摘要
针对CA密钥的高安全性需求,提出一种多级的保护机制。使用RSA算法产生密钥,采用(tn)秘密共享将其分发到t个签字服务器,用异构平台存储密钥份额,并使用主动式秘密技术周期性更新密钥份额,对密钥份额进行恢复和有效性验证。设计了分阶段签字方案,多级安全保护机制有效地增强了CA密钥的安全性。通过Java和OpenSSL对方案进行了实现。
A multi-level protection mechanisms of CA(Certificate Authority) private key is proposed for its high-security needs.The key is generated using the RSA algorithm,then the CA private key is distributed to signature servers with (t,n) secret sharing,and the private key sharing is periodically updated using the proactive secret scheme.The recovery and verification of the key are also carried,and a phased-based RSA signature mechanism is used.Multi-level security protection mechanism is used to enhance the security of the CA key.At last,Java and Open SSL are adopted to realize it.
出处
《计算机工程与应用》
CSCD
北大核心
2011年第18期109-111,共3页
Computer Engineering and Applications
关键词
安全性
密钥保护
密钥份额
security
private key protection
private sharing
