HOME   Cart(0)   Quotation   About-Us Tax PDFs Standard-List Powered by Google www.ChineseStandard.net Database: 189760 (8 Feb 2025)

GM/T 0022-2023 English PDF (GMT0022-2014)

GM/T 0022-2023_English: PDF (GM/T0022-2023)
Standard IDContents [version]USDSTEP2[PDF] delivered inStandard Title (Description)StatusPDF
GM/T 0022-2023English1189 Add to Cart 7 days [Need to translate] (IPSec VPN technical specifications) Valid GM/T 0022-2023
GM/T 0022-2014English180 Add to Cart 0--9 seconds. Auto-delivery IPSec VPN specification Obsolete GM/T 0022-2014


BASIC DATA
Standard ID GM/T 0022-2023 (GM/T0022-2023)
Description (Translated English) (IPSec VPN technical specifications)
Sector / Industry Chinese Industry Standard (Recommended)
Word Count Estimation 54,567
Date of Issue 2023-12-04
Date of Implementation 2024-06-01

BASIC DATA
Standard ID GM/T 0022-2014 (GM/T0022-2014)
Description (Translated English) IPSec VPN specification
Sector / Industry Chinese Industry Standard (Recommended)
Classification of Chinese Standard L80
Classification of International Standard 35.040
Word Count Estimation 52,592
Date of Issue 2014/2/13
Date of Implementation 2014/2/13
Quoted Standard GM/T 0005; GM/T 0009; GM/T 0014; GM/T 0015; RFC 3984
Drafting Organization Wuxi Jiangnan Information Security Engineering Center
Administrative Organization Password Industry Standardization Technical Committee
Regulation (derived from) The industry standard for the record Notice 2014 No. 4 (No. 172 overall)
Summary This standard specifies the protocol IPSec VPN technology, product management and testing can be used for research, inspection side, use and management guidance IPSec VPN products.


