GM/T 0071-2019 PDF in English
GM/T 0071-2019 (GM/T0071-2019, GMT 0071-2019, GMT0071-2019)
Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Name of Chinese Standard | Status |
GM/T 0071-2019 | English | 230 |
Add to Cart
|
0-9 seconds. Auto-delivery.
|
Guidance of cryptographic application for electronic records
| Valid |
Standards related to (historical): GM/T 0071-2019
PDF Preview
GM/T 0071-2019: PDF in English (GMT 0071-2019) GM/T 0071-2019
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Guidance of cryptographic application for electronic
records
ISSUED ON: JULY 12, 2019
IMPLEMENTED ON: JULY 12, 2019
Issued by: State Cryptography Administration
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative references ... 4
3 Terms and definitions ... 5
4 Abbreviations ... 6
5 Overview ... 6
6 Cryptographic operation method for electronic records ... 10
7 Cryptographic application method for application system ... 16
8 Reference of cryptographic application for electronic records ... 21
Appendix A (Informative) Example of cryptographic application for
administrative electronic records creation and transaction system ... 22
Guidance of cryptographic application for electronic
records
1 Scope
This Standard proposes the technical framework and security goals of the
cryptographic application for electronic records, and describes the method of
performing cryptographic operations for electronic records and the method of
using cryptographic technique in the application system of electronic records.
This Standard applies to the development and use of application system of
electronic records.
2 Normative references
The following documents are indispensable for the application of this document.
For dated references, only the dated version applies to this document. For
undated references, the latest edition (including all amendments) applies to this
document.
GB/T 20518, Information security technology - Public key infrastructure -
Digital certificate format
GB/T 25069-2010, Information security technology glossary
GB/T 31913-2015, General functional requirements for administrative
electronic records creation and transaction system
GB/T 32905, Information security techniques - SM3 cryptographic hash
algorithm
GB/T 32907, Information security technology - SM4 block cipher algorithm
GB/T 32918, Information security technology - Public key cryptographic
algorithm SM2 based on elliptic curves
GB/T 35275, Information security technology - SM2 cryptographic algorithm
encrypted signature message syntax specification
GM/T 0019, Universal cryptography service interface specification
GM/T 0031, Secure electronic seal cryptography technical specification
GM/T 0033, Interface specifications of time stamp
In order to achieve the security goal of electronic record management,
cryptographic technology shall be used to ensure the security of the entire life
cycle of electronic records. That is, ensure that the formation process of
electronic records is true and reliable; ensure that electronic records are not
tampered during transmission (exchange), reception and storage; ensure that
electronic records are not leaked to unauthorized visitors; ensure that operators
of electronic records cannot deny their operating behaviors and processing
results.
The security of electronic records is guaranteed by the security of record
content and the security of record attributes.
5.3 Application system
Follow GB/T 31913-2015; in the whole life cycle of electronic records, three
types of systems are generally experienced, namely business system,
electronic records management system, and electronic records long-term
preservation system.
The business system is also called the electronic records creation and
transaction system, which mainly provides business functions that are involved
in the process from creation to transaction for electronic records, and provides
the data interface that is connected to other systems. The electronic records
management system is responsible for capturing electronic records from the
business system, maintaining various associations between records, record
and business, supporting inquiry and utilization, and disposing them in an
orderly, systematic, and auditable manner. The electronic records long-term
preservation system maintains and provides use of electronic records in a
correct and long-term effective way.
5.4 Data user
The user is the operator of the application system, including the business
operator of the electronic records and the system manager of the application
system.
Business operators refer to the personnel who performs specific operations
such as creation, modification, authorization, reading, signing, stamping,
printing, circulation, archiving and destruction of electronic records in the
business system, electronic records management system and electronic
records long-term preservation system.
System managers refer to the personnel who manages and maintains the
application system, including system manager, audit manager and
confidentiality manager.
5.5 Electronic records
The cryptographic operation of electronic records requires the use of symmetric,
asymmetric, and hash algorithms. According to the scenario, use GB/T 32918,
GB/T 32905, GB/T 32907, or a cryptographic algorithm that is recognized by
the national cryptographic management authority.
