HOME   Cart(0)   Quotation   About-Us Policy PDFs Standard-List
www.ChineseStandard.net Database: 189760 (18 Oct 2025)

GB/T 19713-2025 English PDF

US$839.00 · In stock
Delivery: <= 6 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 19713-2025: Cybersecurity technology - Public key infrastructure - Online certificate status protocol
Status: Valid

GB/T 19713: Evolution and historical versions

Standard IDContents [version]USDSTEP2[PDF] delivered inStandard Title (Description)StatusPDF
GB/T 19713-2025English839 Add to Cart 6 days [Need to translate] Cybersecurity technology - Public key infrastructure - Online certificate status protocol Valid GB/T 19713-2025
GB/T 19713-2005English150 Add to Cart 0--9 seconds. Auto-delivery Information Technology - Security Techniques - Public Key Infrastructure - Online Certificate Status Protocol Valid GB/T 19713-2005

PDF similar to GB/T 19713-2025


Standard similar to GB/T 19713-2025

GB/T 20261   GB/T 20269   GB/T 20270   GB/T 43710   GB/T 37027   

Basic data

Standard ID GB/T 19713-2025 (GB/T19713-2025)
Description (Translated English) Cybersecurity technology - Public key infrastructure - Online certificate status protocol
Sector / Industry National Standard (Recommended)
Classification of Chinese Standard L80
Classification of International Standard 35.030
Word Count Estimation 42,451
Date of Issue 2025-02-28
Date of Implementation 2025-09-01
Issuing agency(ies) State Administration for Market Regulation, China National Standardization Administration

GB/T 19713-2025: Cybersecurity technology - Public key infrastructure - Online certificate status protocol


---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
GB/T 19713-2025 English version. Cybersecurity technology - Public key infrastructure - Online certificate status protocol ICS 35.030 CCSL80 National Standard of the People's Republic of China Replace GB/T 19713-2005 Cybersecurity Technology Public Key Infrastructure Online Certificate Status Protocol Released on 2025-02-28 2025-09-01 Implementation State Administration for Market Regulation The National Standardization Administration issued

Table of Contents

Preface III 1 Scope 1 2 Normative references 1 3 Terms and Definitions 1 4 Abbreviations 1 5 General Principles 2 5.1 Overview 2 5.2 Request 2 5.3 Response 2 5.4 Abnormal situation 3 5.5 Temporal Semantics 4 5.6 Pre-generated response 4 5.7 Entrustment of OCSP Signature Authority 4 5.8 CA key leakage 4 6 Functional Requirements 4 6.1 Certificate Content Requirements 4 6.2 Requirements for receiving signed responses 4 7 Concrete Grammar 5 7.1 Conventions 5 7.2 Request 5 7.3 Response 7 7.4 Extension 11 Appendix A (Normative) ASN.1 Syntax Specification for OCSP Requests and Responses 15 Appendix B (Normative) OCSP Requests and Responses over HTTP 24 Appendix C (Informative) OCSP Request and Response ASN.1 Syntax Message Examples 26 Appendix D (Informative) Safety Considerations 34 Reference 36

