Powered by Google-Search & Google-Books www.ChineseStandard.net Database: 169759 (Feb 21, 2021)
HOME   Quotation   Tax   Examples Standard-List   Contact-Us   View-Cart

GM/T 0015-2012

Chinese Standard: 'GM/T 0015-2012'
Standard IDContents [version]USDSTEP2[PDF] delivered inStandard Title (Description)StatusRelated Standard
GM/T 0015-2012English480 Add to Cart 0--10 minutes. Auto immediate delivery. Digital certificate format based on SM2 algorithm Valid GM/T 0015-2012
GM/T 0015-2012Chinese49 Add to Cart <=1-day [PDF from Chinese Authority, or Standard Committee, or Publishing House]  

  In 0~10 minutes time, full copy of this English-PDF will be auto-immediately delivered to your email. See samples for translation quality.  

Standard ID GM/T 0015-2012 (GM/T0015-2012)
Description (Translated English) Digital certificate format based on SM2 algorithm
Sector / Industry Chinese Industry Standard (Recommended)
Classification of Chinese Standard L80
Word Count Estimation 64,610
Date of Issue 2012/11/22
Date of Implementation 2012/11/22

GM/T 0015-2012
ICS 35.040
L 80
File No.. 38313-2013
Digital certificate format based on SM2 algorithm
基于 SM2密码算法的数字证书格式规范
Issued by. State Cryptography Administration
Table of Contents
Foreword ... 3 
1 Scope .. 4 
2 Normative references ... 4 
3 Terms and definitions ... 4 
4 Abbreviations .. 5 
5 Digital certificate and CRL .. 5 
5.1 General .. 5 
5.2 Digital certificate format ... 6 
5.3 CRL format ... 35 
Annex A (Normative) Certificate structure .. 42 
A.1 Certificate composition (SEE Table A.1) ... 42 
A.2 Basic certificate domain (SEE Table A.2) ... 42 
A.3 Standard extension domain (SEE Table A.3) ... 42 
Annex B (Normative) Structural examples of the certificates .. 45 
B.1 Structural example of the user certificate (SEE Table B.1) ... 45 
B.2 Structural example of the server certificate (SEE Table B.2) ... 45 
Annex C (Normative) Certificate content tables .. 47 
C.1 -- Self-signed CA certificate content table (SEE Table C.1) ... 48 
C.2 Subordinate CA certificate content table (SEE Table C.2) ... 50 
C.3 Entity signature certificate content table (SEE Table C.3) ... 54 
C.4 Entity encryption certificate content table (SEE Table C.4) .. 58 
C.5 Certificate revocation list content table (SEE Table C.5) ... 62 
Annex D (Informative) Examples of digital certificate encoding ... 66 
D.1 RSA digital certificate encoding ... 66 
D.2 SM2 digital certificate encoding ... 70 
This Standard was drafted in accordance with the rules given in GB/T 1.1-2009.
Attention is drawn to the possibility that some of the elements of this document
may be the subject of patent rights. The issuing authority shall not be held
responsible for identifying any or all such patent rights.
In this Standard, Annex A, Annex B and Annex C are normative; Annex D is
This Standard was proposed by and shall be under the jurisdiction of State
Cryptography Administration.
Drafting organizations of this Standard. Shanghai Koal Software Co., Ltd,
Beijing Certificate Authority, Beijing Haitai Fangyuan Technologies Co., Ltd,
Wuxi Jiangnan Information Security Engineering Technology Center, Shanghai
Electronic Certificate Authority Center Co., Ltd, Changchun Jida Zhengyuan
Information Technology Co., Ltd, Chengdu Westone Information Industry Inc.,
Xingtang Telecommunications Technology Co., Ltd, Beijing HuaDa ZhiBao
Electronic System Co., Ltd, Shandong DEAN Information Technology Co., Ltd,
National Information Security Engineering Center, Commercial Cryptography
Testing Center of State Cryptography Administration.
Drafters of this Standard. Liu Ping, Tan Wuzheng, Li Shusheng, Liu Zengshou,
Xu Qiang, Liu Cheng, Zhao Lili, Li Yuanzheng, Wang Nina, Chen Yue, Kong
Fanyu, Yuan Feng, Li Zhiwei.
The cryptographic algorithm involved in this Standard shall be used in
accordance with the requirements of national cryptography authority.
Digital certificate format based on SM2 algorithm
1 Scope
This Standard specifies the basic structures of the digital certificate and
certificate revocation list AND describes the content of each data entry in the
digital certificate and certificate revocation list.
This Standard is applicable to the research and development of digital
certificate authentication system, operation of the digital certification authority,
and security application based on digital certificate.
2 Normative references
