基于RFC2025的PKI内部通信安全实现

Implementation of Communication Security in PKI System Based on RFC2025

公钥基础设施(PKI)是解决网络安全的重要技术之一,一套完整的PKI系统常由多个模块组成,如何在复杂的网络环境中保证这些模块之间的通信安全,RFC2025已经提出了一个通用的解决方案,针对实际应用情况提出了一种具体实现和解决方案。该方案在设计上对原协议进行了一些约定和扩展,实现上使用面向对象方法和回调函数,使用上缓仔密钥,减少协商次数,在异常情况下密钥协商能自动恢复,保证了密钥的可用性。这样实现、使用都比较方便,而且保证安全,提高效率。

Public key infrastructure （PKI） is one of the most important technologies to solve cyber security. A large PKI system is usually composed by several modules. RFC2025 has already proposed a general solution for how to secure communications between those function parts. This paper introduces an implementation way and a solution according to the practical application environment. This scheme is based on RFC2025 but has a few assumption and extension： adopt object-oriented method and call back functions when implementing, cache the symmetrical keys to reduce key agreement times when using, restart key negotiation automatically under exceptional situation to ensure the availability of the symmetrical key. It＇s easy to implement and use, and also can ensure security and improve efficiency.