Implementation And Application Of SM2 Algorithm In Digital Certificate System

Since the 21 st century,the development of computer and network technology is changing with each passing day.With the gradual advancement of information construction in China,e-commerce and e-government have been developing and popularizing continuously,so that people can enjoy the comfort and convenience brought by information development without leaving home.The virtuality and anonymity of the Internet make the problem of information security increasingly serious.How to ensure the security and reliability of sending and receiving data in network communication has become the focus of people's attention.Digital certificates play an important role in ensuring information security and providing reliable and fair authentication services.PKI(Public Key Infrastructure),as a relatively mature scheme in the world at present,is widely used and can well solve this security problem.As the core of PKI,CA Certificate Authority has the functions of digital Certificate issuing and validity verification.At present,most PKI systems adopt RSA public-key cryptography algorithm,which gradually exposes defects in performance and operation rate,and is suspected to have a backdoor.In order to ensure the security of network information and the autonomy of China's security technology,the national cryptography administration released the SM2 elliptic curve public-key algorithm and SM3 hash algorithm in December 2010.Compared with RSA public-key algorithm,SM2 algorithm can improve the speed of signing digital certificates and ensure the security of network communication.This paper studies the implementation and application of national secret SM2 algorithm in digital certificate system,and focuses on the following work:Firstly,from the perspective of the construction of digital certificate system,I learned the basic theories of cryptography,including digital signature technology,structure,description and coding format of digital certificate.Focuses on the digital signature algorithm,public key encryption and decryption algorithm and SM3 hash algorithm in the SM2 elliptic curve public key cryptography algorithm in the 256-bit prime field,and compares RSA,ECC and SM2 algorithms.SM2 algorithm has obvious advantages in algorithm strength,space complexity and encryption and decryption efficiency.Secondly,the design and implementation of digital certificate issuing and management system based on SM2 algorithm are completed.This paper uses Java programming language to build an interactive system with a friendly interface based on B/S architecture to effectively manage digital certificates and their private keys.During the design process of the system,the classes and methods related to certificate generation in Java are cleverly invoked to realize the design of five functional modules,including the creation of signature certificate,the design of data table and the certificate application,issuance,update,revocation and verification.In the process of system implementation,the mapping between Java and database is established by using XML.Through the construction of simple certificate system,the certificate signature value and other information(including valid certificate application,issued certificate and revoked certificate record)are stored.By using Keytool,Bouncy Castle and other tools reasonably,the X.509 v3 standard digital certificate system based on SM2 digital signature algorithm was developed.Then,the system is tested,the system initialization and the main functions are demonstrated,and the performance of the system is briefly analyzed.Finally,this paper summarizes the common pattern of digital certificate system application service,and gives an example of present and future security application scenarios.As a national secret algorithm,the application of SM2 in digital certificate system will play an important role in the future Internet field.On January 1,2020,Cryptography law of the People's Republic of China was formally implemented,further clarifying the electronic authentication service management system for commercial passwords,promoting the legalization process of national network and information security management,and discussing the digital certificate system based on national secret algorithm is of great significance.