HOME   Cart(0)   Quotation   About-Us Tax PDFs Standard-List Powered by Google www.ChineseStandard.net Database: 189759 (27 Oct 2024)

GM/T 0043-2015 PDF in English


GM/T 0043-2015 (GM/T0043-2015, GMT 0043-2015, GMT0043-2015)
Standard IDContents [version]USDSTEP2[PDF] delivered inName of Chinese StandardStatus
GM/T 0043-2015English230 Add to Cart 0-9 seconds. Auto-delivery. Test specification for digital certificate interoperability Valid
Standards related to (historical): GM/T 0043-2015
PDF Preview

GM/T 0043-2015: PDF in English (GMT 0043-2015)

GM/T 0043-2015 GM CRYPTOGRAPHY INDUSTRY STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.040 L80 File No.. 49742-2015 Test specification for digital certificate interoperability ISSUED ON. APRIL 1, 2015 IMPLEMENTED ON. APRIL 1, 2015 Issued by. State Cryptography Administration Table of Contents Foreword . 3  1 Scope .. 4  2 Normative references .. 4  3 Terms and definitions .. 4  4 Symbols and abbreviations . 6  5 Submitted-for-test technical documentation requirements .. 6  6 Test content .. 7  6.1 Root test . 7  6.2 Digital certificate and CRL format compliance test .. 9  6.3 Digital signature interoperability test .. 11  7 Test method .. 13  7.1 Root test .. 13  7.2 Digital certificate and CRL format compliance test . 13  7.3 Digital certificate Interoperability test .. 14  8 Qualification determination.. 15  Appendix A (Informative) CA certificate application document ASN.1 structure .. 16  Foreword This Standard was drafted in accordance with the rules given in GB/T 1.1-2009. Attention is drawn to the possibility that some of the elements of this Standard may be the subject of patent rights. The issuing authority shall not be held responsible for identifying any or all such patent rights. This Standard was proposed by and shall be under the jurisdiction of Cryptography Industry Standardization Technical Committee. Main drafting organizations of this Standard. Commercial Cryptography Testing Center of State Cryptography Administration, Zhongjin Financial Certification Center Co., Ltd., Aspire Digital Technology (Shenzhen) Co., Ltd., Beijing Certificate Authority, Changchun Jida Zhengyuan Information Technology Co., Ltd., Shanghai Koal Software Co., Ltd., GFA E-commerce Security Ca Co., Ltd. Main drafters of this Standard. Li Dawei, Zhao Yu, Li Zhiwei, Luo Gansheng, XueYingjun, Deng Kaiyong, Zhou Bi, Tian Minqiu, Li Dong, Xiao Qiulin, Han Yaning, Tan Wuzheng, Li Lixian, Huo Yun, Shang Jin, Zhao Lili, Chang Yuming. Test specification for digital certificate interoperability 1 Scope This standard stipulates test content and test method of digital certificate interoperability based on the requirements of GM/T 0015 and GM/T 0034. This standard applies to the test of digital certificate issued by certificate authentication system. 2 Normative references The following documents are essential for the application of this document. For dated references, only the dated version applies to this document. For undated references, the latest edition (including all amendments) applies to this document. GB/T 16264.8-2005 Information technology - Open systems interconnection - The directory - Part 8. Public-key and attribute certificate frameworks GM/T 0006 Cryptographic application Identifier specification GM/T 0009 SM2 cryptographic algorithm usage specification GM/T 0015 Digital certificate format specification based on SM2 cryptographic algorithm GM/T 0016 Smart key cipher application interface specification GM/T 0034 Certificate authentication system cipher and related security technical specification based on SM2 cryptographic algorithm GM/Z 4001 Cryptography terminologies PKCS #10 (v1.7) Certification Request Syntax Standard 3 Terms and definitions The terms defined in GM/Z 4001 and the following terms and definitions apply to this document. 3.1 6.2.2 Digital certificate extension-item compliance test The extension-item of user certificate which is issued by CA system shall comply with the requirements of GM/T 0015 and GB/T 16264.8 2005, including. a) The key identifier extension-item of issuing authority must exist in user certificate, and the value shall be the same as the value in the user key identifier of issuer certificate; b) The user key identifier extension-item must exist in user certificate, and this value shall be consistent with the calculation result of user public-key in the certificate; c) The key usage extension-item must exist in user certificate. In which, in the key usage of user signature certificate, the two items of digital signature “digitalSignature” and non-repudiation “nonRepudiation” shall be identified and shall only be identified; in the key usage of user encryption certificate, the three items of key encryption “keyEncipherment”, data encryption “dataEncipherment” and key agreement “keyAgreement” shall be identified and shall only be identified; d) If there exists extended key usage extension-item in user certificate, it needs to test and verify that the use of the extended key usage cannot conflict with the definition of the key usage extension; e) If there exists private-key usage-period extension-item in