted.
pbEncryptedData [OUT] The encrypted data buffer pointer, which can be
NULL, is used to obtain the encrypted data length.
pulEncryptedLen [IN, OUT] Input indicates the buffer length of the result data, output indicates the result data actual length.
Return value SAR_OK Success.
Others Error code.
7.6.21 Multi-group data encryption
Function prototype ULONG DEVAPI SKF_EncryptUpdate (HANDLE hKey, BYTE * pbData, ULONG ulDataLen, BYTE * pbEncryptedData, ULONG * pulEncryptedLen)
Functional description Multi-group data encryption operation. It uses the specified encryption key to encrypt the specified data, the encrypted data contains multiple group, the encrypted ciphertext is stored in the specified buffer area.
SKF_EncryptUpdate encrypts multi-group data, the SKF_EncryptInit must be called to initialize the encryption operation before calling the
SKF_EncryptUpdate. SKF_EncryptFinal must be called to end the
encryption operation after calling the SKF_EncryptUpdate.
Parameter hKey [IN] Encryption key handle.
pbData [IN] Data to be encrypted.
ulDataLen [IN] Length of data to be encrypted.
pbEncryptedData [OUT] The encrypted data buffer pointer.
pulEncryptedLen [OUT] Return the encrypted data length.
Return value SAR_OK Success.
Others Error code.
7.6.22 End encryption
Function prototype ULONG DEVAPI SKF_EncryptFinal (HANDLE hKey, BYTE *
pbEncryptedData, ULONG * pEncryptedDataLen)
Functional description End the encryption of multi-group data, return the remaining encryption result. First call SKF_Encryptlnit to initialize the encryption operation, then call SKF_EncryptUpdate to encrypt multi-group data, and finally call
SKF_EncryptFinal to end the encryption of multi-group data.
Parameter hKey [IN] Encryption key handle.
pbEncryptedData [OUT] Encrypted result buffer.
SKF_DecryptUpdate decrypts multi-group data. Before calling
SKF_DecryptUpdate, it must call SKF_Decryptlnit to initialize the decryption operation. After calling SKF_DecryptUpdate, it must call SKF_DecryptFinal to end the decryption operation.
Parameter hKey [IN] Decryption key handle.
pbEncryptedData [IN] Data to be decrypted.
ulEncryptedLen [IN] Length of data to be decrypted.
pbData [OUT] Pointer to the decrypted data buffer.
pulDataLen [IN, OUT] Input indicates the result data buffer length,
output indicates the result data actual length.
Return value SAR_OK Success.
Others Error code.
7.6.26 End decryption
Function prototype ULONG DEVAPI SKF_DecryptFinal (HANDLE hKey, BYTE *
pbDecryptedData, ULONG * pulDecryptedDataLen)
Functional description End the decryption of multi-group data. First call SKF_Decryptlnit to initialize decryption operation, and then call SKF_DecryptUpdate to decrypt multi- group data, the finally call SKF_DecryptFinal to end multi-group data
decryption.
Parameter hKey [IN] Decryption key handle.
pbDecryptedData [OUT] Point to the decrypted result buffer. If this
parameter is NULL, the length of the decrypted result
is returned by pulDecryptedDataLen.
pulDecryptedDataLen [IN, OUT] Input indicates the length of the
pbDecryptedData buffer, output indicates the length
of the decrypted result.
Return value SAR_OK Success.
Others Error code.
7.6.27 Cryptographic hash initialization
Function prototype ULONG DEVAPI SKF_Digestlnit (DEVHANDLE hDev, ULONG ulAlgID, ECCPUBLICKEYBLOB * pPubKey, unsigned char * pucID, ULONG ulIDLen,
HANDLE * phHash)
Functional description Initialize the cryptographic hash calculation operation, specify the algorithm to calculate the cryptographic hash.
Parameter hDev [IN] Device handle returned when the device is connected. ulAlgID [IN] Cryptographic hash algorithm identi...

View full details