GM/T 0123-2022 English PDF (GMT0123-2022)
GM/T 0123-2022 English PDF (GMT0123-2022)
Regular price
$200.00 USD
Regular price
Sale price
$200.00 USD
Unit price
/
per
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GM/T 0123-2022
Historical versions: GM/T 0123-2022
Preview True-PDF (Reload/Scroll if blank)
GM/T 0123-2022: Cryptography test specification for time stamp server
GM/T 0123-2022
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.030
CCS L 80
Cryptography test specification for time stamp server
ISSUED ON: NOVEMBER 20, 2022
IMPLEMENTED ON: JUNE 01, 2023
Issued by: State Cryptography Administration
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative references ... 4
3 Terms and definitions ... 5
4 Abbreviations ... 5
5 Test environment requirements ... 6
6 Test contents and test methods ... 6
6.1 Appearance and structure test ... 6
6.2 Function test ... 7
6.2.1 Initialization function test... 7
6.2.2 Device self-test test ... 7
6.2.3 Cryptographic operation test ... 7
6.2.4 Key management test ... 8
6.2.5 Random number test ... 8
6.2.6 Certificate management test ... 8
6.2.7 Time stamp service test ... 9
6.2.8 Trusted time source ... 10
6.3 Management security test ... 11
6.3.1 Configuration management test ... 11
6.3.2 Administrator management test ... 11
6.3.3 Device access control test ... 12
6.3.4 Device log recording test... 12
6.4 Performance test ... 12
6.4.1 Time stamp generation performance ... 12
6.4.2 Time stamp verification performance ... 13
6.5 Device safety test ... 13
6.6 Device environment adaptability test ... 13
6.7 Device reliability test ... 13
7 Requirements for technical documents submitted for test ... 13
8 Qualification judgment conditions ... 13
Cryptography test specification for time stamp server
1 Scope
This document specifies the test contents, test requirements and test methods for time
stamp servers.
This document applies to the cryptography test of time stamp server devices and the
development of such cryptography devices. It can also be used to guide the development
of applications based on such cryptography devices.
2 Normative references
The following referenced documents are indispensable for the application of this
document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
GB/T 9813 (all parts) General specification for computer
GB/T 20518 Information security technology - Public key infrastructure - Digital
certificate format
GB/T 20520-2006 Information security technology - Public key infrastructure - Time
stamp specification
GB/T 32905 Information security techniques - SM3 cryptographic hash algorithm
GB/T 32918 (all parts) Information security technology - Public key cryptographic
algorithm SM2 based on elliptic curves
GB/T 33560 Information security technology - Cryptographic application identifier
criterion specification
GB/T 35275 Information security technology - SM2 cryptographic algorithm
encrypted signature message syntax specification
GB/T 35276 Information security technology - SM2 cryptographic algorithm usage
specification
GM/T 0005 Randomness test specification
GM/T 0033-2014 Interface specifications of time stamp
GM/T 0039 Security test requirements for cryptographic modules
GM/T 0050 Cryptography device management - Specification of device
management technology
GM/T 0062 Random number test requirements for cryptographic modules
GM/Z 4001-2013 Cryptology terminology
3 Terms and definitions
For the purpose of this document, the terms and definitions defined in GM/Z 4001 and
the following apply.
3.1
time stamp
Data obtained by signing time and other data to be signed, used to indicate the time
attribute of the data.
3.2
application entity
The service object of the time stamp server. It can be an individual, an organization or
a system.
3.3
time stamp server
A server that provides accurate and reliable time stamp services based on PKI (Public
Key Infrastructure) technology.
3.4
smart card
An integrated circuit card containing a CPU (central processing unit) and implementing
cryptographic operations and key management.
4 Abbreviations
For the purpose of this document, the following abbreviations apply:
API: Application Programming Interface
HTTP: Hyper Text Transfer Protocol
5) cryptographic components or modules that have been certified by commercial
cryptographic test, such as encryption cards, security chips, etc.
b) The time stamp server shall support the following main components or interfaces:
1) human-computer interaction components;
2) redundant power supply;
3) manual key destruction switch;
4) serial port;
5) timing antenna.
