Research And Implementation Of Certificate Authority Based On PKI

Electronic-government is government affair which carries through by electronic information technology. E-government involves the protection of national secret information and high sensitive core government affairs, the maintenance of public order and accurate implementation of administrative supervision and the quality assurance of public services for the society. Therefore, during the building of e-government, the security and stability of system become a universal attention question.Public Key infrastructure (PKI) is a trust relationship system that set by the theory and technology based on public key and a universal compatible security infrastructure which provides information security services. PKI which is a set of complete scheme for achieving the network information security is being used widely.The PKI technology uses the digital certificate to manage public key, solve the problems of the key distribution and management well through the creditable third party organization Certificate Authority(CA) which bundles up the user's public key with user's other identification information, and guarantees the confidentiality, the authenticity, the integrity and undeniable of transmission information by using digital certificates to encrypt and sign the datum which must transmit.Firstly, the concept of PKI is introduced embarking from security needs of the e-government network in this thesis. Then on the basis of expatiating PKI encryption/decryption theory, basic composition, trust models and related standards and protocols, analyzing the functional requirements and other requirements of users, encircling the management process of digital certificate life cycle, a CA system is designed and realized which strictly keeps to the PKI norms, uses easily and has good versatility and security. This system realizes the management of the whole life cycle of digital certificate, including certificate application, certificate updating, certificate revocation, and certificate publish and certificate download. The emphasis is laid on the issue of certificates publish, the key technologies used by system realization is introduced and the concrete realization processes of certificate application, identity authentication and logs generating three functional modules are elaborated. Finally, a summary of this thesis is presented and prospects of study are also introduced.