GM/T 0033-2014 English PDF (GMT0033-2014)
GM/T 0033-2014 English PDF (GMT0033-2014)
GM/T 0033-2014: Interface specifications of time stamp
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE REPUBLIC OF CHINA
File No.. 44634-2014
Interface specifications of time stamp
ISSUED ON. FEBRUARY 13, 2014
IMPLEMENTED ON. FEBRUARY 13, 2014
Issued by. State Cryptography Administration
Table of Contents
Foreword ... 4
1 Scope .. 5
2 Normative references ... 5
3 Terms and definitions ... 5
4 Abbreviations .. 6
5 Identifiers and data structure ... 7
5.1 Definition of identifier ... 7
5.2 Cryptographic service interface .. 7
5.3 Definition of time stamp service interface constant ... 7
6 Description of time stamp service ... 8
6.1 Location of the time stamp service in the public key cryptographic
infrastructure application technology framework .. 8
6.2 Logical structure of the time stamp service interface ... 8
7 Time stamp request and response formats .. 9
7.1 Request format ... 9
7.2 Response format .. 10
8 Communication modes of the time stamp service and the time stamp
authority system ... 14
8.1 E-mail mode ... 14
8.2 File mode ... 14
8.3 Socket mode ... 15
8.4 HTTP mode ... 15
8.5 SOAP mode ... 16
9 Composition and function description of the time stamp service interface 16 9.1 General ... 16
9.2 InitEnvironment function .. 17
9.3 ClearEnvironment function ... 17
9.4 Create TS request ... 17
9.5 Create TS response ... 19
9.6 Verify TS validity ... 19
9.7 Get main TS information .. 20
9.8 Parse TS details ... 21
Annex A (Normative) Definitions and descriptions of the time stamp interface error codes ... 23
Annex B (Informative) Time stamp interface application examples ... 24 Interface specifications of time stamp
This Standard specifies the time stamp service interface for application systems and time stamp authority systems, including the format of the time stamp requests and response messages, transmission mode, and time stamp service interface function.
This Standard is applicable to the specifications of the products related to time stamp service based on the public key cryptographic infrastructure application technology framework as well as the integration and application of time stamp services.
2 Normative references
The following documents are essential to the application of this document. For dated references, only the editions with the dates indicated are applicable to this document. For undated references, only the latest editions (including all the amendments) are applicable to this document.
GB/T 20520 Information security technology - Public key infrastructure - Time stamp specification
GM/T 0006 Cryptographic application identifier criterion specification
GM/T 0010 SM2 cryptography message syntax specification
GM/T 0019 Universal cryptography service interface specification
RFC 3066 Tags for the Identification of Languages
RFC 3161 Internet X.509 Public Key Infrastructure Time-Stamp Protocol
RFC 3369 Cryptographic Message Syntax (CMS)
3 Terms and definitions
The following terms and definitions are applicable to this document.
3.1 Certification authority; CA
An entity that performs full life-cycle management of a digital certificate, also known as an electronic certification authority.
3.2 Cryptographic hash algorithm
It is also known as hash algorithm, cryptographic hash algorithm or Hash algorithm. The algorithm maps an arbitrarily long bit string to a fixed-length bit string, satisfying the following three properties.
(1) It is computationally difficult to find an input that maps to the output for a given output;
(2) It is computationally difficult to find another input that maps to the same output for a given input;
(3) It is computationally difficult to find that different inputs map to the same output.
3.3 Digital signature
The result obtained by the signer performing crypto-operation on the hash value of the data to be signed by using the private key. The result can only be verified by the signer?€?s public key for verifying the integrity of the data to be signed, the authenticity of the signer's identity and the non-repudiation of the signature. 3.4 SM2 algorithm
A public key cryptographic algorithm based on elliptic curves, with a key length of 256 bits.
3.5 Time stamp; TS
Data that is obtained by signing time and other data to be signed, for indicating the time attribute of the data.
3.6 Time stamp authority system
Management system used to generate and manage the time stamps.
3.7 Time stamp service
The time stamp authority system provides the user with the time stamp service. The file is provided by the user. The time stamp authority system issues a time stamp to this file.
The following abbreviations are applicable to this document.
DER Distinguished Encoding Rules
algorithm approved by the State Cryptography Administration. If the TSA does not identify the given cryptographic hash algorithm or if the cryptographic hash algorithm does not comply with the relevant requirements of the State
Cryptography Administration, the TSA shall refuse to provide the time stamp service and set the badAlg?€?s pkiStatusInfo structure in the return message. ?€? The reqPolicy field represents the security policy. The security policy is provided by the TSA. The user is able to select the required security policy to set this field. The type of reqPolicy is TSAPolicyId, which is defined as follows.
?€? The nonce field is a random number that is used for verifying the legitimacy of response messages and prevent replay attacks without a reliable local clock.
?€? The certReq field is used to request the TSA public key certificate. In case of true, the TSA shall provide its public key certificate in the response message. The certificate is pointed out by the SigningCertificate attribute ESSCertID in the response message, and is stored in the Certificates field of the SignedData structure in the response message.
?€? Extension is an extension field that is used for adding additional information to the application message. For an extension, whether it is a critical
extension or not, as long as it appears in the request message and cannot be identified by the TSA, the TSA shall not generate a time stamp and return the failure information (unacceptedExtension).
The time stamp request message does not need to provide the requester?€?s identity. If the TSA needs to identify the requester?€?s identity, a separate two-way identity authentication shall be carried out. The realization of two-way identity authentication is not specified in this Standard.
7.2 Response format
After receiving the application message, the TSA shall return a response message to the requester whether the application succeeds or fails. The response message is a correct time stamp or a time stamp that contains the failure information.
The ASN.1 data format that defines the time stamp response message is as follows.
?€? The version field indicates the version number of the time stamp.
?€? The policy field shall indicate which policy of the TSA the response
message is generated from. If similar fields appear in the Time Stamp Req [Translator note. TimeStampReq?], there shall be the same value herein, otherwise the error (unacceptedPolicy) shall be returned. This policy may include, but is not limited to, the following similar information.
??? Under what conditions is this time stamp used;
??? The validity of the time stamp log so that it can be verified later that the time stamp is trustworthy.
?€? The messageImprint shall have the same value as a similar field in the TimeStampReq, provided that the digest value has the same length as
expected by the hashAlgorithm tag?€?s algorithm.
?€? The serialNumber field is an integer assigned by the TSA. For each time stamp issued by a given TSA, the serialNumber shall be unique (that is, the TSA?€?s name and serial number can identify a time stamp flag). It shall be noted that this feature shall also be retained even after a possible service interruption (such as crash).
?€? The genTime is the time when TSA creates a time stamp, expressed in UTC time to reduce the confusion caused by the usage of local time zone.
?€? The accuracy indicates the maximum error that may occur in time. The sum of genTime and accuracy values can be used to obtain the upper time limit for TSA to create the time stamp. Similarly, the lower time limit for TSA to create the time stamp can be obtained by subtracting the accuracy. The
specific definition is as follows.
If the seconds, millis or micros does not appear, the values of these fields that do not appear shall be assigned 0. When the option of accuracy does not appear, the accuracy may be obtained from other ways, such as TSAPolicyId. ?€? The ordering represents the ...