Home Cart Quotation About-Us
www.ChineseStandard.net
SEARCH

GB/T 38541-2020 English PDF

Q: How long will the true-PDF of English version of GB/T 38541-2020 be delivered?

Upon your order, we will start to translate GB/T 38541-2020_English as soon as possible, and keep you informed of the progress. The lead time is typically 2 ~ 4 working days. The lengthier the document the longer the lead time.

Q: Can I share the purchased PDF of GB/T 38541-2020_English with my colleagues?

Yes. The purchased PDF of GB/T 38541-2020_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.

Q: Does the price include tax/VAT?

Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries). Avoidance of Double Taxation Agreements (DTAs) between Singapore and 100+ Countries: https://www.iras.gov.sg/taxes/international-tax

Q: Do you accept my currency other than USD?

Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.

US$339.00 · In stock
Delivery: <= 4 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 38541-2020: Information security technology - Guidance of cryptographic application for electronic records
Status: Valid

Standard ID	USD	BUY PDF	Lead-Days	Standard Title (Description)	Status
GB/T 38541-2020	339	Add to Cart	4 days	Information security technology - Guidance of cryptographic application for electronic records	Valid

Similar standards

GB/T 38561 GB/T 38626 GB/T 38558 GB/T 38542

Basic data

Standard ID: GB/T 38541-2020 (GB/T38541-2020)
Description (Translated English): Information security technology - Guidance of cryptographic application for electronic records
Sector / Industry: National Standard (Recommended)
Classification of Chinese Standard: L80
Classification of International Standard: 35.040
Word Count Estimation: 18,184
Date of Issue: 2020-03-06
Date of Implementation: 2020-10-01
Issuing agency(ies): State Administration for Market Regulation, China National Standardization Administration

GB/T 38541-2020: Information security technology - Guidance of cryptographic application for electronic records

---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Information security technology - Guidance of cryptographic application for electronic records ICS 35.040 L80 National Standards of People's Republic of China Information Security Technology Electronic File Password Application Guide 2020-03-06 released 2020-10-01 implementation State Administration for Market Regulation Issued by the National Standardization Management Committee

Preface Ⅲ 1 Scope 1 2 Normative references 1 3 Terms and definitions 1 4 Abbreviations 2 5 Overview 2 5.1 Cryptographic Application Technology Framework 2 5.2 Safety goal 2 5.3 Application System 3 5.4 User 3 5.5 Electronic file 3 5.6 Cryptographic Algorithms and Cryptographic Services 3 6 Password operation method of electronic files 4 6.1 Basic Principle 4 6.2 Confidentiality 4 6.3 Completeness 5 6.4 Authenticity 6 6.5 Non-repudiation 6 7 Password application method of application system 7 7.1 Basic principles 7 7.2 Identification 7 7.3 Access control 7 7.4 Storage Security 7 7.5 Exchange Security 7 7.6 Audit Trail 9 8 Electronic file password application reference 9 Appendix A (informative appendix) Example of the application of passwords for the electronic document formation and processing system 10

Foreword

This standard was drafted in accordance with the rules given in GB/T 1.1-2009. Please note that certain contents of this document may involve patents. The issuing agency of this document is not responsible for identifying these patents. This standard was proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260). Drafting organizations of this standard. Zhongan Wangmai (Beijing) Technology Co., Ltd., Beijing Electronic Technology Institute, Beijing Guomai Xinan Technology Co., Ltd. Company, Commercial Cryptographic Testing Center of National Cryptography Administration, Beijing Haitai Fangyuan Technology Co., Ltd., Beijing Shusheng Electronic Technology Co., Ltd., China Software and Technology Services Co., Ltd. The main drafters of this standard. Tong Xinhai, Wu Keke, Feng Yan, Liu Xin, Xie Sijiang, Wang Jianing, Wang Tianshun, Yuan Feng, Lu Chunmei, Jiang Hongyu, Hao Lichen, Zheng Zhimei, Li Qiang. Information Security Technology Electronic File Password Application Guide

1 Scope

This standard proposes the technical framework and security goals for the cryptographic application of electronic files, and describes the methods for cryptographic operations on electronic files And electronic file application systems using cryptographic technology. This standard applies to the development and use of electronic document application systems.