6.2 Function test
6.2.1 Initialization function test
The time stamp server shall have the initialization function to realize the conversion
from the initial status to the ready status of the device.
The initialization operation of the time stamp server mainly includes the initial
configuration of the system, the initialization of the administrator or operator, and the
initial key generation (or recovery) and installation. Only after the initialization
operation is completed can the cryptography service be provided. The time stamp server
that has been initialized can automatically enter the ready status and provide
cryptography services.
6.2.2 Device self-test test
The time stamp server shall have the self-test function. The self-test shall include
power-on/reset self-test, periodic self-test and self-test after receiving instructions, test
of the software and hardware status of the cryptography components, algorithms,
random numbers, etc. of the time stamp server itself, including algorithm correctness
test, random number generator test, stored key and data integrity test, and key
component correctness test. After the self-test is completed, the self-test results shall be
reported. If the self-test is successful, the time stamp server shall enter the management
status or working status. If the self-test fails, the time stamp server shall report the self-
test results and stop providing cryptography services to the outside.
6.2.3 Cryptographic operation test
6.2.3.1 Asymmetric algorithm test
The time stamp server shall support at least SM2 asymmetric algorithm to sign/verify
data, and the curve parameters shall comply with the provisions of GB/T 32918.5.
Cryptographic operations shall be completed in cryptographic components or modules
that have been certified by commercial cryptographic test, and shall support given keys
and messages to be signed, and test the correctness of their operation results:
a) Use the given key to call the signature algorithm to sign the message to be signed,
the test platform verifies the signature result, and the verification passes;
b) Use the given key to the correct signature result, call the signature verification
algorithm to perform the signature verification operation, and the verification
passes;
c) Use the given key to the wrong signature result, call the signature verification
algorithm to perform the signature verification operation, and the verification
fails.
6.2.3.2 Hash algorithm test
The time stamp server shall support at least SM3 algorithm to perform hash operations
on messages, which shall comply with the provisions of GB/T 32905. The hash
algorithm is called for a given message to calculate the hash value, and the result is
exactly the same as the given hash value.
6.2.4 Key management test
The time stamp server shall have the complete key management function, which
includes key generation, storage, use, update, backup, recover...
Get QUOTATION in 1-minute: Click GM/T 0123-2022
Historical versions: GM/T 0123-2022
Preview True-PDF (Reload/Scroll if blank)
GM/T 0123-2022: Cryptography test specification for time stamp server
GM/T 0123-2022
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.030
CCS L 80
Cryptography test specification for time stamp server
ISSUED ON: NOVEMBER 20, 2022
IMPLEMENTED ON: JUNE 01, 2023
Issued by: State Cryptography Administration
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative references ... 4
3 Terms and definitions ... 5
4 Abbreviations ... 5
5 Test environment requirements ... 6
6 Test contents and test methods ... 6
6.1 Appearance and structure test ... 6
6.2 Function test ... 7
6.2.1 Initialization function test... 7
6.2.2 Device self-test test ... 7
6.2.3 Cryptographic operation test ... 7
6.2.4 Key management test ... 8
6.2.5 Random number test ... 8
6.2.6 Certificate management test ... 8
6.2.7 Time stamp service test ... 9
6.2.8 Trusted time source ... 10
6.3 Management security test ... 11
6.3.1 Configuration management test ... 11
6.3.2 Administrator management test ... 11
6.3.3 Device access control test ... 12
6.3.4 Device log recording test... 12
6.4 Performance test ... 12
6.4.1 Time stamp generation performance ... 12
6.4.2 Time stamp verification performance ... 13
6.5 Device safety test ... 13
6.6 Device environment adaptability test ... 13
6.7 Device reliability test ... 13
7 Requirements for technical documents submitted for test ... 13
8 Qualification judgment conditions ... 13
Cryptography test specification for time stamp server
1 Scope
This document specifies the test contents, test requirements and test methods for time
stamp servers.
This document applies to the cryptography test of time stamp server devices and the
development of such cryptography devices. It can also be used to guide the development
of applications based on such cryptography devices.
