GB-T35275-2026《网络安全技术 SM2密码算法加密签名消息格式》

1网络安全技术SM2密码算法加密签名消息格式2规范性引用文件GB/T20518—2018信息安全技术公钥基础设施数字证书格式GB/T25069信息安全技术术语GB/T33560网络安全技术密码应用标识GB/T36624—2018信息技术安全技术可鉴别的加密机制3术语和定义OID:对象标识符(ObjectIdentity)contentType}2contentType指示content的类型；content为可选项，其内容类型由contentType指示。使用ContentInfo对SM2密码算法加密签名中涉及的8个数据类型对象Data,SignedData,EnvelopedData,SignedAndEnvelopeAuthEnvelopedData的标识符进行定义。其对象标识符见表1。本文件中第6章规定了上述8个类型表1对象标识符签名及数字信封数据类型SignedAndEnvel6基本类型定义6.1数字证书撤销列表CertificateRevocationListsCertificateRevocationLists::=SETOFCertificateRevocat6.2内容加密算法标识ContentEncryptionAlgorithmldentifierContentEncryptionAlgorithmldentifier类型标明一个数据加密算法。其OID应符合GB/T33560ContentEncryptionAlgorithmldentifier::=AlgorithmldentifierAlgorithmldentifier应符合GB/T20518—2018中5.2.2的规定。6.3杂凑算法标识DigestAlgorithmldentifierDigestAlgorithmIdentifier::=AlgorithmIdentifi6.4签名算法标识SignatureAlgorithmldentifierSignatureAlgorithmldentifier::=AlgorithmIdenti36.5数字证书CertificateCertificate类型指定一个符合GB/T20518—2018格式的证书。它表示集合足以包含从可识别的6.6颁发者和序列号IssuerAndSerialNumberIssuerAndSerialNumber类型标明一个证书颁发者可识别名}6.7密钥加密算法标识KeyEncryptionAlgorithmldentifierKeyEncryptionAlgorithmldentifier::=Algorithmldentifier6.8版本号Version6.9属性Attribute}attrType内容类型是一个OID。attrValues是属性值集合。7数据类型Data8签名数据类型SignedDatasignedData数据类型由任意类型的数据和至少一个签名者的签名值组成。任意类型的数据能同时4signedData数据类型结构定义如下：digestAlgorithmsDigestAlgoriencapContentInfoEncapsulatedcrls[1]IMPLICITCertifiDigestAlgorithmldentif}结构中各项含义见表2。版本号，此处取值为1DigestAlgorithmldentiCertificateRevocatiosignerInfo类型结构定义如下：issuerAndSerialNumberIssuerAndigestAlgorithmDigestAlgorsignatureAlgorithmSunsignedAttrs[1]IMPLICITUnsignedAttributesOPTIONAL}UnsignedAttributes::=SETSIZE(1..MAX)OFAttribu结构中各项含义见表3。5表3SignerInfo数据类型一个证书颁发者可识别名和颁发者确定的证书序列号，DigestAlgorithm-ident值是SM2Signature,用签名者私钥进定义应符合GB/T35276的规定GB/T35276的规定进行数字签名运算。其中signedAttrs应包括messageDigestAttribute,9数字信封数据类型EnvelopedData数字信封envelopedData数据类型由加密数据和至少一个接收者的数据加密密钥的密文组成。其中，加密数据是用数据加密密钥加密的，数据加密密钥是用接收者的公钥加密的。数字信封数据类型示例见A.2。recipientInfosRecipientIencryptedContentInfoEncryptedunprotectedAttrs[1]IMPLICITUnprotectedAttribRecipientInfos::=SETSIZE(UnprotectedAttributes::=SETSIZE6表4EnvelopedData数据类型已加密的内容EncryptedContentInfo::=SEQUENCE{contentTypeContent表5EncryptedContentInfo数据类型内容的类型ContentEncryptionAlgorithmlden内容加密算法和相应的参数内容加密的结果，可选issuerAndSerialNumberIssuerAnkeyEncryptionAlgorithmKeyEncryptionAlgorithmIdent结构中各项含义见表6。7表6RecipientInfo数据类型版本号，此处取值为1列号，可据此确定一份证书和与此证书对应的实体圆曲线加密算法数据加密密钥密文，其定义应符合GB/T35276的10摘要数据类型DigestedDatadigestAlgorithmDigestAlgorithmIdentifier,encapContentInfoEncapsula结构中各项含义见表7:表7DigestedData数据类型版本号，此处取值为1DigestAlgorithmldent11加密数据类型EncryptedDataEncryptedData数据类型由任意类型的加密后的数据组成，数据类型既没有接收者也没有加密的数据加密密钥。加密数据类型示例见A.4。EncryptedData数据类型定义如下：EncryptedData::encryptedContentInfoEncrypted8unprotectedAttrs[1]IMPLICITUnprotectedA表8encryptedData数据类型已加密的内容信息12鉴别数字信封数据类型AuthEnvelopedDataAuthEnvelopedDatarecipientInfosRecipientIauthEncryptedContentInfoEncryptedauthAttrs[0]IMPLICITAuthAttribumacMessageAuthenticatiounauthAttrs[1]IMPLICITUnauthAttributesOPTIONAL}AuthAttributes::=SETSIZE(1..MAX)OFUnauthAttributes::=SETSIZE(1..MAX)OFAttribute表9AuthEnvelopedData数据类型版本号，此处取值为1参与鉴别属性集合，该域是可选。