Powered by Google www.ChineseStandard.net Database: 189759 (21 Apr 2024)

GM/T 0020-2012 (GMT0020-2012)

GM/T 0020-2012_English: PDF (GMT 0020-2012, GMT0020-2012)
Standard IDContents [version]USDSTEP2[PDF] delivered inStandard Title (Description)StatusPDF
GM/T 0020-2012English350 Add to Cart 0--9 seconds. Auto-delivery Certificate application integrated service interface specification Valid GM/T 0020-2012

Standard ID GM/T 0020-2012 (GM/T0020-2012)
Description (Translated English) Certificate application integrated service interface specification
Sector / Industry Chinese Industry Standard (Recommended)
Classification of Chinese Standard L80
Word Count Estimation 37,369
Date of Issue 2012/11/22
Date of Implementation 2012/11/22

Standards related to: GM/T 0020-2012

GM/T 0020-2012
ICS 35.040
L 80
File No.. 38318-2013
Certificate application integrated
service interface specification
Issued by. State Cryptography Administration
Table of Contents
Foreword ... 3 
Introduction .. 4 
1 Scope .. 5 
2 Normative references ... 5 
3 Terms and definitions ... 5 
4 Abbreviation ... 6 
5 Algorithm identifier and data structure ... 6 
6 Overview of certificate application integrated service interface ... 7 
7 Definition of function of certificate application integrated service interface . 8 
Annex A (normative) Error code definition of integrated service interface of
certificate application .. 35 
Annex B (informative) Typical deployment model of integrated service interface
of certificate application ... 38 
Annex C (informative) Integrated example of integrated service interface of
certificate application .. 40 
Bibliography ... 43 
This Standard was drafted in accordance with the rules given in GB/T 1.1-2009.
Attention is drawn to the possibility that some of the elements of this Standard
may be the subject of patent rights. The issuing authority shall not be held
responsible for identifying any or all such patent rights.
This Standard was proposed by and shall be under the jurisdiction of State
Cryptography Administration.
Annex A of this Standard is normative. Annex B and Annex C are informative.
The drafting organizations of this Standard. Beijing Digital Certification Co., Ltd.,
Shanghai Geer Software Co., Ltd., Beijing Haitai radius Technology Co., Ltd.,
Shanghai Digital Certificate Certification Center Co., Ltd., Wuxi Jiangnan
Information Security Engineering Technology Center, Chengdu Wei Shi Tong
Information Industry Co., Ltd., Changchun Ji Tai Yuan Information Technology
Co., Ltd., Xing Tang Communication Technology Co., Ltd., Shandong De'an
Information Technology Co., Ltd., National Information Security Engineering
Technology Research Center, National Cryptography Authority Commercial
Password Detection Center.
The drafters of this Standard. Liu Ping, Li Shusheng, Tan Wuzheng, Liu
Zengshou, Liu Cheng, Xu Qiang, Li Yuanzheng, Zhao Lili, Wang Nina, Kong
Fanyu, Yuan Feng, Li Zhiwei.
Any content related to cryptographic algorithm in this Standard shall be in
accordance with the relevant national laws and regulations.
Certificate application integrated
service interface specification
1 Scope
This Standard specifies a unified service interface for certificate application.
This Standard is applicable to the development of cryptographic application
service products under public key cryptographic application technology system,
to the research and testing of cryptographic application support platform. It can
also be used to guide the direct use of cryptographic device and the integration
and development of application system of cryptographic service.
2 Normative references
The following referenced documents are indispensable for the application of
this document. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any
amendments) applies.
GM/T 0006, Cryptographic Application Identifier Criterion Specification
GM/T 0009, SM2 Cryptography Algorithm Application Specification
GM/T 0010, SM2 Cryptography Message Syntax Specification
GM/T 0015, Digital Certificate Format Based on SM2 Algorithm
GM/T 0019, Universal Cryptography Service Interface Specification
PKCS #7, Cryptographic Message Syntax
RFC3275, (Extensible Markup Language) XML-Signature Syntax and
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1 digital certificate
a digital document of certification authority digital signature containing public
Data type A. when the public key algorithm is RSA, the structure of the data
shall follow PKCS #1; when the public key algorithm is SM2, the structure of
the data shall follow GM/T 0009.
