摘要
商用密码算法是实现我国网络安全自主可控的重要保障,我国已经出台多项政策和法规,要求采用商用密码算法来保证金融、电子政务等重要领域关键信息基础设施的安全。但是,目前常用操作系统和应用软件都不支持国产密码算法,制约了商用密码算法的普及应用。文章针对商用密码算法的应用现状,提出了国产密码证书全生态应用思路和“SM2/RSA双证书”应用模式,并介绍了基于该思路在网站HTTPS加密、电子邮件签名加密和PDF文件签名加密等三大领域的应用解决方案。文章提出的解决方案,不仅解决了常用操作系统不支持国产密码算法的应用问题,而且能做到自适应加密算法,使得用户无论是否支持国产密码算法的应用软件都能实现HTTPS加密等应用,实现满足用户国产密码合规和全球通用的实际应用需求,使得基于国产密码算法和国产密码证书的应用方案能够真正落地实施和广泛应用。
Chinese cryptographic algorithms are an important foundation for achieving independence and controllability of China cybersecurity.China has issued numbers of laws and guidelines requiring the use of Chinese cryptographic algorithms to ensure the security of critical information infrastructures in important areas such as finance and e-government.However,most operation system and applications don’t support Chinese cryptographic algorithms,which limit the widespread use of it.To solve these issues,this paper proposes an idea that build an fully ecological application environments for SM2 certificates,and proposes a"SM2/RSA dual certificates"application mode,and also introduces the application scheme based on this idea which using in HTTPS encryption,email encryption and PDF signature.The solutions proposed in this paper solved the issues that most systems don’t support Chinese cryptographic algorithms,and found a solution for auto-adaption encryption algorithm that end user don’t care about the algorithm,so that application schemes based on Chinese cryptographic algorithms and certificates using Chinese cryptographic algorithm can be truly implemented widely.
作者
王高华
廖晓鹃
吕尧
Wang Gaohua;Liao Xiaojuan;Lv Yao(Wotrus CA Limited,Guangdong Shenzhen 518067;Institute of Cyberspace Security,CCID,Beijing 100846)
出处
《网络空间安全》
2019年第11期52-58,共7页
Cyberspace Security