| With the development of network and communication technology and comprehensive application, some security demands, such as the privacy, integrality, identifiability and anti-deniability of the data information is more and more important to us. Therefore the Public Key Infrastructure(PKI), which is a basic security standard for setting dependable digital ID to given people or entity, is abroad applied. Certificate Authority (CA) with responsibility of ID affirming and digital certificate setting up to establishing a relation of an ID and a pair of private key is a core organization of the PKI system. A minitype CA system can provide safe guarantee, flexible application and lower cost when some small corporation or organization users are making business through network. On the basis of further research of CA standard system architect, a short cut of the minitype CA system development is being exploring by following some aspects such as choosing of PKI/CA standards and units, choosing of the encryption library, designing of whole system construction and developing of system software . After completely studying, analyzing and comparing all the cipher arithmetic and the PKI standard, according to the actual demand, the facture of the digital ID, SSL safe communication, coding/decoding operation, etc. of CA system have been basically achieved by basing on the Security Socket Layer (SSL) library and cipher algorithms library of the open source software library (OPENSSL) and developing with VC on the Windows platform. At one time, the operation of certificate applying, auditing, making, canceling and blacklist making for a Registration Authority (RA) client is usable through the SSL connection between the RA and CA centre. The CA of Guangzhou Personnel Bureau Electronic Government Affair System is a minitype Certificate Authority building on the base of OPENSSL. |
PDF Full Text Request