The symmetric algorithm is used to encrypt and decrypt record content and
record attributes. The asymmetric algorithm is used to encrypt and decrypt
symmetric keys, and perform digital signatures and signature verification. The
hash algorithm is used for integrity calculation and verification. The symmetric
algorithm can adopt multiple modes such as CBC, OFB, CFB, CTR. When
using OFB and CFB modes, the application system shall set the number of
feedback bits.
The call to the cryptographic algorithm is completed through the identifier of the
cryptographic algorithm.
5.6.2 Universal cryptography service
Universal cryptography services include digital certificate service,
encryption/decryption services, signature/verification services, hash computing
service. Universal cryptography services are provided by cryptographic
infrastructure such as certificate authentication systems, cryptographic
devices/components, and are implemented by calling related service interfaces.
Certificate authentication systems and cryptographic devices/components that
provide cryptographic services shall comply with relevant national standards
and industry standards, and be certified and approved by the national
cryptographic management authority. The cryptographic service interface shall
follow GM/T 0019. The digital certificate format shall follow GB/T 20518. The
signature syntax shall follow GB/T 35275.
5.6.3 Typical cryptography service
Typical cryptography service includes authentication service, digital stamp
service, time stamp service:
-- The authentication service is used to realize user authentication that is
based on digital certificates;
-- The digital stamp service is used to stamp, verify and read the stamp of
electronic records. The digital stamp service interface shall follow GM/T
0031;
-- The time stamp service is used to provide time information for digital
signatures and digital stamps. The time stamp service interface shall
follow GM/T 0033.
5.6.4 Key
When the record attributes are maintained by the application system, the
application system shall directly perform encryption and decryption of the
specified record content. The symmetric key for encryption shall be randomly
generated; one cypher for one record shall be ensured; and the application
system cannot obtain a clear symmetric key.
The record content encryption method is as follows:
a) Obtain the symmetric algorithm and asymmetric algorithm identifiers;
b) Call the universal cryptography service to generate a symmetric key;
c) Call the symmetric encryption service and use the symmetric key to
encrypt the record content;
d) Call the asymmetric encryption service and use the public key for
encryption of the electronic record receiver or the application system to
encrypt the symmetric key;
e) Package the encrypted symmetric key and the record content that is
encrypted by the symmetric key in a digital envelope format, to form the
encrypted record content; if there are multiple receivers of the electronic
records, respectively use public key for encryption of each receiver to
encrypt the symmetric key, and package the encrypted symmetric key of
all receivers and the record content that is encrypted by the symmetric key
in the header of the digital envelope;
f) Store the algorithm identifier, algorithm mode, and number of feedback bits
in the security attribute.
The record content decryption method is as follows:
a) Obtain the symmetric algorithm and asymmetric algorithm identifiers of
encrypted electronic records from the security attribute;
b) Call the asymmetric decryption service according to the asymmetric
algorithm identifier; use the private key for decryption to decrypt the
encrypted symmetric key, to obtain the symmetric key;
c) Call the symmetric decryption service according to the symmetric
algorithm identifier; use the symmetric key to decrypt the record content.
6.2.2 Confidentiality of record attribute
According to the needs, use digital envelope to encrypt the metadata attribute,
seal attribute, watermark attribute, permission attribute and other attribute
c) Call the signature verification service according to the signature algorithm
identifier; use the public key for signature and digest value to verify the
signature value of the record content.
6.3.2 Integrity of record attribute
When the record attributes are organized by labels, follow GM/T 0055-2018;
use the method of signing labels to ensure the integrity of the record attributes.
When the record attributes are maintained by the application system, perform
signature of the record attributes to ensure the integrity of the record attributes
(excluding log attributes). The application system can ensure the integrity of the
log attributes of a single record by protecting the integrity of the application
system log.
When record attributes (excluding log attributes) are formed or updated, the
signature process is as follows:
a) Obtain the signature algorithm and hash algorithm identifier;
b) Call the hash algorithm service to calculate the digest for other attributes
except security attributes;
c) Call the hash algorithm service to calculate the digest for the content in
the security attribute except the self-signed information;
d) Assemble all calculated digests according to established rules;
e) Call the hash algorithm service to recalculate the digest of the assembled
data;
f) Call the signature algorithm service and use the private key for signature
of the business operator or the application system to digitally sign the
digest value;
g) Fill the signature value, algorithm identifier and signature certificate in
order into the self-signed information of the security attribute.
