基于PKI的认证中心的研究与实践

基于PKI的认证中心的研究与实践摘要进入新的世纪，随着互联网技术在我国的迅速推广和普及，各种网络应用如电子商务、电子政务、网上银行等也在我国迅速发展，但同时安全的问题也随之产生，为此，在公开密钥加密技术的基础之上形成和发展起来的PKI（PublicKeyInfrastructure，公开密钥基础设施）很好地为基于互联网的应用提供了全面的安全服务。PKI是一个基础设施，利用非对称密码算法的原理和技术来实现，提供安全的服务并且具有通用性的安全,当各种网络应用需进行加密操作或数字签名等安全服务的时候，可以采用它所提供的密码和证书管理平台，利用数字证书来实现安全保障。PKI提供的服务有多种，其中最核心的部分就是负责签发数字证书的CA（CertificateAuthority）认证中心。认证中心CA是PKI框架中唯一能够发布和撤销证书的实体，它可以按照一定的信任模型来组织，如层次模型、分布式模型或Web模型等，在通常情况下组织成层次模型。CA中心为每个使用公开密钥的用户发放一个数字证书，数字证书的作用是证明证书中列出的用户名称与证书中列出的公开密钥对应，当用户身份和各项相关信息通过注册中心（RA）审核后给用户颁发证书，使证书持有者和持有者公/私密钥对、相关信息与证书中心建立一种联系，使网上交易的用户的客观真实性与证书的真实性一致。CA提供的服务包括：证书的申请、证书的审批、证书的颁发（下载）、证书的的更新和撤销、证书的在线查询和证书废止列表（CRL）的管理功能。数字证书认证中心作为权威的、公正的和可信赖的第三方，在数字证书认证过程中的作用至关重要，它涉及网上交易各方的身份信息、严格的加密技术和认证程序，基于其牢固的安全机制，CA应用可扩大到一切有安全要求的网上数据传输服务。论文研究的主要内容就是基于PKI的认证中心CA的研究和实践，作者首先对密码学中对称密钥密码算法、非对称密钥密码算法和散列函数进行了研究，然后在密码学知识的基础之上深入了解了PKI相关理论，最后结合具体项目将理论和实践相结合，对CA认证中心的具体实现作了相关研究和实践。关键词：公开密钥基础设施，认证中心，非对称加密，数字证书，UMLABSTRACTEnteringthenewcentury,avarietyofnetworkapplicationsdevelopedquicklywithpopularizingfastofthenetworktechnology,suchaselectronicgovernmentaffairs,electronicbusinessaffairsandbankoninternetetc.But,thesecurityproblemisgenerated.Therefor,PublicKeyInfrastructurewhichforminganddevelopingbaseonthepublic-keyencryption&decryptiontechnology,providestheall-roundsecurityservicefortheapplicationsbaseoninternetperfectly.PKIisafundamentalinfrastructurethatmakeuseoftheasymmetrickeyalgorithm`sprincipleandtechnologytoachieve.Whenallkindsofnetworkapplicationsneedtosecurityservicesuchasencryptionordigitalsignature,wecanusethepasswordandcertificatemanagementsystemthatPKIprovidesordigitalcertificatetofinishthesecuritydefence.PKIhasmanyservice,andthebestimportantpartisCertificateAuthority,whichinchargeofsendingthedigitalcertificate.CertificateAuthority,aexclusiveentityinPKIframe,cansendsandrepealscertificate,andmayorganizessomeconfidentmodel,forexample,hierarchymodelthatoftentouse,distributedmodelandWebmodeletc.CAsendsadigitalcertificateforeachuserofusingpublic-key.Digitalcertificate`susefulnessisverifythecorrespondenceofusernameandpublic-keyincertificate.CAwillsendsadigitalcertificatetouserwhenuser`sinformationauditedbyRA,andmaketheuserofhavingcertificate,apairofkeysandrelevantinformationconnectwithCA,andmaketheveracityofusermatchwiththeveracityofcertificate.CAprovidesmanyservice:Thecertificateapplication,thecertificateauditing,thecertificateissued(download),thecertificaterenewalandrepeal,thecertificatelocatingon-lineandtheCRLmanagement.CA,quatheauthoritativeandequitablethirdactor,isimportantincourseofthedigitalcertificateauthenticated.Ittreatsofuser`sidentitywhichtradingbytheinternet,strictencryptiontechnologyandauthenticationprogramme.TheapplicationofCAcanextendsallthedatatransmitserviceininternetwhichhavesecurityrequirement.ThemaincontentthesisresearchisstudyandpractisethecertificateauthoritybaseonPKI.Atfirst,authorstudiesconventionalencryptionalgorithms,public-keycryptographyandhashfunction,then,comprehendsPKItheorythoroughlybaseonencryptionknowledge.Atlast,authorstudiesandpracticestherealizationofcertificateauthoritycombinewiththeidiographicproject.Keywords:PublicKeyInfrastructure,CertificateAuthority,AsymmetricEncryption,DigitalCertificate,UnifiedModelingLanguage目录中文摘要.........................................................................................................................................I英文摘要........................................................................................................................................II1前言........................................................................................................................................11.1论文研究背景和来源...............................................................................................................11.1.1论文研究背景....................................................................................................................11.1.2论文课题的来源................................................................................................................11.2国内外发展现状.......................................................................................................................21.2.1国外发展现状....................................................................................................................21.2.2国内发展状况....................................................................................................................21.3本论文的主要工作...................................................................................................................32密码学简介.............................................................................................................................42.1传统的对称密钥加密技术.......................................................................................................42.1.1分组密码............................................................................................................................42.1.2对称密码算法特点...................................................................................