【作者】 王维；

【导师】 覃中平；

【作者基本信息】 华中科技大学 ， 软件工程， 2006， 硕士

【摘要】 计算机和网络技术的发展将人类带入信息化社会,随之而来的是倍受关注的信息安全问题。现代密码学己成为信息安全技术的核心,基于数字签名的数字证书是现代密码学主要研究的内容之一。数字证书技术在身份识别和认证、数据完整性、抗抵赖等方面具有其它技术所无法替代的作用,它在军事、电子商务和电子政务等领域有着极广泛的应用。数字证书在信息传输中起着验证用户身份,保证信息传递的安全性、合法性和完整性等作用,它在公钥基础设施中是重要的一环。应用第三方软件对数字证书解析存在着安全性无法彻底保障,证书信息分析不彻底等诸多问题。因此对数字证书的验证过程的研究分析,实现数字证书验证代码的完全自主开发,为保证信息传输安全,建立有效的公钥基础设施起了重要的作用。针对数字证书验证系统的实现,论文分析了基于X.509标准的公钥基础设施(PKI)数字证书的验证机制,探讨了数字证书的格式和语法定义、编码方法。对微软(MS)提供的数字证书解码和验证过程进行了探讨,使用C语言对数字证书的解码、有效期验证进行了实现,实现了不使用第三方接口完成了数字证书的安全认证。本文还探讨了PKI公钥基础设施、ASN.1抽象语法、信息摘要算法和签名算法,对信息安全的现状和应用进行了阐述,并对以后的发展提出了设想。在实现数字证书验证过程中,主要还针对了微软公司提供的软件对公钥信息解码不完全的特点,把公钥信息中的n与e具体的解析出来,为数字证书的下一步使用提供了方便,也避免了在解密公钥时使用微软提供的未开源函数进行编程的不安全因素。保证信息的安全关系到国家利益,对信息安全的研究,促使信息安全软件的国产化将是信息安全研究的发展趋势。更多还原

【Abstract】 Human beings have entered into the information era with the development of computer and network technologies; thus, the security problem of information has become the fundamental mater. The modern cryptography is the kernel technique of information security. The digital certificate depend on digital signature is one of main researches in modern cryptography, and it cannot be substituted by other techniques in information security, including authentication data integrity, and non-repudiation. Digital certificate have many applications in military, electronic commerce and electronic government, etc.Digital certificate is used for validating identity of net users, protecting validity and integrality of transferred messages. It is a important composing of the PKIX. Translate the digital certificate with the third sides provided software is very riskful, and it cannot translate the certificate completely. So it is very important for studying the validation of digital certificate and protecting message transfers.This paper has analyzed the PKIX (Public Key Infrastructure based on X.509 standard) digital certificate validation mechanism, and has discussed the format of digital certificate, certificate syntax and encoding. It also has discussed the decoding and validating method provides by Microsoft Corporation and has realized decoding and validation of certificate by my own method using C language. In the end, this paper has discussed ASN.1, HASH algorithm and signature algorithm, the application prospect of PKIX and gives some suggestions for further development in the future.In the process of implementation of Validating Digital Certificate System, I have distill the N and E which are the public key’s parameters. Its can be conveniently used for next step of the certificate.The safe of information is determined the safe of a country. Study on the infomation safety and make all the software loclized is the trend of research of infomation safety.更多还原