数据交换平台服务类密码设备技术要求

附件:数据交换平台服务类密码设备技术要求.基本要求应具备国家密码管理局批准的商用密码产品型号证书（在有效期内）.算法要求1、支持1024位RSA、2048位RSA、SM2非对称密钥密码算法2、支持SM1、SM4对称密码算法3、支持SHA1、SM3消息摘要算法.功能要求1、密钥生成与管理：支持生成1024/2048位RSA算法密钥对和256位SM2算法密钥对。2、数据加密和解密：支持1024/2048位RSA算法、256位SM2算法的数据加密、解密运算；支持SM1算法、SM4算法数据加密和解密运算。3、数据摘要的产生和验证：支持SHA1、SM3消息摘要算法计算消息摘要。4、数字签名的产生和验证：支持1024/2048位RSA算法、256位SM2算法的数字签名、验证签名运算；5、生成签名证书请求：支持按照PKCS#10标准生成证书请求并导出请求包；6、加密密钥对导入：支持导入加密密钥对功能，加密密钥对格式见附件。（预留功能，当跨境电子商务进口统一版信息化系统有数据加密需求时，需使用该功能）附件：加密密钥对数字信封格式说明附件:数字信封格式说明数字信封文件名称：envprivatekey,包含以下内容:内容长度说明算法标识10字节见表格3分组长度12字节使用签名公钥加密对称密钥后的密文数据长度分组长度22字节使用对称密钥加密用户加密私钥后的密文数据长度密文数据1RSA1024:128字节RSA2048:256字节SM2:<=142字节使用签名公钥加密对称密钥后的密文数据密文数据2RSA1024:<=624字节RSA2048:<=1200字节SM2:48字节使用对称密钥加密用户加密私钥后的密文数据表格1数字信封内容解析后的数字信封包含以下内容:内容长度说明密钥116字节使用签名私钥解密数据1后得到的对称密钥密钥2RSA1024:<624字节RSA2048:<1200字节SM2:32字节使用对称密钥解密数据2后得到的加密密钥表格2解析后的数字信封内容算法标识说明：此项在有些系统上发放时可能不存在。使用者在解析本数据包时可根据前两字节来判断本数据包是否包含算法标识（前两字节为3008,表示包含算法标识；前两字节为非3008,表示不包含算法标识）。实际标识算法的是3008后面的8个字节，定义如下：位置（下标）描述字节0预留。字节1预留。字节2预留。字节3被加密保护的非对称密钥标识。定义：1—RSA1024；2—RSA2048；3—SM2。字节4数据填充，与RA中的算法标识保持格式上一致，无实际意义。字节5签发证书使用的非对称密钥标识。定义同字节3。字节6被保护的非对称密钥的数据格式。定义：1—密钥被编码成DER；2—密钥不进行编码。字节7加密保护中使用的对称密码算法，加密模式为ECB。定义：1—SSF33；2—SM1；4—SM4。表格3算法标识说明

数字信封示例A：RSA1024.数字信封全文【示例：密文数据1：使用签名公钥加密对称密钥后的密文；示例：密文数据2：使用对称密钥加密加密密钥后的密文】算法标识（10字节）一分组长度30080000000101010101|p080027027dec460464c34d78b5afc18567052bb2c838f165be096ed6ccdb5b8f9a17980ad301b4a9a1af8489347d2f86882c6c011a330c58089507766b716ab7a182b732d87601f828f42081ce257b1cff5c5c9d9f02144457aded97f67786e71271ae4b61ab91b3cb228b787b5da11b387ed500821afb91abff2a92ee1951139f26a4ade1366ba6792c9cd28274da5bac4a44dcb3ef844811de1bb05baf8d4615a8d1a1104d8e81e63cb6fbcc1ea7fe6a84d9c51b1f2577a3dc3e345f489273983121ac435fe294be746eac0fac88840976ed71818d8a87d8d5b2c758304ff6160dab735a0ba455d6d01b935276f167d5f63651794d2d230eebec21de82439be6af3ba049a09991030b92e9980a91c6b0a72e834d818e55d8895fa10d2edf198027f7c0816fd3c102727c0ba62a968be907774b032e25871141e37b7abc864a9a3c425e151bb0a01a364b649ac9d095b3ba63604f2fcd950f46152d9013558f499bb863b559ce11b04de78942299f8ff22b5b8233e

