1
/
of
12
PayPal, credit cards. Download editable-PDF and invoice in 1 second!
GM/T 0063-2018 English PDF (GMT0063-2018)
GM/T 0063-2018 English PDF (GMT0063-2018)
Regular price
$500.00 USD
Regular price
Sale price
$500.00 USD
Unit price
/
per
Shipping calculated at checkout.
Couldn't load pickup availability
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GM/T 0063-2018
Historical versions: GM/T 0063-2018
Preview True-PDF (Reload/Scroll if blank)
GM/T 0063-2018: Cryptography application interface test specification for cryptographic smart token
GM/T 0063-2018
CRYPTOGRAPHIC INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Record number: 64814-2018
GB/T 0063-2018
Cryptography application interface test specification
for cryptographic smart token
ISSUED ON: AUGUST 20, 2018
IMPLEMENTED ON: AUGUST 20, 2018
Issued by: State Cryptography Administration
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative references ... 4
3 Terms and definitions ... 5
4 Abbreviations ... 7
5 Descriptions of submitted-for-inspection materials ... 7
6 Testing environment ... 8
6.1 Topology of testing environment ... 8
6.2 Testing instruments ... 9
6.3 Testing software ... 9
7 Test content ... 10
7.1 Testing of application function ... 10
7.2 Testing of interface function ... 10
7.3 Security testing ... 11
7.4 Compatibility testing ... 11
7.5 Interoperability testing ... 11
8 Testing methods ... 11
8.1 Testing of application function ... 11
8.2 Testing of interface function ... 20
8.3 Security testing ... 76
8.4 Compatibility testing ... 83
8.5 Interoperability testing ... 84
Cryptography application interface test specification
for cryptographic smart token
1 Scope
This standard specifies the interface testing environment, test content, test
method of cryptographic smart token.
This standard applies to test of application interface of cryptographic smart
token. It may also be used to guide the development and use of cryptographic
smart token.
2 Normative references
The following documents are essential to the application of this document. For
the dated documents, only the versions with the dates indicated are applicable
to this document; for the undated documents, only the latest version (including
all the amendments) are applicable to this standard.
GB/T 25064 Information security technology - Public key infrastructure -
Electronic signature formats specification
GB/T 32905-2016 Information security technology SM3 cryptographic hash
algorithm
GB/T 32907-2016 Information security technology - SM4 block cipher
algorithm
GB/T 32915 Information security technology - Binary sequence randomness
testing method
GB/T 32918-2016 Information security techniques - Elliptic curve public - key
cryptography
GB/T 33560 Information security technology - Cryptographic application
identifier criterion specification
GB/T 35275 Information security technology - SM2 cryptographic algorithm
encrypted signature message syntax specification
GB/T 35276 Information security technology - SM2 cryptography algorithm
Test whether the application interface of cryptographic smart token
supports the certificate application protocol between the client and the RA
as specified by GM/T 0014.
Testing conditions:
The device is connected, the pre-determined application is turned on, the
pre-determined container already exists.
Testing process:
a) Application of SM2 certificate
Step 1: Call the SKF_OpenApplication interface to open the pre-
determined application.
Step 2: Call the SKF_OpenContainer interface to open the pre-determined
container.
Step 3: Call the SKF_VerifyPIN interface to verify the user PIN.
Step 4: Call the SKF_GenECCKeyPair interface to generate an SM2
signature key pair in the pre-determined container.
Step 5: Call the SKF_ExportPublicKey interface to export the public key of
the SM2 signature key pair.
Step 6: Call the SKF_ECCSignData interface to calculate the signature.
The input data is the result of pre-processing of the data to be signed by
the SM2 signature according to GB/T 35276. The data to be signed is the
CertReqMessages message as specified by GM/T 0014, wherein the
publicKey field is the public key as derived in step 5.
b) Application of RSA certificate
Step 1: Call the SKF_OpenApplication interface to open the pre-
determined application.
Step 2: Call the SKF_OpenContainer interface to open the pre-determined
container.
Step 3: Call the SKF_VerifyPIN interface to verify the user PIN.
Step 4: Call the SKF_GenRSAKeyPair interface to generate an RSA
signature key pair in the pre-determined container. The key length is not
less than 2048 bits.
Step 5: Call the SKF_EXportPublicKey interface to export the public key
Test whether the application interface of cryptographic smart token
supports certificate update.
Testing conditions:
The device is connected, the pre-determined application is open, there is
a signature key pair in the pre-determined container.
Testing process:
a) Update of SM2 certificate
Step 1: Call the SKF_OpenApplication interface to open the pre-
determined application.
