| With the rapid development of Internet, the problem of network security is becoming increasingly important. We must use public key infrastructures to realize 5 kinds of standard security service of OSI. PKI offers support frames for security service, is becoming the key part of the whole security system structure. X. 509 digital certificate is the basic of PKI, it offers authentication, encryption security service in network application.At present, PKI which used in enterprise environment is still rare. JY_CA is the PKI product that we developed on the basis of OPENSSL' s function library, it is formed of CA and RA. It realizes main function of typical PKI/CA, which has certificate requisition, certificate signature, certificate revocation, certificate inquiry, private key recovery etc., it can meet the needs of different application occasions.This paper is at introduction foundation of cryptography, analyzes X. 509 certificate, has explained the principle of PKI and function of each part, And combines the author's project development, explains the running environment and systematic characteristic of JY_CA, It is to divide JY_CA into CA initial module, certificate requisition module, certificate signature module, certificate revocation module, certificate inquiry module, privat key recovery module and management module. The realization of each module has been explained briefly at the same time.This paper applys with certificate requisition and certificate inquiry for example, combines key code and makes a concrete analysis of visual part and non-visual part realization course, the main points and difficult points have been explained in detail. In addition paper introduces 3 certificate forms ( PEM, DER, P12) also, and makes brief to explain PEM code and DER code of certificate.At last, this paper does the simple introduction to JY_CA system and digital certificate application in security mail and SSL protocol. |
PDF Full Text Request