98ac8df01f02806ebf09fef5bb142bc8b6332e73b5c63c292643d3f52a9e7d72eb64adcfe4ddcf3f32692aa37c492ba1524786878370780883a19ae600d17b5406f929ceb82cfa05815d87d3b70cf00fdc9de9eecd44e8edb899e6652f3c13378825b9b22bfda0c3a3dbacd3d5f750b8b48eee9095bfd8523a7e9ef8823d0ab8e77e8234be7854fa6a7048675873fc5e0ef7d4707667592f919dbd5f323cb2444b15dbb367e378dfc74a409ec490c8ad2748b06d43c791a82e497956469d970b00775a56e8b25ec0be0376fdfb761fbbdad6000f120b5438720d55d7be9f4bcd4ef69df736aa9619965c74ce96c1f6db1274265a601e9cb6ba6ebacab72f6aaed23a1bb573d153791a2d196c46775bc30206a60e32eaa91a500ac277dee4e76e8cd61466359d3cd9ef923f74d7abb3f985c761d6b203af99f19a112df982b5e6b7f144fdc5abbe85f14bdba4c022f24d3768e0afa9790d105376cf6f2fac8973979e96c55c5d13457762be01f4cf80b7ef15d4dd6a560bb3cbea4fd29c81.数字信封解析(1)对称密钥：使用签名私钥解密密文数据1得到的对称密钥(16字节)

3855760a58c741116c5580d628f4d56c(2)解密密钥：使用对称密钥解密密文数据2得到的加密密钥(有补码)【示例：实际加密密钥；示例：补码】3082025c02010002818100933f85722f862f015eb86c485edbad03751313d5d0b2e475a6f242c4e277d91a398097f964a96c7812942a6b342a3bd9710d149cc733e1855522dc0803507f5204c836158893bcf431f7f9803ca81535ce497543b99506d1f1c291f3fc35095d30d001a12b94409c446e0cb59dcf8aa10b62c78cbddee9b53fdd1ffbe7e27d5502030100010281802dc746deac25c481618866a9cd4bf0ab2d7fc3dfeaa5635fac8a8ef5950efba12a956f2a2b007d678b272354f6ffd66190c3275062a21f900b5aee1b53a4782075ba52d3a36fda88a2c104d9b7f3a991fcb3bb00081f7137d333a9e65bd7db4ea159bb72e0f40272ab7fa4af7927ad60d61fb1f5db9c81e847eff132cfcd5875024100ebb00aeaf2289dc2e4e5f1f8655370b655b89ceec924dde8c451c1d34b243b7705aebabe3d7ecb742157f834a65da51247b3901d9f8f31a3e2d3974de0c466eb0241009ff03e976798e4f6822f3f24dfab2aca73b4f8b362676c5a70c132e8ab8f49d4114492a79ef45ba1423ac0d9322812f58288007ed784d5

b8f64ec98a58481cbf024052050e979ab445caa84bd97c3f0edd9fa68f3b95e1cc01a9da80353aa9e0af0d099e3800b277e8a7be5ed5d2c4bebc0e73836ab8d46949b625decabde06599070240350551daa36f5e481234537c87e19897f0efc79ac03e84ff1e6e0dd0703f5a3c41553840f54310b54edd675d19718b8774345de5aed0cc813ab637bdf33244c5024100c72e5e44aa5b295647279ed8f490bbca052532e301e3e313a8649e3309969c7bb3cc7501d824f357ad6b5f0252833268eb8013651e5a99378080a437f6104f7010101010101010101010101010101010数字信封示例B：RSA20481.数字信封全文【示例：密文数据1：使用签名公钥加密对称密钥后的密文；示例：密文数据2：使用对称密钥加密加密密钥后的密文】算法标识（10字节） 分组长度TOC\o"1-5"\h\z一 人— - —3008 00 00 00 02 02 02 01 网 01 00 04 b0| 14 3da7e9 d7 05 0d f6 be 0f 97 86 d7 35 e4 30 83 7fc887 c7 7a 54 8f f4 e2 07 34 53 92 e6 69 bd 74c5a9 51 3d b6 9f 5a e5 ce 3c c9 4b ef 11 f9 83a441 49 ae e8 26 af c9 0d f2 9f 8f 8f 2c c7 4c40e4 a7 dd 59 97 98 91 51 66 e2 f4 3e 19 ab d0efb3 28 30 48 01 42 5c d5 40 db e6 66 7c e9 c2a863 97 f9 ab 54 3a a4 e1 73 1c 5f 06 fd 54 8cdffc c7 40 ab 23 53 c4 a5 ed cb 06 14 91 40 95

