GOST R ISO IEC 7816-8-2011 Identification cards Integrated circuit cards Part 8 Commands for information security operations《识别卡 集成电路卡 第8部分 安全操作命令》.pdf

1、 /7816-82011 8 ISO/IEC 7816-8:2004Identification cards Integrated circuit cards Part 8: Commands for securityoperations(IDT) 27 2002 . 184- , 1.02004 . 1 - () 22 , 42 22 3 13 2011 . 1009-4 / 7816-8:2004 . . 8. (ISO/IEC 7816-8:2004 Identification cards Integrated circuit cards Part 8: Commandsfor sec

2、urity operations). - , - 5 6 , 4, - . , - . - () . , , 2013 , - - II / 7816-820111 12 13 14 25 25.1 (GENERATE ASYMMETRICKEY PAIR) .25.2 (PERFORM SECURITY OPERATION) 45.3 (COMPUTECRYPTOGRAPHIC CHECKSUM) .55.4 (COMPUTE DIGITAL SIGNATURE) .65.5 (HASH) 65.6 (VERIFYCRYPTOGRAPHIC CHECKSUM) .75.7 (VERIFY D

3、IGITAL SIGNATURE) 75.8 (VERIFY CERTIFICATE) .75.9 (ENCIPHER) .85.10 (DECIPHER)8 () , 9 () , 12 () / .14 () .16 17III / 7816-82011 / 7816 . - , . ( , ) / ( , ). , - :/ 7816-1 ;/ 7816-2 ;/ 7816-3 - ;/ 7816-10 - ;/ 7816-12 USB . . , / :/ 7816-4 , ;/ 7816-5 ;/ 7816-6 ;/ 7816-7 ;/ 7816-8 , ;/ 7816-9 ;/ 7

4、816-11 ;/ 7816-15 ;/ 10536 ./ 14443 15693 . . / 7816-8 17 - 1 / .IV / 7816-82011 8 Identification cards. Integrated circuit cards. Part 8. Commands for information security operations 201301011 , . - . . / .2 -:/ 7816-4:2005 . . -, (ISO/IEC 7816-4:2005, Identification cards Integratedcircuit cards P

5、art 4: Organization, security and commands for interchange)3 / 7816-4:3.1 (asymmetric cryptographictechnique): , : , , , . , .3.2 (certificate): , - . , , - .3.3 (digital signature): - , , , .3.4 (key): (, , , -, , ).3.5 (secure messaging): - ( ) -.1 / 7816-82011 4 :CCT (control reference template f

6、orcryptographic checksum);CRT (control reference template);CT (control reference template for confidentiality);DSA (digital signature algorithm);DST (control reference template for digital signature);ECDSA (elliptic curve digital signature algorithm);HT - (control reference template for hash-code);M

7、SE (MANAGE SECURITY ENVIRONMENTcommand);PK (public key);PSO (PERFORM SECURITY OPERATIONcommand);GQ (Guillou and Quisquater);RFU (reserved for future use);RSA (Rivest, Shamir, Adleman);SE (security environment);SEID (security environment identifier).5 - , .5.1 (GENERATEASYMMETRIC KEY PAIR) GENERATE A

8、SYMMETRIC KEY PAIR - , . . , - , (. 1). MANAGE SECURITY ENVIRONMENT (, ). , , (./ 7816-4). 1 - GENERATE ASYMMETRIC KEY PAIRCLAINSP1P2 / 7816-446 47 200 ( ) Lc N = 0, Nc 0 , P1-P2 0000, CPT, , P1-P2 0000 (. ) Le Ne = 0, Ne 0 - SW1-SW2 . / 7816-4, 56, 6985 , - CRT. CRT .2 / 7816-82011 2 P1b8 b7 b6 b5

9、b4 b3 b2 b1 00000000 10000xxx 10000x : x x 0 - x x 1 - 10000 : 0 - 1 - -10000 : 0 - 1 - , Le, , - Le ISO/IEC JTC1/SC17 Le , , EF, . ( ) . INS (. / 7816-4) (46), (47). , . . 1 INS, . . INS 47, , - 3. , . - ( 80 BF) . 3 7F49 - 06 , 80 , , RSA81 ( n, x )82 ( v, , 65537) DSA81 ( p, y )82 ( q, p-1, 20 )83 ( g q, y )84 ( y, g x p, x , y )3 / 7816-82011 3 ECDSA81 ( p, z )82 ( a, z )83 ( b,