ICS35.030

CCSL80

中華人民共和國密碼行業(yè)標準

GM/T0016—2023

代替GM/T0016—2012

智能密碼鑰匙密碼應用接口規(guī)范

Smarttokencryptographyapplicationinterfacespecification

2023?12?04發(fā)布2024?06?01實施

國家密碼管理局發(fā)布

GM/T0016—2023

目次

前言··························································································································Ⅲ

引言··························································································································Ⅳ

1范圍·······················································································································1

2規(guī)范性引用文件········································································································1

3術語和定義··············································································································1

4縮略語····················································································································2

5結構模型·················································································································2

5.1層次關系········································································································…2

5.2設備的應用結構·······························································································…3

6數(shù)據(jù)類型定義···········································································································4

6.1算法標識········································································································…4

6.2基本數(shù)據(jù)類型··································································································…4

6.3常量定義········································································································…4

6.4復合數(shù)據(jù)類型··································································································…5

7接口函數(shù)···············································································································12

7.1設備管理·······································································································…12

7.2訪問控制·······································································································…15

7.3應用管理·······································································································…18

7.4文件管理·······································································································…20

7.5容器管理·······································································································…22

7.6密碼服務·······································································································…25

7.7驗證調試·······································································································…40

8接口使用要求·········································································································43

8.1設備使用階段·································································································…43

8.2權限管理·······································································································…44

8.3其他安全要求·································································································…44

附錄A（規(guī)范性）錯誤代碼定義·····················································································45

附錄B（規(guī)范性）SM9應用接口····················································································47

附錄C（規(guī)范性）VPN相關接口····················································································62

附錄D（資料性）SM9編程范例····················································································71

參考文獻····················································································································75

Ⅰ

GM/T0016—2023

前言

本文件按照GB/T1.1—2020《標準化工作導則第1部分：標準化文件的結構和起草規(guī)則》的規(guī)

定起草。

本文件代替GM/T0016—2012《智能密碼鑰匙密碼應用接口規(guī)范》，與GM/T0016—2012相比，

除結構調整和編輯性改動外，主要技術變化如下：

a）刪除了“填充方式”（見表11，2012年版的表11）；

b）更改了“修改設備認證密鑰”函數(shù)（見7.2.2，2012年版的7.2.2）；

c）更改了“獲得容器類型”（見7.5.7，2012年版的7.5.7）；

d）更改了“導出公鑰”（見7.6.18，2012年版的7.6.17）；

e）更改了“導入會話密鑰”（見7.6.19，2012年版的7.6.18）；

f）更改了“安全要求”（見第8章，2012年版的第8章）；

g）增加了HMAC相關接口（見7.6.36、7.6.37、7.6.38、7.6.39）；

h）增加了驗證調試類接口（見7.7）；

i）增加了SM9應用接口（見附錄B）；

j）增加了VPN相關接口（見附錄C）；

k）增加了SM9編程范例（見附錄D）。

請注意本文件的某些內容可能涉及專利。本文件的發(fā)布機構不承擔識別專利的責任。

本文件由密碼行業(yè)標準化技術委員會提出并歸口。

本文件起草單位：北京海泰方圓科技股份有限公司、北京握奇智能科技有限公司、格爾軟件股份有

限公司、無錫江南信息安全工程技術中心、北京數(shù)字認證股份有限公司、興唐通信科技有限公司、山東

得安信息技術有限公司、北京三未信安科技發(fā)展有限公司、山東大學、北京大明五洲科技有限公司、恒

寶股份有限公司、深圳市明華澳漢科技股份有限公司、武漢天喻信息產業(yè)股份有限公司、北京飛天誠信

科技股份有限公司、華翔騰數(shù)碼科技有限公司、北京鼎九信息工程研究院有限公司、北京百旺信安科技

有限公司、中電科網絡安全科技股份有限公司、北京國脈信安科技有限公司、北京小雷科技有限公司。

本文件主要起草人：劉平、蔣紅宇、柳增壽、張立廷、羅俊、袁峰、封維端、靳京、張淵、陳國、李勃、

鄭強、李述勝、孔凡玉、王妮娜、馬洪富、高志權、徐明翼、李增欣、于學東、郭寶安、石玉平、胡俊義、

管延軍、項莉、雷繼業(yè)、胡鵬、趙再興、段曉毅、劉玉峰、劉偉豐、陳吉、何永福、李高鋒、黃東杰、王建承、

汪雪林、趙李明、王燁。

本文件及其所代替文件的歷次版本發(fā)布情況為：

——2012年首次發(fā)布版為GM/T0016—2012；

——本次為第一次修訂。

Ⅲ

GM/T0016—2023

引言

本文件的目標是為公鑰密碼基礎設施應用體系框架下的智能密碼鑰匙設備制定統(tǒng)一的應用接口

標準。通過該接口調用智能密碼鑰匙，向上層提供基礎密碼服務。為該類密碼設備的開發(fā)、使用及檢

測提供標準依據(jù)和指導，有利于提高該類密碼設備的產品化、標準化和系列化水平。

Ⅳ

GM/T0016—2023

智能密碼鑰匙密碼應用接口規(guī)范

1范圍

本文件規(guī)定了公鑰密碼體制下的智能密碼鑰匙應用接口標準、密碼相關應用接口的函數(shù)、數(shù)據(jù)類

型、參數(shù)的定義和設備的安全要求。

本文件適用于智能密碼鑰匙產品的研制、使用和檢測。

2規(guī)范性引用文件

下列文件中的內容通過文中的規(guī)范性引用而構成本文件必不可少的條