Skip to product information
1 of 12

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GM/T 0020-2012 English PDF (GMT0020-2012)

GM/T 0020-2012 English PDF (GMT0020-2012)

Regular price $345.00 USD
Regular price Sale price $345.00 USD
Sale Sold out
Shipping calculated at checkout.
Quotation: In 1-minute, 24-hr self-service. Click here GM/T 0020-2012 to get it for Purchase Approval, Bank TT...

GM/T 0020-2012: Certificate application integrated service interface specification

This Standard specifies a unified service interface for certificate application. This Standard is applicable to the development of cryptographic application service products under public key cryptographic application technology system, to the research and testing of cryptographic application support platform. It can also be used to guide the direct use of cryptographic device and the integration and development of application system of cryptographic service.
GM/T 0020-2012
GM
PASSWORD INDUSTRY STANDARD
OF THE PEOPLE REPUBLIC OF CHINA
ICS 35.040
L 80
File No.. 38318-2013
Certificate application integrated
service interface specification
ISSUED ON. NOVEMBER 22, 2012
IMPLEMENTED ON. NOVEMBER 22, 2012
Issued by. State Cryptography Administration
Table of Contents
Foreword ... 3
Introduction .. 4
1 Scope .. 5
2 Normative references ... 5
3 Terms and definitions ... 5
4 Abbreviation ... 6
5 Algorithm identifier and data structure ... 6
6 Overview of certificate application integrated service interface ... 7 7 Definition of function of certificate application integrated service interface . 8 Annex A (normative) Error code definition of integrated service interface of certificate application .. 35
Annex B (informative) Typical deployment model of integrated service interface of certificate application ... 38
Annex C (informative) Integrated example of integrated service interface of certificate application .. 40
Bibliography ... 43
Foreword
This Standard was drafted in accordance with the rules given in GB/T 1.1-2009. Attention is drawn to the possibility that some of the elements of this Standard may be the subject of patent rights. The issuing authority shall not be held responsible for identifying any or all such patent rights.
This Standard was proposed by and shall be under the jurisdiction of State Cryptography Administration.
Annex A of this Standard is normative. Annex B and Annex C are informative. The drafting organizations of this Standard. Beijing Digital Certification Co., Ltd., Shanghai Geer Software Co., Ltd., Beijing Haitai radius Technology Co., Ltd., Shanghai Digital Certificate Certification Center Co., Ltd., Wuxi Jiangnan Information Security Engineering Technology Center, Chengdu Wei Shi Tong Information Industry Co., Ltd., Changchun Ji Tai Yuan Information Technology Co., Ltd., Xing Tang Communication Technology Co., Ltd., Shandong De'an Information Technology Co., Ltd., National Information Security Engineering Technology Research Center, National Cryptography Authority Commercial
Password Detection Center.
The drafters of this Standard. Liu Ping, Li Shusheng, Tan Wuzheng, Liu
Zengshou, Liu Cheng, Xu Qiang, Li Yuanzheng, Zhao Lili, Wang Nina, Kong Fanyu, Yuan Feng, Li Zhiwei.
Any content related to cryptographic algorithm in this Standard shall be in accordance with the relevant national laws and regulations.
Certificate application integrated
service interface specification
1 Scope
This Standard specifies a unified service interface for certificate application. This Standard is applicable to the development of cryptographic application service products under public key cryptographic application technology system, to the research and testing of cryptographic application support platform. It can also be used to guide the direct use of cryptographic device and the integration and development of application system of cryptographic service.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GM/T 0006, Cryptographic Application Identifier Criterion Specification GM/T 0009, SM2 Cryptography Algorithm Application Specification
GM/T 0010, SM2 Cryptography Message Syntax Specification
GM/T 0015, Digital Certificate Format Based on SM2 Algorithm
GM/T 0019, Universal Cryptography Service Interface Specification
PKCS #7, Cryptographic Message Syntax
RFC3275, (Extensible Markup Language) XML-Signature Syntax and
Processing
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply. 3.1 digital certificate
a digital document of certification authority digital signature containing public Data type A. when the public key algorithm is RSA, the structure of the data shall follow PKCS #1; when the public key algorithm is SM2, the structure of the data shall follow GM/T 0009.
