GA/T 977-2012 Electronic Signatures for Evidence and Identification Documents
GA/T977-2012
Standard compression package decompression password: www.bzxz.net
This standard specifies the electronic signatures in electronic documents of evidence and identification documents.
This standard applies to the electronic signatures of electronic documents of evidence and identification documents based on PKI.
This standard was drafted in accordance with the rules given in GB/T1.1-2009.
This standard was proposed by the Cyber Security Bureau of the Ministry of Public Security.
This standard is under the jurisdiction of the Information System Security Standardization Technical Committee of the Ministry of Public Security.
The drafting units of this standard: Cyber Security Bureau of the Ministry of Public Security, the Third Research Institute of the Ministry of Public Security.
The main drafters of this standard: Xu Jianzhuo, Lu Tao, Wang Ting, Li Xun, Jin Bo, Xu Jun. The following documents are indispensable for the application of this document. For any dated referenced document, only the dated version applies to this document. For any undated referenced document, the latest version (including all amendments) applies to this document.
ITU-TX.509 International Standard for Electronic Certificates
RFC3075 XML-Signature Syntax and Processing
RFC3280 Internet X.509 Public Key Infrastructure Certificate and CRL Profile
Some standard content:
ICS35.220.20 People's Republic of China Public Security Industry Standard GA/T977—2012 Electronic signature of forensic and identification document2012-02-01Published Digital anti-counterfeiting Ministry of Public Security of the People's Republic of ChinabZxz.net 2012-02-01Implemented This standard was drafted in accordance with the rules given in GB/T1.12009. This standard was proposed by the Cyber Security Bureau of the Ministry of Public Security. This standard is under the jurisdiction of the Information System Security Standardization Technical Committee of the Ministry of Public Security. Drafting units of this standard: Cyber Security Bureau of the Ministry of Public Security, the Third Research Institute of the Ministry of Public Security. The main drafters of this standard: Xu Jianzhuo, Lu Tao, Wang Ting, Li Xun, Jin Bo, Xu Jun, GA/T977—2012 1 Scope Electronic signatures for evidence collection and identification documents This standard specifies the electronic signatures in electronic documents of evidence collection and identification documents. This standard applies to the electronic signatures of electronic documents of evidence collection and identification documents based on PKI. 2 Normative references GA/T977-2012 The following documents are indispensable for the application of this document. For any dated referenced document, only the dated version applies to this document. For any undated referenced document, its latest version (including all amendments) applies to this document. ITU-T X. 509 International Standard for Electronic Certificates RFC 3075 XML-Signature Syntax and Processing Internet X.509 Public Key Infrastructure Certificate and CRL Profiles RFC3280 3 Terms and Definitions The terms and definitions defined in RFC3280 and the following apply to this document. ITU-T X.509, RFC_3075 Electronic Documentelectronicdocument A mixture of information in electronic form that can be recognized and processed by a computer3.2 Electronic signatureelectronic signatureData contained in or attached to an electronic document in electronic form that identifies the signatory and indicates that the signatory recognizes the contents. 3.3 Digital Certificatedigital certification3.4 A document signed by a digital certificate issuing authority that includes the certificate holder's information and public key. Signature algorithmsignaturealgorithm An asymmetric encryption algorithm for encrypting information digests. 4 Electronic signature 4.1 Electronic documents Evidence collection and identification documents electronic documents should contain content that can identify the client, the appraiser, the time of the appraisal, and the appraisal conclusion, and should be able to effectively express the content contained in the evidence collection and identification documents, and can be retrieved and used at any time. The electronic document format of evidence collection and identification documents should comply with relevant regulations on judicial identification. 4.2 Digital certificate issuing authority Digital certificates should be issued by legal and authoritative institutions. GA/T 977—2012 Digital certificate format The certification certificate for electronic signatures of evidence collection and identification electronic documents should comply with the provisions of ITU-TX.509. 