ZoTrus has launched the SM2 certificate transparency log system first in the world
Shenzhen, China – September 30, 2022. Today, ZoTrus Technology has launched the SM2 Certificate Transparency Log System first in the world. This certificate transparency log system for SM2 SSL certificates provides SM2 certificate transparency log service for free for SM2 root CA operators trusted by ZT Browser, which will effectively protect the security and trustworthiness of SM2 SSL certificates and protect the security of SM2 https encryption.
Certificate Transparency is an international standard initiated by Google, which has effectively protected the security and trustworthiness of more than 7.4 billion globally trusted international algorithm SSL certificates and ensures that all stakeholders can timely detect maliciously issued or mistakenly issued SSL certificates. However, this certificate transparency log system does not support SM2 algorithm and SM2 SSL certificate and cannot be used to ensure the security and trustworthiness of SM2 SSL certificate. Therefore, ZoTrus Technology invested in research and development to successfully transform Google's open-source project - Certificate Transparency Log System to support SM2 algorithm and SM2 SSL certificate, and use SM2 algorithm to digitally sign SCT data, giving birth to the world's first SM2 Certificate Transparency Log System today.
ZoTrus SM2 Certificate Transparency Log System has currently deployed three systems, one is deployed on the JD Cloud Guangzhou node, the second is deployed on the China Huawei Cloud Guangzhou node, and the third is deployed on the Amazon Cloud Singapore node, which can meet SM2 CT signing application for ZT Browser trusted SM2 root CA operators. ZoTrus SM2 Certificate Transparency Log System only accepts SCT signature requests for SM2 SSL certificates with SM2 algorithms and does not accept SCT signature requests for SSL certificates with RSA and ECC algorithm.
The three SM2 CT log service URLs have been included and trust in ZT Browser, and ZT Browser can verify the SCT signature data signed by these three log systems in real time. At present, CerSign Technology and ZoTrus Technology can issue SM2 SSL certificate embedding the SM2 certificate transparency log data, and these SM2 SSL certificates that support the SM2 certificate transparency have been successfully integrated into the Alibaba Cloud CDN + WAF system, realizing the SM2 https encryption, cloud WAF protection and CDN distribution.
The SCT List information in the SM2 SSL certificate that already embeds SM2 certificate transparency log data (SCT) is shown in the following figure. The left figure shows the SCT List field viewed by Windows. Since Windows does not support SM2 algorithm, the signature algorithm of the SCT data cannot be displayed. But using ZT Browser to view the SM2 SSL certificate can show that the signature algorithm of the SCT data in the SCT List field is the SM3_SM2 algorithm, as shown in the right figure below.
The international certificate transparency log system has successfully ensured the security and trustworthiness of 7.4 billion publicly trusted SSL certificates, we firmly believe that the SM2 certificate transparency log system will also successfully ensure the security and trustworthiness of SM2 SSL certificates, thus effectively ensuring the security of China cyberspace. We welcome more CA operators that can issue SM2 SSL certificates to support the SM2 certificate transparency as soon as possible, to enhance the core competitiveness of their SM2 SSL certificates, so that SM2 SSL certificates can truly and effectively protect the security of https encryption in China. We also hope that more companies can also provide the SM2 certificate transparency log system, and especially hope that China cryptography administrative authority can build a national-level SM2 certificate transparency log system, because the certificate transparency log system requires the joint work of multiple certificate transparency log systems, so that the SM2 CT can play a greater role in the protection of the SM2 SSL certificate and SM2 https encryption.