513ae0294a4721716bd3847350eaafe87ee745292e48233dbd180bc4a1ffbb06b7b876b20f951134e84119625613616cdb8e44e306821c53c785fc6cced2621ff9c595a8f4b34a3f3d63cd94b8900789a85440c923c96116ce64e3d4e374603d7303afb5fe9bdf201aae9bcdbb308943ae62baf3a4841e5974cf4f59b009fc655235957f879b04e6da0631cbdf5fd2844b10731313f7d9f9187aa3e73de258b049280266e3bd4749e924bac7f1a85aaa6a99fae8241d4a06a61e659ce883594c5b75d771291b47fa613828c88c716f25754eb245c9b7e0c87b3a282520c90c339ad33ac45b706faa905ed9d9fd4d00daa6e8369311f22ea2266d74799e39d693a8021e692a72164654cc269323b5683b4dcff809cc3c46a5521bf67ac3481743252bc57ebaa9020489623bcbe1db85eb1037b16bef78d943f1ddb1d8931c2554eaf2e387df19f1861277510319f7dff559caabbf6462e72d80d5a7dfa9b64bdf2a92877dc53a84f2c16b6f91cae9adea1650699349f0c66174615a3816f0e6604d79ec59137ad3e8a17c33fdea89f1a88793c82fa7f2a04d88b105d7e2594a06d344ef1ce14c1d745b3d6ac1bb75515cblf46c95d046ef70872a3ee232b50837aaca26fd618640cb3202ac3e93ce3d9ab5d656b900c12eebbb8702a173796ace76a238eb1ee1ef134a0bcfec2c805a9d7b21f24ba46d83bbf1f0ca9e501737f57dfd75835c4f4fa76aca323515c6399d2deef247a154527e8d8988c547579527b2dl4aa245bfb0f9eb4e143ec38daf94fff45ff7a4e48c5d5706c2507cf1fc6389bd0662b2fb4b6e12ea7e4e762cd53668eefaac53632c58665b26f9893d804eal009bc33436251a4dd3fab14a23c3a829e29b2a9a382cf0125f5a4ce1700825fl31dfb62a674e06cec04775f50e0709a57193ff8a5ef261fc5d94d2eb45cbce075b991dc62b56e20ffe4c7b5e699569580b3ab1b7970739c51e5eda16f7f44155539ae437b3de9ac3eb39525e06135e0d9453c6a0fcaba7d946b57f737db81bIf535ee16a982935bbe7c54045a24bf057667b9aa713ca523a049579238e4e148f12344708eb0fba4e511823f444cc834bde17969a0d2f1bcaa7a4e3c5f9cc7608cafb70e1ec719d798d728ca29917ea5f1e46f72b3696dcd792432146daef35a8359fb7d84d7b200d0698c827766732d7ad36da913c93523b937393dccccb3e0d7c0c8aedaf4d229eff065c6f2032b7fa085f47833be45536a39b64098b252f