The following documents are essential to the application of this document. For
dated references, only the editions with the dates indicated are applicable to
this document. For undated references, only the latest editions (including all the
amendments) are applicable to this document.
GB/T 16264.8 Information technology - Open systems interconnection - The
directory - Part 8. Public-key and attribute certificate frameworks
GM/T 0006 Cryptographic application identifier criterion specification
GM/T 0009 SM2 cryptography algorithm application specification
GM/T 0010 SM2 cryptography message syntax specification
PKCS #7 Cryptographic message syntax standard
RFC 5280 Internet X.509 Public key infrastructure certificate and certificate
revocation list (CRL) profile
3 Terms and definitions
The following terms and definitions are applicable to this document.
3.1 Digital certificate
A credible digital file that is digitally signed by a state-recognized third-party
certification authority (CA) with authority, credibility and impartiality.
3.2 Certificate revocation list; CRL
A list file that is issued by CA for the revoked certificate.
3.3 CA certificate
A certificate that is issued to the digital certification authority.
3.4 Entity certificate
The end entity, also known as the user certificate, is the personal certificate,
authority certificate, device certificate, etc. issued by the digital certification
4 Abbreviations
The following abbreviations are applicable to this document.
CA. Certification Authority
CRL. Certificate Revocation List
DIT. Directory Information Tree
OID. Object IDentifier
PKI. Public Key Infrastructure
5 Digital certificate and CRL
5.1 General
The digital certificate has the following characteristics.
— Any user who is able to obtain and use the public key of the certification
authority may recover the public key certified by the certification authority.
— Except for the certification authority, no other authorities are able to change
the certificate. The certificate is unforgeable.
Since the certificate is unforgeable, it is able to publish the certificate by placing
it in a directory without the need of special protection in future.
NOTE. Despite of the use of a unique name in the DIT for explicit definition of CA, it does not mean that
there is any connection between the CA and the DIT.
The certification authority generates a user certificate by signing the information
set. The information set includes a distinguishable user name, a public key and
an optional unique identifier containing additional user information. The exact
2050. UTCTime
This entry is a standard ASN.1 type that is set up for international applications,
where only local time is not enough. UTCTime determines the year with two
low-order digits. Time is accurate to 1min or 1s. UTCTime contains Z (for Zulu,
or Greenwich Mean Time) or time difference.
In this entry, the UTCTime value must be expressed in Greenwich Mean Time
(Zulu), and must contain seconds, even if the second value is zero (that is, the
time format is YYMMDDHHMMSSZ). The system’s year field (YY) must be
interpreted as follows.
When YY is greater than or equal to 50, the year shall be interpreted as 19YY;
when YY is less than 50, the year shall be interpreted as 20YY. GeneralizedTime
This entry is a standard ASN.1 type that represents the variable precision of
time. The GeneralizedTime field is able to contain a time difference between
local time and Greenwich Mean Time.
In this entry, the GeneralizedTime value must be expressed in Greenwich Mean
Time and must contain seconds, even if the second value is zero (that is, the
time format is YYMMDDHHMMSSZ). The GeneralizedTime value must not
contain fractional seconds. Subject
This entry describes the entity that corresponds to the public key in the subject
public key entry. The subject name may appear in the subject entry and / or
subject alternative name extension (subjectAltName). If the subject is a CA, the
subject entry must be a non-null distinguished name that matches the content
of the issuer entry. If the subject naming information only appears in the subject
alternative name extension (for instance, the key is only bound to an email
address or URL), the subject name must be a null sequence, and the subject
Related standard: GM/T 0022-2014    GM/T 0023-2014
Related PDF sample: GM/T 0005-2012    GM/T 0006-2012