Foreword

This document is in accordance with the provisions of GB/T 1.1-2020 "Guidelines for standardization work Part 1.Structure and drafting rules for standardization documents" Drafting. This document replaces GB/T 19713-2005 "Information Technology Security Technology Public Key Infrastructure Online Certificate Status Protocol" and Compared with GB/T 19713-2005, in addition to structural adjustments and editorial changes, the main technical changes are as follows. a) Change "This standard applies to all types of applications and computing environments based on public key infrastructure" to "This document applies to public The construction of key infrastructure and security applications based on online certificate status protocol (see Chapter 1, Chapter 1 of the.2005 edition); b) Added a diagram of the relationship between the parties in the OCSP protocol in the “General Principles” (see 5.1, 5.1 of the.2005 version); c) Changed “hash signature of the response” to “digital signature of the response” [see 5.3b), 5.3f of the.2005 edition)]; d) Changed the scope of the revoked status to allow the use of this response status for certificates that have never been issued [see 5.3 d), 5.3 of the.2005 edition]; e) Added response requirements for unissued certificate status requests [see 5.3e)]; f) Changed the scope of use of the unauthorized error response (see 5.4, 5.4 of the.2005 edition); g) Added the definition of revocationTime semantics (see 5.5); h) Added support for SM2 and SM3 algorithms (see 7.1 and 7.2); i) Added Signature, Extensions, CertificateSerialNumber, SubjectPublicK in OCSPASN.1 syntax Definition of eyInfo, Name, AlgorithmIdentifier and CRLReason structures (see 7.1); j) Added annotations on lightweight OCSP request syntax (see 7.2.2); k) Added the time requirement for the lightweight OCSP protocol (see 7.3.2.1); l) Changed "The locally configured OCSP signing authority contains a certificate that matches the certificate to be verified" to "This The locally configured OCSP responder certificate matches the OCSP responder certificate" (see 7.3.2.2.2, 7.3.2.2 of the.2005 Edition); m) Added the revocation status check method for authorized responders in lightweight OCSP environment [see 7.3.2.2.3d)]; n) Added "7.3.2.3 Basic Response" and clarified that the ResponderID field corresponds to the OCSP responder signing certificate (see 7.3.2.3); o) Added requirements for the OCSPResponse structure in lightweight OCSP responses [see 7.3.2.3e)]; p) Added "7.3.2.2.4 Certificate Status Release" to describe the standards that OCSP responders should follow to obtain certificate status (see 7.3.2.2.4); q) Deleted the mandatory cryptographic algorithms and optional cryptographic algorithms (see 7.4 of the.2005 edition); r) The ASN.1 syntax of Nonce has been changed and the length range of Nonce has been specified (see 7.4.2, 7.5.1 of the.2005 version); s) The standards that CRL entry extensions should follow have been changed (see 7.4.6, 7.5.5 of the.2005 edition); t) Added a "Preferred Signature Algorithm" extension that can be included in a request message to specify the signature algorithm that the requester wants the responder to use. The signature algorithm used is SM3WithSM2 (see 7.4.8). u) Added the "Extended Revocation Definitions" extension, which indicates that the responder supports the "revoked Extended use of the "(revoked)" response (see 7.4.9); v) Changed the ASN.1 module using the ASN.1.2008 syntax to add support for the use of SM2 and SM3 algorithms (see Appendix A, Appendix B of the.2005 edition); Added the syntax specification of lightweight OCSPASN.1, and added support for the use of SM2 and SM3 algorithms Method (see Appendix A); w) Added lightweight OCSP request and response structure (see Appendix B.2); x) Changed “Safety Considerations” in the main text to Appendix D, and supplemented and improved the content (see Appendix D, Chapter 8 of the.2005 edition). Please note that some of the contents of this document may involve patents. The issuing organization of this document does not assume the responsibility for identifying patents. This document was proposed and coordinated by the National Cybersecurity Standardization Technical Committee (SAC/TC260). This document was drafted by. Puhua Integrity Information Technology Co., Ltd., Shanghai Information Security Infrastructure Research Center Co., Ltd., Shanghai Digital Certificate Authority Co., Ltd., Beijing Digital Certification Co., Ltd., Zhengzhou Xindajiean Information Technology Co., Ltd. Shenzhen E-commerce Security Certificate Management Co., Ltd., China Electronics Technology Network Security Technology Co., Ltd., Henan Golden Shield Information Security Testing and Evaluation Co., Ltd. Evaluation Center Co., Ltd., National Cryptography Administration Commercial Cryptography Testing Center, Geer Software Co., Ltd., 360 Digital Security Technology Group Group Co., Ltd., Digital Security Era Technology Co., Ltd., and Huawei Technologies Co., Ltd. The main drafters of this document are. Liang Zuoquan, Gu Qing, Tian Wenjin, Wang Yahong, Feng Sifeng, Gao Wuxing, Zhang Ziming, Fu Lili, Wang Zhiwei, Huang Chenghang, Zhao Yanhong, Shi Shaobo, Chen Luoqi, Zhao Yingxia, Zhang Yongqiang, Liu Weihua, Zheng Huitao, Yue Xiaoyang, Liang Hong, Zhang Shaobo, Zheng Qiang, Zhang Zhilei, Du Zhiqiang, Zeng Guang. The previous versions of this document and the documents it replaces are as follows. ---First published in.2005 as GB/T 19713-2005; ---This is the first revision. Cybersecurity Technology Public Key Infrastructure Online Certificate Status Protocol

1 Scope

This document provides a mechanism for querying the status of digital certificates without requesting a Certificate Revocation List (CRL), namely, Online Certificate Status Protocol, including the protocol content and syntax specifications of the Online Certificate Status Protocol. This document is applicable to the construction of public key infrastructure and security applications based on the online certificate status protocol.

2 Normative references

The contents of the following documents constitute essential clauses of this document through normative references in this document. For referenced documents without a date, only the version corresponding to that date applies to this document; for referenced documents without a date, the latest version (including all amendments) applies to This document. GB/T 16263.1 Information technology ASN.1 encoding rules Part 1.Basic encoding rules (BER), regular encoding rules (CER) and non-typical encoding rules (DER) specifications GB/T 19714-2005 Information technology security technology Public key infrastructure certificate management protocol GB/T 20518-2018 Information security technology public key infrastructure digital certificate format GB/T 25069 Information security technical terms GB/T 32915 Information security technology - Binary sequence randomness detection method GB/T 33560-2017 Information security technology cryptographic application identification specification GB/T 35276-2017 Information security technology SM2 cryptographic algorithm usage specification

3 Terms and definitions

The terms and definitions defined in GB/T 25069 and the following apply to this document. 3.1 Requester The entity or device that applies for the online certificate status query service. 3.2 responder An entity or device that provides online certificate status query services. 3.3 Online Certificate Status Protocol onlinecertificatestatusprotocol; OCSP A protocol for querying the status of digital certificates without requesting a Certificate Revocation List (CRL).

4 Abbreviations

The following abbreviations apply to this document. CA. Certification Authority