Skip to product information
1 of 12

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GM/T 0130-2023 English PDF (GMT0130-2023)

GM/T 0130-2023 English PDF (GMT0130-2023)

Regular price $440.00 USD
Regular price Sale price $440.00 USD
Sale Sold out
Shipping calculated at checkout.
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GM/T 0130-2023
Historical versions: GM/T 0130-2023
Preview True-PDF (Reload/Scroll if blank)

GM/T 0130-2023: Certificateless and implicit-certificate-based public key mechanisms based on the SM2 algorithms
GM/T 0130-2023
GM
CRIPTOGRAPHIC INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.030
CCS L 80
Certificateless and implicit-certificate-based public key
mechanisms based on the SM2 algorithms
ISSUED ON: DECEMBER 04, 2023
IMPLEMENTED ON: JUNE 01, 2024
Issued by: State Cryptography Administration
Table of Contents
Foreword ... 3
Introduction ... 4
1 Scope ... 5
2 Normative references ... 5
3 Terms and definitions ... 6
4 Symbols and abbreviations ... 7
4.1 Symbols ... 7
4.2 Abbreviations ... 9
5 Mechanism parameters and auxiliary functions ... 10
5.1 Overview ... 10
5.2 Elliptic curve system parameters ... 10
5.3 Auxiliary functions ... 11
5.4 User identification information ... 12
6 Key generation mechanism and process ... 12
6.1 Master key generation mechanism ... 12
6.2 User key pair generation mechanism ... 12
6.3 User key pair generation process ... 13
6.4 User key pair verification mechanism ... 14
6.5 User key pair verification process ... 15
7 Digital signature mechanism ... 16
7.1 Digital signature generation mechanism ... 16
7.2 Verification mechanism of digital signature ... 16
8 Public key encryption mechanism ... 16
8.1 Encryption mechanism ... 16
8.2 Decryption mechanism ... 17
Appendix A (Informative) Mechanism data example ... 18
Appendix B (Informative) Application example of mechanism in implicit certificate
application ... 26
Appendix C (Informative) Application example of the mechanism in the industrial
Internet identity resolution system ... 31
Appendix D (Informative) Deterministic generation method of user key of key
generation center ... 35
References ... 36
Certificateless and implicit-certificate-based public key
mechanisms based on the SM2 algorithms
1 Scope
This document specifies the certificateless and implicit certificate public key
mechanism based on the SM2 algorithm, including key generation and verification
mechanism, digital signature mechanism, public key encryption mechanism.
The digital signature mechanism specified in this document is applicable to digital
signatures and verification in commercial cryptographic applications; the encryption
mechanism is applicable to message encryption and decryption in commercial
cryptographic applications. The mechanism specified in this document is particularly
suitable for application environments with limited bandwidth and computing resources.
2 Normative references
The contents of the following documents constitute the essential terms of this document
through normative references in the text. Among them, for dated references, only the
version corresponding to that date applies to this document; for undated references, the
latest version (including all amendments) applies to this document.
GB/T 32918.1-2016 Information security technology - Public key cryptographic
algorithm SM2 based on elliptic curves - Part 1: General
GB/T 32918.2-2016 Information security technology - Public key cryptographic
algorithm SM2 based on elliptic curves - Part 2: Digital signature algorithm
GB/T 32918.4-2016 Information security technology - Public key cryptographic
algorithm SM2 based on elliptic curves - Part 4: Public key encryption algorithm
GB/T 32918.5-2017 Information security technology - Public key cryptographic
algorithm SM2 based on elliptic curves - Part 5: Parameter definition
GB/T 32905 Information security techniques - SM3 cryptographic hash algorithm
GB/T 32915 Information security technology - Randomness test methods for binary
sequence
UA: Partial public key generated by user A
a, b: Elements in Fq, which define an elliptic curve E on Fq
x‖y: Concatenation of x and y, where x and y can be bit strings or byte strings
xG, yG: The x-axis value and y-axis value of point G
[x]: Top function, the smallest integer not less than x. For example, [7] = 7, [8.3] =
(r, s): Sent signature
(r', s'): Received signature
[k]P: k-times point of the point P on the elliptic curve, that is, [k]P = (P + P + ... +
P)/k, where k is a positive integer
ENC (param, M, PA): Public key encryption algorithm, which uses the elliptic curve
system parameters param and public key PA to encrypt the message M
DEC (param, C, dA): Public key decryption algorithm, which uses the elliptic curve
system parameters param and private key dA to decrypt the ciphertext C
SIGN (param, ZA, M, dA): Digital signature generation algorithm, which uses the
elliptic curve system parameters param, hash value ZA, private key dA to sign the
message M and output (r, s)
VERIFY (param, ZA, PA, M', (r', s')): Digital signature verification algorithm, which
uses the elliptic curve system parameters param, hash value ZA, public key PA to
verify the signature (r', s') of message M' and output the correctness of the signature
4.2 Abbreviations
The following abbreviations apply to this document.
CA: Certificate Authority
COER: Canonical Octet Encoding Rules
GHR: Global Handle Registry
KGC: Key Generation Center
LHS: Local Handle Service
5 Mechanism parameters and auxiliary functions
5.1 Overview
The public key mechanism specified in this document includes key generation and
verification mechanism, digital signature mechanism, public key encryption
mechanism. Among them, the key generation and verification mechanism includes the
generation mechanism of the master key and the generation and verification mechanism
and process of the user key pair. The master key is generated by KGC, including the
system master private key and the system master public key. The user's private key and
declared public key are jointly generated by KGC and the user. The user discloses his
user identity and declared public key; his actual public key is calculated and generated
by the elliptic curve system parameters, the system master public key, the user identity,
the user's declared public key according to the method specified in this document.
The key generation mechanism specified in this document is a mechanism that can be
used to generate the key data required in the implicit certificate application. The key
data includes the CA's key pair, the user's public key recovery data and the private key.
The verification mechanism can be used to verify the correctness of the user's public
key recovery data and private key in the implicit certificate. Implicit certificates are
used to distribute user identities, public key recovery data, etc.
The digital signature mechanism and public key encryption mechanism without
certificates and based on implicit certificates are constructed, based on the standard
basic digital signature algorithm (SIGN and VERIFY) and basic public key encryption
algorithm (ENC and DEC), respectively. This document specifies that the basic digital
signature algorithm and basic public key encryption algorithm are the SM2 elliptic
curve public key cryptography algorithm specified in GB/T 32918.2-2016 and GB/T
32918.4-2016. The digital signature mechanism specified in this document can realize
the digital signature and verification of messages. The public key encryption
mechanism specified in this document can realize the encryption and decryption of
messages. The data examples of the specified mechanism are shown in Appendix A.
The format of the user identifier in the certificateless public key mechanism can refer
to GM/T 0090. The format and encoding method of the implicit certificate and the
correspondence betwe...
View full details