Skip to product information
1 of 12

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GM/T 0017-2012 English PDF (GMT0017-2012)

GM/T 0017-2012 English PDF (GMT0017-2012)

Regular price $625.00 USD
Regular price Sale price $625.00 USD
Sale Sold out
Shipping calculated at checkout.
Quotation: In 1-minute, 24-hr self-service. Click here GM/T 0017-2012 to get it for Purchase Approval, Bank TT...

GM/T 0017-2012: Smart token cryptography application interface data format specification

This standard specifies the PKI cryptographic system-based smart token application interface data format, provides the interface- related data types, format, definition and description of parameters, security requirements. This standard applies to the development, use and testing of smart token products.
GM/T 0017-2012
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE REPUBLIC OF CHINA
ICS 35.040
L 80
File No.. 38315-2013
Smart token cryptography application
interface data format specification
ISSUED ON. NOVEMBER 22, 2012
IMPLEMENTED ON. NOVEMBER 22, 2012
Issued by. State Cryptography Administration
Table of Contents
Foreword ... 4
Introduction .. 5
1 Scope .. 6
2 Normative references ... 6
3 Terms and definitions ... 6
4 Abbreviations .. 9
5 Mark .. 10
6 Structural model ... 11
7 APDU message structure ... 11
7.1 Overview ... 11
7.2 Command APDU .. 12
7.3 Command body encoding conventions ... 13
7.4 Response APDU ... 15
8 Coding conversion of command header, data fields, and response status words ... 15
8.1 Overview ... 15
8.2 CLA (class) bytes .. 16
8.3 INS (instruction) byte .. 16
8.4 Parameter bytes ... 18
8.5 Data field bytes .. 18
8.6 Status byte ... 19
9 APDU instruction ... 21
9.1 Device management instructions ... 21
9.2 Access control instructions ... 26
9.3 Application management instructions .. 34
9.4 File management instructions ... 40
9.5 Container management instructions ... 47
9.6 Cryptography service instructions ... 56
10 Device protocol .. 108
10.1 Overview .. 108
10.2 Device identification mechanism ... 108
10.3 CCID protocol ... 108
10.4 USB Mass Storage protocol extension .. 108
10.5 HID protocol extension ... 112
Appendix A (Normative) Device return code definition and description .. 119 Appendix B (Normative) Security message calculation descriptions ... 121 Appendix C (Informative) Programming paradigm ... 123
Foreword
This Standard was drafted in accordance with the rules given in GB/T 1.1-2009. Attention is drawn to the possibility that some of the elements of this Standard may be the subject of patent rights. The issuing authority shall not be held responsible for identifying any or all such patent rights.
Appendix A and Appendix B of this standard are normative, Appendix C is informative.
This Standard was proposed by and shall be under the jurisdiction of Code Industry Standardization Technical Committee.
Main drafting organizations of this Standard. Beijing Jiangnan Tian?€?an
Technology Co., Ltd., Beijing Woqi Smart Technology Co., Ltd., Beijing Feitian Integrity Technology Co., Ltd., Beijing Tiandirong Technology Co., Ltd., Hublot Co., Ltd., Beijing Digital Certificate Authentication Center Ltd., Beijing Tianwei Integrity E-commerce Services Ltd., Beijing Guofuan E-commerce Security Authentication Co., Ltd.
Participating drafting organizations of this Standard. Beijing Haitai Fangyuan Technology Co., Ltd., Beijing Huada Zhibao Electronic Systems Co., Ltd., Beijing Daming Wuzhou Technology Co., Ltd., Banknote Credit Card Industry Development Co., Ltd., Beijing Huahong IC Design Co., Ltd., Beijing Xuanji Information Technology Co., Ltd., Beijing Chuangyuan Tiandi Technology Co., Ltd., China Railway Xin?€?an (Beijing) Information Security Technology Co., Ltd., Beijing Tiancheng Shengye Technology Co., Ltd., Oriental Port Technology Co., Ltd., Geer Century Smart Card Technology Co., Ltd., Beijing Yongxin Shibo Digital TV Technology Co., Ltd., Jida Zhengyuan Information Technology Co., Ltd., Shenzhen Wendingchuang Data Technology Co., Ltd., Wuhan Tianyu
Information Industry Co., Ltd.
The main drafters of this standard. Liu Ping, Wang Yanping, Li Shaoxiong, Liu Bo, Li Qing, Deng Xiaosi, Wang Xuelin, Li Guo, Hu Yanfen, Zhu Pengfei, Zhao Liming, Feng Chengyong, Zhang Haisong, Fu Wei.
Smart token cryptography application
interface data format specification
1 Scope
This standard specifies the PKI cryptographic system-based smart token
application interface data format, provides the interface-related data types, format, definition and description of parameters, security requirements. This standard applies to the development, use and testing of smart token products.
2 Normative references
