GB/T 35275-2026 Cybersecurity technology—SM2 cryptographic algorithm encryption and signature message format English, Anglais, Englisch, Inglés, えいご
This is a draft translation for reference among interesting stakeholders. The finalized translation (passing through draft translation, self-check, revision and verification) will be delivered upon being ordered.
ICS
CCS
National Standard of the People's Republic of China
GB/T 35275-2026
Cybersecurity technology - SM2 cryptographic algorithm encryption and signature message format
网络安全技术 SM2密码算法加密签名消息格式
Issue date: 2026-04-30 Implementation date: 2026-10-01
Issued by the General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China
the Standardization Administration of the People's Republic of China
Contents
Foreword
1 Scope
2 Normative References
3 Terms and Definitions
4 Abbreviations
5 Overview
6 Basic Type Definitions
7 Data Type
8 SignedData Type
9 EnvelopedData Type
10 DigestedData Type
11 EncryptedData Type
12 AuthEnvelopedData Type
13 KeyAgreementInfo Type
14 SignedAndEnvelopedData Type
Annex A (Informative) Example of Message Format
Annex B (Normative) SM2 Key Format
Cybersecurity technology — SM2 cryptographic algorithm encrypted signature message format
1 Scope
This document specifies the message format for the SM2 cryptographic algorithm in encrypted signatures.
This document applies to the encapsulation of operation results when using the SM2 cryptographic algorithm for encryption and signature operations.
2 Normative References
The following documents are essential for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition (including any amendments) applies.
GB/T 20518-2018 Information security technology — Public key infrastructure — Digital certificate format
GB/T 25069 Information security technology — Terminology
GB/T 32905 Information security technology — SM3 cryptographic hash algorithm
GB/T 32918 (all parts) Information security technology — SM2 elliptic curve public key cryptographic algorithm
GB/T 33560 Cybersecurity technology — Cryptographic application identifier
GB/T 35276 Information security technology — SM2 cryptographic algorithm usage specification
GB/T 36624-2018 Information technology — Security techniques — Authenticated encryption mechanisms
GM/Z 4001 Cryptography terminology
3 Terms and Definitions
The terms and definitions given in GB/T 25069 and GM/Z 4001 apply to this document.
4 Abbreviations
The following abbreviation applies to this document.
OID: Object Identity
5 Overview
The ContentInfo type is used to represent the general syntax structure for content exchange, defined as follows:
Where:
contentType indicates the type of the content;
content is optional, and its content type is indicated by contentType.
ContentInfo is used to define the identifiers for eight data types (Data, SignedData, EnvelopedData, SignedAndEnvelopedData, EncryptedData, KeyAgreementInfo, DigestedData and AuthEnvelopedData) involved in the encrypted signature using the SM2 cryptographic algorithm. Their object identifiers are shown in Table 1. Clause 6 of this document specifies the basic type definitions used for the above eight types.
6 Basic Type Definitions
6.1 CertificateRevocationLists
The CertificateRevocationLists type indicates a set of certificate revocation lists.
CertificateRevocationLists ∷= SET OF CertificateRevocationList
6.2 ContentEncryptionAlgorithmIdentifier
The ContentEncryptionAlgorithmIdentifier type indicates a data encryption algorithm. Its OID shall comply with the provisions of GB/T 33560.
ContentEncryptionAlgorithmIdentifier ∷= AlgorithmIdentifier
AlgorithmIdentifier shall comply with the provisions of 5.2.2 of GB/T 20518-2018.
6.3 DigestAlgorithmIdentifier
The DigestAlgorithmIdentifier type indicates a message digest algorithm. For this document, the algorithm is the SM3 cryptographic algorithm, which shall comply with the provisions of GB/T 32905, and its OID shall comply with the provisions of GB/T 33560.
DigestAlgorithmIdentifier ∷= AlgorithmIdentifier
6.4 SignatureAlgorithmIdentifier
The SignatureAlgorithmIdentifier type indicates a signature algorithm. For this document, the algorithm is the SM2 signature algorithm, which shall comply with the provisions of GB/T 32918 (all parts), and its OID shall comply with the provisions of GB/T 33560.
SignatureAlgorithmIdentifier ∷= AlgorithmIdentifier
6.5 Certificate
The Certificate type specifies a certificate conforming to the format of GB/T 20518-2018. It represents a set sufficient to contain a certificate chain from an identifiable “root” or “top level CA” to all signers.
Certificates ∷= SET OF Certificate
6.6 IssuerAndSerialNumber
The IssuerAndSerialNumber type indicates the identifiable name of a certificate issuer and the certificate serial number determined by the issuer, which can be used to identify a certificate and the entity and public key associated with that certificate.
CertificateSerialNumber shall comply with the provisions of 5.2.2 of GB/T 20518-2018.
6.7 KeyEncryptionAlgorithmIdentifier
The KeyEncryptionAlgorithmIdentifier type indicates the encryption algorithm used to encrypt the symmetric key.
KeyEncryptionAlgorithmIdentifier ∷= AlgorithmIdentifier
6.8 Version
The Version type indicates the syntax version number.
Version ∷= INTEGER
6.9 Attribute
The Attribute type indicates a specific type of information, with the structure defined as follows:
Where:
attrType is an OID indicating the type of content;
attrValues is a set of attribute values.
7 Data Type
The Data type is defined as follows:
Data ∷= OCTET STRING
Data represents an arbitrary byte string.
Standard
GB/T 35275-2026 Cybersecurity technology—SM2 cryptographic algorithm encryption and signature message format (English Version)
Standard No.