user certificate, the usage-period shall not be greater than the validity-period of certificate; f) If there exists certificate policy extension-item in user certificate, Internet content can be accessed through the URL stored in the extension-item; g) The CRL publishing point extension-item must exist in user certificate. According to URL in the CRL publishing point extension-item, it shall be available to download the corresponding CRL file; the CRL shall conform to X.509 V2 standard and the issuer shall be consistent with the issuer of user certificate; moreover, the signature-value in the CRL shall be able to use the issuer certificate of user certificate for verification; h) If there exists institution information extension-item in user certificate, the issuer certificate of user certificate may be obtained through this extension-item; i) If there exist other optional extension-items in user certificate, its use shall comply with the requirements of GM/T 0015. 6.2.3 CRL format compliance test Both signature certificate and encryption certificate need to have a trust-chain establishing test. 6.3.2 Signature certificate interoperability test When the smart key issued by CA system uses the public-private key-pairs of signature certificate to perform signature verification operation, the called cipher application interface shall meet the requirements of GM/T 0016; the smart key shall complete signature verification interoperability test through calling this interface. These include. a) SM2 key data format shall meet the requirements of GM/T 0009; b) SM2 signature data format shall meet the requirements of GM/T 0009; c) When use SM2 private key to sign input data, the input data is the pre- processed result of the data to be signed through SM2 signature; the signature process shall comply with the requirements of GM/T 0009; d) When use SM2 public key to verify input data, the input data is the pre- processed result of the data to be signed through SM2 signature; the verification process shall comply with the requirements of GM/T 0009. 6.3.3 Encryption certificate interoperability test When the smart key issued by CA system uses the public-private key-pairs of encryption certificate to perform encryption-decryption operation, the called cipher application interface shall meet the requirements of GM/T 0016; the smart key shall complete encryption-decryption interoperability test through calling this interface. These include. a) SM2 key data format shall meet the requirements of GM/T 0009; b) SM2 encrypted data format shall meet the requirements of GM/T 0009; c) The key-pair protection data format shall meet the requirements of GM/T 0009; d) When use SM2 public key to encrypt input data, the encryption process shall comply with the requirements of GM/T 0009; e) When use SM2 private key to decrypt input data, the decryption process shall comply with the requirements of GM/T 0009. According to the CRL address in user certificate, download CRL document, and then perform CRL format compliance test. The test result shall meet the requirements of 6.2.3. 7.3 Digital certificate Interoperability test 7.3.1 Certificate trust-chain establishing test According to the certificate downloading method provided by CA system, download root certificate and second-level CA certificate; read user certificate in the smart key; and then perform certificate trust-chain establishing test. The test result shall meet the requirements of 6.3.1. 7.3.2 Signature certificate Interoperability test By establishing two users, bind user signature certificates ScertA and ScertB, respectively. User A uses the private key corresponding to certificate ScertA to sign a piece of data, and then sends the signed data to user B; user B uses the public key of the certificate ScertA to perform signature verification on the data, and the verification shall be able to succeed. The certificate status and the certificate trust-chain of both communication sides shall be verified and passed during the verification process, and the test results shall meet the requirements of 6.3.2. User B uses the private key corresponding to certificate ScertB to sign a piece of data, and then sends the signed data to user A; user A uses the public key of the certificate ScertB to perform signature verification on the data, and the verification shall be able to succeed. The certificate status and the certificate trust-chain of both communication sides shall be verified and passed during the verification process, and the test results shall meet the requirements of 6.3.2. 7.3.3 Encryption certificate interoperability test By establishing two users A and B, bind user encryption certificates EcertA and EcertB, respectively. User A first generates session key, and uses the key to encrypt a piece of data, and then uses the public key corresponding to the certificate EcertB to encrypt the session key, and finally sends the cipher-text data to user B. After receiving the cipher-text data, user B first uses the private key of certif... ......
 
Source: Above contents are excerpted from the PDF -- translated/reviewed by: www.chinesestandard.net / Wayne Zheng et al.