The Design And Implementation Of A Multi-algorithm Mini Certification Authority Software Based On The Public Key Infrastructure

One device test platform requires digital certifications in test activities.However there are lots of shortcomings in traditional certification request,such as time consuming,highly complex,inefficient,not include all algorithms and high cost.The Multi-Algorithm Mini CA(Certification Authority)Software Based on the PKI(Public Key Infrastructure)implemented in this thesis and specially made for test activities solves those problems above.The primary works in this thesis are presented as follows:(1)This thesis investigates the principles and technical essentials of the PKI system,analyses principles,functions,usages of many kinds of cryptographic algorithms and digital certificates' format,especially focuses on meanings and effects in RSA and SM2 certifications during certification generating and using.(2)This thesis looks into the background,research actualities and the overall structure of CA,examines the advantages of traditional ways of certificate request as well as the disadvantages of those request ways in specific test activities.Then the practical significance of the software implemented for testers in test jobs by this thesis is proposed.(3)This thesis analyses the principle and functions of CA,especially discusses the format,functions and applications of certifications and requests,also researches on the pattern and workflow of certificate revocation.Some China's cryptographic algorithms have been implemented and generated as a dynamic link library in this software.This library can implement asymmetric key generation,symmetric encryption and hash algorithms together with Openssl algorithm dynamic link libraries.This thesis also researches and implements the generation and resolution of the SM2 and RSA certificate requests,issue,validation and revocation of root certificates and user certificates,generation of certificate revocation lists and other functions.Combined with China's cryptographic dual-certificate specification,this thesis provides possible solution to the creation of SM2 signature certificate and encrypt certificate in dual-certificate mode,it also implements SM2 encrypt certificate generation and the protect algorithm of encrypt private key.(4)This thesis researches and implements the I/O method of local database,which can ideally meet the data demands of query,storage,access,delete and modify of this software.The mini-CA software discussed in this thesis can provides RSA and SM2 certificates for testers on Windows in a relatively simple,efficient,and diversified way.It provides Multi-functional options such as certificate request,issue,resolve,revocation,verify and search.In the meantime it also supports sign certificate and encrypt certificate in dual-certificate mode that meet China's cryptographic standard.This software excuses those inconvenience and cumbersome ways of traditional certificate request,solves certificate demands of the device test platform,guarantees the quality and saves the time and cost of the test.