【作者】 雷树梅；

【导师】 彭新光；

【作者基本信息】 太原理工大学 ， 计算机应用技术， 2008， 硕士

【摘要】 随着计算机网络技术的发展,网络尤其是Internet给人们的生活和工作提供了极大便利,如今网上购物、网上银行、网上炒股等已经十分普及。计算机网络在改变人们的生活方式和提高企业生产效率的同时,也暴露出了严重的安全隐患。为了保障网络上数据的机密性、完整性和不可抵赖性,必须要有相应的设施来提供服务。PKI就是以公钥加密体制为基础,给用户提供信息安全服务的基础设施。CA认证系统作为PKI的核心组成部件,把用户的公钥和用户信息捆绑在一起,为用户签发标准的X.509证书。通过CA认证系统,很好的解决了密钥分发和管理问题,利用数字证书对传输的数据进行加密和签名,保证了数据的机密性、真实性、完整性和不可否认性。目前已经有很多CA认证中心建立起来,例如各地的CA认证中心、金融认证中心,同时也有很多企业可以为用户建立CA认证系统,例如吉大正元、天威诚信等公司。现有的商业CA中心完全有能力解决校园网的数字证书需求的问题,但是,一方面,高昂的费用学校承担不起,另一方面,对系统的新增功能的实现不够灵活和及时且费用昂贵。另外,学校具备使用和维护PKI系统的专业人员。建立校园CA中心是必要的也是可行的。本文通过对PKI的相关理论和技术的研究,设计并实现一个具有较好安全性、通用性和可扩展性的小型CA系统——FoxCA。该系统实现了CA的大部分功能:生成根证书、签发X.509证书、废除证书、将证书保存到USB Key中等。该系统具有结构精简、易于使用等特点。本文最后对FoxCA进行了安全性分析,总结了全文并对该系统的研究做了进一步展望。更多还原

【Abstract】 With the development of the computer network technologe, the computer plays a more and more important role in people’s lives and works. Now the e-commerce becomes popular and widespread. The technologies of computer and information have changed the style of human being’s lives and promoted the efficiency of the business, however they also exposed some weaknesses to the people who want to commit a crime. It is necessary to apply some security to ensure security service of confidentiality, integrity, authentication and non-repudiation for the Internet application. As an infrastructure of the information security, Public Key Infrastructure is based on the public key encrypting system.Certificate Authority is the key component of PKI. It issues the standard X.509 certificate which bundle users’ public key and users’ other identification information. As a good solution to key distribution and management issues, CA uses the digital certificates on the transmission of data encryption and signature to ensure the confidentiality, authenticity, integrity and non-repudiation of the data.At present many CA certificate centers have been established, for example, the local CA certificate center, the financial certificate center, and so on. At the same time many enterprises have the ability to build CA authentication system, such as JiLin University Information Technologies Co.Ltd, iTrusChina. The available commerce CA centre has capability completely resolving the problem that the campus network demands digital certificates. But, on the one hand, the college cannot bear the soaring expense, on the other hand, the realiztion to system’s additional function is not very flexible, timely and the cost of that is expensive. In addition, mary schools have professionals in using and maintaining PKI system. The establishment of campus CA centre is not only necessary but also feasible.The paper starts from the related theory and technology of PKI, designs and realizes a minitype CA - FoxCA system with better security, commonality and expansibility. The system realizes the majority of the CA functions which include generation root certificate, issued X.509 certificate, repeal certificate, the certificate will be saved to USB Key Medium. This system has characteristics such as simplified structure, easy using and ect.In the end, We analyze security of the FoxCA, summarizing the paper and looking into the further distance of research into the system.更多还原