Circular No. 06/2015/TT-BTTTT stipulates the List of Mandatory Standards for Digital Signature and Digital Signature Certification Services, applicable to organizations providing digital signature certification services. Notably, it requires minimum security levels for HSM and Token cards, uses the AES encryption algorithm, and applies one of six SHA hash functions.
적용 범위
National, public, and specialized organizations providing digital signature certification services are granted certificates by the Ministry of Information and Communications, and foreign organizations providing digital signature certification services are granted recognition certificates by the Ministry of Information and Communications.
핵심 사항
- Organizations providing digital signature certification services must apply minimum security standards for HSM and Token cards (FIPS PUB 140-2, level 3 for HSM, level 2 for Token).
- Use the AES encryption algorithm according to TCVN 7816:2007 or NIST 800-67.
- Apply one of six SHA hash functions (SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256) for digital signatures.
- Apply standards on digital certificate format, cryptographic message syntax, private key information syntax, certification requirements, interface for communication with cryptographic tokens, and personal information exchange syntax (PKCS).
- Apply standards on certification policy and practice statements (RFC 3647), certificate storage and retrieval protocols (RFC 2587, RFC 4523, RFC 2251), certificate status checking (RFC 2585, RFC 2560), and time stamping service (RFC 3161, TCVN 7818-1:2007, TCVN 7818-2:2007, TCVN 7818-3:2010).
🌐 이 문서의 사회적 영향
- The positive impact is to enhance security for digital signatures and certification services, thereby improving electronic transaction security.
- The negative impact is that organizations providing digital signature certification services must comply with many complex standards, which may cause technical difficulties and investment costs.
❓ 자주 묻는 질문
What standards must organizations providing digital signature certification services apply?
Organizations must apply security standards for HSM and Token cards (FIPS PUB 140-2, level 3 for HSM, level 2 for Token), use the AES encryption algorithm according to TCVN 7816:2007 or NIST 800-67, apply one of six SHA hash functions (SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256), and apply standards on digital certificate format, cryptographic message syntax, private key information syntax, certification requirements, interface for communication with cryptographic tokens, and personal information exchange syntax (PKCS).
At what level is the AES encryption algorithm applied?
The AES encryption algorithm is applied according to TCVN 7816:2007 or NIST 800-67.
Which SHA hash functions are used in this standard?
The SHA hash functions used include SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, and SHA-512/256.
What requirements must foreign organizations providing digital signature certification services meet?
Foreign organizations providing digital signature certification services are granted recognition certificates by the Ministry of Information and Communications and must comply with the standards stipulated in this Circular.
When does this Circular take effect?
This Circular takes effect from September 15, 2015.
전문
CIRCULAR
Regulations on the List of Mandatory Standards to be Applied
concerning digital signatures and digital signature certification services
______________
Pursuant to the Law on Electronic Transactions dated November 29, 2005;
Pursuant to Decree No. 26/2007/NĐ-CP dated February 15, 2007 of the Government detailing the implementation of the Law on Electronic Transactions regarding digital signatures and digital signature certification services, Decree No. 106/2011/NĐ-CP dated November 23, 2011, and Decree No. 170/2013/NĐ-CP dated November 13, 2013;
Pursuant to Decree No. 132/2013/NĐ-CP dated October 16, 2013 of the Government stipulating the functions, tasks, powers, and organizational structure of the Ministry of Information and Communications;
Pursuant to the proposal of the Director of the Science and Technology Department,
The Minister of Information and Communications issues this Circular stipulating The List of Mandatory Standards to be Applied concerning digital signatures and digital signature certification services.
Article 1. Scope of Regulation
This Circular stipulates the List of Mandatory Standards to be Applied concerning digital signatures and digital signature certification services (Annex attached).
Article 2. Applicability
This Circular applies to:
3. ORGANIZATIONS PROVIDING PUBLIC ELECTRONIC SIGNATURE VERIFICATION SERVICES;
2. Public digital signature certification service providers;
3. Special-purpose digital signature certification service providers granted certificates by the Ministry of Information and Communications confirming their qualification to ensure the security of digital signatures;
4. Foreign digital signature certification service providers granted recognition certificates by the Ministry of Information and Communications.