Step 2: Call the SKF_VerifyPIN interface to verify the user PIN.
Step 3: Call the SKF_CreateContainer interface to create a container in
the pre-determined application.
Step 4: Call the SKF_GenECCKeyPair interface and generate the SM2
signature key pair in the container created in step 3.
Step 5: Call the SKF_ExportPublicKey interface to export the public key of
the SM2 signature key pair generated in step 4.
Step 6: Call the SKF_OpenContainer interface to open the pre-determined
container.
Step 7: Call the SKF_ECCSignData interface to sign the calculation by the
use of the signature key of the pre-determined container. The input data is
the result of the pre-processing of the data to be signed by SM2 signature
according to GB/T 35276. The data to be signed is the CertReqMessages
message as specified in GM/T 0014, wherein the publicKey field is the
public key as derived in step 5.
b) Update of RSA certificate
Step 1: Call the SKF_OpenApplication interface to open the pre-
determined application.
Step 2: Call the SKF_VerifyPIN interface to verify the user PIN.
Step 3: Call the SKF_CreateContainer interface to create a container in
the pre-determined application.
Step 4: Call the SKF_GenRSAKeyPair interface to generate an RSA
signature key pair in the container created in step 3. The key length is not
format of which shall comply with GM/T 0015.
b) Import of SM2 signature certificate
Step 1: Call the SKF_OpenApplication interface to open the pre-
determined application.
Step 2: Call the SKF_OpenContainer interface to open the pre-determined
container.
Step 3: Call the SKF_VerifyPIN interface to verify the user PIN.
Step 4: Call the SKF_ImportCertificate interface to import the signed digital
certificate to the pre-determined container. The digital certificate contains
the signature public key in the pre-determined container, the format of
which shall conform to GM/T 0015.
c) Import of RSA encryption certificate
Step 1: Call the SKF_OpenApplication interface to open the pre-
determined application.
Step 2: Call the SKF_OpenContainer interface to open the pre-determined
container.
Step 3: Call the SKF_VerifyPIN interface to verify the user PIN.
Step 4: Adjust the SKF_ImportRSAKeyPair interface to import the RSA
encryption key pair in the pre-determined container. The key length is not
less than 2048 bits.
Step 5: Call the SKF_ImportCertificate interface to import the encrypted
digital certificate to the pre-determined container. The digital certificate
contains the encrypted public key in the pre-determined container; its
format shall conform to GB/T 25064.
d) Import of RSA signature certificate
Step 1: Call the SKF_OpenApplication interface to open the p...
Get QUOTATION in 1-minute: Click GM/T 0063-2018
Historical versions: GM/T 0063-2018
Preview True-PDF (Reload/Scroll if blank)
GM/T 0063-2018: Cryptography application interface test specification for cryptographic smart token
GM/T 0063-2018
CRYPTOGRAPHIC INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Record number: 64814-2018
GB/T 0063-2018
Cryptography application interface test specification
for cryptographic smart token
ISSUED ON: AUGUST 20, 2018
IMPLEMENTED ON: AUGUST 20, 2018
Issued by: State Cryptography Administration
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative references ... 4
3 Terms and definitions ... 5
4 Abbreviations ... 7
5 Descriptions of submitted-for-inspection materials ... 7
6 Testing environment ... 8
6.1 Topology of testing environment ... 8
6.2 Testing instruments ... 9
6.3 Testing software ... 9
7 Test content ... 10
7.1 Testing of application function ... 10
7.2 Testing of interface function ... 10
7.3 Security testing ... 11
7.4 Compatibility testing ... 11
7.5 Interoperability testing ... 11
8 Testing methods ... 11
8.1 Testing of application function ... 11
8.2 Testing of interface function ... 20
8.3 Security testing ... 76
8.4 Compatibility testing ... 83
8.5 Interoperability testing ... 84
Cryptography application interface test specification
for cryptographic smart token
1 Scope
This standard specifies the interface testing environment, test content, test
method of cryptographic smart token.
This standard applies to test of application interface of cryptographic smart
token. It may also be used to guide the development and use of cryptographic
smart token.
2 Normative references
The following documents are essential to the application of this document. For
the dated documents, only the versions with the dates indicated are applicable
to this document; for the undated documents, only the latest version (including
all the amendments) are applicable to this standard.