2 Normative references

The following documents are indispensable for the application of this document. For dated reference documents, only the dated version applies to this article Pieces. For undated references, the latest version (including all amendments) applies to this document. GB/T 20518 Information Security Technology Public Key Infrastructure Digital Certificate Format GB/T 25069-2010 Information Security Technical Terms GB/T 31913-2015 General functional requirements for the formation and processing system of electronic documents GB/T 32905 Information Security Technology SM3 Cipher Hash Algorithm GB/T 32907 Information Security Technology SM4 Block Cipher Algorithm GB/T 32918 (all parts) Information security technology SM2 elliptic curve public key cryptographic algorithm GB/T 35275 Information Security Technology SM2 Cryptographic Algorithm Encrypted Signature Message Syntax Specification GM/T 0019 General Cryptographic Service Interface Specification GM/T 0031 Technical Specification for the Application of Secure Electronic Signature and Password GM/T 0033 Time Stamp Interface Specification GM/T 0054 Information system password application basic requirements GM/T 0055-2018 Technical Specification for Electronic File Encryption Application

3 Terms and definitions

GB/T 31913-2015, GB/T 25069-2010, GM/T 0055-2018 defined and the following terms and definitions apply to This document. For ease of use, some terms and definitions in GM/T 0055-2018 are listed repeatedly below. 3.1 Electronic document Formed in digital equipment and the environment, stored in digital form on tapes, disks, CDs, smart cryptographic keys and other carriers, relying on computers Text, graphics, audio, video and other different forms of documents that can be read and processed by digital devices and can be transmitted on the communication network are determined by the content of the documents. And file attributes. Note. Rewrite GB/T 31913-2015, definition 3.1. 3.2 Electronic Documents Electronic documents reflecting various management activities such as party affairs, government affairs, production and operation management. 3.3 label A segment of digital entity bound to an electronic file, used to identify the attributes and status of the file, and define the operation object, operation behavior and Access authority, record the operator's operation behavior in the file processing link, ensure that the file is created, modified, authorized, read, signed, stamped, and typed. The operation of printing, adding watermark, circulation, archiving, and destruction is always in a safe and controllable state, providing traceability and auditing for application systems. in accordance with. [GM/T 0055-2018, definition 3.3] 3.4 operating system Taking electronic files as the processing object, creating, modifying, authorizing, reading, signing, stamping, printing, adding watermarks, circulation, System for archiving and destruction operations. 3.5 Digital envelope A data structure that contains a ciphertext encrypted with a symmetric key and the symmetric key encrypted with a public key.

4 Abbreviations

The following abbreviations apply to this document.