Article 3. Implementation Organization
1. In each period, the Ministry of Information and Communications shall review and amend the List of Mandatory Standards to be Applied concerning digital signatures and digital signature certification services stipulated in Article 1 of this Circular in accordance with technological development and state management policies.
2. The Department of Science and Technology shall be responsible for periodically reviewing and updating the List of Mandatory Standards to be Applied concerning digital signatures and digital signature certification services stipulated in Article 1 of this Circular.
3. The National Center for Digital Certification shall be responsible for guiding the application of standards included in the List of Mandatory Standards to be Applied concerning digital signatures and digital signature certification services stipulated in Article 1 of this Circular.
Article 4. Implementation provisions
1. This Circular takes effect from September 15, 2015.
2. Decision No. 59/2008/QĐ-BTTTT dated December 31, 2008 of the Minister of Information and Communications promulgating the List of Mandatory Standards to be Applied concerning digital signatures and digital signature certification services shall cease to be effective from the date this Circular takes effect, except for the provisions on "Secure Hash Function" at Section 2.3 of the List of Mandatory Standards to be Applied concerning digital signatures and digital signature certification services issued under Decision No. 59/2008/QĐ-BTTTT which shall remain effective until March 31, 2016.
3. In case there is a discrepancy between the provisions of this Circular and the provisions of Circular No. 22/2013/TT-BTTTT dated December 23, 2013 promulgating the list of technical standards for information technology applications in government agencies related to the same standard concerning the use of digital signatures and digital signature certification services provided by digital signature certification service providers in government agencies, the provisions of this Circular shall apply.
4. The Director of the Office, the Head of the Department of Science and Technology, the Director of the National Center for Digital Certification, the Heads of agencies and units under the Ministry, organizations, and individuals concerned shall be responsible for implementing this Circular.
5. During the implementation process, if there are difficulties or obstacles, agencies, organizations, and individuals shall promptly report them to the Ministry of Information and Communications for consideration and resolution./.
Appendix
LIST OF MANDATORY STANDARDS TO BE APPLIED CONCERNING DIGITAL SIGNATURES AND DIGITAL SIGNATURE CERTIFICATION SERVICES
(Issued together with Circular No. 06/2015/TT-BTTTT dated 23 the 3 2015 of the Minister of Information and Communications)
|
Serial Number |
Type |
Code |
Full name |
(vi) Agreement on the amount of reserve left behind and the deadline for selling the purchased cash foreign currency to the authorized credit institution. |
|
1 |
Security Standard for HSM and Cryptographic Tokens |
|||
|
1.1 |
Security requirements for hardware security module (HSM) hardware security blocks |
FIPS PUB 140-2 |
Security Requirements for Cryptographic Modules
|
- Minimum Level 3 requirements |
|
1.2 |
Security Requirements for Token and Smart Cards |
FIPS PUB 140-2 |
Security Requirements for Cryptographic Modules
|
- Minimum Level 2 requirements |
|
2 |
Cryptography and digital signature standards |
|||
|
2.1 |
Asymmetric cryptography and digital signatures |
PKCS #1 |
RSA Cryptography Standard
|
- Version 2.1 - Apply RSAES-OAEP for encryption and RSASSA-PSS for signing Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher |
|
2.2 |
Symmetric cryptography |
TCVN 7816:2007 (FIPS PUB 197) |
