SM2无证书及隐式证书公钥机制签名和加密过程详解(二)

游鲦亭长

于 2024-10-03 11:18:05 发布

阅读量187

点赞数 17

分类专栏： # 密码应用安全性评估 # 密评实践 # 国密标准文章标签：密码测评安全

本文链接：https://blog.csdn.net/ryanzzzzz/article/details/142669101

版权

密码应用安全性评估同时被 3 个专栏收录

80 篇文章 97 订阅

订阅专栏

密评实践

37 篇文章 17 订阅

订阅专栏

国密标准

28 篇文章 13 订阅

订阅专栏

前面对非显式证书公钥机制（无证书和隐式证书）的密钥生成过程进行了描述（SM2无证书及隐式证书公钥机制签名和加密过程详解(一)_sm2加密解密过程-CSDN博客），这里接着对隐式证书ASN.1模板和生成过程进行说明。

（1）隐式证书ASN.1模板

SequeceOfCertificate ::= SEQUENCE OF Certificate

Certificate ::= CertificateBase(ExplicitCertificate | Reserved)

CertificateBase ::= SEQUENCE {
   version           Uint8(3),
   type           CertificateType,
   issuer           IssuerIdentifier,
   toBeSigned       ToBeSignedCertificate,
   signatre       Signature OPTIONAL
}

CertificateType ::= ENUMERATED {
   explicit,
   reserved,
   ...
}

--显式证书，需具备CA签名，使用CA公钥验证
ExlipcitCertificate ::= CertificateBase (WITH COMPONENTS { ...,
   type(explicit),
   toBeSigned (WITH COMPONENTS { ...,
       verifyKeyIndicator (WITH COMPONENTS {verificationKey})
   }),
   signatre PRESENT
})

--隐式证书，无需CA签名，使用声明公钥验证（即公钥还原数据）
Reserved ::= CertificateBase (WITH COMPONENTS { ...,
   type(reserved),
   toBeSigned(WITH COMPONENTS { ...,
       verifyKeyIndicator(WITH COMPONENTS {reconstructionValue})
   }),
   signatre ABSENT
})

IssuerIdentifier ::= CHOICE {
   sha256AndDigest   HashedId8,
   self SignedData ::= SEQUENCE {
       hashId           OBJECT IDENTIFIER,
       tbsData           ToBeSignedData,
       signer           SignerIdentifier,
       signature       Signature
   } HashAlgorithm,
   ...,
   sha384AndDigest   HashedId8,
   sm3AndDigest   HashedId8
}

ToBeSignedCertificate ::= SEQUENCE {
   id               CertificateId,
   cracaId           HashedId3,
   crlSeries       CrlSeries,
   validityPeriod   ValidityPeriod,
   region           GeographicRegion OPTIONAL,
   assuranceLevel   SubjectAssurance OPTIONAL,
   appPermissions   SequenceOfAidSsp OPTIONAL,
   cerIssuePermissions   SequenceOfAidGroupPermissions OPTIONAL,
   cerRequestPermissions   SequenceOfAidGroupPermissions OPTIONAL,
   canRequestRollover   NULL OPTIONAL,
   encryptionKey   publicEncryptionKey OPTIONAL,
   verifyKeyIndicator   VerificationKeyIndicator,
   ...
}
(WITH COMPONENTS {..., appPermissions PRESENT} |
WITH COMPONENTS {..., cerIssuePermissions PRESENT} |
WITH COMPONENTS {..., cerRequestPermissions PRESENT})

CertificateId ::= CHOICE {
   linkageData       LinkageData,
   name           HostName,
   binaryId       OCTET STRING(SIZE(1..64)),
   none           NULL,
   ...
}

LinkageData ::= SEQUENCE {
   iCert           IValue,
   linkage-value   LinkageValue,
   group-linkage-value   GroupLinkageValue OPTIONAL
}

SequenceOfAidGroupPermissions ::= SEQUENCE OF AidGroupPermissions

AidGroupPermissions ::= SEQUENCE {
   subjectPermissions   SubjectPermissions,
   minChainLength       INTEGER DEFAULT 1,
   chainLengthRange   INTEGER DEFAULT 0,
   eeType               EndEntityType DEFAULT {app}
}

SubjectPermissions ::= CHOICE {
   explicit       SequenceOfAidSspRange,
   all               NULL,
   ...
}

EndEntityType ::= BIT STRING {app(0), enroll(1)}(size(8))(ALL EXCEPT{})

VerificationKeyIndicator ::= CHOICE {
   verificationKey       PublicVerificationKey,
   reconstructionValue   EccP256CurvePoint,
   ...
}

（2）隐式证书生成过程（简要）

1）KGC生成系统私钥ms和对应系统公钥Ppub。
2）KGC使用系统公钥Ppub向CA申请一张证书（标准证书申请流程）。
3）实体A将公钥数据UA等信息提交到KGC。
4）KGC验证隐式证书申请合法性，生成 ToBeSignedCertificate 中从id开始 encryptionKey 的部分。
5）KGC生成IDA（至少包括 ToBeSignedCertificate 中从 id 开始到 encryptionKey 之前的数据域）。
6）KGC将WA作为隐式证书中 verifyKeyIndicator 的数据，生成完整的隐式证书。

后续，将进一步介绍隐式证书COER编码机制、隐式证书实例及其使用。