The Research And Realization Of CA Based On PKI

With the development of network technique, especially for globizing by Internet, various application based on internet, such as e-government,e-commerce develop rapidly. The Internet is becoming an important part of people's life and work. Since the opening and generalization of internet, all messages are open to everyone on the net, it requires much security of information system. PKI/CA's technique, as a key and primary security technique in e-commerce, guarantees the confidentiality,authenticity,integrity and non-repudiation of information transmission in the e-commerce, thus guarantees the secure transfer of message. The PKI is the secure system based on public-key theory and technique.Meanwhile it is a secure primary utilization with universal flexibility, and it is the most comprehensive scheme preserving the network security now. This system supplies the online authentication identity on the base of unitary secure authentication standard. It is the integration of CA authentication,digital certification,digital signature and secure application modules. As one kind of technique system, the PKI is a technique base with the confidentiality,integrity and non-repudiation, thereby it provides the reliable secure guarantee in network applications .The paper analyzes existing encryption theory and the technique, builds PKI/CA's platform and provides correlation services to consumers. The paper starts from PKI's research backgrounds and present status, analyzes existing secure mechanism, moreover it discusses the related theory of PKI; and then it designs and realizes the function of entity CA,RA and client. The paper focuses on the realization of the server CA capacity, utilizes certification and encryption functions in the OpenSSL function storehouse, through the X.509 standard, it elaborates certification and revocation list step by step. Besides these, the paper elaborates administration of the consumer of CA,certificate administration,Key management,CRL administration in detail .PKI/CA's system developed in the task meets the requirements of confidentiality,authenticity,integrity and non- repudiation of information transmission on the internet, to guarantee the secure transfer of message.