GB/T 35275-2026
Status
to be valid
Language
English
File Format
PDF
Word Count
21500 words
Price(USD)
645.0
Implemented on
2026-11-1
Delivery
via email in 1~8 business day
Detail of GB/T 35275-2026
Standard No.
GB/T 35275-2026
English Name
Cybersecurity technology—SM2 cryptographic algorithm encryption and signature message format
GB/T 35275-2026 Cybersecurity technology—SM2 cryptographic algorithm encryption and signature message format English, Anglais, Englisch, Inglés, えいご
This is a draft translation for reference among interesting stakeholders. The finalized translation (passing through draft translation, self-check, revision and verification) will be delivered upon being ordered.
ICS
CCS
National Standard of the People's Republic of China
GB/T 35275-2026
Cybersecurity technology - SM2 cryptographic algorithm encryption and signature message format
网络安全技术 SM2密码算法加密签名消息格式
Issue date: 2026-04-30 Implementation date: 2026-10-01
Issued by the General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China
the Standardization Administration of the People's Republic of China
Contents
Foreword
1 Scope
2 Normative References
3 Terms and Definitions
4 Abbreviations
5 Overview
6 Basic Type Definitions
7 Data Type
8 SignedData Type
9 EnvelopedData Type
10 DigestedData Type
11 EncryptedData Type
12 AuthEnvelopedData Type
13 KeyAgreementInfo Type
14 SignedAndEnvelopedData Type
Annex A (Informative) Example of Message Format
Annex B (Normative) SM2 Key Format
Cybersecurity technology — SM2 cryptographic algorithm encrypted signature message format
1 Scope
This document specifies the message format for the SM2 cryptographic algorithm in encrypted signatures.
This document applies to the encapsulation of operation results when using the SM2 cryptographic algorithm for encryption and signature operations.
2 Normative References
The following documents are essential for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition (including any amendments) applies.
GB/T 20518-2018 Information security technology — Public key infrastructure — Digital certificate format
GB/T 25069 Information security technology — Terminology
GB/T 32905 Information security technology — SM3 cryptographic hash algorithm
GB/T 32918 (all parts) Information security technology — SM2 elliptic curve public key cryptographic algorithm
GB/T 33560 Cybersecurity technology — Cryptographic application identifier
GB/T 35276 Information security technology — SM2 cryptographic algorithm usage specification
GB/T 36624-2018 Information technology — Security techniques — Authenticated encryption mechanisms
GM/Z 4001 Cryptography terminology
3 Terms and Definitions
The terms and definitions given in GB/T 25069 and GM/Z 4001 apply to this document.
4 Abbreviations
The following abbreviation applies to this document.
OID: Object Identity
5 Overview
The ContentInfo type is used to represent the general syntax structure for content exchange, defined as follows:
Where:
contentType indicates the type of the content;
content is optional, and its content type is indicated by contentType.
ContentInfo is used to define the identifiers for eight data types (Data, SignedData, EnvelopedData, SignedAndEnvelopedData, EncryptedData, KeyAgreementInfo, DigestedData and AuthEnvelopedData) involved in the encrypted signature using the SM2 cryptographic algorithm. Their object identifiers are shown in Table 1. Clause 6 of this document specifies the basic type definitions used for the above eight types.
6 Basic Type Definitions
6.1 CertificateRevocationLists
The CertificateRevocationLists type indicates a set of certificate revocation lists.
CertificateRevocationLists ∷= SET OF CertificateRevocationList
6.2 ContentEncryptionAlgorithmIdentifier
The ContentEncryptionAlgorithmIdentifier type indicates a data encryption algorithm. Its OID shall comply with the provisions of GB/T 33560.
ContentEncryptionAlgorithmIdentifier ∷= AlgorithmIdentifier
AlgorithmIdentifier shall comply with the provisions of 5.2.2 of GB/T 20518-2018.
6.3 DigestAlgorithmIdentifier
The DigestAlgorithmIdentifier type indicates a message digest algorithm. For this document, the algorithm is the SM3 cryptographic algorithm, which shall comply with the provisions of GB/T 32905, and its OID shall comply with the provisions of GB/T 33560.
DigestAlgorithmIdentifier ∷= AlgorithmIdentifier
6.4 SignatureAlgorithmIdentifier
The SignatureAlgorithmIdentifier type indicates a signature algorithm. For this document, the algorithm is the SM2 signature algorithm, which shall comply with the provisions of GB/T 32918 (all parts), and its OID shall comply with the provisions of GB/T 33560.
SignatureAlgorithmIdentifier ∷= AlgorithmIdentifier
6.5 Certificate
The Certificate type specifies a certificate conforming to the format of GB/T 20518-2018. It represents a set sufficient to contain a certificate chain from an identifiable “root” or “top level CA” to all signers.
Certificates ∷= SET OF Certificate
6.6 IssuerAndSerialNumber
The IssuerAndSerialNumber type indicates the identifiable name of a certificate issuer and the certificate serial number determined by the issuer, which can be used to identify a certificate and the entity and public key associated with that certificate.
CertificateSerialNumber shall comply with the provisions of 5.2.2 of GB/T 20518-2018.
6.7 KeyEncryptionAlgorithmIdentifier
The KeyEncryptionAlgorithmIdentifier type indicates the encryption algorithm used to encrypt the symmetric key.
KeyEncryptionAlgorithmIdentifier ∷= AlgorithmIdentifier
6.8 Version
The Version type indicates the syntax version number.
Version ∷= INTEGER
6.9 Attribute
The Attribute type indicates a specific type of information, with the structure defined as follows:
Where:
attrType is an OID indicating the type of content;
attrValues is a set of attribute values.
7 Data Type
The Data type is defined as follows:
Data ∷= OCTET STRING
Data represents an arbitrary byte string.