The integrity of the record attributes (excluding log attributes) can be verified by
verifying the signature. The signature verification method is as follows:
a) Obtain the hash algorithm identifier, signature algorithm identifier,
signature certificate information and signature value of the record attribute
signature from the security attribute;
b) According to the hash algorithm identifier, call the hash algorithm service
to calculate the digest for other attributes except security attributes;
The authenticity of the record attributes is guaranteed by the digital signature
of the record attributes. The signature and verification operations are the same
as 6.3.2.
6.5 Non-repudiation
The non-repudiation of the operation behavior and operation result of the
electronic records by the business operator can be guaranteed by the digital
signature in the signature attribute, seal attribute and watermark attribute, as
well as by the business operator log.
The digital signature and verification process in the signature attribute, seal
attribute and watermark attribute are the same as 6.4.1.
When a business operator operates on a record, a business operator log must
be formed and digitally signed. The process is as follows:
a) Obtain the signature algorithm and hash algorithm identifier;
b) Call the hash algorithm service to calculate the digest of the log record
that is formed by this operation. The content of the operation includes the
record identifier number, the operator, the operation time, the operation
location, the operation content, and the operation result;
c) Call the signature algorithm service to use the private key for signature of
the business operator to digitally sign the digest value;
d) Fill the algorithm identifier and the signature value into this log record;
e) Submit the log record to the application system server for storage.
Process the log signature verification as follows:
a) Obtain the hash algorithm identifier, signature algorithm identifier and
signature value of the log signature from the log;
b) Call the hash algorithm service to calculate the digest of the log record
according to the hash algorithm identifier. The content of the operation
includes the record identifier number, the operator, the operation time, the
operation location, the operation content, and the operation result;
c) Obtain the business operator's signature certificate according to the
business operator's information;
d) Call the signature verification service according to the signature algorithm
identifier; Use the business operator's public key for signature and digest
value to verify the log signature value.
7.4 Storage security
When electronic records are stored in the application system, their
confidentiality, integrity and authenticity are guaranteed as required. For
confidentiality protection, use the public key for encryption of the business
operator or the application system to package the digital envelope to protect
the electronic records; for integrity and authenticity protection, use the private
key for signature of the business operator or the application system to digitally
sign the electronic records. The specific cryptographic operation is the same as
6.2, 6.3 and 6.4.
7.5 Exchange security
7.5.1 Exchange classification
According to the different identities of the two parties of electronic record
exchange, it can be divided into internal exchange of business system,
exchange between business systems, exchange between business system and
electronic record management system, AND exchange between electronic
records management system and electronic records long-term preservation
system. Cryptographic technique shall be used to ensure the exchange security,
and to ensure the authenticity and integrity of electronic records during the
exchange process; for important electronic records, the confidentiality shall also
be guaranteed.
7.5.2 Internal exchange of business system
The internal exchange of the business system refers to the exchange of
electronic records between business operators in the business system. When
sending, the record sender uses his or the system's private key for signature
and the record receiver's public key for encryption to sign and encrypt the
electronic records; when receiving, the record receiver uses the corresponding
private key for encryption and public key for signature to decrypt and verify the
electronic records, and store the parsed electronic record in the local system.
The specific cryptographic operation is the same as 6.2, 6.3 and 6.4.
7.5.3 Exchange between business systems
When electronic records are exchanged between business systems, record
content and identifier attributes, metadata attributes, security attributes,
signature attributes, seal attributes, digital watermark attributes can be retained,
and log attributes and permission attributes can be retained as needed.
When sending, the record sending system uses its own system’s private key
for signature and the record receiving system’s public key for encryption to sign
and encrypt the electronic records; when receiving, the record receiving system
uses the corresponding private key for encryption and public key for signature
i) Send the business system signature certificate, signature value, and
encrypted record package to the electronic records management system
together.
The operation for the electronic records management system to receive the
electronic record cypher is as follows:
a) Use the public key for signature of the business system to verify the
signature value of the record package;
b) Use the private key for decryption of the electronic records management
system to decrypt the record package;
c) Unpack the record package to obtain electronic records;
d) Store the parsed electronic records in the local system. The specific
cryptographic operation is the same as 6.2, 6.3 and 6.4.