Information technology - Cryptographic techniques - Advanced Encryption Standard (AES) data encryption algorithm |
Apply one of two standards |
|
NIST 800-67 |
Apply one of six hash functions: SHA-224, |
|||
|
2.3 |
Secure hash function |
XML Key Management |
XKMS |
SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256 Digital Signature Certification Policy and Practice Standards |
|
3 |
Information and data standards |
|||
|
3.1 |
Digital certificate format and certificate revocation list (CRL) |
RFC 5280 |
Internet X.509 Public Key Infrastructure Certificate and CRL Profile |
|
|
3.2 |
Encrypted message syntax |
PKCS #7 |
Cryptographic Message Syntax Standard |
Version 1.5 |
|
3.3 |
Private-key information syntax |
PKCS #8 |
Private-Key Information Syntax Standard |
Version 1.2 |
|
3.4 |
Certification request syntax |
PKCS #10 |
Certification Request Syntax Standard |
Version 1.7 |
|
3.5 |
Cryptographic token communication interface |
PKCS #11 |
Cryptographic token interface standard |
Version 2.20 |
|
3.6
|
Personal information exchange syntax |
PKCS #12 |
Personal Information Exchange Syntax Standard |
Version 1.0 |
|
4 |
Standard for Storage and Retrieval Protocol for Digital Certificates |
|||
|
|
RFC 3647 |
Internet X.509 Public Key Infrastructure - Certificate Policy and Certification Practices Framework |
Standards for storage and retrieval protocols for digital certificates
|
|
|
5 |
RFC 4510, |
|||
|
5.1
|
RFC 4523 |
Lightweight Directory Access Protocol (LDAP) Schema Definitions for X.509 Certificates
|
LDAP protocol |
Apply one of two standards |
|
RFC 2251 |
Lightweight Directory Access Protocol (v3) |
|||
|
5.2 |
Apply either RFC 2251 or the set of four standards: |
RFC 4510, RFC 4511, RFC 4512, RFC 4513 |
RFC 4510 |
Lightweight Directory Access Protocol (LDAP): Technical Specification Road Map RFC 4511, RFC 4512, Lightweight Directory Access Protocol (LDAP): The Protocol Protocol for transmitting and receiving digital certificates and certificate revocation lists
|
|
Lightweight Directory Access Protocol (LDAP): The Protocol |
Lightweight Directory Access Protocol (LDAP): Technical Specification Road Map |
|||
|
Lightweight Directory Access Protocol (LDAP): Directory Information Models |
Standard for Certificate Status Checking |
|||
|
Lightweight Directory Access Protocol (LDAP): Authentication Methods and Security Mechanisms |
Standards for certificate status checking |
|||
|
Protocol for transmitting and receiving digital certificates and certificate revocation lists
|
RFC 2585 |
|||
|
6 |
Standard for Time Stamp Service |
|||
|
6.1 |
Protocol for online certificate status checking |
RFC 2560 |
X.509 Internet Public Key Infrastructure - Online Certificate Status Protocol |
Áp dụng một hoặc cả hai giao thức FTP và HTTP |
|
6.2 |
Giao thức để kiểm tra trạng thái chứng thư số trực tuyến |
RFC 2560 |
X.509 Internet Public Key Infrastructure - Online Certificate Status Protocol |
|
|
7 |
Internet X.509 Public Key Infrastructure - Time-Stamp Protocol (TSP) |
|||
|
7.1
|
Timestamp issuance protocol |
RFC 3161
|
TCVN 7818-1:2007
|
|
|
7.2 |
Timestamp service |
(ISO/IEC 18014- Information Technology - Cryptographic Techniques - Time Stamp Service - Part 1: General Framework 1:2002) |
Apply the three standards: |
TCVN 7818-2:2007 (ISO/IEC 18014- TCVN 7818-3:2010 (ISO/IEC 18014 - |
|
TCVN 7818-3:2010 Information Technology - Cryptographic Techniques - Time Stamp Service - Part 2: Independent Token Mechanism 2: 2002) |
TCVN 7818-3:2010 (ISO/IEC 18014- |
|||
|
Information Technology - Cryptographic Techniques - Time Stamp Service - Part 3: Linked Token Mechanism 3: 2009) |
Information Technology - Cryptographic Engineering - Time Stamp Service - Part 3: Mechanism for Creating Linked Cards |
|||
원본 문서(PDF)
관계도
문서를 클릭하면 열립니다. 빨간 테두리=효력을 변경하는 관계.