Skip to product information
1 of 12

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GM/T 0018-2012 English PDF (GMT0018-2012)

GM/T 0018-2012 English PDF (GMT0018-2012)

Regular price $175.00 USD
Regular price Sale price $175.00 USD
Sale Sold out
Shipping calculated at checkout.
Quotation: In 1-minute, 24-hr self-service. Click here GM/T 0018-2012 to get it for Purchase Approval, Bank TT...

GM/T 0018-2012: Interface specifications of cryptography device application

This Standard specifies the application interface specifications of service-based cryptography device under the public key cryptographic infrastructure application technology system. This Standard is applicable to the development and usage of the service-based cryptography device as well as the application development based on such cryptography device. It can also be used to guide the testing of such cryptography device.
GM/T 0018-2012
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE REPUBLIC OF CHINA
ICS 35.040
L 80
File No.. 38316-2013
Interface specifications of
cryptography device application
ISSUED ON. NOVEMBER 22, 2012
IMPLEMENTED ON. NOVEMBER 22, 2012
Issued by. State Cryptography Administration
Table of Contents
Foreword ... 5
Introduction .. 6
1 Scope .. 7
2 Normative references ... 7
3 Terms and definitions ... 7
4 Symbols and abbreviations ... 8
5 Algorithm identifier and data structure ... 9
5.1 Definition of algorithm identifier .. 9
5.2 Definition of device information ... 9
5.3 Key classification and memory definition ... 10
5.3.1 Device key and user key ... 10
5.3.2 Key encrypt key ... 10
5.3.3 Session key .. 10
5.4 Definition of RSA key data structure .. 11
5.5 Definition of ECC key data structure .. 12
5.6 Definition of ECC encryption data structure ... 12
5.7 Definition of ECC signature data structure .. 13
5.8 ECC encryption key pair protection structure ... 13
5.8.1 Type definition .. 13
5.8.2 Data item description ... 13
6 Device interface description ... 14
6.1 Location of the cryptography device application interface in the public key cryptographic infrastructure application technology framework ... 14
6.2 Device management functions ... 15
6.2.1 Open device ... 15
6.2.2 Close device ... 15
6.2.3 Open session .. 16
6.2.4 Close session .. 16
6.2.5 Get device information ... 16
6.2.6 Generate random number ... 17
6.2.7 Get private key access right .. 17
6.2.8 Release private key access right .. 18
6.3 Key management functions ... 18
6.3.1 Export RSA signature public key ... 19
6.3.2 Export RSA encryption public key ... 19
6.3.3 Generate RSA asymmetric key pair and output ... 20
6.3.4 Generate session key and encrypt output with internal RSA public key ... 20 6.3.5 Generate session key and encrypt output with external RSA public key ... 21 6.3.6 Import session key and use internal RSA private key for decryption .. 22 6.3.7 Digital envelope exchange based on RSA algorithm ... 22
6.3.8 Export ECC signature public key ... 23
6.3.9 Export ECC encryption public key .. 24
6.3.10 Generate ECC asymmetric key pair and output ... 24
6.3.11 Generate session key and encrypt output with internal ECC public key ... 25 6.3.12 Generate session key and encrypt output with external ECC public key ... 25 6.3.13 Import session key and use internal ECC private key for decryption ... 26 6.3.14 Generate key agreement parameter and output .. 27
6.3.15 Calculate session key ... 28
6.3.16 Generate agreement data and calculate session key ... 29
6.3.17 Digital envelope exchange based on ECC algorithm .. 30
6.3.18 Generate session key and encrypt output with key encrypt key ... 31 6.3.19 Import session key and use key encrypt key for decryption .. 31 6.3.20 Destroy session key ... 32
6.4 Asymmetric algorithm operation functions .. 32
6.4.1 External public key RSA operation .. 33
6.4.2 Internal public key RSA operation ... 34
6.4.3 Internal private key RSA operation .. 34
6.4.4 External key ECC verification ... 35
6.4.5 Internal key ECC signature ... 36
6.4.6 Internal key ECC verification .. 36
6.4.7 External key ECC encryption ... 37
6.5 Symmetric algorithm operation functions ... 38
6.5.1 Symmetric encryption .. 38
6.5.2 Symmetric decryption .. 39
6.5.3 Calculate MAC.. 40
6.6 Hash operation functions ... 40
6.6.1 Hash operation initialization ... 41
6.6.2 Multi-packet hash operation .. 41
6.6.3 Hash operation finalization ... 42
6.7 User file operation functions ... 42
6.7.1 Create file ... 42
6.7.2 Read file ... 43
6.7.3 Write file .. 44
6.7.4 Delete file ... 44
7 Safety requirements ... 45
7.1 Key management requirements ... 45
7.2 Cryptographic service requirements ... 45
7.3 Device state requirements .. 45
7.4 Other security requirements .. 46
