| With the advent of the Internet and the popularity of e-commerce, China’s net turnover increases. Network really changed people’s lives. In spare time, with a fine network environment, you can complete purchasing, buying stocks, transfering and other transactions. At any time and any place, you can always be in the middle of electronic transaction. These applications must ensure data’s confidentiality, integrity and non-repudiation. Based on digital certificates, PKI, also known as public key infrastructure, has become the virtual online world’s base. CA, also known as certificate authority, kown as PKI’s basal structure, is responsible for each entity in the network by the way of issuing digital certificates.Digital certificates for network communication provide secure data communication. Certificate has its standard format.Every certificate contains the standard information. In the tail,certificate contains a signature value. By hash algorithm,we compute the certificate’s hash value. By the private key owned by ourselves, we sign the hash value,and then it becomes a signature. Commonly used for signature, RSA is a asymmetric cryptography algorithm.And commonly used for message digest, MD5 is a hash algorithm. Their applications in recent years,however, are more and more exposed to shortcomings. Therefore, to ensure the security of e-commerce in China, SM2 and SM3, is issued as the standard of cryptographic algorithm.ECC algorithm have a significant advantage. ECC algorithm with the key of 160 bit is as safe as RSA algorithm with 1024 bit. And what’s more? ECC algorithm saves the storage space of 864 bits. ECC algorithm with the key of 210 bit is as safe as RSA algorithm with 2048 bit. And what’s more? ECC algorithm saves the storage space of 1838 bits. With the escalating of all the public key infrastructures and the key management systems of China, SM2 algorithm will be widely used.This paper studies the theories and technologies of CA, the algorithm standard of SM2 and SM3. In order to achieve the goal of CA system that support signature certificate and Encryption Certificate. Based on the open source software called Open SSL we apply cryptographic algorithms including SM2 and SM3. By transforming Open SSL, we finish the interface of encryption certificate and certificate service such as OCSP and CRL. Based on the USB Key technology, USB Key generates the public and private key pair, signing the certificate request. We can process the request according to the standard procsess of encryption certificate. In fact,it’s signature certificate. Based on software and hardware, we achieve related interfaces of the digital certificates, OCSP service.With VC development tools, we implement a small CA that can be extended for a variety of purposes.After transforming Open SSL, we build a CA,test the encryption and decryption algorithms including SM2 and SM3,the use of certificates incluing signature certification and encryption certificate.We test the service of OCSP and CRL. After the test is completed, the test is photographed,and the photo illustrated in the followed chart form. |
PDF Full Text Request