Circular No. 06/2015/TT-BTTTT stipulates the List of Mandatory Standards for Digital Signature and Digital Signature Certification Services

Circular No. 06/2015/TT-BTTTT stipulates the List of Mandatory Standards for Digital Signature and Digital Signature Certification Services, applicable to organizations providing digital signature certification services. Notably, it requires minimum security levels for HSM and Token cards, uses the AES encryption algorithm, and applies one of six SHA hash functions.

Số hiệu06/2015/TT-BTTTT
Loại văn bảnCircular
Cơ quan ban hànhMinistry of Science and Technology
Người kýNguyễn Bắc Son — Bộ trưởng
Cập nhật24/06/2026
NgànhInformation and Communications
Lĩnh vựcScience and Technology
Ngày ban hành23/03/2015
Ngày áp dụng15/09/2015
Ngày hết hiệu lực01/04/2016
Tình trạngExpired
✦ Tóm lược thông minh

Circular No. 06/2015/TT-BTTTT stipulates the List of Mandatory Standards for Digital Signature and Digital Signature Certification Services, applicable to organizations providing digital signature certification services. Notably, it requires minimum security levels for HSM and Token cards, uses the AES encryption algorithm, and applies one of six SHA hash functions.

Đối tượng áp dụng

National, public, and specialized organizations providing digital signature certification services are granted certificates by the Ministry of Information and Communications, and foreign organizations providing digital signature certification services are granted recognition certificates by the Ministry of Information and Communications.

Các điểm cốt lõi

  • Organizations providing digital signature certification services must apply minimum security standards for HSM and Token cards (FIPS PUB 140-2, level 3 for HSM, level 2 for Token).
  • Use the AES encryption algorithm according to TCVN 7816:2007 or NIST 800-67.
  • Apply one of six SHA hash functions (SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256) for digital signatures.
  • Apply standards on digital certificate format, cryptographic message syntax, private key information syntax, certification requirements, interface for communication with cryptographic tokens, and personal information exchange syntax (PKCS).
  • Apply standards on certification policy and practice statements (RFC 3647), certificate storage and retrieval protocols (RFC 2587, RFC 4523, RFC 2251), certificate status checking (RFC 2585, RFC 2560), and time stamping service (RFC 3161, TCVN 7818-1:2007, TCVN 7818-2:2007, TCVN 7818-3:2010).

🌐 Tác động xã hội từ văn bản này

  • The positive impact is to enhance security for digital signatures and certification services, thereby improving electronic transaction security.
  • The negative impact is that organizations providing digital signature certification services must comply with many complex standards, which may cause technical difficulties and investment costs.

❓ Câu hỏi thường gặp

What standards must organizations providing digital signature certification services apply?

Organizations must apply security standards for HSM and Token cards (FIPS PUB 140-2, level 3 for HSM, level 2 for Token), use the AES encryption algorithm according to TCVN 7816:2007 or NIST 800-67, apply one of six SHA hash functions (SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256), and apply standards on digital certificate format, cryptographic message syntax, private key information syntax, certification requirements, interface for communication with cryptographic tokens, and personal information exchange syntax (PKCS).

At what level is the AES encryption algorithm applied?

The AES encryption algorithm is applied according to TCVN 7816:2007 or NIST 800-67.

Which SHA hash functions are used in this standard?

The SHA hash functions used include SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, and SHA-512/256.

What requirements must foreign organizations providing digital signature certification services meet?

Foreign organizations providing digital signature certification services are granted recognition certificates by the Ministry of Information and Communications and must comply with the standards stipulated in this Circular.

When does this Circular take effect?

This Circular takes effect from September 15, 2015.

Toàn văn

MINISTRY OF INFORMATION AND COMMUNICATION

SOCIALIST REPUBLIC OF VIET NAM
Independence – Freedom – Happiness

Number: 06/2015/TT-BTTTT
Hanoi, date March 23, 2015

CIRCULAR

Regulations on the List of Mandatory Standards to be Applied

concerning digital signatures and digital signature certification services

______________

 Pursuant to the Law on Electronic Transactions dated November 29, 2005;

Pursuant to Decree No. 26/2007/NĐ-CP dated February 15, 2007 of the Government detailing the implementation of the Law on Electronic Transactions regarding digital signatures and digital signature certification services, Decree No. 106/2011/NĐ-CP dated November 23, 2011, and Decree No. 170/2013/NĐ-CP dated November 13, 2013;

Pursuant to Decree No. 132/2013/NĐ-CP dated October 16, 2013 of the Government stipulating the functions, tasks, powers, and organizational structure of the Ministry of Information and Communications;

Pursuant to the proposal of the Director of the Science and Technology Department,

The Minister of Information and Communications issues this Circular stipulating The List of Mandatory Standards to be Applied concerning digital signatures and digital signature certification services.

Article 1. Scope of Regulation

This Circular stipulates the List of Mandatory Standards to be Applied concerning digital signatures and digital signature certification services (Annex attached).