7.5.5 Exchange between electronic records management system and
electronic records long-term preservation system
When electronic records are exchanged between the electronic records
management system and the electronic records long-term preservation system,
retain the electronic records content and the identifier attributes, metadata
attributes; remove the security attributes, permission attributes and log
attributes; retain the signature attributes, seal attributes, and digital watermark
attributes as required.
During exchange, remove all security protection mechanisms; follow the
principle of one-time exchange of multiple records as a whole. Under the
premise of ensuring the correlation between the record content and the record
attribute, assemble multiple records according to predetermined rules to form a
record package; protect the confidentiality, integrity, authenticity of the entire
record package; only protect the authenticity and integrity of a single electronic
record.
The operation for the electronic records management system to send the
electronic record cypher is as follows:
a) Remove all security protection mechanisms for the to-be-exchanged
records; package them into a record package;
b) Call the universal cryptography service to generate a symmetric key;
c) Call the symmetric encryption service and use the symmetric key to
encrypt the packaged record package;
A.1.2 Electronic records creation
Drafting link: the drafter fills in the basic information of the record and writes the
content of the record.
Audit link: the auditor reviews the record content, and records the auditor, audit
date, and audit opinions.
Issue link: the issuer conducts a pre-issue review of the record content, and
records the issuer, issue date, and issue opinions.
A.1.3 Electronic records sending transaction
Review link: the reviewer reviews the electronic records and metadata, and
records the reviewer, review date, and review opinions.
Registration link: record the metadata information of the electronic record.
Printing link: make the electronic records into a format record, and affix a digital
stamp.
Verification and issuance link: record the sending and receiving information of
electronic records; package the entity information and metadata information of
the electronic records; deliver them to the receiver through electronic records
exchange.
Sending completion link: complete the sending process.
A.1.4 Electronic records exchange
Transmit the electronic records from the sender to the receiver.
A.1.5 Electronic records receiving transaction
Signing link: the signer signs for the electronic record, and records the signer
and date.
Registration link: record the metadata information of the record receiving.
Preliminary review: the preliminary reviewer conducts a preliminary review of
the received electronic records, and records the preliminary reviewer,
preliminary review date, and the preliminary review comments.
Circulation link: circulate the electronic record within the scope of the reader,
and record the reader, the reading date and the reading opinions.
Receiving completion link: complete the receiving transaction process.
A.2 Cryptographic application requirements
signature to digitally sign the record content, audit opinions, audit time, etc., and
finally sends the above information to the transaction system.
After the transaction system receives the electronic record, it verifies the digital
signature of the auditor and uses the private key for decryption of the
transaction system to protect the confidentiality of the electronic record.
A.3.3 Issue
The transaction system removes the confidentiality protection of the electronic
record and sends it to the issuer.
The issuer first verifies the digital signature of the drafter and the auditor on the
electronic record, then fills in the issue opinions, and uses the issuer's private
key for signature to digitally sign the record content, issue opinions, issue time,
etc., and finally sends the above information to the transaction system.
After the transaction system receives the electronic record, it verifies the digital
signature of the issuer and uses the private key for decryption of the transaction
system to protect the confidentiality of the electronic record.
A.3.4 Review
The transaction system removes the confidentiality protection of the electronic
record and sends it to the reviewer.
The reviewer first verifies the digital signature of the drafter, auditor and issuer
on the electronic record, then fills in the review opinions, and uses the re
reviewer's private key for signature to digitally sign the record content, review
opinions, review time, etc., and finally sends the above information to the
transaction system.
After the transaction system receives the electronic record, it verifies the digital
signature of the reviewer and uses the private key for decryption of the
transaction system to protect the confidentiality of the electronic record.
A.3.5 Registration
The transaction system removes the confidentiality protection of the electronic
record and sends it to the registrant.
The registrant first verifies the digital signatures of the drafter, auditor, reviewer,
and issuer on the electronic record; then modifies the electronic record’s
reference number, destination unit, number of copies and other metadata
information, and uses the registrant's private key pair for signature to digitally
sign the record content and metadata attributes; finally, sends the above
information to the transaction system together.
...... Source: Above contents are excerpted from the PDF -- translated/reviewed by: www.chinesestandard.net / Wayne Zheng et al.
|