Detail of GM/T 0018-2012

Introduction of GM/T 0018-2012

Interface specifications of cryptography device application 1 Scope This standard specifies the application interface standard for service cryptography devices under the application technology system of public key cryptographic infrastructure. This standard is applicable to the development and use of service cryptography devices and the application development based on such cryptography devices, and may also be applied to guide the testing of such devices. 2 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. GM/T 0006 Cryptographic application identifier criterion specification GM/T 0009 SM2 cryptography algorithm application specification 3 Terms and definitions For the purposes of this standard, the following terms and definitions apply. 3.1 algorithm identifier symbol used to uniquely identify a cryptographic algorithm 3.2 asymmetric cryptographic algorithm/public key cryptographic algorithm cryptographic algorithm that uses different keys for encryption and decryption 3.3 decipherment/decryption inverse of the encryption process 3.4 device key pair asymmetric key pair stored in the device for device management, including signature key pair and encryption key pair 3.5 encipherment/encryption process of cryptographic transformation of the data to produce ciphertext 3.6 key encrypt key (KEK) key that encrypts a key for protection purposes 3.7 public key infrastructure (PKI) universal infrastructure established by public key cryptography to provide users with security services such as certificate management and key management 3.8 private key access password password used to verify the authority to use the private key 3.9 symmetric cryptographic technique cryptographic technique (system) in which both the sender and the receiver use the same secret key for transformation, and the encryption key is the same as the decryption key, or one key can be derived from another 3.10 session key key that is located at the lowest level in the key hierarchy structure, and used only in one session 3.11 user key asymmetric key stored in the device for applying cryptographic operations, including signature key pair and encryption key pair 4 Symbols and abbreviations For the purposes of this document, the following abbreviations apply. ECC Elliptic Curve Cryptography IPK Internal Public Key ISK Internal Private Key EPK External Public Key KEK Key Encrypt Key 5 Algorithm identifier and data structure 5.1 Definition of algorithm identifier See GM/T 0006 for the identifiers of the algorithms used in this standard. 5.2 Definition of device information

Contents of GM/T 0018-2012

Foreword i Introduction ii 1 Scope 2 Normative references 3 Terms and definitions 4 Symbols and abbreviations 5 Algorithm identifier and data structure 5.1 Definition of algorithm identifier 5.2 Definition of device information 5.3 Definition of key classification and storage 5.3.1 Device key and user key 5.3.2 Key encrypt key 5.3.3 Session key 5.4 Definition of RSA key data structure 5.5 Definition of ECC key data structure 5.6 Definition of ECC encrypted data structure 5.7 Definition of ECC signature data structure 5.8 Protection structure of ECC encrypted key pair 5.8.1 Type definition 5.8.2 Description of data item 6 Description of device interface 6.1 Location of cryptography device application interface in the framework of the application technology system of public key cryptographic infrastructure 6.2 Device management functions 6.2.1 Open the device 6.2.2 Close the device 6.2.3 Open a session 6.2.4 Close the session 6.2.5 Get device information 6.2.6 Generate a random number 6.2.7 Get the right for access to private key 6.2.8 Release the right for access to private key 6.3 Key management functions 6.3.1 Export RSA signature public key: 6.3.2 Export RSA encrypted public key 6.3.3 Generate and output RSA key pair 6.3.4 Generate a session key and output it as encrypted with the internal RSA public key 6.3.5 Generate a session key and output it as encrypted with the external RSA public key 6.3.6 Import the session key and decrypt it with the internal RSA private key 6.3.7 Digital envelope exchange based on RSA algorithm 6.3.8 Export ECC signature public key 6.3.9 Export ECC encryption public key 6.3.10 Generate and output ECC key pair 6.3.11 Generate a session key and output it as encrypted with the internal ECC public key 6.3.12 Generate a session key and output it as encrypted with the external ECC public key 6.3.13 Import the session key and decrypt it with the internal ECC private key 6.3.14 Generate and output a key agreement parameter 6.3.15 Calculate the session key 6.3.16 Generate agreement data and calculate the session key 6.3.17 Digital envelope exchange based on ECC algorithm 6.3.18 Generate a session key and output it as encrypted with the key encrypt key 6.3.19 Import the session key and decrypt it with the key encrypt key 6.3.20 Destroy the session key 6.4 Asymmetric algorithm operation functions 6.4.1 RSA operation of external public key 6.4.2 RSA operation of internal public key 6.4.3 RSA operation of internal private key 6.4.4 ECC verification of external key 6.4.5 ECC signature of internal key 6.4.6 ECC verification of internal key 6.4.7 ECC public key encryption of external key 6.5 Symmetric algorithm operation functions 6.5.1 Symmetric encryption 6.5.2 Symmetric decryption 6.5.3 Calculate MAC 6.6 Hash operation functions 6.6.1 Hash operation initialization 6.6.2 Multi-packet hash operation 6.6.3 Hash operation end 6.7 User file operation functions 6.7.1 Create file 6.7.2 Read file 6.7.3 Write file 6.7.4 Delete file 7 Security requirements 7.1 Key management requirements 7.2 Cryptographic service requirements 7.3 Device state requirements 7.4 Other security requirements Annex A (Normative) Definition of function return code Bibliography