ICS35.030

CCSL80

中華人民共和國密碼行業(yè)標準

GM/T0020—2023

代替GM/T0020—2012

證書應(yīng)用綜合服務(wù)接口規(guī)范

Certificateapplicationintegratedserviceinterfacespecification

2023?12?04發(fā)布2024?06?01實施

國家密碼管理局發(fā)布

GM/T0020—2023

目次

前言··························································································································Ⅲ

引言··························································································································Ⅳ

1范圍·······················································································································1

2規(guī)范性引用文件········································································································1

3術(shù)語和定義··············································································································1

4縮略語····················································································································1

5算法標識和數(shù)據(jù)結(jié)構(gòu)··································································································2

5.1標識定義···········································································································2

5.2數(shù)據(jù)結(jié)構(gòu)定義·····································································································2

6證書應(yīng)用綜合服務(wù)接口定位、分類和要求········································································2

6.1證書應(yīng)用綜合服務(wù)接口在公鑰密碼應(yīng)用技術(shù)體系框架中的位置······································2

6.2證書應(yīng)用綜合服務(wù)接口分類···················································································2

6.3客戶端服務(wù)接口··································································································2

6.4服務(wù)器端服務(wù)接口·······························································································3

6.5數(shù)據(jù)格式要求·····································································································3

7證書應(yīng)用綜合服務(wù)接口定義·························································································3

7.1客戶端COM組件接口··························································································3

7.2服務(wù)器端COM組件接口·····················································································13

7.3服務(wù)器端Java組件接口·······················································································24

7.4客戶端JavaScript腳本接口···················································································35

附錄A（規(guī)范性）證書應(yīng)用綜合服務(wù)接口錯誤代碼定義·······················································46

附錄B（資料性）證書應(yīng)用綜合服務(wù)接口典型部署模型·······················································49

附錄C（資料性）證書應(yīng)用綜合服務(wù)接口集成示例·····························································50

附錄D（資料性）客戶端JavaScript腳本接口異步調(diào)用示例說明············································52

參考文獻····················································································································53

Ⅰ

GM/T0020—2023

前言

本文件按照GB/T1.1—2020《標準化工作導則第1部分：標準化文件的結(jié)構(gòu)和起草規(guī)則》的規(guī)

定起草。

本文件代替GM/T0020—2012《證書應(yīng)用綜合服務(wù)接口規(guī)范》，與GM/T0020—2012相比，除結(jié)

構(gòu)調(diào)整和編輯性改動外，主要技術(shù)變化如下：

a）刪除了術(shù)語“數(shù)字證書”（見2012年版的3.1）；

b）增加了Base64格式數(shù)據(jù)的更明確描述（見6.5）；

c）增加了接口“證書登出SOF_Logout”（見7.1.35）、“證書登錄狀態(tài)檢測SOF_IsLogin”（見

7.1.36）；

d）增加了接口“數(shù)據(jù)摘要SOF_HashData”（見7.1.31、7.2.37、7.3.38）“文件摘要SOF_HashFile”

（見7.1.32、7.2.38、7.3.39）“摘要值簽名SOF_SignHashData”（見7.1.33、7.2.39、7.3.40）“摘要

值驗簽SOF_VerifySignedHashData”（見7.1.34、7.2.40、7.3.41）；

e）刪除了接口“SOF_EncryptFile”（見2012年版的7.1.23）“SOF_DecryptFile”（見2012年版的

7.1.24）；

f）增加了“客戶端JavaScript腳本接口”（見7.4）。

請注意本文件的某些內(nèi)容可能涉及專利。本文件的發(fā)布機構(gòu)不承擔識別專利的責任。

本文件由密碼行業(yè)標準化技術(shù)委員會提出并歸口。

本文件起草單位：北京數(shù)字認證股份有限公司、格爾軟件股份有限公司、北京海泰方圓科技股份有

限公司、上海市數(shù)字證書認證中心有限公司、無錫江南信息安全工程技術(shù)中心、中電科網(wǎng)絡(luò)安全科技股

份有限公司、長春吉大正元信息技術(shù)股份有限公司、興唐通信科技有限公司、山東得安信息技術(shù)有限公

司、北京國脈信安科技有限公司、國家密碼管理局商用密碼檢測中心、中國電子技術(shù)標準化研究院。

本文件主要起草人：劉偉、趙永省、劉平、劉蕾、李述勝、鄭強、譚武征、蔣紅宇、柳增壽、許濤、寇建

波、趙麗麗、王妮娜、馬洪富、孔凡玉、袁峰、羅鵬、肖秋林、張紹博、上官曉麗、蔡一鳴、黃晶晶。

本文件及其所代替文件的歷次版本發(fā)布情況為：

——2012年首次發(fā)布版為GM/T0020—2012；

——本次是第一次修訂。

Ⅲ

GM/T0020—2023

引言

本文件依托于GM/T0019《通用密碼服務(wù)接口規(guī)范》，為應(yīng)用層規(guī)定了統(tǒng)一的高級密碼服務(wù)接口。

證書應(yīng)用綜合服務(wù)接口為應(yīng)用系統(tǒng)提供簡潔、易用的證書應(yīng)用接口，屏蔽了各類密碼設(shè)備（服務(wù)器

密碼機和智能密碼鑰匙等）的設(shè)備差異性，以及各類密碼設(shè)備的密碼應(yīng)用接口之間的差異性，實現(xiàn)應(yīng)用

與密碼設(shè)備無關(guān)性，可簡化應(yīng)用開發(fā)的復(fù)雜性。證書應(yīng)用綜合服務(wù)接口分成客戶端服務(wù)接口和服務(wù)器

端服務(wù)接口兩類，可滿足B/S和C/S等多種架構(gòu)的應(yīng)用系統(tǒng)的調(diào)用需求，有利于密碼服務(wù)接口產(chǎn)品的

開發(fā)，有利于應(yīng)用系統(tǒng)在密碼服務(wù)過程中的集成和實施，有利于實現(xiàn)各應(yīng)用系統(tǒng)的互聯(lián)互通。

Ⅳ

GM/T0020—2023

證書應(yīng)用綜合服務(wù)接口規(guī)范

1范圍

本文件規(guī)定了面向證書應(yīng)用的綜合服務(wù)接口。

本文件適用于公鑰密碼應(yīng)用技術(shù)體系下密碼應(yīng)用服務(wù)產(chǎn)品的開發(fā)，密碼應(yīng)用支撐平臺的研制及檢

測，也可用于指導直接使用密碼設(shè)備和密碼服務(wù)的應(yīng)用系統(tǒng)的集成和開發(fā)。

2規(guī)范性引用文件

下列文件中的內(nèi)容通過文中的規(guī)范性引用而構(gòu)成本文件必不可少的條款。其中，注日期的引用文

件，僅該日期對應(yīng)的版本適用于本文件；不注日期的引用文件，其最新版本（包括所有的修改單）適用于

本文件。

GB/T25061—2020信息安全技術(shù)XML數(shù)字簽名語法與處理規(guī)范

GM/T0006密碼應(yīng)用標識規(guī)范

GM/T0009SM2密碼算法使用規(guī)范

GM/T0010SM2密碼算法加密簽名消息語法規(guī)范

GM/T0015基于SM2密碼算法的數(shù)字證書格式規(guī)范

GM/T0019通用密碼服務(wù)接口規(guī)范

GM/