5 overview

5.1 Cryptographic Application Technology Framework The technical framework of the cryptographic application of electronic files is shown in Figure 1. All cryptographic algorithms and cryptographic protocols involved in this standard should follow cryptographic-related national standards and industry standards. Figure 1 Technical framework of electronic file password application 5.2 Safety goals The security goals of electronic file management include confidentiality, integrity, authenticity and non-repudiation. In order to achieve the security goals of electronic file management, cryptographic technology should be used to ensure the security of the entire life cycle of electronic files. Guaranteed electricity The formation process of the sub-file is true and reliable, to ensure that the electronic file has not been tampered with during the process of transmission (exchange), reception and storage, and to ensure that the electronic file Documents are not leaked to unauthorized visitors, ensuring that the operator of the electronic document cannot deny its operation and processing results. The security of electronic files is guaranteed by the security of file content and the security of file attributes. 5.3 Application system Following GB/T 31913-2015, in the full life cycle of electronic documents, three types of systems are generally experienced, namely business systems, electronic documents Document management system and long-term storage system for electronic files. The business system is also called the electronic document formation and processing system, which mainly provides the information involved in the process from formation to handling of electronic documents. Business functions, and provide data interfaces to connect with other systems. The electronic document management system is responsible for capturing electronic documents from the business system, maintaining It protects the various associations between documents, documents and businesses, supports inquiry and utilization, and handles them in an orderly, systematic and auditable manner. The electronic file long-term preservation system maintains and provides use of electronic files in a correct and long-term effective way. 5.4 Users The user is the operator of the application system, including the business operator of the electronic file and the system manager of the application system. Business operators refer to the creation of electronic files in the business system, electronic file management system, and electronic file long-term storage system. Personnel who create, modify, authorize, read, sign for approval, stamp, print, transfer, archive, and destroy. System administrators refer to the personnel who manage and maintain the application system, including system administrators, audit administrators and confidentiality administrators. 5.5 Electronic documents Electronic files are the operating objects of the application system. The file content can contain one or more files. File attributes include identification attributes, metadata attributes, security attributes, batch attributes, seal attributes, watermark attributes, permission attributes, and log attributes. Sex and extended attributes. The identification attribute is the unique identification of the file. The identification is determined when the electronic file is created and is used throughout the life of the electronic file. It remains unchanged during the period; metadata attributes describe the background, content, structure and data of the entire management process of electronic files; security attributes describe and Data related to the attributes and status of electronic file password operations, including encryption and signature of file content and related file attributes. The algorithm identification of the algorithm used, the digital certificate information, the signature result, etc.; the signature attribute defines the signature and verification of the file The batch behavior performs the operation of signing, including the information of the person who signed the batch, the time of the batch, the content of the batch, etc.; the seal attribute defines the file Chapter and verification operations, including the information of the person who signed the seal, signing time, electronic signature, etc.; the watermark attribute defines the operation of embedding/extracting the watermark on the file It includes watermark setting person, watermark setting time, watermark content, watermark location, etc.; permission attributes define the reading, writing, printing, and encryption of files Operation permissions such as code operations; log attributes define the log information during file operations; extended attributes are attributes customized by the application system The application system defines its structure and the meaning of each element according to actual application needs. File attributes can be organized as tags in accordance with GM/T 0055-2018.There is a unique binding relationship between electronic files and tags. Linked storage can also be externally linked. File attributes can also be organized by the application system in a self-maintaining manner. The application system can customize the fields contained in the attributes according to the meaning of the attributes. And directly perform password operations on file attributes to ensure the security of file attributes and maintain its association with electronic files. 5.6 Cryptographic Algorithms and Cryptographic Services 5.6.1 Cryptographic Algorithm The cryptographic operations of electronic files should use symmetric algorithms, asymmetric algorithms, and hash algorithms, and GB/T 32918, GB/T 32905, GB/T 32907 or other cryptographic algorithms approved by the national cryptographic management department. Symmetric algorithms are used to encrypt and decrypt file content and file attributes. Asymmetric algorithms are used to encrypt and decrypt symmetric keys, and perform digital Signature and signature verification. The hash algorithm is used for integrity calculation and verification. The symmetric algorithm can use multiple modes such as CBC, OFB, CFB, CTR, etc. formula. When using OFB and CFB modes, the application system should set the number of feedback bits. The call to the cryptographic algorithm is completed through the identification of the cryptographic algorithm. 5.6.2 General Password Service General cryptographic services include digital certificate services, encryption/decryption services, signature/verification services, hash computing services, etc. Universal password service Services are provided by cryptographic infrastructure such as certificate authentication systems, cryptographic equipment/components, etc., and are implemented by calling related service interfaces. Provide password service The certification system and cryptographic equipment/components of the company should follow relevant national standards and industry standards, and be certified by the national cryptographic management department. The password service interface should follow GM/T 0019.The digital certificate format should follow GB/T 20518.The signature syntax should follow GB/T 35275. 5.6.3 Typical Password Service Typical cryptographic services include identity authentication services, electronic seal services, and time stamp services. The identity authentication service is used to realize user identity authentication based on digital certificates. The electronic seal service is used to stamp, verify and read the seal of electronic documents. The electronic seal service interface should follow GM/T 0031. The time stamp service is used to provide time information for digital signatures and electronic seals. The time stamp service interface should follow GM/T 0033. 5.6.4 Key The keys involved in electronic files are divided into symmetric keys and asymmetric keys according to their types, and are divided into user keys and system keys according to their use. The symmetric key is generated by the general cryptographic service and used to encrypt electronic files; the asymmetric key includes a signature key pair and an encryption key pair, which can be Derived from the certificate authentication system, the signature key pair is used for the signature and verification of electronic files in the transmission, exchange and storage process, and the encryption key pair Used for symmetric key encryption and decryption. User keys include user signature public and private key pairs and user encryption public and private key pairs. All users in the system should be equipped with corresponding signature certificates and Encryption certificate; the system key includes a system signature key pair and a system encryption key pair. All electronic file application systems should be equipped with corresponding signature certificates and encryption certificates.