eadf7691809acl3efd894059b6da1a37fe20b52c5aeb7695188c8f3117252c428b407ee80517e9d2f16ff6ede81ea8844d7c19f361c37862b36bbb783c27666b0270c6bcf718ebabe523d69b7ef0cb7baab6246c27bc1da24b8de7e61a776f173bdc93abb7f9bbce8bdd71d929f00d7498ec1773121cfb5b922de0d8d0e1d396baed6fc489931db47cda17d7633d7d68c24fda6c985466cbd2bc9b2fdcc8c0ec511c5ada98dd8e59dea49fe15d5c94c20a726f71d2f0ac85bd828574668694d110be69c4b4fe77889911ba6fcce91c466a2071375b0212da2ff76017f07d425bb35fb461c91b018e2635a73b731bf17f8b7c3dec891ae1782bbbdb96d1b84912b837e3e717b447846a304f0d2d92649b9a916e4b9c8cffe1a992579d558ef08c1365ef3ce3398fd1146872621a06b59472d7aa4a951ccce52d8b99ee5366671f0f0b44383ddd012fc3d5453d74efa35a02648c1b5683e5a6a0b300b151087797bb2c3965b6b08fe69420b83b71722c8c9cf2e9cdb24e8313f5f03415cc80850b48f4425df98914735c332abbedae912b30683c434a81cf207065a31bc29589e177e1657b75c87242.数字信封解析（1）对称密钥：使用签名私钥解密密文数据1得到的对称密钥（16字节）addld8dba36f3bc342489af463f7762e（2）解密密钥：使用对称密钥解密密文数据2得到的加密密钥（有补码）【示例：实际加密密钥；示例：补码】308204a40201000282010100d95c7a6abbd3fc0561d7ba5b2f87efabcfad3503bdbf387fa5c83e23d1517927470da4397218dd97b484ddd0d6dc0464cb3408e71082afac8b131fcd1ea373e9edaa7068903ccda5de48f4e5c3838c1f793ecca888ab55a0a368b70690fc8374a2bcca81713916410c777aa4b3058decb8670abed16e9e126530c61ab59b354346fc8869ea82847950486cbec918ea81d8d71bd6d85a50fbad63eb6e58ad382b27fb1203a3132ff6f478a3061bde43fd58ff78494b802d3d327440efa9eaf536d42457c2c28d4f5fa46c29c1450e0cd9510f5aa801fe425682435946f9a701181762cb26f84273a64b3b9130ddc1fd91f0a4c1a2f75e6f26e9375d4720147eab0203010001028201010090873e5ae423b36afcc10e07fdd5dc969893aa319fa49b73bd0f25ca792f3c68d2850e92a7fc42b3d1f39aee773f7aa86eb95dc60ea3671e4aa75fb8eb4b7212b4d664c2124e6bcb83bf

6d1fadde3578e40cced6ad71879135b6b624669990eb281e7264999d84dfa1e37c2831655b1671130b01108f060a634088295062308a1ed3469d076ea2940e78e0fb114686875f4cd3b254a0a2513754edbaafc32785ff7b6aac60b7b5444ecf5140cb9118daf5146f91903d89ea7bf64ae36e14e274accc13e9a3bb6a41a88b6de1c7a09d5a6bb93251fe83d8c4ff4efeb89c7c58730efba97440d8291cf16d2d819c25fde96c876df4ca3cbeea2655947cd75b80f902818100e7a7b3a04462da4f5ff0bc3e32bd0cba0658f8628efe8b68827252b76e8ae66c6ef4cde96816801230ac17c3bba4235ac698300db63e85736bb1d4f9dd32f58f9e3d7647591c7f486905e0181955a2cf2c325c4ec8ee390e3c644d7e34d3a7de3dcdd0033b6736c2dac4d336331ed401e6a5c3c359966713fe3b4fcf562db68502818100f0343969b5a883cad86edcc1a44d43591f054efc0ac9a6d6ec18858c39f73a1dc1cf7ee431692e2cd8b1055582bdc6ae947f9672ad3c791a25f8ab50691cafe842588a1da60694db2bb23293fbd86fe57dd653578b30f94adb79b23d389300f7f68d31cc44a70f335ae12f7912d829c58dfa1ce572e026e91cc49d4ff59b5f6f0281

803ec07df7272f4406066e36fffe4c99daf6873959b174a09d01e128290a67d3fd819d0cfe7234ce229f4eaeed55b223e59e3071abf537407d40aa1e9044ec5dfab699dda57c2d2d09977180ffe634fd72737d7ce5d6a6398c72ad9514600909cb3920bc7d73a504ff89b591a577f99ce29af14273739c3b75fe03611e403107e5028180748a921484cbb6edd2e6aefad0b19fec7c8d81cded99faf5a9e517de7a3d46182bf1757a57b2d57172cd286e5d999fed122579243882efaacd238252e83cbfe82b5073ea80a40ed2ebb770acb5f3440f0f67ce55da35afae2f2033675aac903abe87b0d28fb8923a736c7031090091fbc4afc617590e0232f5ff3ae8119d09