The following documents are essential to the application of this document. For the dated documents, only the versions with the dates indicated are applicable to this document; for the undated documents, only the latest version (including all the amendments) are applicable to this standard.
GM/T 0005 Randomness test specification
GM/T 0006 Cryptographic application identifier criterion specification
GM/T 0009 SM2 Cryptography Algorithm Application Specification
GM/T 0016-2012 Smart token cryptography application interface
specification
ISO 7816-4 Identification cards - Integrated circuit cards with contacts - Part 4. Organization, security and exchange of commands
PKCS # 1 - RSA Labs, RSA encryption standard, v2.1, 2002.7
Specification for Integrated Circuit Cards Interface Devices, Revision 1.1, 3 Terms and definitions
The following terms and definitions apply to this document.
3.1
3.9
Application
A structure containing containers, device authentication key and file, with independent permission management.
3.10
Container
The unique storage space in the cryptographic device divided for the storage of key.
3.11
Device authentication
Authentication of the application by the smart token.
3.12
Device authentication key
The key used for device authentication.
3.13
Device label
Another name of device, which can be set by the user and stored inside the device.
3.14
SM1 algorithm
A group encryption algorithm, with a group length of 128 bits and a key length of 128 bits.
3.15
SM2 algorithm
An elliptic curve cryptography algorithm, with a key length of 256 bits. 3.16
SM3 algorithm
communication with the smart card through the interface complying with 7816 standard protocol;
UMS. USB Mass Storage, commonly used for peripherals such as U-disc and mobile hard disc;
APDU. Application Protocol Data Unit
CLA. Class Type of APDU;
INS. Instruction byte of Command Message of APDU;
P1. Parameter 1 in APDU Command Head;
P2. Parameter 2 in APDU Command Head;
Lc. Message data field length of APDU command;
Le. Expected return data of APDU command;
SW1. Returned Status Word One of APDU command;
SW2. Returned Status Word Two of APDU command;
RFU. Reserved for Future Use.
5 Mark
The following notation applies to this document.
?€?0?€? to ?€?9?€? and ?€?A?€? to ?€?F?€? indicate the hexadecimal number;
(B1) represents the value of the byte (B1);
B1 II B2 represent the concatenation of byte B1 (most significant byte) and B2 (least significant byte);
(B1 II B2) represents the concatenation of byte B1 and B2;
0x000 ~ 0x0F represent hexadecimal number;
XX represents a 1-byte hexadecimal number;
XXXX represents a 2-byte hexadecimal number;
XX...XX represents a 2-byte hexadecimal number;
# represents number.
9.6.28.1 Definition and scope
The DecryptUpdate command is used to decrypt multiple groups of data.
9.6.28.2 Precautions
The Decryptlnit command needs to be downloaded before downloading the
DecryptUpdate command. If the Decrypt command or DecryptFinal command
of the same key has been downloaded after downloading the Decryptlnit
command, it requires to re-download the DecryptInit command.
The length of the data to be decrypted must be an integral multiple of the group length, the device does not perform bit padding operation for the group data. 9.6.28.3 Command message
See Table 164.
Table 164 -- DecryptUpdate command message encoding
Code Length, byte Value, Hex Descriptions
CLA 1 80 -
INS 1 B0 -
P1 1 00 -
P2 1 00 -
Lc 3 00XXXX Data field length
DATA Lc XXXXXX Application ID (2 bytes) + container ID (2 bytes) + key ID (2 bytes) + group data to be decrypted Le 2 XXXX Data length expected to be sent bank. 0 indicates sending back the data of actual length 9.6.28.4 Command message data field
Command message data field consists of application ID, container ID, key ID and group data to be decrypted.
9.6.28.5 Response message data field
The response message data field is the decrypted data of the expected length. 9.6.28.6 Response message status code
The status codes that the smart token may send back are shown in Table 165. Table 165 -- EncryptUpdate command response status code
SW1 SW2 Meanings
90 00 Executed correctly
6A 8D Cited symmetric key not existed
67 00 Lc error
90 00 Executed correctly
6A 8D Data error
67 00 Lc error
69 85 Usage conditions not satisfied
6A 88 Cited application not existed
6A 94 Cited container not existed
6A 8C Cited symmetric key not existed
9.6.30 DigestInit (cryptographic hash initialization)
9.6.30.1 Definitions and scope
DigestInit is used to initialize the cryptographic hashing operation, and to specify the algorithm to calculating the cryptographic hash.
9.6.30.2 Precautions
This command can be executed at any time...

View full details