6 Password operation method of electronic file

6.1 Basic principles In the application system, encryption technology can be used to protect the confidentiality, integrity, authenticity and non-repudiation of electronic files. In reality In the process of international use, the security goals of electronic files can be determined according to the importance and application scenarios of electronic files. Guarantee documents when needed Confidentiality and integrity of the electronic file should be protected first, and then the confidentiality of the electronic file should be protected. 6.2 Confidentiality 6.2.1 Confidentiality of document content The digital envelope method can be used to encrypt the content of the file to ensure the confidentiality of the file content. When the file attributes are organized by label, the application system should follow GM/T 0055-2018 and call the electronic file password service center The file performs encryption and decryption operations on the specified file content. When the file attributes are maintained by the application system, the application system can directly encrypt and decrypt the specified file content. The symmetric key of the encryption operation should be randomly generated, and one document should be encrypted, and the application system cannot obtain the clear symmetric key. The file content encryption operation method is as follows. a) Obtain the symmetric algorithm and asymmetric algorithm identification; b) Call the general cryptographic service to generate a symmetric key; c) Call the symmetric encryption service to use the symmetric key to encrypt the file content; d) Invoke the asymmetric encryption service to encrypt the symmetric key with the public key of the electronic file recipient or the application system; e) Encapsulate the encrypted symmetric key and the file content encrypted by the symmetric key in a digital envelope format to form the encrypted file content; If there are multiple recipients of the electronic file, each recipient's encryption public key is used to encrypt the symmetric key, and all recipients' Encrypted symmetric key, the content of the file encrypted by the symmetric key is encapsulated in the head of the digital envelope; f) Store the algorithm identification, algorithm mode, and number of feedback bits in the security attribute. The operation method of file content decryption is as follows. a) Obtain the symmetric algorithm and asymmetric algorithm identification of encrypted electronic files from the security attributes; b) Call the asymmetric decryption service according to the asymmetric algorithm identification, and use the encrypted private key to decrypt the encrypted symmetric key to obtain the symmetric key; c) Call the symmetric decryption service according to the symmetric algorithm identification, and use the symmetric key to decrypt the file content. 6.2.2 Confidentiality of document attributes According to the needs, the digital envelope can be used to determine the metadata attributes, seal attributes, watermark attributes, and permissions attributes in the file attributes. The sex information is encrypted to ensure the confidentiality of the corresponding attribute information. When file attributes are organized by label, the confidentiality protection of the corresponding attributes should be followed in GM/T 0055-2018. When the file attributes are maintained by the application system, the application system can use the encapsulated digital envelope method to control metadata attributes, seal attributes, etc. The attribute information that needs to be protected is encrypted and decrypted. The specific encryption and decryption method is the same as 6.2.1. 6.3 Completeness 6.3.1 Integrity of file content The file content can be signed to ensure the integrity of the file content. When the file attributes are organized by label, the application system should follow GM/T 0055-2018 and call the electronic file password service center The file performs signature operations and verification operations on the specified file content. When the file attributes are maintained by the application system, the file content can be signed to ensure the integrity of the file content. The process of adding a signature is as follows. a) Obtain the signature algorithm and hash algorithm identification; b) Call the hash algorithm service to calculate the summary of the content of the file in plain text; c) Use the signature private key of the business operator or application system to digitally sign the digest value; ......

Image

Tips & Frequently Asked Questions:

Question 1: How long will the true-PDF of GB/T 38541-2020_English be delivered?

Answer: Upon your order, we will start to translate GB/T 38541-2020_English as soon as possible, and keep you informed of the progress. The lead time is typically 2 ~ 4 working days. The lengthier the document the longer the lead time.

Question 2: Can I share the purchased PDF of GB/T 38541-2020_English with my colleagues?

Answer: Yes. The purchased PDF of GB/T 38541-2020_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?

Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?

Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.