【作者】 李军；

【导师】 何大可；

【作者基本信息】 西南交通大学 ， 密码学， 2002， 硕士

【摘要】 公钥基础设施PKI(Public Key Infrastructure)是综合的网络安全解决方案，是具有普适性的安全基础设施，近年来得到了广泛的研究与应用，其前景十分广阔。PKI以公开密钥密码学为基础，以证书的生命周期管理和信任关系管理为核心功能，并综合了管理、策略等多项安全措施，为整个信息系统构建了提供各种安全服务的通用平台。 网络安全的复杂性决定了PKI的应用实施是一个广义的、长期渐进的过程，它涉及了技术、管理、商业、法律乃至政府的范畴。本论文立足PKI的基本原理，遵循其技术标准、参考现有的产品，实现了一个具备核心功能的微型PKI系统，仔细考察了PKI实施中的各种技术细节，包括：系统的体系结构，功能模块、软件架构、运作管理，证书生命周期管理的完整过程，信任关系管理的简单情况，以及如何保证互操作性和可扩展性。 并且，对于上述的各种细节，论文根据具体的应用环境，做出了有针对性的实施方法，着重对系统的运作、客户端模块、证书的类型、扩展域选择等进行了新的探索，并进行了深入的探讨。 通过对PKI实施过程与实现技术的考察，可以丰富对PKI的认识，有助于在理论和实践中对它作进一步的改进和完善，最终建立一个更加高效的网络安全平台。更多还原

【Abstract】 The Public Key Infrastructure (PKI) is an integrative solution of network security, which takes on universal characteristic. Recently, extensive researches and applications are carried out. And it is thought to have a bright future. Based on the public key cryptology, PKI chiefly functions in certificate life-cycle management and trust relation management. In addition, it synthesizes many other security methods such as management and strategy. By this way, PKI constructs an all-round platform for various security services.The complexity of network security results in the application of PKI must be a comprehensive and long-term process, which has involved technology, management, business, law, government, and so on. This thesis realized a subminiature PKI with core functions according to PKI’s basic principles, which followed the international standard, and referred to some existing products. What’s more, the author also did a detailed investigation of various technical issues during the PKI’s implementing, including system architecture, function module, software structure, operation management, certificate life-cycle, trust relation management, and the ways to guarantee its operability and extensibility.For all the details discussed above, this paper has managed to offer corresponding methods to deal with specific practical environment. Especially, it puts great emphasis on exploring and discussing the system operation, client module, certificate type and extensions.The investigation of PKI’s implementing enriched our knowledge of PKI, which is helpful for its further improvement theoretically and practically. The final purpose of all these efforts is to build a high-efficiency network security platform.更多还原