如果该域存在，则MessageAuthenticationC9authEncryptedContentInfo的鉴别加密算法应为SM4-CCM或SM4-GCM,其算法OID应符合CCMParameters::=SEQUEsm4-ICVlenIN数据类型GCMParameters::=SE数据类型13密钥协商类型KeyAgreementInfo密钥协商KeyAgreementInfo数据类型标明两个用户之间建立一个共享秘密密钥的结构，通过这种方式能确定一个共享秘密密钥的值。密钥协商类型示例见A.6。KeyAgreementInfo::=S结构中各项含义见表12。表12KeyAgreementInfo数据类型版本号，此处取值为1临时公钥，SM2密钥格式应符合附录B的规定14签名及数字信封数据类型SignedAndEnvelopedDataSignedAndEnvelopedData数据类型由任意类型的加密数据、至少一个接收者的数据加密密钥和至少一个签名者的签名组成，签名及数字信封数据类型示例见A.7。SignedAndEnvelopedData::=SEQUErecipientInfosRecipientIdigestAlgorithmsDigestAlgoritencryptedContentInfoEncryptedContentInfo,certificates[0]IMPLICITExtendedCertificatesAndCertificatescrls[1]IMPLICITCerti}表13signedAndEnvelopedData数据类型版本号，此处取值为1DigestAlgorithmldentifExtendedCertificatesAndCertifX.509证书的集合，是可选的CertificateRevocatio(资料性)消息格式示例A.1签名数据类型示例319:OBJECTIDENTIFIER'1215610::}}6024:OCTETSTRING'qewrqwer1234123qwerqasdf'}}:}1482:PrintableString'CN’:1563:}}1713:OBJECTIDENTIFIERorgani17618:UTF8String'12140000405703345Q’::2003:OBJECTIDENTIFIERcomm ':::23730:}2753:2802:PrintableString'CN’::2868:2883:2931:UTF8String'O’}3003:OBJECTIDENTIFIERorganizationalUnitName3053::}:::::::::OBJECTIDENTIFIER}OBJECTIDENTIFIERecPublicKey(12}}}}OBJECTIDENTIFIERbasicConstra}}}}:::::::::::::::::':7070/crl/UtrustSecCA/UtrustSecC’}':7070/crl/UtrustSecCOBJECTIDENTIFIERsubjectKeyIdent}authorityKeyIdentifi::::::::::::OBJECTIDENTIFIERcertificatePolicies(25293':7070/cps/UtrustSeNULL}::::::::::::::::PrintableString'CN’}}OBJECTIDENTIFIERorganizationName(25410)}}OBJECTIDENTIFIERorganizationUTF8String'12140000405703345Q’}}OBJECTIDENTIFIERcommonNam '}NULL}NULL}A.2数字信封类型示例410:OBJEC443:OBJECT492:PrintableString'CN’}573:OBJECTIDENTIFIERorganizatio624:UTF8String'Tes}723:OBJECTIDENTIFIERorganiza774:UTF8String'T}873:}::}OBJECTIDENTIFIER'1215610197130NULL}20F90536F543B7F9074D7:::26110:A.3摘要数据类型示例7068:..OBJECTID190610:..OBJECT31A0NDEF:..[0]{A.4加密数据类型示例210:OBJECTIDE2310:OBJECTIDENTIFIERA.5鉴别数字信封数据类型示例19063:......OBJECTIDENTIFIERcountryNa24132:Printabl32063:......OBJECTIDENTIFIERorganizatio47063:......OBJECTIDENTIFIER62063:......OBJECTIDENTIFIERcommonName(2543)670C12:......UTF8String'initSecondC23630NDEF:.SEQUENC2380610:..OBJECTIDEN252068:...OBJECTIDENTIFIER'12268069:...OBJECTIDENTIFIERsigningTime(12840113549195)2811713:UTCTime'241231184222Z’A.6密钥协商类型示例::::D91532D272394362B6AF40171CC5672A}}1413:1462:PrintableString’CN’}}1543:1594:UTF8String'ROOT’}}1693:1744:UTF8String'ROOT’}}1843:18917::20830:21013:22513:}24048:2449:2463:OBJECT2512:PrintableString'CN’}2593:OBJECT2647:UTF8String'BeiJing'}}2773:OBJECTIDENTIFIERco2826:UTF8Stri}::29089::::::::::::::::OBJECTIDENTIFIERecPublicKey(12840100452DA82002E5B4CA827}OBJECTIDENTIFIERsubje}}OBJECTIDENTIFIERbasicConstraints(25291}}}netscape-cert-type(216840111373}4613:46622:46820:4708:OBJECTIDENTIFIERserve}::::::}:::2B9EF3350AEE573C7A103538703CC4FE285}:::}}}A.7签名及数字信封数据类型示例::::::::::PrintableString'CN’}organizationalUnitNPrintableString'BEIJING’}}了}NULL}:::::::::::::}OBJECTIDENTIFIER'121561019714012'NULL}}}}}1103003701567333623055:368063:OBJECTIDENTIF373132:PrintableString'CN’}386137:PrintableString'B}:399063::4193030:4211713:UTCTime'250722085200Z’4361713:UTCTime'260722085200Z’457063:OBJECTIDE462132: