文电传输中的安全研究

合肥工业大学硕士学位论文文电传输中的安全研究姓名：袁参申请学位级别：硕士专业：计算机应用技术指导教师：周键2010-044,TripleDESDSSJava2JDK1.4B/S5AbstracWiththewidespreadapplicationofthecomputernetwork,theunitsarebasicallyrelyingontheinternalorgansoftheInternetandtheirowncampusnetworktoachieveanetworkedoffice,butwiththecontinuousdevelopmentofnetworktechnology,variousformsofnetworkattacksmoreandmorediversetechnology,especiallyinthetransmissionofmessagesinavarietyofattackafteranother,suchasnetworkleaks,theftandotherformsoftamperingandinternalattacks.Inordertoensureinformationsecurityoffice,documentsintheofficeautomationsystemtransmissionstorageandtransmissionofconfidentialdatathatmustbespecialprotection.Inthispaper,dataencryptionanddigitalsignaturetechnologyforin-depthstudy,basedonaunitwiththecurrentofficeautomationsystemsecuritystatusoftheChineseelectricitytransmission,dataencryptionanddigitalsignaturetechnologyinthetransmissionofmessagesintheInternalapplicationrequirementsandthefeasibilityofanalyzed,designedandimplementedadataencryptionanddecryptionfunctionsofdigitalsignatureapplications.UsingTripleDESalgorithmtoencrypttheelectronicdocumentcirculation,decryptiontoensureconfidentialityofdocuments;applicationofDSSdigitalsignatureonthedocumentforsignatureandverificationprocessingflowtoprovideadequatesecuritycertification.Atthesametime,BasedonJava2securitymechanismsandotherusersonkeyinformationsecuritymanagement,anduseJDK1.4asadevelopmenttool,usingB/Sarchitecture,dataencryptionanddigitalsignaturetechnologyforvarioustypesofelectronicinstrumentsduringthetransferprocesstoachievetheinstrumentencryption,decryption,digitalsignatureandverificationfunctions,solvetheconfidentialityoftheprocessoftransmissioninstrumentsandinstrumentssenderandrecipientauthenticationandsoon,ontoimprovetheinformationlevelofdatasecurityandconfidentiality,andpromotethenetworkapplicationoftheoreticalsignificanceandtheactualvalue.Keyword:DigitalSignatureAtaEncryptionMessagesTransmission32010.4()2010.42010.41385664371524700011.1[1]CIH:/1.21.2.121.2.21[2]1.1InternetInternet1.2WEBFIP1.121.2([3]):3B/S1.21.3,41.3Java21.3TCP/IP562.1[4]2.1.12.1[5]encryptionKePCE,:C=E(P,Ke)2.2decryptionKdCD:P=D(C,Kd)2.3cryptographickey(key)()2.4workingkey(sessionkey)2.5masterkey(KEK)2.6keydistribution2.7publickey2.8secretkey2.9authentication:2.10keymanagement2.11keyproducer72.12keycarrierIC2.13keyexchange2.1.2:()()[6]:1/:(BlockCipher)(StreamCipher)DES(DataEncryptionStandard)TripleDES(8):2.1:A5RambutanGifford8cm2.1():DESTripleDESDESDES566464DESDESDESTripleDESK1K2:1:K1