GM/T 0020-2023 证书应用综合服务接口规范

ICS35.030

CCSL80

中华人民共和国密码行业标准

GM/T0020—2023

代替GM/T0020—2012

证书应用综合服务接口规范

Certificateapplicationintegratedserviceinterfacespecification

2023⁃12⁃04发布2024⁃06⁃01实施

国家密码管理局发布

GM/T0020—2023

目次

前言··························································································································Ⅲ

引言··························································································································Ⅳ

1范围·······················································································································1

2规范性引用文件········································································································1

3术语和定义··············································································································1

4缩略语····················································································································1

5算法标识和数据结构··································································································2

5.1标识定义···········································································································2

5.2数据结构定义·····································································································2

6证书应用综合服务接口定位、分类和要求········································································2

6.1证书应用综合服务接口在公钥密码应用技术体系框架中的位置······································2

6.2证书应用综合服务接口分类···················································································2

6.3客户端服务接口··································································································2

6.4服务器端服务接口·······························································································3

6.5数据格式要求·····································································································3

7证书应用综合服务接口定义·························································································3

7.1客户端COM组件接口··························································································3

7.2服务器端COM组件接口·····················································································13

7.3服务器端Java组件接口·······················································································24

7.4客户端JavaScript脚本接口···················································································35

附录A（规范性）证书应用综合服务接口错误代码定义·······················································46

附录B（资料性）证书应用综合服务接口典型部署模型·······················································49

附录C（资料性）证书应用综合服务接口集成示例·····························································50

附录D（资料性）客户端JavaScript脚本接口异步调用示例说明············································52

参考文献····················································································································53

Ⅰ

GM/T0020—2023

前言

本文件按照GB/T1.1—2020《标准化工作导则第1部分：标准化文件的结构和起草规则》的规

定起草。

本文件代替GM/T0020—2012《证书应用综合服务接口规范》，与GM/T0020—2012相比，除结

构调整和编辑性改动外，主要技术变化如下：

a）删除了术语“数字证书”（见2012年版的3.1）；

b）增加了Base64格式数据的更明确描述（见6.5）；

c）增加了接口“证书登出SOF_Logout”（见7.1.35）、“证书登录状态检测SOF_IsLogin”（见

7.1.36）；

d）增加了接口“数据摘要SOF_HashData”（见7.1.31、7.2.37、7.3.38）“文件摘要SOF_HashFile”

（见7.1.32、7.2.38、7.3.39）“摘要值签名SOF_SignHashData”（见7.1.33、7.2.39、7.3.40）“摘要

值验签SOF_VerifySignedHashData”（见7.1.34、7.2.40、7.3.41）；

e）删除了接口“SOF_EncryptFile”（见2012年版的7.1.23）“SOF_DecryptFile”（见2012年版的

7.1.24）；

f）增加了“客户端JavaScript脚本接口”（见7.4）。

请注意本文件的某些内容可能涉及专利。本文件的发布机构不承担识别专利的责任。

本文件由密码行业标准化技术委员会提出并归口。

本文件起草单位：北京数字认证股份有限公司、格尔软件股份有限公司、北京海泰方圆科技股份有

限公司、上海市数字证书认证中心有限公司、无锡江南信息安全工程技术中心、中电科网络安全科技股

份有限公司、长春吉大正元信息技术股份有限公司、兴唐通信科技有限公司、山东得安信息技术有限公

司、北京国脉信安科技有限公司、国家密码管理局商用密码检测中心、中国电子技术标准化研究院。

本文件主要起草人：刘伟、赵永省、刘平、刘蕾、李述胜、郑强、谭武征、蒋红宇、柳增寿、许涛、寇建

波、赵丽丽、王妮娜、马洪富、孔凡玉、袁峰、罗鹏、肖秋林、张绍博、上官晓丽、蔡一鸣、黄晶晶。

本文件及其所代替文件的历次版本发布情况为：

——2012年首次发布版为GM/T0020—2012；

——本次是第一次修订。

Ⅲ

GM/T0020—2023

引言

本文件依托于GM/T0019《通用密码服务接口规范》，为应用层规定了统一的高级密码服务接口。

证书应用综合服务接口为应用系统提供简洁、易用的证书应用接口，屏蔽了各类密码设备（服务器

密码机和智能密码钥匙等）的设备差异性，以及各类密码设备的密码应用接口之间的差异性，实现应用

与密码设备无关性，可简化应用开发的复杂性。证书应用综合服务接口分成客户端服务接口和服务器

端服务接口两类，可满足B/S和C/S等多种架构的应用系统的调用需求，有利于密码服务接口产品的

开发，有利于应用系统在密码服务过程中的集成和实施，有利于实现各应用系统的互联互通。

Ⅳ

GM/T0020—2023

证书应用综合服务接口规范

1范围

本文件规定了面向证书应用的综合服务接口。

本文件适用于公钥密码应用技术体系下密码应用服务产品的开发，密码应用支撑平台的研制及检

测，也可用于指导直接使用密码设备和密码服务的应用系统的集成和开发。

2规范性引用文件

下列文件中的内容通过文中的规范性引用而构成本文件必不可少的条款。其中，注日期的引用文

件，仅该日期对应的版本适用于本文件；不注日期的引用文件，其最新版本（包括所有的修改单）适用于

本文件。

GB/T25061—2020信息安全技术XML数字签名语法与处理规范

GM/T0006密码应用标识规范

GM/T0009SM2密码算法使用规范

GM/T0010SM2密码算法加密签名消息语法规范

GM/T0015基于SM2密码算法的数字证书格式规范

GM/T0019通用密码服务接口规范

GM/Z4001密码术语

PKCS#1RSA加密标准（RSACryptographyStandard）

PKCS#7加密消息语法标准（CryptographicMessageSyntaxStandard）

IETFRFC3275（可扩展标记语言）XML签名语法和处理[（ExtensibleMarkupLanguage)XML⁃

SignatureSyntaxandProcessing]

IETFRFC4648Base16、Base32和Base64数据编码（TheBase16，Base32，andBase64DataEn⁃

codings）

3术语和定义

GM/Z4001界定的以及下列术语和定义适用于本文件。

3.1

用户密钥userkey

存储在设备内部的用于应用密码运算的非对称密钥对。

注：用户密钥包含签名密钥对和加密密钥对。

3.2

容器container

密码设备中用于保存密钥所划分的唯一性存储空间。

4缩略语

下列缩略语适用于本文件。

1