Information security technology -
Universal cryptography service interface specification
1 Scope
This document specifies the requirements for data structure, interface description and function definition of the universal cryptographic service interface, and describes the corresponding verification methods.
This document is applicable to the development of cryptographic application services under the public key application technology system, the development and detection of cryptographic application support platform, and the development of cryptographic equipment application system.
2 Normative references
The following documents contain requirements which, through reference in this text, constitute provisions of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 20518 Information security technology - Public key infrastructure - Digital certificate format
GB/T 25069 Information security techniques - Terminology
GB/T 32918.1 Information security technology - Public key cryptographic algorithm - SM2 based on elliptic curves - Part 1: General
GB/T 33560 Information security technology - Cryptographic application identifier criterion specification
GB/T 35275 SM2 cryptographic algorithm message syntax specification
GB/T 35276 Information security technology - SM2 cryptographic algorithm usage specification
GB/T 35291 Information security technology - Cryptography token application interface specification
GB/T 36322 Information security technology - Cryptographic device application interface specifications
GB/T 41389 Information security technology - Network data processing security requirements
GM/T 0094-2020 Public key cryptographic application technology framework specification
GM/Z 4001 Cryptology terminology
PKCS#1 RSA Cryptography Standard
PKCS#7 Cryptographic Message Syntax Standard
3 Terms and definitions
For the purposes of this document, the terms and definitions given in GB/T 25069 and GM/Z 4001 as well as the following apply.
3.1
key container
unique storage space divided for saving keys in cryptographic devices
4 Abbreviations
For the purposes of this document, the following abbreviations apply.
CA: Certification Authority
CRL: Certificate Revocation List
CSP: Cryptographic Service Provider
DER: Distinguished Encoding Rules
ECB: Electronic Code Book
IV: Initialization Vector
LDAP: Lightweight Directory Access Protocol
MAC: Message Authentication Code
OCSP: Online Certificate Status Protocol
OID: Object Identifier
RSA: Rivest-Shamir-Adleman Algorithm
5 Description of universal cryptographic service interface
Foreword i
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviations
5 Description of universal cryptographic service interface
6 Definition of universal cryptographic service interface functions
7 Verification method
Annex A (Informative) Summary of universal cryptographic service interface functions
Annex B (Normative) Data structures and interface functions of SM9 cryptographic algorithms
Annex C (Normative) Definition of error code of universal cryptographic service interface
Bibliography