To ensure the information security in the time of internet, the primary problem to be solved is to implement the infrastructure of information security by the most effective technologies of security. An infrastructure based on the standard of Public Key Infrastructure (PKI) has been brought forward overseas and adopted generally. PKI is a platform of key management, which completely accords with the standard of X.509. It can provide all network applications with the management of keys and certificates transparently, which is necessary for the services of cipher, such as encryption and digital signature. In the PKI, the vital entity is digital certificate, which certifies the identity on internet. The owner of digital certificate can produce his certificate to other people, web sites and network resources. The certificates help validating his legal identity, establishing the encrypted and credible communication with others. The certificates contribute to the public keys distribution. Every certificate is embedded with its owner's public key. All certificates of entities are issued by an authoritative organization-CA (Certificate Authority). CA is crucial for information security.This paper aims at further research on the theory of PKI systems and its related applications at the aspect of protecting information on internet. It establishes an integrated CA system, which is characteristic of dual-certificate and key-management-separated. Specially, this paper gives the implementation of the management of digital certificates, which is the core of CA system, such as signing, issuing and revoking certificates. The CA manufactures digital certificates with necessary information, by cryptography of asymmetric key algorithms and symmetric key algorithms. It implements an infrastructure for issuing digital certificate to protect information, based on platform of open-sourced operating system, developed by cross-platform language, which guarantees the confidentiality, authentication, integrity, non-repudiation of information.
|