CA认证系统密钥管理设计与实现.doc

学 士 学 位 论 文 系 别： 计算机科学与技术系 学科专业： 计算机科学与技术 姓 名： 　  CA认证系统密钥管理设计与实现 系 别： 计算机科学与技术系 学科专业： 计算机科学与技术　 姓 名： 指导教师： CA认证系统密钥管理设计与实现 摘 要：随着对信息安全的要求不断提高，传统的等效于软件加密的密钥管理手段已不能满足信息系统的安全要求，因此有必要设计一种具有更高安全性的密钥管理系统。针对这一细节问题，就要从密钥的生成入手着力消除不安全因素，从源头入手，在机制上实现对密钥的安全操作，防止密钥泄露给不合法的用户。 如何实现对密钥的有效管理是构建PKI 系统的重要内容之一。本文就是从密钥自产生到最终被销毁的整个过程所涉及的有关问题展开论述，涵盖了密钥的生成、装入、分配、存储、更新、备份、恢复、保护、吊销和销毁等内容，提出了解决密钥管理难题的方法。伴随着证书生命周期的整个阶段，本文对密钥生命周期进行了研究，最后完成了一个密钥管理系统的设计与实现。 关键词：CA RA 公钥 私钥 数字证书 The CA authentication system key management design with realizes Abstract: Along with enhances unceasingly to information securitys request, the tradition equivalent has not been able to satisfy information systems safety requirements in the software encryptions key management method, therefore has the necessity to design one kind to have the higher secure key management system. In view of this detail question, must obtain from keys production to try to eliminate the unsafe factor, obtains from the source, realizes in the mechanism to keys safe operation, prevents the key revelation to give the illegal user. How realizes to keys effective management constructs one of PKI systems important contents. The related question which this article is from produces from the key to is destroyed the entire process which involves to launch finally the elaboration, covered keys production, to load, the assignment, the memory, the renewal, the backup, to restore, contents and so on protection, cancel and destruction, proposed the solution key management difficult problem method. Followed the certificate life cycle entire stage, this article has been conducting the research to the key life cycle, finally completed a key management systems design with to realize. Keywords：CA RA Public key Private key Digital certificate 目 录 引 言 1 第1章 绪论 2 1.1 PKI中密钥和证书管理 2 1.2 PKI初始化阶段 3 1.3 密钥/证书颁发阶段 4 1.4 密钥/证书撤消阶段 4 第2章