Powered by Google www.ChineseStandard.net Database: 189760 (20 Apr 2024)

GM/T 0017-2012 (GMT0017-2012)

GM/T 0017-2012_English: PDF (GMT 0017-2012, GMT0017-2012)
Standard IDContents [version]USDSTEP2[PDF] delivered inStandard Title (Description)StatusPDF
GM/T 0017-2012English630 Add to Cart 0--9 seconds. Auto-delivery Smart token cryptography application interface data format specification Valid GM/T 0017-2012

Standard ID GM/T 0017-2012 (GM/T0017-2012)
Description (Translated English) Smart token cryptography application interface data format specification
Sector / Industry Chinese Industry Standard (Recommended)
Classification of Chinese Standard L80
Word Count Estimation 155,136
Date of Issue 2012/11/22
Date of Implementation 2012/11/22

Standards related to: GM/T 0017-2012

GM/T 0017-2012
ICS 35.040
L 80
File No.. 38315-2013
Smart token cryptography application
interface data format specification
Issued by. State Cryptography Administration
Table of Contents
Foreword ... 4 
Introduction .. 5 
1 Scope .. 6 
2 Normative references ... 6 
3 Terms and definitions ... 6 
4 Abbreviations .. 9 
5 Mark .. 10 
6 Structural model ... 11 
7 APDU message structure ... 11 
7.1 Overview ... 11 
7.2 Command APDU .. 12 
7.3 Command body encoding conventions ... 13 
7.4 Response APDU ... 15 
8 Coding conversion of command header, data fields, and response status
words ... 15 
8.1 Overview ... 15 
8.2 CLA (class) bytes .. 16 
8.3 INS (instruction) byte .. 16 
8.4 Parameter bytes ... 18 
8.5 Data field bytes .. 18 
8.6 Status byte ... 19 
9 APDU instruction ... 21 
9.1 Device management instructions ... 21 
9.2 Access control instructions ... 26 
9.3 Application management instructions .. 34 
9.4 File management instructions ... 40 
9.5 Container management instructions ... 47 
9.6 Cryptography service instructions ... 56 
10 Device protocol .. 108 
10.1 Overview .. 108 
10.2 Device identification mechanism ... 108 
10.3 CCID protocol ... 108 
10.4 USB Mass Storage protocol extension .. 108 
10.5 HID protocol extension ... 112 
Appendix A (Normative) Device return code definition and description .. 119 
Appendix B (Normative) Security message calculation descriptions ... 121 
Appendix C (Informative) Programming paradigm ... 123 
This Standard was drafted in accordance with the rules given in GB/T 1.1-2009.
Attention is drawn to the possibility that some of the elements of this Standard
may be the subject of patent rights. The issuing authority shall not be held
responsible for identifying any or all such patent rights.
Appendix A and Appendix B of this standard are normative, Appendix C is
This Standard was proposed by and shall be under the jurisdiction of Code
Industry Standardization Technical Committee.
Main drafting organizations of this Standard. Beijing Jiangnan Tian’an
Technology Co., Ltd., Beijing Woqi Smart Technology Co., Ltd., Beijing Feitian
Integrity Technology Co., Ltd., Beijing Tiandirong Technology Co., Ltd., Hublot
Co., Ltd., Beijing Digital Certificate Authentication Center Ltd., Beijing Tianwei
Integrity E-commerce Services Ltd., Beijing Guofuan E-commerce Security
Authentication Co., Ltd.
Participating drafting organizations of this Standard. Beijing Haitai Fangyuan
Technology Co., Ltd., Beijing Huada Zhibao Electronic Systems Co., Ltd.,
Beijing Daming Wuzhou Technology Co., Ltd., Banknote Credit Card Industry
Development Co., Ltd., Beijing Huahong IC Design Co., Ltd., Beijing Xuanji
Information Technology Co., Ltd., Beijing Chuangyuan Tiandi Technology Co.,
Ltd., China Railway Xin’an (Beijing) Information Security Technology Co., Ltd.,
Beijing Tiancheng Shengye Technology Co., Ltd., Oriental Port Technology Co.,
Ltd., Geer Century Smart Card Technology Co., Ltd., Beijing Yongxin Shibo
Digital TV Technology Co., Ltd., Jida Zhengyuan Information Technology Co.,
Ltd., Shenzhen Wendingchuang Data Technology Co., Ltd., Wuhan Tianyu
Information Industry Co., Ltd.
The main drafters of this standard. Liu Ping, Wang Yanping, Li Shaoxiong, Liu
Bo, Li Qing, Deng Xiaosi, Wang Xuelin, Li Guo, Hu Yanfen, Zhu Pengfei, Zhao
Liming, Feng Chengyong, Zhang Haisong, Fu Wei.
Smart token cryptography application
interface data format specification
1 Scope
This standard specifies the PKI cryptographic system-based smart token
application interface data format, provides the interface-related data types,
format, definition and description of parameters, security requirements.
This standard applies to the development, use and testing of smart token
2 Normative references