Article 2. Applicability

This Circular applies to:

3. ORGANIZATIONS PROVIDING PUBLIC ELECTRONIC SIGNATURE VERIFICATION SERVICES;

2. Public digital signature certification service providers;

3. Special-purpose digital signature certification service providers granted certificates by the Ministry of Information and Communications confirming their qualification to ensure the security of digital signatures;

4. Foreign digital signature certification service providers granted recognition certificates by the Ministry of Information and Communications.

Article 3. Implementation Organization

1. In each period, the Ministry of Information and Communications shall review and amend the List of Mandatory Standards to be Applied concerning digital signatures and digital signature certification services stipulated in Article 1 of this Circular in accordance with technological development and state management policies.

2. The Department of Science and Technology shall be responsible for periodically reviewing and updating the List of Mandatory Standards to be Applied concerning digital signatures and digital signature certification services stipulated in Article 1 of this Circular.

3. The National Center for Digital Certification shall be responsible for guiding the application of standards included in the List of Mandatory Standards to be Applied concerning digital signatures and digital signature certification services stipulated in Article 1 of this Circular.

Article 4. Implementation provisions

1. This Circular takes effect from September 15, 2015.

2. Decision No. 59/2008/QĐ-BTTTT dated December 31, 2008 of the Minister of Information and Communications promulgating the List of Mandatory Standards to be Applied concerning digital signatures and digital signature certification services shall cease to be effective from the date this Circular takes effect, except for the provisions on "Secure Hash Function" at Section 2.3 of the List of Mandatory Standards to be Applied concerning digital signatures and digital signature certification services issued under Decision No. 59/2008/QĐ-BTTTT which shall remain effective until March 31, 2016.

3. In case there is a discrepancy between the provisions of this Circular and the provisions of Circular No. 22/2013/TT-BTTTT dated December 23, 2013 promulgating the list of technical standards for information technology applications in government agencies related to the same standard concerning the use of digital signatures and digital signature certification services provided by digital signature certification service providers in government agencies, the provisions of this Circular shall apply.

4. The Director of the Office, the Head of the Department of Science and Technology, the Director of the National Center for Digital Certification, the Heads of agencies and units under the Ministry, organizations, and individuals concerned shall be responsible for implementing this Circular.

5. During the implementation process, if there are difficulties or obstacles, agencies, organizations, and individuals shall promptly report them to the Ministry of Information and Communications for consideration and resolution./.

THE MINISTER
(Signed)
Nguyen Bac Son

Appendix

LIST OF MANDATORY STANDARDS TO BE APPLIED CONCERNING DIGITAL SIGNATURES AND DIGITAL SIGNATURE CERTIFICATION SERVICES

(Issued together with Circular No. 06/2015/TT-BTTTT dated  23  the  3   2015 of the Minister of Information and Communications)

 

Serial Number

Type
sets the

Code
sets the

Full name
of the standard

(vi) Agreement on the amount of reserve left behind and the deadline for selling the purchased cash foreign currency to the authorized credit institution.
in accordance with      

1

Security Standard for HSM and Cryptographic Tokens

1.1

Security requirements for hardware security module (HSM) hardware security blocks

FIPS PUB 140-2

Security Requirements for Cryptographic Modules

 

- Minimum Level 3 requirements 

1.2

Security Requirements for Token and Smart Cards

FIPS PUB 140-2

Security Requirements for Cryptographic Modules

 

- Minimum Level 2 requirements

2

Cryptography and digital signature standards

2.1

Asymmetric cryptography and digital signatures

PKCS #1

RSA Cryptography Standard

 

- Version 2.1

- Apply RSAES-OAEP for encryption and RSASSA-PSS for signing            Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher

2.2

Symmetric cryptography

TCVN 7816:2007

(FIPS PUB 197)

Information technology - Cryptographic techniques - Advanced Encryption Standard (AES) data encryption algorithm

Apply one of two standards

NIST 800-67

Apply one of six hash functions: SHA-224,

2.3

Secure hash function

XML Key Management

XKMS

SHA-256,                      SHA-384,                       SHA-512,                    SHA-512/224,                     SHA-512/256

Digital Signature Certification Policy and Practice Standards

3

Information and data standards

3.1

Digital certificate format and certificate revocation list (CRL)

RFC 5280

Internet X.509 Public Key Infrastructure Certificate and CRL Profile

 

3.2

Encrypted message syntax

PKCS #7

Cryptographic Message Syntax Standard

Version 1.5

3.3

Private-key information syntax

PKCS #8

Private-Key Information Syntax Standard

Version 1.2

3.4

Certification request syntax

PKCS #10

Certification Request Syntax Standard

Version 1.7

 

3.5

Cryptographic token communication interface

PKCS #11

Cryptographic token interface standard

Version 2.20

3.6

 

Personal information exchange syntax

PKCS #12

Personal Information Exchange Syntax Standard

Version 1.0

4

Standard for Storage and Retrieval Protocol for Digital Certificates

 

RFC 3647

Internet X.509 Public Key Infrastructure - Certificate Policy and Certification Practices Framework