Annex A (Normative) Definition of function return code .. 47
References ... 49
Foreword
This Standard was drafted in accordance with the rules given in GB/T 1.1-2009. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. The issuing authority shall not be held responsible for identifying any or all such patent rights.
Annex A of this Standard is normative.
This Standard was proposed by and shall be under the jurisdiction of State Cryptography Administration.
Drafting organizations of this Standard. Westone Information Industry Inc., Wuxi Jiangnan Information Security Engineering Technology Center, Shanghai Koal Software Co., Ltd, Beijing Certificate Authority, Xingtang Telecommunications Technology Co., Ltd, Shandong DEAN Information Technology Co., Ltd, Beijing Haitai Fangyuan Technologies Co., Ltd.
Main drafters of this Standard. Liu Ping, Li Yuanzheng, Xu Qiang, Tan Wuzheng, Li Shusheng, Li Yufeng, Gao Zhiquan, Liu Zengshou.
Interface specifications of
cryptography device application
1 Scope
This Standard specifies the application interface specifications of service-based cryptography device under the public key cryptographic infrastructure
application technology system.
This Standard is applicable to the development and usage of the service-based cryptography device as well as the application development based on such cryptography device. It can also be used to guide the testing of such
cryptography device.
2 Normative references
The following documents are essential to the application of this document. For dated references, only the editions with the dates indicated are applicable to this document. For undated references, only the latest editions (including all the amendments) are applicable to this document.
GM/T 0006 Cryptographic application identifier criterion specification
GM/T 0009 SM2 cryptography algorithm application specification
3 Terms and definitions
The following terms and definitions are applicable to this document.
3.1 Algorithm identifier
A symbol that is used to uniquely identify the cryptographic algorithm. 3.2 Asymmetric cryptographic algorithm / public key cryptographic
algorithm
A cryptographic algorithm that uses different keys for encryption and decryption. 3.3 Decipherment / decryption
The inverse process corresponding to the encryption process.
3.4 Device key pair
An asymmetric key pair that is stored in the device for device management, including a signature key pair and an encryption key pair.
3.5 Encipherment / encryption
The process of performing cryptographic transformation on the data to produce ciphertext.
3.6 Key encrypt key; KEK
A key that performs encipherment protection on the key.
3.7 Public key infrastructure; PKI
Generally applicable infrastructure that is established with public key cryptography for providing users with security services such as certificate management and key management.
3.8 Private key access password
A password that is used to verify the private key access.
3.9 Symmetric cryptographic technique
The cryptographic technique in which both the originator and the receiver use the same secret key for transformation, where the encryption key is the same as the decryption key or a cryptographic technique in which one key can be derived from another key.
3.10 Session key
The key in the lowest layer in the hierarchical key structure, which is used in only one session.
3.11 User key
An asymmetric key that is stored in the device for the application cryptographic operation, including a signature key pair and an encryption key pair.
4 Symbols and abbreviations
The following abbreviations are applicable to this Standard.
ECC. Elliptic Curve Cryptography
IPK. Internal Public Key
6.2 Device management functions
The device management functions include the following specific functions. For the return value of each function, SEE Annex A Definition of function return code. A. Open device.
B. Close device.
C. Open session.
D. Close session.
E. Get device information.
F. Generate random number.
G. Get private key access right.
H. Release private key access right.
6.2.1 Open device
Prototype.
Description. OPEN the cryptography device.
Parameter.
. RETURN the device handle
Return value. 0. Success
Non-0. Failed, RETURN the error code
Remark. is initialized by the function and filled in the content.
6.2.2 Close device
Prototype.
Description. CLOSE the cryptography device; RELEASE the relevant resources. Parameter... Opened device handle
Return value. 0. Success
Non-0. Failed, RETURN the error code
6.2.8 Release private key access right
Prototype.
Description. RELEASE the access right of the specified index private key stored in the cryptography device.
Parameter... Session handle that...

View full details