FAQ

:::

07 Related Problems of Secure Cryptographic Infterface (API)
0701 Design and Related Problems of Secure Cryptographic Infterface (API)

How many times can each module be activated?

A:Different modules have different limitations. It is not recommended to do so. Initializing one module can execute multiple cryptographic module computations. This makes programming less complicate. It is not advisable to initialize too many modules.
The IC card will be locked after three times errors in entering the PIN code, what return codes will result in initializing the module or Session?

A:This is defined in errortable.h
#define Smard_Card_Pin_Is_Locked 0xDB011204
How to extract out the public key and private key?

A:The private key cannot be extracted out.
HiSECURE API does not provide extraction of public or private keys. The method of calling is used instead. Calling this GetKeyObjectHandle0 function to extract the key HANDLE execute the cryptographic module computations. For details on extracting the HANDLE, refer to the Cryptographic Module Operation Guide.
Is it necessary to check the PIN code in reading the certificate contents?

A:It is unnecessary to verify the PIN code to read certificate or interpret its contents.
Is it necessary to verify the PIN code in extracting the private key?

A:You cannot extract the private key no matter what method you are using. You can only get its HANDLE. You need to verify the PIN code in using the private code.
How many kinds of Hash algorithms are provided by Interior Ministry Citizen Digital Certificate API? What is the length of the algorithm after hashing?

A:The Interior Ministry Citizen Digital Certificate API provides two kinds of Hash algorithms. They are MD5 and SHA_1. The algorithms are 16(MD5) and 20(SHA_1) bit long after hashing.
Is there any limitation to data length prior to hashing?

A:No limitations.
Are the key pairs the same for encryption, decryption and digital signature computation?

A:Interior Ministry Citizen Digital Certificate uses double key pairs, that is, different key pairs are used for digital signature and encryption and decryption.
What kind of key is used for encryption, decryption and digital signature computation?

A:The Public Key Handle is used for encryption computation and digital signature authentication. The private key Handle is used for decryption and for generating digital signatures.
How long should be the digital signature created by Interior Ministry Citizen Digital Certificate?

A:The digital signature should be 128 bit long.
The Interior Ministry Citizen Digital Certificate API provides how many kinds of encryption computations?

A:Presently, the Interior Ministry provides the RSA Asymmetric Encryption/Decryption computation and four kinds of Symmetric Encryption/Decryption computations, namely DES CBA, DES ECB, 3DES CBC, and 3DES ECB.
Any length limitations to the signature data?

A:The Interior Ministry provides signature use API function. It uses SHA_1 Hash Function computing and then applies signature to the computing results. Therefore, there is no limitation to the length of the digital signature produced by using Interior Ministry’s signature function.
Interior Ministry citizen API provides what kinds of signature computations?

A:Presently, the Interior Ministry CA provides only the SHA_1 with RSA algorithm.
Are there limitations to the length of data created by Asymmetric and Symmetric algorithms for encrypted data?

A:There are length limitations to the encrypted data using Interior Ministry citizen CA 5.1 standard version.
Length of data using Asymmetric Encryption/Decryption algorithms is below 117byte.
Length of data using Symmetric Encryption/Decryption algorithm is below 20Kbyte.
Is there length limitation to initialization vector using Asymmetric Encryption/Decryption algorithms?

A:The length of initialization vector is 8 bit.
What is the size of the Interior Ministry Citizen Digital Certificate?

A:The size of each certificate is about 1500 bytes.
Why is it the effective date and expiration date of the certificate is one month less?

A:The system defines month as 0~11 and not 1~12 while week is defined as 0~6 and the date as 1~31. So while you are using API function to get date and time, you need to add 1 to the number of months and weeks.