构造基于X.509公钥证书的密钥管理系统

Building of the Key Management Based on X.509 Certification

CA及公钥证书是目前Internet上各类安全应用系统的主要密钢管理方式。这里首先描述了在Internet分布式网络环境下管理公钢的PKIX.509证书管理模型及其研究进展，提出了基于PKIX．509公钥证书的密钢管理系统的设计方案，利用LDAP目录服务和存取协议．给出了构造证书服务器的方法以及安全认证方法。

Certificate authority and public key certificates are widely employed by various Internet secure systems as scheme of keymanagement.This paper deseribes Ihe advances of PKIX.509 and its model used by key management via Internet firstly. X.500 directorystandards,LDAP and X.509 authentication protocol have conshtuted a widely accepted basis for PKI. So we propose a scheme and method tobuild key management using LDAP and describe how to implement this system.Finally,the critical problem about how to authenticate a rootuser is analyzed.