Product Overview

PCI-E password card is a high-performance basic password device independently developed by Beijing Guotai Network Information Technology Co., Ltd. It can be used for high-speed, multitasking parallel processing of password operations in various password security application systems. The product meets the requirements of signature verification, encryption and decryption of application system data, and provides a secure and comprehensive key management mechanism. The product has been adapted for compatibility with domestic hardware platforms and operating systems, and can provide a Xinchuang version.

Features

Key generation and management:It can generate 256 bit SM2 key pairs and use a physical noise source generator chip to generate random numbers.

Data encryption and decryption:Support data encryption and decryption operations for national encryption standard algorithms such as SM1 and SM4 in ECB and CBC modes.

Generation and verification of message authentication codes:Support MAC generation and verification based on algorithms such as SM1 and SM4.

Generation and validation of data summaries:Support hash algorithms such as SM3.

Generation and verification of digital signatures:The request data can be digitally signed using the internally stored SM2 key pair or externally imported SM2 private key as needed.

Digital envelope function:Support digital envelope function based on SM2 cryptographic algorithm, and support digital envelope conversion function from internal key protection to external key protection.

The generation of physical random numbers:Generate random numbers using a physical noise source generator chip.

Secure key storage:Adopting a three-layer key protection structure of "device protection key user key (card SM2 key pair/KEK) session key" to ensure the security of user keys and application systems. Ensure that the key does not appear in plaintext outside the device at any time.

User access control:Equipped with user management functions, it enhances the security of password devices themselves. The grading based on smart cards makes access control more secure.

Reliable key backup mechanism:Backup and recovery use secure and reliable threshold secret sharing technology to achieve segmented storage of backup keys, ensuring both the security of backup data and the reliability of system backup.

Support standard interfaces:The API interface of the password card complies with the standard interface specification of GM/T 0018 "Application Interface Specification for Password Devices", and has good universality.

Support kernel interfaces:For special application systems such as VPN, a programming interface is provided to call the password card in the operating system kernel. The interface supports both synchronous and asynchronous calling modes.

Standard PCI-e high-speed data interface:Adopting standard PCI-e universal interface to ensure high-speed data transmission.

Supports multiple operating systems:Supports 32/64 bit operating systems such as Windows, Linux, FreeBSD, etc.