GB/T 25064 Information security technology - Public key infrastructure -
Electronic signature formats specification
GB/T 32905-2016 Information security technology SM3 cryptographic hash
algorithm
GB/T 32907-2016 Information security technology - SM4 block cipher
algorithm
GB/T 32915 Information security technology - Binary sequence randomness
testing method
GB/T 32918-2016 Information security techniques - Elliptic curve public - key
cryptography
GB/T 33560 Information security technology - Cryptographic application
identifier criterion specification
GB/T 35275 Information security technology - SM2 cryptographic algorithm
encrypted signature message syntax specification
GB/T 35276 Information security technology - SM2 cryptography algorithm
Test whether the application interface of cryptographic smart token
supports the certificate application protocol between the client and the RA
as specified by GM/T 0014.
Testing conditions:
The device is connected, the pre-determined application is turned on, the
pre-determined container already exists.
Testing process:
a) Application of SM2 certificate
Step 1: Call the SKF_OpenApplication interface to open the pre-
determined application.
Step 2: Call the SKF_OpenContainer interface to open the pre-determined
container.
Step 3: Call the SKF_VerifyPIN interface to verify the user PIN.
Step 4: Call the SKF_GenECCKeyPair interface to generate an SM2
signature key pair in the pre-determined container.
Step 5: Call the SKF_ExportPublicKey interface to export the public key of
the SM2 signature key pair.
Step 6: Call the SKF_ECCSignData interface to calculate the signature.
The input data is the result of pre-processing of the data to be signed by
the SM2 signature according to GB/T 35276. The data to be signed is the
CertReqMessages message as specified by GM/T 0014, wherein the
publicKey field is the public key as derived in step 5.
b) Application of RSA certificate
Step 1: Call the SKF_OpenApplication interface to open the pre-
determined application.
Step 2: Call the SKF_OpenContainer interface to open the pre-determined
container.
Step 3: Call the SKF_VerifyPIN interface to verify the user PIN.
Step 4: Call the SKF_GenRSAKeyPair interface to generate an RSA
signature key pair in the pre-determined container. The key length is not
less than 2048 bits.
Step 5: Call the SKF_EXportPublicKey interface to export the public key
Test whether the application interface of cryptographic smart token
supports certificate update.
Testing conditions:
The device is connected, the pre-determined application is open, there is
a signature key pair in the pre-determined container.
Testing process:
a) Update of SM2 certificate
Step 1: Call the SKF_OpenApplication interface to open the pre-
determined application.
Step 2: Call the SKF_VerifyPIN interface to verify the user PIN.
Step 3: Call the SKF_CreateContainer interface to create a container in
the pre-determined application.
Step 4: Call the SKF_GenECCKeyPair interface and generate the SM2
signature key pair in the container created in step 3.
Step 5: Call the SKF_ExportPublicKey interface to export the public key of
the SM2 signature key pair generated in step 4.
Step 6: Call the SKF_OpenContainer interface to open the pre-determined
container.
Step 7: Call the SKF_ECCSignData interface to sign the calculation by the
use of the signature key of the pre-determined container. The input data is
the result of the pre-processing of the data to be signed by SM2 signature
according to GB/T 35276. The data to be signed is the CertReqMessages
message as specified in GM/T 0014, wherein the publicKey field is the
public key as derived in step 5.
b) Update of RSA certificate
Step 1: Call the SKF_OpenApplication interface to open the pre-
determined application.
Step 2: Call the SKF_VerifyPIN interface to verify the user PIN.
Step 3: Call the SKF_CreateContainer interface to create a container in
the pre-determined application.
Step 4: Call the SKF_GenRSAKeyPair interface to generate an RSA
signature key pair in the container created in step 3. The key length is not
format of which shall comply with GM/T 0015.
b) Import of SM2 signature certificate
Step 1: Call the SKF_OpenApplication interface to open the pre-
determined application.
Step 2: Call the SKF_OpenContainer interface to open the pre-determined
container.
Step 3: Call the SKF_VerifyPIN interface to verify the user PIN.
Step 4: Call the SKF_ImportCertificate interface to import the signed digital
certificate to the pre-determined container. The digital certificate contains
the signature public key in the pre-determined container, the format of
which shall conform to GM/T 0015.
c) Import of RSA encryption certificate
Step 1: Call the SKF_OpenApplication interface to open the pre-
determined application.
Step 2: Call the SKF_OpenContainer interface to open the pre-determined
container.
Step 3: Call the SKF_VerifyPIN interface to verify the user PIN.
Step 4: Adjust the SKF_ImportRSAKeyPair interface to import the RSA
encryption key pair in the pre-determined container. The key length is not
less than 2048 bits.
Step 5: Call the SKF_ImportCertificate interface to import the encrypted
digital certificate to the pre-determined container. The digital certificate
contains the encrypted public key in the pre-determined container; its
format shall conform to GB/T 25064.
d) Import of RSA signature certificate
Step 1: Call the SKF_OpenApplication interface to open the p...
Share