4.4 Electronic Signature Process After generating the electronic document for evidence collection and authentication, the signatory shall execute the process shown in Figure 1 for the signature of the electronic document: take the full text of the electronic document as the input parameter and use the hash algorithm to make the summary of the electronic document; a) Use the signature private key of the digital certificate holder to asymmetrically encrypt the summary of the electronic document to generate the electronic signature content; b) Encapsulate the original electronic document for evidence collection and authentication, the generated electronic signature and the signature certificate to form the signature result. Electronic Document for Evidence Collection and Authentication Summary of Electronic Document Electronic Signature Content Digital Certificate Figure 1 Electronic Signature Process for Electronic Document for Evidence Collection and Authentication4.5 Electronic Signature Verification Process The result of the electronic signature of the electronic document for evidence collection and authentication, that is, the data to be verified, includes the electronic signature content, the original electronic document and the public key of the signatory. Evidence collection and identification Electronic document signature verification is performed according to the process shown in Figure 2: a) The verifier first uses a hash algorithm to obtain an electronic document summary for the original electronic document; the electronic signature content in the electronic signature result is decrypted using the signer's digital certificate to obtain the electronic document summary b) derived from the signature content; The two summaries are verified and compared. If they are the same, the original electronic document is valid, otherwise it is invalid. Evidence collection and identification electronic documents Hash algorithm Electronic document summary Verification passed Electronic signature content Signature algorithm Electronic document summary derived from signature content Electronic signature verification process diagram of Evidence collection and identification electronic documents 2 Digital certificate 4.6 Electronic signature format GA/T977--2012 Electronic signature storage and access format of Evidence collection and identification documents should be stored in accordance with the requirements of RFC3075 and RFC3280, and all text encodings should be in UTF-8 format. The format is as follows: [Lo] (SignatureValue/) (CertInfo/) [L15](/Signature) Among them, the definitions of each xml tag are as follows: The Signature tag indicates a complete xml signature, which is identified by the electronic document number, and the xml namespace should be unique. The SignedInfo tag indicates the information to be signed. The Algorithm attribute in the CanonicalizationMethod tag specifies the canonicalization algorithm of the SignatureInfo content before signing. The Algorithm attribute in the SignatureMethod tag specifies the hash algorithm and signature algorithm used in the signing process. The Reference tag includes the digest algorithm and digest value, etc. The Transforms tag includes the transformation algorithm before signing. The DigestMethod tag indicates the digest algorithm. The DigestValue tag indicates the digest value. The SignatureValue tag indicates the signature result. The CertInfo tag indicates the certificate information used in the signature. 4.7 Electronic Signature Management System 4.7.1 General The electronic signature management system for evidence collection and identification documents should have the functions of system management and signature display. 4.7.2 System Management The system should use procedures and controls that can ensure the authenticity, integrity and appropriate confidentiality of the records when establishing, modifying, maintaining or transmitting electronic documents for evidence collection and identification, so as to ensure that the signatory cannot easily deny that the signed record is unauthentic. Such procedures and controls should include the following processes: a) The system should be verified to ensure accurate, reliable, and stable expected performance, and have the ability to identify invalid and altered records; b) Ensure that the electronic documents produced are accurate and complete and are easy to read and suitable for inspection, review and copying: GA/T977-2012 Protect system operation records so that the records can be accurate and easily retrieved throughout the retention period; d) Limit system access by authorizing individual users; e) Use a secure, computer-generated, time-stamped audit trail to independently record the date and time of operator access and the creation, modification, or deletion of electronic records. Changes to records cannot overwrite previous record information. Display of Signatures Signed forensics and authentication electronic documents should contain all the following information related to the signature: the name of the signer written in print; a) The date and time the signature takes effect; The meaning associated with the signature (such as "agree"). Copyright exclusive. Infringement will be investigated. Book number: 155066·2-23319 GA/T977-2012 Price: Tip: This standard content only shows part of the intercepted content of the complete standard. If you need the complete standard, please go to the top to download the complete standard document for free.