GM/T 0126-2023 HTML cryptographic application markup syntax
1 Scope
This document defines the interaction process, the format and parsing process and web page security requirements of HTML cryptographic tags.
This document is applicable to the browser's handling of web page cryptographic tags.
2 Normative references
The following documents contain provisions which, through reference in this text, constitute provisions of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 18792-2002 Information technology - Document description and processing languages - Hyper Text Markup Language (HTML)
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1
hyper text markup language
markup language specified by GB/T 18792-2002 for describing web
3.2
tag
markup syntax used for describing web
3.3
attribute
name and value connected by an equal sign in the start tag
3.4
cryptographic application
application of cryptographic functions for encryption, decryption, signature and verification
3.5
cryptographic tag
web page tag used to complete cryptographic functions such as ciphertext, digital signature and digital certificate
4 Abbreviations
For the purposes of this document, the following abbreviations apply.
base64: Base 64 Encoding
ECB: Electronic Codebook Operation Mode
HTML: Hyper Text Markup Language
HTTP: Hyper Text Transfer Protocol
ID: Identity
5 Interaction process of web page cryptographic tag
5.1 Interaction process
To ensure the security of application data during network transmission in web page applications, specific elements in web page content transmitted between servers and clients shall be password protected. For this purpose, web page tags shall be extended to support the transmission and handling of encrypted and signed data.
The client shall first configure the encryption/signature certificate and key of user. For the encryption/signature certificate of website, it can be configured in advance based on the domain name, or later issued through the website's crypto web page. The client shall use a browser to handle web page files. The server shall configure its own encryption/signature certificate and key, as well as pre-configure the user's encryption/signature certificate.
The web page handling flow that supports cryptographic tags is shown in Figure 1.
Figure 1 Handling flow of crypto web page
Before obtaining the crypto web page (3), firstly, the server judges whether to send the indicate web page (1) for uploading the certificate to the browser according to the policy, and the browser will upload the client certificate (2) after receiving (1). After obtaining the crypto web page (3), if it is necessary to upload the user data encrypted by the session key, (4) will be executed, and if it is necessary to upload the data signed by the user, (5) will be executed.
The web page cryptographic tag is parsed by the browser. When applying a sign tag, the server expects, the client to perform signature operations according to the tag definition, and the server will verify the signature. When applying a cryptographic tag, the server expects the client to perform encryption operations according to the tag definition, and the server will decrypt the ciphertext. The HTML web page handled by the browser shall meet the requirements of GB/T 18792-2002.
Foreword i
Introduction ii
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviations
5 Interaction process of web page cryptographic tag
5.1 Interaction process
5.2 Indicate web page obtaining
5.3 Client certificate uploading
5.4 Crypto web page downloading
5.5 Encrypted data uploading
5.6 Signed data uploading
6 Cryptographic tag format
6.1 Certificate tag
6.2 Session key tag
6.3 Sign tag
6.4 Verify tag
6.5 Image verify tag
6.6 Encrypt tag
6.7 Decrypt tag
6.8 Encrypt sign tag
6.9 Verify decrypt tag
7 Tag parsing process
7.1 Certificate tag parsing
7.2 Session key tag parsing
7.3 Sign tag parsing
7.4 Verify tag parsing
7.5 Image verify tag parsing
7.6 Encrypt tag parsing
7.7 Decrypt tag parsing
7.8 Encrypt sign tag parsing
7.9 Verify decrypt tag parsing
8 Web page security requirements
Annex A (Informative) Example of cryptographic tag
Bibliography
Standard
GM/T 0126-2023 HTML cryptographic application markup syntax (English Version)
GM/T 0126-2023 HTML cryptographic application markup syntax
1 Scope
This document defines the interaction process, the format and parsing process and web page security requirements of HTML cryptographic tags.
This document is applicable to the browser's handling of web page cryptographic tags.
2 Normative references
The following documents contain provisions which, through reference in this text, constitute provisions of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 18792-2002 Information technology - Document description and processing languages - Hyper Text Markup Language (HTML)
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1
hyper text markup language
markup language specified by GB/T 18792-2002 for describing web
3.2
tag
markup syntax used for describing web
3.3
attribute
name and value connected by an equal sign in the start tag
3.4
cryptographic application
application of cryptographic functions for encryption, decryption, signature and verification
3.5
cryptographic tag
web page tag used to complete cryptographic functions such as ciphertext, digital signature and digital certificate
4 Abbreviations
For the purposes of this document, the following abbreviations apply.
base64: Base 64 Encoding
ECB: Electronic Codebook Operation Mode
HTML: Hyper Text Markup Language
HTTP: Hyper Text Transfer Protocol
ID: Identity
5 Interaction process of web page cryptographic tag
5.1 Interaction process
To ensure the security of application data during network transmission in web page applications, specific elements in web page content transmitted between servers and clients shall be password protected. For this purpose, web page tags shall be extended to support the transmission and handling of encrypted and signed data.
The client shall first configure the encryption/signature certificate and key of user. For the encryption/signature certificate of website, it can be configured in advance based on the domain name, or later issued through the website's crypto web page. The client shall use a browser to handle web page files. The server shall configure its own encryption/signature certificate and key, as well as pre-configure the user's encryption/signature certificate.
The web page handling flow that supports cryptographic tags is shown in Figure 1.
Figure 1 Handling flow of crypto web page
Before obtaining the crypto web page (3), firstly, the server judges whether to send the indicate web page (1) for uploading the certificate to the browser according to the policy, and the browser will upload the client certificate (2) after receiving (1). After obtaining the crypto web page (3), if it is necessary to upload the user data encrypted by the session key, (4) will be executed, and if it is necessary to upload the data signed by the user, (5) will be executed.
The web page cryptographic tag is parsed by the browser. When applying a sign tag, the server expects, the client to perform signature operations according to the tag definition, and the server will verify the signature. When applying a cryptographic tag, the server expects the client to perform encryption operations according to the tag definition, and the server will decrypt the ciphertext. The HTML web page handled by the browser shall meet the requirements of GB/T 18792-2002.
Contents of GM/T 0126-2023
Foreword i
Introduction ii
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviations
5 Interaction process of web page cryptographic tag
5.1 Interaction process
5.2 Indicate web page obtaining
5.3 Client certificate uploading
5.4 Crypto web page downloading
5.5 Encrypted data uploading
5.6 Signed data uploading
6 Cryptographic tag format
6.1 Certificate tag
6.2 Session key tag
6.3 Sign tag
6.4 Verify tag
6.5 Image verify tag
6.6 Encrypt tag
6.7 Decrypt tag
6.8 Encrypt sign tag
6.9 Verify decrypt tag
7 Tag parsing process
7.1 Certificate tag parsing
7.2 Session key tag parsing
7.3 Sign tag parsing
7.4 Verify tag parsing
7.5 Image verify tag parsing
7.6 Encrypt tag parsing
7.7 Decrypt tag parsing
7.8 Encrypt sign tag parsing
7.9 Verify decrypt tag parsing
8 Web page security requirements
Annex A (Informative) Example of cryptographic tag
Bibliography
