The Imformation Security Services Based On Cryptographic Service Provider

Along with fast development of Internet, the communicating degree of information is more frequent, the problem of information security is outstanding increasingly. Cryptographic Service Provider (CSP) is the base of Microsoft's security applications frame and services, which has ASN.l, the series of PKCS security standards as reference and provides the basic security services such as encryption, decryption, digital signature and verifying signature. It has a single interface---CryptoSPI, and easy to be used. Now the CSP modules that we can free avail all come from the software CSP shipped with the Windows system. These software CSPs are portable in that they can be carried as an executable file, but they inevitably have some limitations: the software CSPs have the less tamper-resistant and would be inconvenient in the fields of the interactive logon, e-mail signing, e-mail decryption and remote access authentication;'they have the lower level degree of security. To resolve these problems, in this thesis, we have developed our own CSP module according to our own country's encryption standard. This module has strong cryptographic functions just like Microsoft Strong Cryptographic Provider. Especially this module implements the software CSP and also utilizes the Watch IC card and Minghua EKEY as hardware, make the software CSP and hardware CSP both possible. As a conclusion, the main works in this thesis includes:(1) Introducing the current state and the outlook of CSP in the fields of information security and analyzing the principles of the popular and reliability key algorithms, hash algorithms.(2) Excepting for implementing of the software CSP, completing the hardware CSP programming based on the Watch IC card and Minghua EKEY. It has a good compatibility for software and hardware CSP.(3) For the cryptographic algorithm, selecting and implementing the popular and reliability key/hash algorithms in my CSP module, which include 3DES, RC4, RSA, MD5, SHA-1 algorithms in the software component and an extra algorithm-SSF33 in the hardware component.With these algorithms, we can satisfy the users' security requirements.(4) Using the Microsoft CSPs' advantages ,their data objects and work modes as reference, producing some data structures such as SIMPLEBLOB, PUBLICKEYBLOB, PRIVATEKEYBLOB, having the CryptoSPI interface implementation.(5) Resolving the platform limitation of the Microsoft CSPs, and making our own CSP run on the Linux system. So that it could be conveniently used in the PKI security architecture.After many times' testing, the above studies have strong stability, good efficiency and practicality. They have been tried to apply to the CA system.