Data type B. when the public key algorithm is RSA, the structure of the data
shall follow PKCS #7; when the public key algorithm is SM2, the structure of
the data shall follow GM/T 0010.
6 Overview of certificate application integrated
service interface
6.1 Overview
The certificate application integrated service interface is located between the
application system and the typical cryptographic service interface. It directly
provides the certificate information analysis, the confidentiality, integrity, non-
repudiation and other advanced cryptographic services based on digital
certificate identity and information to the application layer. The interface can be
directly used for system calls, turning the application's cryptographic service
request to the common cryptographic service interface, which calls
corresponding cryptographic device, through the cryptographic service
interface, to realize specific cryptographic operation and key operation. The
common cryptographic service interface shall follow GM/T 0019.
The certificate application integrated service interface specified in this
Specification includes two types. client service interface and server service
interface. The server service interface uses descriptions of COM component
form and Java form. The digital certificate format involved in this document shall
follow GM/T 0015.
6.2 Client service interface
The client service interface defined in this Specification uses client control
method. The client control is applicable to client program calls. The interface
forms include DLL dynamic library, ActiveX control, Applet plugin, etc. The
interface shall support the mainstream operating systems used by Windows XP,
Windows 2000, Windows 2003, Vista, Windows 7.
The main functions of the client control interface shall include configuration
management, certificate resolution, signature and authentication, encryption
and decryption, digital envelop, XML data signature and authentication.
When defining the client service interface, this Specification takes ActiveX
control as an example for description, of which BSTR represents the function
return value or parameter type is OLECHAR string type. Different development
m) obtain certificate extension information. SOF_GetCertlnfoByOid
n) obtain device information. SOF_GetDevicelnfo
o) validate certificate validity. SOF_ValidateCert
p) digital signature. SOF_SignData
q) validate signature. SOF_VerifySignedData
r) file signature. SOF_SignFile
s) validate file signature. SOF_VerifySignedFile
t) encrypt data. SOF_EncryptData
u) decrypt data. SOF_DecryptData
v) file encryption. SOF_EncryptFile
w) file decryption. SOF_DecryptFile
x) message signature. SOF_SignMessage
y) validate message signature. SOF_VerifySignedMessage
z) parse message signature. SOF_GetlnfoFromSignedMessage
aa) XML digital signature. SOF_SignDataXML
bb) validate XML digital signature. SOF_VerifySignedDataXML
cc) parse XML signature data. SOF_GetXMLSignaturelnfo
dd) generate random number. SOF_GenRandom
ee) obtain latest error code. SOF_GetLastError()
Take ActiveX control form as an example to define the interface function.
7.1.2 Obtain interface version number. SOF_GetVersion
Prototype. BSTR SOF_GetVersion()
Description. Obtaining the version number of the control
Parameter. Null
Return value. Not void Successful
Void Failed
7.1.3 Set signature algorithm. SOF_SetSignMethod
Prototype. long SOF_SetSignMethod (long SignMethod)
The definitions of COM component interface functions are as follows.
a) Set certificate trust list. SOF_SetCertTrustList
b) Inquire alternative name of certificate trust list.
c) Inquire certificate trust list. SOF_GetCertTrustList
d) Delete certificate trust list. SOF_DelCertTrustList
e) Initialize application policy. SOF_InitCertAppPolicy
f) Set signature algorithm. SOF_SetSignMethod
g) Obtain current signature algorithm. SOF_GetSignMethod
h) Set encryption algorithm. SOF_SetEncryptMethod
i) Obtain encryption algorithm. SOF_GetEncryptMethod
j) Obtain server certificate. SOF_GetServerCertificate
k) Generate random number. SOF_GenRandom
l) Obtain certificate information. SOF_GetCertInfo
m) Obtain certificate extension information. SOF_GetCertInforByOid
n) Validate certificate validity. SOF_ValidateCert
o) Digital signature. SOF_SignData
p) Validate signature. SOF_VerifySignedData
q) File signature. SOF_SignFile
r) Validate file signature. SOF_VerifySignedFile
s) Encrypt data. SOF_EncryptData
t) Decrypt data. SOF_DecryptData
u) File encryption. SOF_EncryptFile
v) File decryption. SOF_DecryptFile
w) Mess...