摘要
论文介绍了一种基于数字签名和数字信封技术的证书申请和发放机制,该机制尤其适合离线式发放CA证书或关键任务端实体证书。文章完整描述了可鉴别的的证书申请、响应过程和交换信息结构,以及客户端应用程序的模块设计。文章论述了证书信息和发放过程的机密性、完整性、可鉴别性和不可否认性的实现,该机制对构架CA/RA和规划证书管理策略CMP有实际的指导意义。
This article introduces a scheme of certificates application and issuance using techniques of digital signature and digital envelope.The scheme introduced is suitable to off-line issuance of CA certificates or crucial end-entity certificates.In this article,the process of authenticated certificates application and response and the data structures are presented,and models design of end-entity application program is given.This article states the achievement of confi-dentiality,integrality,authentication and non -repudiation of certificates and the process of certificates issuance.The scheme stated in this article is a practical proposal in construction of RA/CA and definition of certificates management policy.
出处
《计算机工程与应用》
CSCD
北大核心
2004年第31期124-126,共3页
Computer Engineering and Applications
基金
国家973基础科学研究发展计划(编号:G1999035804)
河南杰出青年基金项目(编号:0212001400)资助
关键词
公钥基础设施
证书管理
证书发放
数字信封
鉴别
PKI ,certificates management ,certificates issuance,digital envelope,authentication
