Chinaunix首页 | 论坛 | 博客
  • 博客访问: 18670271
  • 博文数量: 7460
  • 博客积分: 10434
  • 博客等级: 上将
  • 技术积分: 78178
  • 用 户 组: 普通用户
  • 注册时间: 2008-03-02 22:54
文章分类

全部博文(7460)

文章存档

2011年(1)

2009年(669)

2008年(6790)

分类: 系统运维

2008-05-21 20:30:21

1.device generates a request(PKCS#10), encrypt it with its private key, then sends it to CA in ASN message format, also include PKCS#10
PKCS#10:
device info
key size
device public key
( challenge password)

CA info:
serial no.
available date of certificate
CA public key
HMAC algorithm
CRL location

2.CA generate a random HMAC symmetric key

                                                                                                  HMAC function
3.PKCS#10 + CA info + random HMAC symmetric key----------------------------->HMAC

signature                                                                                        RSA Algorithm
4.random HMAC symmetric key + CA private key------------------------->encrypted HMAC symmetric key

5.a certificate includes:
PKCS#10 (device info, key size, device public key, challenge password)
CA info (serial no., available date, CA public key, HMAC algorithm, CRL)
HMAC signature
encrypted HMAC symmetric key
CA sends this certificate to the device which send the request(PKCS#10) to CA


 



6.after receiving the certificate.
                                                                                                                        RSA alogorithm
encrypted HMAC symmetric key + CA public key(included in CA info)-----------------------------> random HMAC symmetric key generated by CA

                                                                                                                             HMAC function
7.PKCS#10 + CA info + random HMAC symmetric key computed just now----------------------->HMAC signature

8.whether the HMAC signature received from CA and the HMAC signature computed just now by device are same or not


 

阅读(1049) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~