HOME   Cart(0)   Quotation   About-Us Tax PDFs Standard-List Powered by Google www.ChineseStandard.net Database: 189760 (19 Apr 2025)

GM/T 0051-2016 PDF English


Search result: GM/T 0051-2016
Standard IDContents [version]USDSTEP2[PDF] delivered inName of Chinese StandardStatus
GM/T 0051-2016English170 Add to Cart 0-9 seconds. Auto-delivery. Cryptography device management - Specifications of symmetric key management technology Valid


GM/T 0051-2016: PDF in English (GMT 0051-2016)

GM/T 0051-2016 GM CRYPTOGRAPHY INDUSTRY STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.040 L 80 File No.. 58556-2017 Cryptography device management – Specifications of symmetric key management technology ISSUED ON. DECEMBER 23, 2016 IMPLEMENTED ON. DECEMBER 23, 2016 Issued by. State Cryptography Administration Table of Contents Foreword ... 3  Introduction .. 4  1 Scope .. 5  2 Normative references ... 5  3 Terms and definitions ... 5  4 Abbreviations .. 8  5 Symmetric key management physical security requirements ... 8  5.1 System security requirements ... 8  5.2 Functional security requirements ... 8  6 Symmetric key management system ... 11  6.1 Position in the cryptographic infrastructure technology framework ... 11  6.2 Management scope ... 13  6.3 System technology framework .. 13  6.4 System function structure ... 15  6.5 Function description ... 16  6.6 System design requirements ... 18  7 Symmetric key management application instructions and management interfaces ... 25  7.1 Basic requirements .. 25  7.2 Application instructions ... 26  7.3 Management interface ... 34  Appendix A (Normative) Error code definition .. 37  Appendix B (Normative) Key format configuration file ... 38  Foreword This Standard was drafted in accordance with the rules given in GB/T 1.1-2009. GM/T 0051 “Cryptography device management - Specifications of symmetric key management technology” is one of the cryptography device management standards. This type of standard consists of a basic specification and a series of management application specifications and currently includes. - Basic specifications. GM/T 0050 Cryptography device management - Equipment management technical specifications; - Management application specification. GM/T 0051 Cryptography device management - Specifications of symmetric key management technology; - Management application specification. GM/T 0052 Cryptographic device management - VPN device monitoring management specification; - Management application specification. GM/T 0053 Cryptographic device management - Remote monitoring and compliance verification interface data specification. Any contents of this standard related to the contents of cryptographic algorithms are implemented in accordance with relevant national laws and regulations. This Standard was proposed by and shall be under the jurisdiction of Cryptography Industry Standardization Technical Committee. Main drafting organizations of this Standard. Xingtang Communication Technology Co., Ltd., Wuxi Jiangnan Information Security Engineering Technology Center, Chengdu Weishitong Information Industry Co., Ltd., Shandong De’an Computer Technology Co., Ltd., Shanghai Koal Software Co., Ltd., Beijing Haitai Fangyuan Technology Limited company. Main drafters of this Standard. Wang Nina, Li Yufeng, Xu Qiang, Li Yuanzheng, Kong Yufan, Tan Wuzheng, Liu Zengshou. Cryptography device management – Specifications of symmetric key management technology 1 Scope This standard specifies key and system-related security technical requirements for symmetric key management applications, including symmetric key management security requirements, system architecture and functional requirements, key management security protocols and interface design requirements, management center construction, operation, and management requirements, etc. This standard applies to the development, construction, operation, and management of symmetric key management systems. This standard adopts the security tunnel technology in the “Cryptography device management - Equipment management technical specifications”, it shall use the interfaces in clause 6 and clause 9 of the “Cryptography device management - Equipment management technical specifications”. 2 Normative references The following documents are essential to the application of this document. For the dated documents, only the versions with the dates indicated are applicable to this document; for the undated documents, only the latest version (including all the amendments) are applicable to this standard. GB/T 32915 Information security technology - Binary sequence randomness detection method GM/T 0006 Cryptographic application identifier criterion specification GM/T 0015 Digital certificate format based on SM2 algorithm GM/T 0050-2016 Cryptography device management - Equipment management technical specifications 3 Terms and definitions The following terms and definitions apply to this document. 5.2.2 Key storage and backup Key storage shall ensure confidentiality and integrity and prevent the leakage and replacement of unauthorized keys. Specific storage requirements for different types of keys are as follows. - Plaintext key The plaintext key that needs to be stored for a long time shall be stored in the physical security module of the security cryptographic device. When the physical security module fails, the stored plaintext key immediately expires. - Key component The key components shall be stored in different media during the life cycle and held by different administrators. - Ciphertext key It can be stored in a cryptographic device or it can be stored outside a cryptographic device. If stored outside the cryptographic device, it shall ensure that it is authorized for access. Key backups shall also ensure confidentiality and integrity, the specific requirements are consistent with key storage. 5.2.3 Key distribution and loading Key distribution and loading can be performed manually, loaded directly by a removable storage medium, loaded by a specific key delivery device, or by network distribution. Specific distribution requirements are as follows. - Plaintext key When a plaintext key is passed between two secure cryptographic devices, component delivery, password protection, or other methods shall be used to prevent the key from being compromised, tampered, or replaced. - Key component The key component distribution process shall not reveal any part of the key component to an unauthorized person. - Ciphertext key Ciphertext keys can be distributed and loaded over the network. Ciphertext key distribution shall prevent key tampering or key replacement. 5.2.4 Key usage - A key shall specify an attribute or control vector to prevent the key from being used without authorization; - The key can only be used for the specified application; - The key can only be used for a specified purpose or function; - When the known key is leaked, its use shall be stopped; - When it suspects that the key is compromised, it can stop using it actively. 5.2.5 Key update The key management system shall set key update policies for be-managed systems and the be-managed equipment. When the key exceeds the lifespan, has been exposed, or suspected of insecurity, it shall be able to be replaced in accordance with the corresponding update policy. If the compromised or suspected key is a key encryption key or a root key, all keys or subkeys encrypted by the key shall be replaced. The decryption and re-encryption of application data due to key exchange is not the responsibility of the key management center. Specific requirements are as follows. - A strict update in accordance with the key update policy; - New key cannot irreversibly derive the old key; - It cannot increase the risk of leakage of other keys. 5.2.6 Key archiving When the key expires or is no longer used, it can be archived in accordance with the key management policy. Keys can be archived in the following forms. - It is stored separately in the cryptographic device in the form of at least two separate key components; - Encrypt the archived key using the key encryption key; - Keys that have been archived can only be used to prove the legitimacy of The configuration of other policies includes operations such as key query mode and the import of a general key generator sealing format. When the policy condition is met, the corresponding key management operation will be triggered. 6.5.3 Key generation/storage This standard uses the general key generator and the customized key generator to generate a general format key and a customized format key, respectively. The general key generator generates a random key, and the main control management module seals the generated random key as an atom key in accordance with the requirements of the be-managed equipment key format configuration file. The customized key generator generates a dedicated atom key having a transformation requirement or a complicated format. A key based on a complex random number transformation can only be generated by a customized key generator. The key generation is triggered by the key generation policy. The genera... ......
 
Source: Above contents are excerpted from the PDF -- translated/reviewed by: www.chinesestandard.net / Wayne Zheng et al.

Similar standards: GB/T 15843.1   GA/T 1389   GM/T 0055   

PDF Preview: GM/T 0051-2016