Standards for storage and retrieval protocols for digital certificates
 

 

5

RFC 4510,

5.1

 

RFC 4523

Lightweight Directory Access Protocol (LDAP) Schema Definitions for X.509 Certificates

 

LDAP protocol

Apply one of two standards

RFC 2251

Lightweight Directory Access Protocol (v3)

5.2

Apply either RFC 2251 or the set of four standards:

RFC 4510, RFC 4511, RFC 4512, RFC 4513

RFC 4510

Lightweight Directory Access Protocol (LDAP): Technical Specification Road Map                         RFC 4511,                   RFC 4512,                  Lightweight Directory Access Protocol (LDAP): The Protocol                    Protocol for transmitting and receiving digital certificates and certificate revocation lists

     

Lightweight Directory Access Protocol (LDAP): The Protocol

Lightweight Directory Access Protocol (LDAP): Technical Specification Road Map

Lightweight Directory Access Protocol (LDAP): Directory Information Models

Standard for Certificate Status Checking

Lightweight Directory Access Protocol (LDAP): Authentication Methods and Security Mechanisms

Standards for certificate status checking

Protocol for transmitting and receiving digital certificates and certificate revocation lists

 

RFC 2585

6

Standard for Time Stamp Service

6.1

Protocol for online certificate status checking

RFC 2560

X.509 Internet Public Key Infrastructure - Online Certificate Status Protocol

Áp dụng một hoặc cả hai giao thức FTP và HTTP

6.2

Giao thức để kiểm tra trạng thái chứng thư số trực tuyến

RFC 2560

X.509 Internet Public Key Infrastructure - Online Certificate Status Protocol

 

7

Internet X.509 Public Key Infrastructure - Time-Stamp Protocol (TSP)

7.1

 

Timestamp issuance protocol

RFC 3161

 

TCVN 7818-1:2007

 

 

 

 

 

7.2

Timestamp service

(ISO/IEC 18014-

Information Technology - Cryptographic Techniques - Time Stamp Service - Part 1: General Framework

1:2002)

Apply the three standards:

TCVN 7818-2:2007 

(ISO/IEC 18014-

TCVN 7818-3:2010

(ISO/IEC 18014 -          

TCVN 7818-3:2010

Information Technology - Cryptographic Techniques - Time Stamp Service - Part 2: Independent Token Mechanism               2: 2002)

TCVN 7818-3:2010 (ISO/IEC 18014-

Information Technology - Cryptographic Techniques - Time Stamp Service - Part 3: Linked Token Mechanism                 3: 2009)

Information Technology - Cryptographic Engineering - Time Stamp Service - Part 3: Mechanism for Creating Linked Cards

 


Văn bản gốc (PDF)

Mở PDF trong tab mới ↗

Bản đồ quan hệ

↑ Cơ sở & văn bản tác động lên văn bản này
Căn cứ 6
51/2005/QH11 Nghị quyết số 51/2005/QH11 Về nhiệm vụ năm 2006 Còn hiệu lực 170/2013/NĐ-CP Nghị định số 170/2013/NĐ-CP Sửa đổi, bổ sung một số điều của Nghị định số 26/2007/NĐ-CP ngày 15 tháng 02 năm 2007 của Chính phủ quy định chi tiết thi hành Luật Giao dịch điện tử về chữ ký số và dịch vụ chứng thực chữ ký số và Nghị định số 106/2011/NĐ-CP ngày 23 tháng 11 năm 2011 của Chính phủ sửa đổi, bổ sung một số điều của Nghị định số 26/2007/NĐ-CP ngày 15 tháng 02 năm 2007 Hết hiệu lực 106/2011/NĐ-CP Nghị định số 106/2011/NĐ-CP Sửa đổi, bổ sung một số điều của Nghị định số 26/2007/NĐ-CP của Chính phủ ngày 15 tháng 02 năm 2007 quy định chi tiết thi hành Luật Giao dịch điện tử về chữ ký số và dịch vụ chứng thực chữ ký số Hết hiệu lực 26/2007/NĐ-CP Nghị định số 26/2007/NĐ-CP Quy định chi tiết thi hành Luật Giao dịch điện tử về chữ ký số và dịch vụ chứng thực chữ ký số Hết hiệu lực 132/2013/NĐ-CP Nghị định số 132/2013/NĐ-CP Quy định chức năng, nhiệm vụ, quyền hạn và cơ cấu tổ chức của Bộ Thông tin và Truyền thông Hết hiệu lực 41/2022/QĐ-UBND Quyết định số 41/2022/QĐ-UBND Ban hành Quy chế quản lý và sử dụng chứng thư số, chữ ký số chuyên dùng Chính phủ trên địa bàn tỉnh Quảng Ninh Còn hiệu lực
06/2015/TT-BTTTT
Circular No. 06/2015/TT-BTTTT stipulates the List of Mandatory Standards for Digital Signature and Digital Signature Certification Services
Expired

Bấm vào một văn bản để mở. Viền đỏ = quan hệ làm thay đổi hiệu lực.