The Design And Implementation Of CA Certificate Center Based On PKI

With the rapid development of computer network technology, network security issues in information systems have drawn more attention. How to ensure network information system's data confidentiality, authenticity, integrity and non-repudiation has become an important issue in the network information security. PKI (Public Key Infrastructure) technology is considered as an important technology to solve the above information security problem. CA (Certificate Authority), a core component of PKI, is an authoritative, trustworthiness and fairness of third parties. Issued to the user with public key certificate through the CA and bound the user's public key with the user identity information can achieve user's authentication.First of all, this paper introduces PKI system's basic components, services, standards and CA's trust model and describes the functional requirements of system in the form of use case diagram. Then the paper analyzes the system's architecture, function modules and the basic input-output. Finally, the paper achieves the system's low-level interface with VC++ language and OpenSSL package and displays the logical of system in the foreground with ExtJS language through PHP calling the bottom of the interface. The contributions of this paper are as follows:1. Involved in the whole process of this system's requirement analysis.2. Designed the system's architecture and the basic input-output.3. Involved in the completion of the "system initialization" module and "generate public-private key pair" module's design and implementation. "System initialization" module ensured the system could generate CA root certificate when the system is initialized in the first time. "Generate public-private key pair" module ensured users could generate their own public key and private key before applying for certificate.4. Independently completed the "certificate application and verification" module and "certificate issued" module's design and implementation. "Certificate application and verification" module enables that customer request local certificate and CA review certificate request. "Certificate issued" module enables CA issue certificate to users.The system has now been integrated into the company's routers and has been released, which will provide users with a secure and trusted network environment, and will bring good economic benefits for the company.