The following documents are essential to the application of this document. For
the dated documents, only the versions with the dates indicated are applicable
to this document; for the undated documents, only the latest version (including
all the amendments) are applicable to this standard.
GM/T 0005 Randomness test specification
GM/T 0006 Cryptographic application identifier criterion specification
GM/T 0009 SM2 Cryptography Algorithm Application Specification
GM/T 0016-2012 Smart token cryptography application interface
ISO 7816-4 Identification cards - Integrated circuit cards with contacts - Part
4. Organization, security and exchange of commands
PKCS # 1 - RSA Labs, RSA encryption standard, v2.1, 2002.7
Specification for Integrated Circuit Cards Interface Devices, Revision 1.1,
3 Terms and definitions
The following terms and definitions apply to this document.
A structure containing containers, device authentication key and file, with
independent permission management.
The unique storage space in the cryptographic device divided for the storage
of key.
Device authentication
Authentication of the application by the smart token.
Device authentication key
The key used for device authentication.
Device label
Another name of device, which can be set by the user and stored inside the
SM1 algorithm
A group encryption algorithm, with a group length of 128 bits and a key length
of 128 bits.
SM2 algorithm
An elliptic curve cryptography algorithm, with a key length of 256 bits.
SM3 algorithm
communication with the smart card through the interface complying with 7816
standard protocol;
UMS. USB Mass Storage, commonly used for peripherals such as U-disc and
mobile hard disc;
APDU. Application Protocol Data Unit
CLA. Class Type of APDU;
INS. Instruction byte of Command Message of APDU;
P1. Parameter 1 in APDU Command Head;
P2. Parameter 2 in APDU Command Head;
Lc. Message data field length of APDU command;
Le. Expected return data of APDU command;
SW1. Returned Status Word One of APDU command;
SW2. Returned Status Word Two of APDU command;
RFU. Reserved for Future Use.
5 Mark
The following notation applies to this document.
“0” to “9” and “A” to “F” indicate the hexadecimal number;
(B1) represents the value of the byte (B1);
B1 II B2 represent the concatenation of byte B1 (most significant byte) and B2
(least significant byte);
(B1 II B2) represents the concatenation of byte B1 and B2;
0x000 ~ 0x0F represent hexadecimal number;
XX represents a 1-byte hexadecimal number;
XXXX represents a 2-byte hexadecimal number;
XX...XX represents a 2-byte hexadecimal number;
# represents number. Definition and scope
The DecryptUpdate command is used to decrypt multiple groups of data. Precautions
The Decryptlnit command needs to be downloaded before downloading the
DecryptUpdate command. If the Decrypt command or DecryptFinal command
of the same key has been downloaded after downloading the Decryptlnit
command, it requires to re-download the DecryptInit command.
The length of the data to be decrypted must be an integral multiple of the group
length, the device does not perform bit padding operation for the group data. Command message
See Table 164.
Table 164 -- DecryptUpdate command message encoding
Code Length, byte Value, Hex Descriptions
CLA 1 80 -
INS 1 B0 -
P1 1 00 -
P2 1 00 -
Lc 3 00XXXX Data field length
DATA Lc XXXXXX Application ID (2 bytes) + container ID (2 bytes) + key ID (2 bytes) + group data to be decrypted
Le 2 XXXX Data length expected to be sent bank. 0 indicates sending back the data of actual length Command message data field
Command message data field consists of application ID, container ID, key ID
and group data to be decrypted. Response message data field
The response message data field is the decrypted data of the expected length. Response message status code
The status codes that the smart token may send back are shown in Table 165.
Table 165 -- EncryptUpdate command response status code
SW1 SW2 Meanings
90 00 Executed correctly
6A 8D Cited symmetric key not existed
67 00 Lc error
90 00 Executed correctly
6A 8D Data error
67 00 Lc error
69 85 Usage conditions not satisfied
6A 88 Cited application not existed
6A 94 Cited container not existed
6A 8C Cited symmetric key not existed
9.6.30 DigestInit (cryptographic hash initialization) Definitions and scope
DigestInit is used to initialize the cryptographic hashing operation, and to
specify the algorithm to calculating the cryptographic hash. Precautions
This command can be executed at any time...