GB/T 19714-2025 English PDFUS$1239.00 · In stock
Delivery: <= 8 days. True-PDF full-copy in English will be manually translated and delivered via email. GB/T 19714-2025: Cybersecurity technology - Public key infrastructure - Certificate management protocol Status: Valid GB/T 19714: Historical versions
Basic dataStandard ID: GB/T 19714-2025 (GB/T19714-2025)Description (Translated English): Cybersecurity technology - Public key infrastructure - Certificate management protocol Sector / Industry: National Standard (Recommended) Classification of Chinese Standard: L80 Classification of International Standard: 35.030 Word Count Estimation: 62,696 Date of Issue: 2025-08-01 Date of Implementation: 2026-02-01 Older Standard (superseded by this standard): GB/T 19714-2005 Issuing agency(ies): State Administration for Market Regulation, Standardization Administration of China GB/T 19714-2025: Cybersecurity technology - Public key infrastructure - Certificate management protocol---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GBT19714-2025 ICS 35.030 CCSL80 National Standard of the People's Republic of China Replaces GB/T 19714-2005 Cybersecurity Technology Public Key Infrastructure Certificate Management Protocol Released on August 1, 2025 Implementation on February 1, 2026 State Administration for Market Regulation The National Standardization Administration issued Table of ContentsPreface III 1 Scope 1 2 Normative references 1 3 Terms and Definitions 1 4 Abbreviations 2 5 General Principles 2 6 Process and Message Structure 3 6.1 Protocol between terminal and RA system 3 6.2 Protocol between RA system and CA system 4 6.3 Agreement between CA system and KM system 6 6.4 Protocol between CA system and database 12 6.5 Protocol between terminal and database 14 Appendix A (Normative) Mandatory Certificate Management Message Structure 22 A.1 Overview 22 A.2 General Rules for Interpreting Message Structures 22 A.3 Algorithm using parameters 22 A.4 Proof of Ownership Message Structure 23 A.5 Initial Registration/Authentication (Basic Authentication Scheme) 23 A.6 Certificate Request 28 A.7 Key Update Request 28 Appendix B (Informative) Optional Certificate Management Message Structure 29 B.1 Overview 29 B.2 General Rules for Structural Interpretation 29 B.3 Algorithm Parameters 29 B.4 PKI Information Request/Response 29 B.5 Initialization using external identity certificates 30 Appendix C (Normative) PKI Message Data Structure 32 C.1 PKI Message Overview 32 C.2 Common Data Structures 36 C.3 Specific Operation Data Structure 41 Appendix D (Informative) Version Negotiation 47 D.1 General Principles 47 D.2 Clients that communicate with the GB/T 19714-2005 server 47 D.3 Server receiving GB/T 19714-2005 version message 47 Appendix E (Informative) Using a “Passphrase” 48 Appendix F (Informative) Certificate Management Protocol ASN.1 Description 49 Reference 57 Preface This document is in accordance with the provisions of GB/T 1.1-2020 "Guidelines for standardization work Part 1.Structure and drafting rules for standardization documents" Drafting. This document replaces GB/T 19714-2005 "Information Technology Security Technology Public Key Infrastructure Certificate Management Protocol". Compared with GB/T 19714-2005, in addition to structural adjustments and editorial changes, the main technical changes are as follows. a) The scope of the standard has been changed (see Chapter 1, Chapter 1 of the.2005 edition); b) Deleted the PKI management overview (see Chapter 5 of the.2005 edition); c) Deleted the content related to proof of possession of encryption key and private key (see 6.3.2 and 7.2.8 of the.2005 edition) and proof of possession of negotiation key and private key. Content (see 6.3.3 of the.2005 edition); d) Deleted the content related to root CA updates (see 6.4 and 8.2 of the.2005 edition); e) Deleted the prerequisites and restrictions related to terminal entity initialization and initial registration/authentication (see Chapter 6 of the.2005 edition); f) Added "Process and Message Structure" to describe the process and message structure of certificate management between PKI components (see Chapter 6); g) Added national standard algorithms and algorithm OIDs supported by the protocol (see Table A.1 in Appendix A); h) Added the description of "transactionID" (see C.1.2.1 of Appendix C); i) Added the setting of the protocol version field value (see C.1.2.1); j) Added the "implicit confirmation" data structure (see C.1.2.2) and the "confirmation waiting time" data structure (see C.1.2.3); k) Added support for the certificate template identifier "certTemplateID" field in the generalInfo extension of PKIHead (see C.1.2.4); l) Added descriptions on “multiple protection” (see C.1.4); m) The encrypted value data structure has been changed to "SM2EnvelopedKey" (see C.2.2, 7.2.2 of the.2005 edition), and the protocol has been added Encrypted data is uniformly changed to use "SM2EnvelopedKey" (see C.3.2, 6.2.2, 7.3.2, Appendix E of the.2005 edition); n) Added content related to certificate confirmation (see C.1.3, C.3.15); o) Added "Polling Request and Response" data structures (see C.3.19); p) Added content related to certificate freeze and certificate thawing requests and responses (see C.1.3, C.3.20, and C.3.21); q) added more information on failure conditions (see C.2.3); r) Added support for applying for multiple certificates using CertReqMessages and for requesting multiple certificates using CertRepMessage There are multiple implementation options for response, clarifying that there are multiple options for implementation (see C.3.1 and C.3.2), clarifying a Common implementation methods (see A.5); s) Deleted the content related to cross-certification (see 7.3.11, 7.3.12, and 8.6 of the.2005 edition); t) Deleted the PKI management functions related to CA initialization and terminal entity initialization (see Chapter 8 of the.2005 edition); u) Deleted the transmission-related content of the CMP protocol (see Chapter 9 and Appendix G of the.2005 edition); v) Deleted "Request Message Behavior Description" (see Appendix D of the.2005 edition) and incorporated its main content into Appendix C (see C.2.8, C.3.1); w) The certificate management protocol OID has been changed (see Appendix F of the.2005 edition). Please note that some of the contents of this document may involve patents. The issuing organization of this document does not assume the responsibility for identifying patents. This document is proposed and coordinated by the National Cybersecurity Standardization Technical Committee (SAC/TC260). This document was drafted by. Beijing Digital Certification Co., Ltd., China Electronics Technology Standardization Institute, Xi'an Xidian Jietong Wireless Network Network Communications Co., Ltd., Boya Zhongke (Beijing) Information Technology Co., Ltd., Changchun Jida Zhengyuan Information Technology Co., Ltd., Shanghai Municipal Digital Certificate Certification Center Co., Ltd., Huawei Technologies Co., Ltd., Wuhan University, the First Research Institute of the Ministry of Public Security, and Asiasoft Information Technology (Shanghai) Co., Ltd., Changyang Technology (Beijing) Co., Ltd., Shenzhen E-Commerce Security Certificate Management Co., Ltd., Shaanxi Provincial Information Engineering Research Institute, Jiangnan Xinan (Beijing) Technology Co., Ltd., Zhengzhou Xindajiean Information Technology Co., Ltd., Tsinghua University, Geer Software Co., Ltd. Co., Ltd., Guangdong Electronic Commerce Certification Co., Ltd., Tongzhi Weiye Software Co., Ltd., Beijing Times Newway Information Technology Co., Ltd. Beijing Zhongguancun Laboratory, Zhejiang Dahua Technology Co., Ltd., and the Cybersecurity Industry Development Center of the Ministry of Industry and Information Technology (MIIT). Information Center of the Ministry of Information Technology), Gongxintong (Beijing) Information Technology Co., Ltd., the Sixth Research Institute of China Electronics Information Industry Group Co., Ltd., State Grid Blockchain Technology (Beijing) Co., Ltd., China Science and Technology Information Security Common Technology National Engineering Research Center Co., Ltd., Digital Security Times Technology Co., Ltd. Co., Ltd., Qi'anxin Wangshen Information Technology (Beijing) Co., Ltd., and China Electronics Technology Group Corporation Network Security Technology Co., Ltd. The main drafters of this document are. Gao Wenhua, Gao Wenju, Li Yanfeng, Li Qin, Wang Bingxin, Ding Zhaowei, Wang Yulin, Zeng Guang, He Debiao, Hu Guangjun, Lin Xueyan, Xia Luning, Xia Bingbing, Li Xiangfeng, Fu Dapeng, Liu Zhong, Wang Yuehui, Zhang Guoqiang, Li Zhiyong, Tian Yucun, Li Liang, Guo Yanfei, Ding Beijing, Deng Chen, Liu Bin, Zhao Jing, Zhang Ziwei, Wei Yicai, Zhao Hua, Shen Zhichun, Zhang Xin, Su Jinyan, Wang Zhihui, Zheng Huitao, Zhao Xiaorong, Xu Jiannan, Wang Tong, Wang Haiyang, Liu Weihua, Jia Keting, Zheng Qiang, Chen Shule, Jiao Zhengkun, Yu Zhengchen, Zhu Weiru, Zhao Boxin, Zhang Jianqing, Chen Zixiong, Wang Jin, Wang Bin, Wang Long, Yang Ke, Gao Zhenpeng, Du Zhiqiang, An Jincheng, and Kou Jianbo. The previous versions of this document and the documents it replaces are as follows. ---First published in.2005 as GB/T 19714-2005; ---This is the first revision. Cybersecurity Technology Public Key Infrastructure Certificate Management Protocol1 ScopeThis document provides the structure and content of the certificate management protocol in the public key infrastructure (PKI), and specifies the requirements for certificate generation and management. The protocol message format. This document is applicable to the research and development of public key infrastructure related products, and is used to guide the design, development and manage.2 Normative referencesThe contents of the following documents constitute the essential clauses of this document through normative references in this document. For referenced documents without a date, only the version corresponding to that date applies to this document; for referenced documents without a date, the latest version (including all amendments) applies to This document. GB/T 19713 Network Security Technology Public Key Infrastructure Online Certificate Status Protocol GB/T 20518-2018 Information Security Technology Public Key Infrastructure Digital Certificate Format GB/T 25056 Information Security Technology Certificate Authentication System Password and Related Security Technical Specifications GB/T 25069-2022 Information Security Technical Terminology GB/T 33560 Information security technology - Cryptographic application identification specification GB/T 35276-2017 Information Security Technology SM2 Cryptographic Algorithm Usage Specification3 Terms and DefinitionsThe terms and definitions defined in GB/T 25069-2022 and the following apply to this document. 3.1 digital signature The receiver of the data unit is used to confirm the source and integrity of the data unit to protect the data and prevent it from being forged. Some data on a data unit, or a cryptographic transformation of a data unit. [Source. GB/T 25069-2022, 3.576, modified] 3.2 hash-algorithm A cryptographic algorithm based on a hash function. 3.3 The terminal is used to securely store certificates and private keys. 3.4 proof of possession; POP The terminal uses this to prove that it owns (i.e. can use) the private key corresponding to the public key for which it applies for the certificate. ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 19714-2025_English be delivered?Answer: Upon your order, we will start to translate GB/T 19714-2025_English as soon as possible, and keep you informed of the progress. The lead time is typically 5 ~ 8 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GB/T 19714-2025_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 19714-2025_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.Question 5: Should I purchase the latest version GB/T 19714-2025?Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GB/T 19714-2025 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically. |
