GM/T 0099-2020 PDF English
US$380.00 · In stock · Download in 9 secondsGM/T 0099-2020: Cryptography application technical specification of open fixed layout documents Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedureStatus: Valid
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivery | Name of Chinese Standard | Status |
| GM/T 0099-2020 | English | 380 |
Add to Cart
|
0-9 seconds. Auto-delivery
|
Cryptography application technical specification of open fixed layout documents
| Valid |
Excerpted PDFs (Download full copy in 9 seconds upon purchase)PDF Preview: GM/T 0099-2020
GM/T 0099-2020: Cryptography application technical specification of open fixed layout documents---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GMT0099-2020
GM
CRYPTOGRAPHIC INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
CCS L 80
Cryptography application technical specification of
open fixed layout documents
ISSUED ON: DECEMBER 28, 2020
IMPLEMENTED ON: JULY 01, 2021
Issued by: National Cryptography Administration
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative references ... 4
3 Terms and definitions ... 5
4 Abbreviations ... 5
5 Cryptography application mechanism ... 6
6 Cryptography application requirements ... 8
7 Cryptography application protocol ... 9
Annex A (normative) Cryptography protection scheme identification and
protection method ... 15
Annex B (informative) OFD signature description extension scheme ... 18
Annex C (informative) OFD encryption description scheme ... 25
Annex D (informative) OFD integrity protection scheme ... 32
Cryptography application technical specification of
open fixed layout documents
1 Scope
This Standard regulates the use of cryptographic technology to sign, encrypt
and protect the integrity of open format documents.
This Standard is applicable to guiding the development, use and testing of
products and systems related to open-format document encryption applications.
2 Normative references
The following referenced documents are indispensable for the application of
this document. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any
amendments) applies.
GB/T 20518, Information security technology - Public key infrastructure -
Digital certificate format
GB/T 20520, Information security technology - Public key infrastructure -
Time stamp specification
GB/T 32905, Information security technology SM3 cryptographic hash
algorithm
GB/T 32907, Information security techno1ogy - SM4 block cipher algorithm
GB/T 32918 (all parts), Information security techniques - Elliptic Curve public
- key cryptography
GB/T 33190-2016, Electronic files storage and exchange formats - Fixed
layout documents
GB/T 35275, Information security technology - SM2 cryptographic algorithm
encrypted signature message syntax specification
GB/T 35276, Information security technology - SM2 cryptography algorithm
usage specification
GB/T 38540-2020, Information security technology - Technical specification
scope, signature scheme, signature value data file path.
During confidentiality protection, according to OFD encryption protocol, local
encryption can be performed on the description file or other key resources
containing key information in OFD. Or encrypt all the files in the package
involved in the OFD document as a whole. The decryption entry file
(Encryptions.xml, which will be added in OFD 2.0) generated by encryption is
stored in the OFD root directory. The decryption entry file is used to describe
the brief information of the encryption operation, the encryption scheme, the
plain and ciphertext mapping table (EntriesMap.xml or entriesmap.dat), and the
key description data (decryptseed.dat) file path.
During integrity protection, the entire ZIP package can be protected according
to OFD integrity protection protocol. The generated integrity description file
(OFDEntries.xml, will be added in OFD 2.0) is saved in the OFD root directory.
Describe the file list, signature scheme, saved signature value in the package
that support the integrity of the file.
The above-mentioned three kinds of cryptographic application related
documents work together to ensure the confidentiality, integrity, authenticity and
non-repudiation of OFD during storage and transmission.
6 Cryptography application requirements
The goal of OFD's cryptographic application is to ensure the confidentiality,
integrity, authenticity and non-repudiation of documents.
When OFD uses a cryptography mechanism for security protection, it shall be
ensured that the operators of each operation are undeniable. The independent
imaging effect of each layer and the superimposed imaging effect are true and
effective. The confidentiality of the content that requires confidentiality
protection shall be guaranteed. The integrity of the OFD file itself shall also be
guaranteed.
Ensure the confidentiality of the page. The key information description file shall
be encrypted. Ensure the authenticity and completeness of the page and page
overlay effect. Ensure that the page operator's undeniable operation behavior.
The operator's signature private key shall be used to digitally sign all description
files on each page. Ensure the integrity of OFD. The list of valid files in the
package shall be constructed according to OFD standards. Use the signature
private key of the OFD file operator to digitally sign the list.
b) When the signature type is digital signature and the signature algorithm
uses SM2, the signature value data shall follow GB/T 35275;
c) When the signature type is digital signature and the signature algorithm is
other, the signature value data shall follow the data value specification
corresponding to the algorithm.
7.2.3 Cryptography algorithm requirements
The requirements of OFD signature to cryptography algorithm are as follows:
a) When the signature algorithm uses SM2, it shall follow GB/T 32918 (all
parts) and GB/T 35276;
b) When the hash algorithm uses SM3, it shall follow GB/T 32905.