GM/T 0022-2014 GM CRYPTOGRAPHIC INDUSTRY STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.040 L 80 Registration number. 44623-2014 IPSec VPN specification ISSUED ON. FEBRUARY 13, 2014 IMPLEMENTED ON. FEBRUARY 13, 2014 Issued by. State Cryptography Administration Table of Contents Foreword ... 3  1 Scope ... 4  2 Normative references ... 4  3 Terms, definitions and abbreviations ... 4  3.1 Terms and definitions ... 4  3.2 Abbreviations ... 8  4 Cryptographic algorithm and key type ... 9  4.1 Cryptographic algorithm ... 9  4.2 Key types ... 10  5 Protocol ... 10  5.1 Key exchange protocol ... 10  5.2 Security message protocol ... 41  6 IPSec VPN product requirements ... 53  6.1 Product functional requirements ... 53  6.2 Product performance parameters ... 55  6.3 Safety management requirements ... 56  7 IPSec VPN product detection ... 59  7.1 Product function detection ... 59  7.2 Product performance testing ... 61  7.3 Security management testing ... 61  8 Qualification judgment ... 63  Appendix A (Informative) IPSec VPN overview ... 64  References ... 71  Foreword This standard was drafted in accordance with the rules given in GB/T 1.1-2009. Please note that some of the contents of this document may involve patents. The issuer of this document does not assume responsibility for the identification of these patents. This standard was proposed by AND shall be under the jurisdiction of the Cryptographic Industry Standardization Technical Committee. The drafting organizations of this standard. Wuxi Jiangnan Information Security Engineering Technology Center, Huawei Technologies Co., Ltd., Shenzhen OLYM Technology Co., Ltd., Shenzhen Shenxinfu Electronic Technology Co., Ltd., Shandong De’an Information Technology Co., Ltd., Beijing Digital Certification Co., Ltd., Shanghai Koal Software Co., Ltd., Wuhan Erjiang Aerospace Network Communication Co., Ltd., Xia’an Jiaotong University JUMP Network Technology Co., Ltd., Beijing Tianrongxin Network Security Technology Co., Ltd., Maipu Communication Technology Co., Ltd., National Cryptography Authority Commercial Cryptography Testing Center, Hangzhou Yirui Electronics Co., Ltd. The main drafters of this standard. Liu Ping, Zhu Zhiqiang, Dong Hao, Lei Jian, Liu Jianfeng, Li Xiaojing, Qiu Gang, Xiang Ming, Kong Fanyu, Li Shusheng, Tan Wuzhong, Wang Zhen, Zhang Yong, Pan Limin, Fan Hengying, Luo Peng, Li Yuchuan. IPSec VPN specification 1 Scope This standard specifies the technical protocols, product management and testing of IPSec VPN, AND this standard can be used to guide the R&D, detection, use, and management of IPSec VPN products. 2 Normative references The following documents are essential to the application of this document. For the dated documents, only the versions with the dates indicated are applicable to this document; for the undated documents, only the latest version (including all the amendments) are applicable to this standard. GM/T 0005 Randomness test specification GM/T 0009 SM2 cryptography algorithm application specification GM/T 0014 Protocol specification for authentication system password of digital certificate GM/T 0015 Digital certificate format based on SM2 algorithm RFC 3948 UDP Encapsulation of IPSec ESP Packets January 2005 3 Terms, definitions and abbreviations 3.1 Terms and definitions The following terms and definitions apply to this document. 3.1.1 Cryptographic algorithm It refers to the operational rules to describe the cryptographic processing. 3.1.2 Cryptographic hash algorithm It is also known as hash algorithm, cryptographic hashing algorithm or Hash algorithm. The algorithm maps an arbitrary long bit string to a fixed long bit string AND it satisfies the following three characteristics. a) It is computationally difficult to find an input that can be mapped to the output for a given output; b) It is computationally difficult to find another input that can be mapped to the same output for a given input; c) It is computationally difficult to find that different inputs are mapped to the same output. 3.1.3 Asymmetric cryptographic algorithm/public key cryptography algorithm It refers to the cryptographic algorithms in which the encryption and decryption use different keys, wherein one key (public key) may be revealed to the public BUT the other key (private key) must be kept confidential. AND it is computationally impossible to calculate the private key based on the public key. 3.1.4 Symmetric cryptographic algorithm It refers to the cryptographic algorithms in which the encryption and decryption use same keys. 3.1.5 Block cipher algorithm It refers to a type of symmetric cipher algorithm which divides the input data into fixed-length blocks for encryption and decryption. 3.1.6 Cipher block chaining operation mode, CBC It refers to a working mode of the block cipher algorithm, which is characterized in that the current plaintext block is XORed with the previous ciphertext block AND then encrypted to obtain the current ciphertext block. CBC. (Block Cipher’s) Cipher Block Chaining (Working Method) ESP. Encapsulating Security Payload HMAC. Keyed-Hash Message Authentication Code IPSec. Internet Protocol Security ISAKMP. Internet Security Association and Key Management Protocol IV. Initialization Vector NAT. Network Address Translation SA. Security Association VPN. Virtual Private Network 4 Cryptographic algorithm and key type 4.1 Cryptographic algorithm IPSec VPN uses the asymmetric cryptographic algorithms, symmetric cryptographic algorithms, cryptographic hash algorithms, and random number generation algorithms as approved by the national cryptographic management authority. Algorithm and the method of use are as follows. - The asymmetric cryptographic algorithm uses the SM2 elliptic curve cryptographic algorithm AND it also supports the 2048-bit and above RSA algorithms, which is used for the entity verification, digital signatures, and digital envelopes, etc. - The symmetric cipher algorithm uses the SM1 or SM4 block cipher algorithm, which is used for encryption protection of key exchange data and encryption protection of message data. The algorithm works in the CBC mode. - The cryptographic hash algorithm uses the SM3 or SHA-1 cryptographic hash algorithm, which is used for integrity verification. - The random numbers as generated by the random number generation algorithm shall be able to pass the detection as specified in GM/T 0005. PRF (key, msg). USE the key to perform the data digest operation on the message msg. 5.1.1 Exchange phases and modes 5.1.1.1 Exchange phase The key exchange phase includes phase I and phase II. In the phase I of the exchange, the communication parties establish an ISAKMP SA, which is a shared policy and key used by both parties to protect the communication between them. This SA is used to protect the IPSec SA negotiation process. An ISAKMP SA can be used to establish multiple IPSec SAs. In the phase II of the exchange, the communication parties use the ISAKMP SA in phase I to establish the IPSec SA through negotiation; AND the IPSec SA is the shared policy and key used to protect the data communication between them. 5.1.1.2 Exchange mode This standard specifies two exchange modes, namely, master mode and fast mode. The master mode is used for the phase I exchange to achieve the identity authentication and key exchange of both parties of the communication AND obtain the work key, which is used to protect the negotiation process of the phase II. Fast mode is used for the phase II exchange, to achieve the IPSec SA negotiation between the both parties of communication, AND determine the IPSec security policy and session key between the both parties of communication. 5... ......

Similar standards: GM/T 0022-2014  GM/T 0014-2023  GM/T 0015-2023  
Similar PDFs (Auto-delivered in 9 seconds): GM/T 0022-2014