2 Normative references
The following referenced documents are indispensable for the application of this
document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
GB/T 9813 (all parts) General specification for computer
GB/T 20518 Information security technology - Public key infrastructure - Digital
certificate format
GB/T 20520-2006 Information security technology - Public key infrastructure - Time
stamp specification
GB/T 32905 Information security techniques - SM3 cryptographic hash algorithm
GB/T 32918 (all parts) Information security technology - Public key cryptographic
algorithm SM2 based on elliptic curves
GB/T 33560 Information security technology - Cryptographic application identifier
criterion specification
GB/T 35275 Information security technology - SM2 cryptographic algorithm
encrypted signature message syntax specification
GB/T 35276 Information security technology - SM2 cryptographic algorithm usage
specification
GM/T 0005 Randomness test specification
GM/T 0033-2014 Interface specifications of time stamp
GM/T 0039 Security test requirements for cryptographic modules
GM/T 0050 Cryptography device management - Specification of device
management technology
GM/T 0062 Random number test requirements for cryptographic modules
GM/Z 4001-2013 Cryptology terminology
3 Terms and definitions
For the purpose of this document, the terms and definitions defined in GM/Z 4001 and
the following apply.
3.1
time stamp
Data obtained by signing time and other data to be signed, used to indicate the time
attribute of the data.
3.2
application entity
The service object of the time stamp server. It can be an individual, an organization or
a system.
3.3
time stamp server
A server that provides accurate and reliable time stamp services based on PKI (Public
Key Infrastructure) technology.
3.4
smart card
An integrated circuit card containing a CPU (central processing unit) and implementing
cryptographic operations and key management.
4 Abbreviations
For the purpose of this document, the following abbreviations apply:
API: Application Programming Interface
HTTP: Hyper Text Transfer Protocol
5) cryptographic components or modules that have been certified by commercial
cryptographic test, such as encryption cards, security chips, etc.
b) The time stamp server shall support the following main components or interfaces:
1) human-computer interaction components;
2) redundant power supply;
3) manual key destruction switch;
4) serial port;
5) timing antenna.
6.2 Function test
6.2.1 Initialization function test
The time stamp server shall have the initialization function to realize the conversion
from the initial status to the ready status of the device.
The initialization operation of the time stamp server mainly includes the initial
configuration of the system, the initialization of the administrator or operator, and the
initial key generation (or recovery) and installation. Only after the initialization
operation is completed can the cryptography service be provided. The time stamp server
that has been initialized can automatically enter the ready status and provide
cryptography services.
6.2.2 Device self-test test
The time stamp server shall have the self-test function. The self-test shall include
power-on/reset self-test, periodic self-test and self-test after receiving instructions, test
of the software and hardware status of the cryptography components, algorithms,
random numbers, etc. of the time stamp server itself, including algorithm correctness
test, random number generator test, stored key and data integrity test, and key
component correctness test. After the self-test is completed, the self-test results shall be
reported. If the self-test is successful, the time stamp server shall enter the management
status or working status. If the self-test fails, the time stamp server shall report the self-
test results and stop providing cryptography services to the outside.
6.2.3 Cryptographic operation test
6.2.3.1 Asymmetric algorithm test
The time stamp server shall support at least SM2 asymmetric algorithm to sign/verify
data, and the curve parameters shall comply with the provisions of GB/T 32918.5.
Cryptographic operations shall be completed in cryptographic components or modules
that have been certified by commercial cryptographic test, and shall support given keys
and messages to be signed, and test the correctness of their operation results:
a) Use the given key to call the signature algorithm to sign the message to be signed,
the test platform verifies the signature result, and the verification passes;
b) Use the given key to the correct signature result, call the signature verification
algorithm to perform the signature verification operation, and the verification
passes;
c) Use the given key to the wrong signature result, call the signature verification
algorithm to perform the signature verification operation, and the verification
fails.
6.2.3.2 Hash algorithm test
The time stamp server shall support at least SM3 algorithm to perform hash operations
on messages, which shall comply with the provisions of GB/T 32905. The hash
algorithm is called for a given message to calculate the hash value, and the result is
exactly the same as the given hash value.
6.2.4 Key management test
The time stamp server shall have the complete key management function, which
includes key generation, storage, use, update, backup, recover...