Smart token cryptography application interface specification
1 Scope
This standard specifies the smart token cryptography application interface based on PKI cryptosystem, and describes the function, data type, parameter definition and device security requirements of the cryptography application interface.
This standard is applicable to the development, use and testing of smart token products.
2 Normative references
The following referenced documents are indispensable for the application of this standard. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GM/T 0006 Cryptographic application identifier criterion specification
GM/T 0009 SM2 cryptography algorithm application specification
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1
application
a structure including a container, a device authentication key and a file, with independent rights management
3.2
container
unique storage space divided for saving keys in cryptographic devices
3.3
device
a collective term for smart tokens used in this standard
3.4
device authentication
authentication of application with smart token
3.5
device authentication key
key used for device authentication
3.6
label
an alias of the device, which can be set by the user and stored inside the device
3.7
message authentication code
output of message authentication algorithm
3.8
administrator PIN
administrator password, which is an ASCII character string
3.9
user PIN
user password, which is an ASCII character string
4 Abbreviations
For the purposes of this specification, the following abbreviations apply:
API Application Programming Interface
PKI Public Key Infrastructure
PKCS# 1 the Public-Key Cryptography Standard Part 1, defining the RSA public key algorithm encryption and signature mechanism
PKCS# 5 the Public-Key Cryptography Standard Part 5, describing a method of encrypting strings by using a secure key derived from passwords
PIN Personal Identification Number
MAC Message Authentication Code
5 Structural model
5.1 Hierarchy
The smart token cryptography application interface is located between the smart token cryptography application and the device, as shown in Figure 1.
Foreword i
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviations
5 Structural model
5.1 Hierarchy
5.2 Application structure of device
6 Definition of data type
6.1 Algorithm identifier
6.2 Basic data types
6.3 Definition of constant
6.4 Composite data type
7 Interface functions
7.1 Device management
7.2 Access control
7.3 Application management
7.4 File management
7.5 Container management
7.6 Cryptography service
8 Security requirements of device
8.1 Use stage of device
8.2 Right management
8.3 Key security requirements
8.4 Anti-attack requirements for device
Annex A (Normative) Definition and description of error code
Smart token cryptography application interface specification
1 Scope
This standard specifies the smart token cryptography application interface based on PKI cryptosystem, and describes the function, data type, parameter definition and device security requirements of the cryptography application interface.
This standard is applicable to the development, use and testing of smart token products.
2 Normative references
The following referenced documents are indispensable for the application of this standard. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GM/T 0006 Cryptographic application identifier criterion specification
GM/T 0009 SM2 cryptography algorithm application specification
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1
application
a structure including a container, a device authentication key and a file, with independent rights management
3.2
container
unique storage space divided for saving keys in cryptographic devices
3.3
device
a collective term for smart tokens used in this standard
3.4
device authentication
authentication of application with smart token
3.5
device authentication key
key used for device authentication
3.6
label
an alias of the device, which can be set by the user and stored inside the device
3.7
message authentication code
output of message authentication algorithm
3.8
administrator PIN
administrator password, which is an ASCII character string
3.9
user PIN
user password, which is an ASCII character string
4 Abbreviations
For the purposes of this specification, the following abbreviations apply:
API Application Programming Interface
PKI Public Key Infrastructure
PKCS# 1 the Public-Key Cryptography Standard Part 1, defining the RSA public key algorithm encryption and signature mechanism
PKCS# 5 the Public-Key Cryptography Standard Part 5, describing a method of encrypting strings by using a secure key derived from passwords
PIN Personal Identification Number
MAC Message Authentication Code
5 Structural model
5.1 Hierarchy
The smart token cryptography application interface is located between the smart token cryptography application and the device, as shown in Figure 1.
Contents of GM/T 0016-2012
Foreword i
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviations
5 Structural model
5.1 Hierarchy
5.2 Application structure of device
6 Definition of data type
6.1 Algorithm identifier
6.2 Basic data types
6.3 Definition of constant
6.4 Composite data type
7 Interface functions
7.1 Device management
7.2 Access control
7.3 Application management
7.4 File management
7.5 Container management
7.6 Cryptography service
8 Security requirements of device
8.1 Use stage of device
8.2 Right management
8.3 Key security requirements
8.4 Anti-attack requirements for device
Annex A (Normative) Definition and description of error code