7.2.4 Digital certificate requirements
The digital certificate requirements for OFD signature are as follows:
a) The algorithm used in the certificate shall adopt the algorithm approved
by the national password management authority;
b) When using a certificate based on the SM2 algorithm, GB/T 20518 shall
be followed;
c) When using certificates of other algorithms, they shall meet the
requirements of national cryptographic standards and industry standards.
7.2.5 Timestamp requirements
The requirements of OFD signature for timestamp are as follows:
a) The signature value can include a timestamp;
b) When the signature value contains a timestamp, the format and use of the
timestamp shall follow GB/T 20520.
7.2.6 Signature process
The OFD digital signature process requirements are as follows:
a) Confirm the list of documents participating in the signature;
b) According to the signature scheme, call the hash algorithm to calculate
the hash value of each file;
c) See the data structure shown in Annex B to assemble the signature file;
7.3.3 Cryptography algorithm requirements
The algorithm requirements for OFD encryption are as follows:
a) The encryption scheme shall meet the requirements of the national
cryptography management authority;
b) When the encryption algorithm adopts SM2, follow GB/T 32918 (all parts)
and GB/T 35276;
c) When the encryption algorithm adopts SM4, follow GB/T 32907;
d) When the encryption algorithm adopts other algorithms, it shall comply
with the requirements of national encryption standards and industry
standards.
7.3.4 Encryption process
Encrypt files according to the encryption scheme. The process is as follows:
a) Generate a symmetric key for file encryption in the ZIP package;
b) According to the encryption scheme, use the file encryption symmetric key
generated in step a) to call the symmetric cryptographic algorithm to
encrypt the files in the package and write them into the ZIP package;
c) According to the encryption scheme, the plaintext file that has been
generated ciphertext is processed, and part of it is written into the ZIP
package;
d) Assemble the plain-ciphertext mapping table file. Encrypt it according to
the encryption scheme or write it directly into the ZIP package;
e) Assemble the encrypted entry file and write the plain text into the ZIP
package;
f) According to the encryption scheme, perform key packaging or asymmetric
encryption on the file encryption symmetric key to generate a packaging
key for file symmetric encryption;
g) If there are multiple visitors to the electronic file, repeat step e) of 7.3.4;
h) Assemble the key description file and write it into the ZIP package.
7.3.5 Decryption process
Decrypt the file according to the encryption scheme. The process is as follows:
a) Obtain the packaging key for symmetric encryption of the file from the
7.4.4 Digital certificate requirements
The digital certificate requirements for OFD signature are as follows:
a) The algorithm used in the certificate shall adopt the algorithm approved
by the national password management authority;
b) When using a certificate based on the SM2 algorithm, GB/T 20518 shall
be followed;
c) When using certificates based on other algorithms, they shall meet the
requirements of national cryptographic standards and industry standards.
7.4.5 Generation process
The OFD integrity protection signature process is as follows:
a) Confirm all files in the file package;
b) Assemble signature integrity protection documents;
c) According to the signature scheme, calculate the hash value of the
integrity protection file;
d) According to the signature scheme, use the signature private key of the
composer of the format file to digitally sign the hash value;
e) Write the digital signature result to the signature value file.
7.4.6 Verification process
The OFD integrity protection verification signature process is as follows:
a) Read the integrity protection description file;
b) According to the signature scheme, call the hash algorithm to calculate
the hash value of the integrity protection file;
c) Read the signature value file and verify the signature.
symmetric key;
b) Use symmetric algorithm. Use the file encryption symmetric key to encrypt
the original file;
c) Pass the password through the key derivation function to generate the key
for the encrypted file encryption symmetric key. When using the key
derivation function, it shall follow GB/T 32918;
d) Use symmetric algorithm. Use the calculation result in step b) as the
encryption key. Encrypt the file encryption symmetric key. The packaging
key of the generated file symmetric encryption is put into the key
description file.
A.2.2 Decryption scheme
The encryption method is as follows:
a) Pass the password through the key derivation function to generate the key
for decrypting the file encryption symmetric key. When using the key
derivation function, it shall follow GB/T 32918;
b) Use symmetric algorithm. Use the calculation result in step a) as the
decryption key. Decrypt the packaging key of the symmetric encryption of
the file, and generate the symmetric key of the file encryption;
c) Use symmetric algorithm. Use the file encryption symmetric key to decrypt
the file and get the original text.
A.3 Certificate encryption scheme
A.3.1 Encryption scheme
The encryption method is as follows:
a) Call the cryptography service module to generate file encryption
symmetric key;
b) Use symmetric cryptographic algorithm. Use file encryption symmetric key
to encrypt the original file;
c) Use asymmetric cryptographic algorithm. Use the public key of the
electronic file visitor to encrypt the file encryption symmetric key. The
packaging key of the generated file symmetric encryption is put into the
key description file.
A.3.2 Decryption scheme
The decryption method is as follows:
......
Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al.
|