更新时间:07-15 (圈圈)提供原创文章
摘要:随着计算机技术和网络技术的发展,网络安全成了困扰网络发展的首要问题,网络攻击、黑客、病毒、抵赖、窃听、泄密等层出不穷,使网络用户遭受了大量的财产损失。目前国内外许多国家都已经建立了自己的CA认证系统,但是国内现在建立CA认证系统还处于起步阶段,各方面研究和经验都还很少,特别是现在商用CA认证系统都对用户屏蔽了其具体的实现过程和实现步骤,这就给学习者学习和掌握这种技术带来了很大的难度。同时针对不同行业和使用单位,在证书中心的密钥管理、证书生成方式和证书调用等方面有很大不同,要想实现更大范围的规范与统一有一定的难度。
本课题在充分研究了网络安全、CA认证技术、信息加密和数字签名等技术原理的基础上,利用RSA加密算法、安全散列算法SHA-1和MD5签名算法,以Java为开发语言,Eclipse为开发环境,SQL Server 2005为数据管理平台,实现了CA证书申请、CA证书签发、CA证书挂失、信息加密及数字签名等功能。
本系统把CA证书申请、CA证书签发、CA证书加密及数字签名结合起来,通过不同身份用户身份的切换和日志等形式把整个CA证书的申请和应用过程非常直观的呈现在用户面前,摆脱了商业数字签名系统的冗余与复杂,使使用者能够快速的了解CA证书技术的原理及CA证书系统的使用方法,很好了满足业内人群实验和学习的需求。同时本系统采用国际通用的CA证书标准X.509和加密算法来进行本系统的实现,能够进行大范围推广应用。
关键词 CA证书;X.509标准;密钥;加密;数字签名
Abstract: With the development of computer technology, network security has become a primary issue in the growth of network. Some problems emerge in endlessly,such as network attack, hackers, viruses, denial, eavesdropping, leaks and so on ,which making network users suffered a lot of damage to property. At home and abroad, many countries have already established their own CA certification systems. But it is still in its infancy in the domestic, and the study and experience in all aspects are little. In especial, the commercial CA certification system shield the user from its concrete implementation process and implementation steps at present, bringing great difficulty to the learners to learn and master the technology. What’s more , according to different industries and use units, there are very big differences in many aspects ,such as the key management in the the certificate center, the way of certificate generation and certificate calls and so on. If you want to achieve a wider range of standard and unified , it is of a certain difficulty.
This subject is based on fully study of the technology principle, such as network security, the authentication of CA certification, message encryption and digital signature. We have realized the application for the CA certificate, issued by the CA certificate, the CA certificate report the loss of STH, information encryption and digital signature and so on,by using the RSA encryption algorithm, MD5 and SHA-1 secure hash algorithm signature algorithm. And it is based on using the Java as its development language, the Eclipse as its development environment, SQL Server 2005 as its data management platform.
This system combined the CA certificate application, the CA certificate, the CA certificate issued encryption with digital signatures. Through different identity of the user as to the identity of the switch and log, the whole form of the CA certificate application and application process is presenting intuitively in front of the user,which are getting rid of the redundancy and complex commercial digital signature system. It enables users to quickly understand the principle of the CA certificate and manage its usage. The use of the method meets the demand of experiment and study for industry groups well. At the same time, this system adopts the international standard of the CA certificate X.509 and encryption algorithm. With the implementation of this system, it is capable of a wide range of application.
Keywords CA certificate X.509 standard Public key Private key Encryption Decryption Digital Signature