Data type B. when the public key algorithm is RSA, the structure of the data shall follow PKCS #7; when the public key algorithm is SM2, the structure of the data shall follow GM/T 0010.
6 Overview of certificate application integrated
service interface
6.1 Overview
The certificate application integrated service interface is located between the application system and the typical cryptographic service interface. It directly provides the certificate information analysis, the confidentiality, integrity, non- repudiation and other advanced cryptographic services based on digital
certificate identity and information to the application layer. The interface can be directly used for system calls, turning the application's cryptographic service request to the common cryptographic service interface, which calls
corresponding cryptographic device, through the cryptographic service
interface, to realize specific cryptographic operation and key operation. The common cryptographic service interface shall follow GM/T 0019.
The certificate application integrated service interface specified in this Specification includes two types. client service interface and server service interface. The server service interface uses descriptions of COM component form and Java form. The digital certificate format involved in this document shall follow GM/T 0015.
6.2 Client service interface
The client service interface defined in this Specification uses client control method. The client control is applicable to client program calls. The interface forms include DLL dynamic library, ActiveX control, Applet plugin, etc. The interface shall support the mainstream operating systems used by Windows XP, Windows 2000, Windows 2003, Vista, Windows 7.
The main functions of the client control interface shall include configuration management, certificate resolution, signature and authentication, encryption and decryption, digital envelop, XML data signature and authentication. When defining the client service interface, this Specification takes ActiveX control as an example for description, of which BSTR represents the function return value or parameter type is OLECHAR string type. Different development m) obtain certificate extension information. SOF_GetCertlnfoByOid
n) obtain device information. SOF_GetDevicelnfo
o) validate certificate validity. SOF_ValidateCert
p) digital signature. SOF_SignData
q) validate signature. SOF_VerifySignedData
r) file signature. SOF_SignFile
s) validate file signature. SOF_VerifySignedFile
t) encrypt data. SOF_EncryptData
u) decrypt data. SOF_DecryptData
v) file encryption. SOF_EncryptFile
w) file decryption. SOF_DecryptFile
x) message signature. SOF_SignMessage
y) validate message signature. SOF_VerifySignedMessage
z) parse message signature. SOF_GetlnfoFromSignedMessage
aa) XML digital signature. SOF_SignDataXML
bb) validate XML digital signature. SOF_VerifySignedDataXML
cc) parse XML signature data. SOF_GetXMLSignaturelnfo
dd) generate random number. SOF_GenRandom
ee) obtain latest error code. SOF_GetLastError()
Take ActiveX control form as an example to define the interface function. 7.1.2 Obtain interface version number. SOF_GetVersion
Prototype. BSTR SOF_GetVersion()
Description. Obtaining the version number of the control
Parameter. Null
Return value. Not void Successful
Void Failed
7.1.3 Set signature algorithm. SOF_SetSignMethod
Prototype. long SOF_SetSignMethod (long SignMethod)
The definitions of COM component interface functions are as follows.
a) Set certificate trust list. SOF_SetCertTrustList
b) Inquire alternative name of certificate trust list.
SOF_GetCertTrustListAltNames
c) Inquire certificate trust list. SOF_GetCertTrustList
d) Delete certificate trust list. SOF_DelCertTrustList
e) Initialize application policy. SOF_InitCertAppPolicy
f) Set signature algorithm. SOF_SetSignMethod
g) Obtain current signature algorithm. SOF_GetSignMethod
h) Set encryption algorithm. SOF_SetEncryptMethod
i) Obtain encryption algorithm. SOF_GetEncryptMethod
j) Obtain server certificate. SOF_GetServerCertificate
k) Generate random number. SOF_GenRandom
l) Obtain certificate information. SOF_GetCertInfo
m) Obtain certificate extension information. SOF_GetCertInforByOid
n) Validate certificate validity. SOF_ValidateCert
o) Digital signature. SOF_SignData
p) Validate signature. SOF_VerifySignedData
q) File signature. SOF_SignFile
r) Validate file signature. SOF_VerifySignedFile
s) Encrypt data. SOF_EncryptData
t) Decrypt data. SOF_DecryptData
u) File encryption. SOF_EncryptFile
v) File decryption. SOF_DecryptFile
w) Mess...

View full details