【作者】 吴涛；

【导师】 刘泉；

【作者基本信息】 武汉理工大学 ， 通信与信息系统， 2004， 硕士

【摘要】 为了确保网络时代的信息安全，应用最有效的安全技术来建立信息安全体系结构成为首先需要解决的问题。国际上提出了基于公钥基础设施(PKI，Public Key Infrastructure)作为标准的信息安全体系结构，现已被普遍采用。PKI是一种完全符合X．509标准的密钥管理平台，它能够为所有网络应用透明地提供采用加密和数字签名等密码服务所必需的密钥和证书管理。在PKI中，最关键的实体是数字证书，它提供网络上的身份证明。数字证书拥有者可以将其证书提供给其他人、Web站点及网络资源，以证实他的合法身份，并且与对方建立加密的、可信的通信。证书还同时起着公钥分发的作用，每份证书都携带着持有人的公钥，签名证书携带的是签名公钥，信息加密证书携带的是信息加密公钥。所有实体的证书是由一个权威机构——CA(Certificate Authority)发行的。CA是保证信息安全的关键。 本文研究的目的就是从保障网络信息安全的角度出发，深入探讨PKI体系的理论以及相关的应用，建立一套较为完善的基于双证书的，密钥管理功能分离的CA系统。特别的，实现CA系统中最为核心的数字证书管理，提供数字证书的签发、注销和发布等各项功能。该系统以非对称加密算法结合对称加密算法，生成数字证书所需的各种信息，并以开放源代码操作系统为平台，以跨平台的开发语言为工具，实现一个能保证信息安全的数字证书发放基础设施，充分保证信息的机密性、真实性、完整性、不可抵赖性。更多还原

【Abstract】 To ensure the information security in the time of internet, the primary problem to be solved is to implement the infrastructure of information security by the most effective technologies of security. An infrastructure based on the standard of Public Key Infrastructure (PKI) has been brought forward overseas and adopted generally. PKI is a platform of key management, which completely accords with the standard of X.509. It can provide all network applications with the management of keys and certificates transparently, which is necessary for the services of cipher, such as encryption and digital signature. In the PKI, the vital entity is digital certificate, which certifies the identity on internet. The owner of digital certificate can produce his certificate to other people, web sites and network resources. The certificates help validating his legal identity, establishing the encrypted and credible communication with others. The certificates contribute to the public keys distribution. Every certificate is embedded with its owner’s public key. All certificates of entities are issued by an authoritative organization-CA (Certificate Authority). CA is crucial for information security.This paper aims at further research on the theory of PKI systems and its related applications at the aspect of protecting information on internet. It establishes an integrated CA system, which is characteristic of dual-certificate and key-management-separated. Specially, this paper gives the implementation of the management of digital certificates, which is the core of CA system, such as signing, issuing and revoking certificates. The CA manufactures digital certificates with necessary information, by cryptography of asymmetric key algorithms and symmetric key algorithms. It implements an infrastructure for issuing digital certificate to protect information, based on platform of open-sourced operating system, developed by cross-platform language, which guarantees the confidentiality, authentication, integrity, non-repudiation of information.更多还原