DES2:K21DES3:2K1DESTripleDES2(/)():RSA9(Ei,Di),iI:1:EiME--DiEiiI2:mM,cEEi(m)Di(c)3:EiDi4:iIEiDi1EiMEDiEMmM,DiEim=mRSARSAn600bits2.1.32.1.3.12.210Y0Y1YL-1bbbnfnfnnfnCVLIV=CV0CV1CVL-1IV=CV1=Yi=if=L=n=b=2.2Lbbb2.2ff:n;bYiIVbnf:CV0=IV=nbitCVI=f(CVi-1,Yi-1),1≤i≤LH(M)=CVLCVL,MY0,Y1YL-12.1.3.2MD5MD5Message-DigestAlgorithm5-MD5:MD5512448,n*512+448n*64+56n10064=n*512+448+64=(n+1)*512512MD551211163232321282.1.3.3SHASHA(SecureHashAlgorithm)DSSSHA1602.2)SHA:1:51264100-010.:+=512-64=448642:64264643:f16032A,B,C,D,E4:5125121601605:LL1602.1.3.4SHAMD5SHAMD5:(1)SHAMD532(2)MD5SHA(3)MD5(Little-endian)SHA(Big-endian)2.1.42.1.4.112[7]()()2.1.4.2::1A2A3AB4BAAA2.1.4.3RSADSSRabinGOST[8]1991NISTDSS1994DSSDSA[9]:RSAEIGamalDSAECDSA131DSSDSSDSA,DSADSADSSDSADSADSANIST-SHADSASHA2DSADSA2.3DSApqg:xYM(s,r)k,krMkpqgrDSA1pLL5121024642:qp-11603:g=hp-1modphp-1g14:x,0xq5:y=gxmodp6:H(M),DSSSHApqgxypqgkryqgwsqvxq2.3DSAf2f1f3f4HashhHashMs,r,M141:k0kq2:r:r=(gkmodp)modq3:s:s=(k-1(H(M)+xr))modqM(s,r)4:(M,s,r)(M,s,r):1:y2:w:w=s-1modq3:u1:u1=(H(M)w)modq4:u2:u2=(rw)modq5:v:v=((gu1yu2)modp)modq6:r,vr=v;2.1.5PKI2.1.5.1CA(CertificateAuthority)X.509TU-TX.509V3PKICAX.509:1:V1,V2V3,V32:CA3:4:CA5:6:7:8:15:IC2.1.5.2CAPKI(PublicKeyInfrastructure)PKI:12CA34CA56789CA2.1.5.3PKIPKI(PublicKeyInfrastructure):CA(CertificateAuthority)RA(RegistrationAuthority)CRCertificateRepository):1--2--163--PKIPKI(CA)/[9]2.24PyEDKeKdP=-Dkd(KdEke(KeP)o2.2.1DataEncryptionStandardDESIBM1977DES646456825626416iKKiKiDESKi172.2.2DESDiffieHellmanRivestShamirAdlemanRSA12RSA1pqr=p*q2ee(p-1)*(q-1)eepq3dd*e=1modulop-1*q-1epqd4red5P(Pr)CC=Pemodulor6CPP=Cdmodulorrepqdd2.3Java2JavaJavaJavaJavaInternetJavaJava2Java[10]18(1)Java2Java2(2)Java22.3.1Java2Java2Java2Java2JCAJava22.41Java2JCA(JavaCryptographyArchitecture)JCAJava2JCAJCAJCAJava.security:APIJava.security.cert:Java.security.interfaces:DSARSAJava.security.spec:JavaJCEJAASJSSEJava2Java2JCAJava2Java2Java22.4Java2JCAJCACSP(CrytographicServiceProvider)CSPJCA2JavaJCE(JavaCryptographyExtension)Javax.crypto:DES,TripleDESJavax.crypto.interfaces:DiffieHeilman19Javax.crypto.spec:JCAJCECSP2.3.21keystoreX.509jarsignerjarjarsignerjarjarsigner:()(TrustedCertificate)KeyStoregetInstance2keytoolkeytoolkeytoolkeytoolJava2DSADSA5121024641024keytoolX.509DN:CN=MarkSmith,OU=JavaSoft,O=Sun,L=PaloAlto,S=CA,C=USDN:C:\keytool-genkey-dnameCN=MarkSmith,OU=JavaSoft,O=Sun,L=PaloAlto,S=CA,C=USaliasmarkkeytool:C:\keytool-import-aliasjoe-filejcertfile.cerjcertfile.cerjoe-export:20C:\keytool-export-aliasjane-filejanceertfile.cerja