分类: 系统运维
2008-05-21 20:30:21
1.device generates a request(PKCS#10), encrypt it with its private key, then sends it to CA in ASN message format, also include PKCS#10
PKCS#10:
device info
key size
device public key
(
challenge password)
CA info:
serial no.
available date of certificate
CA public key
HMAC algorithm
CRL location
2.CA generate a random HMAC symmetric key
HMAC function
3.PKCS#10 + CA info + random HMAC symmetric key----------------------------->HMAC
signature RSA Algorithm
4.random HMAC symmetric key + CA private key------------------------->encrypted HMAC symmetric key
5.a certificate includes:
PKCS#10 (device info, key size, device public key, challenge password)
CA info (serial no., available date, CA public key, HMAC algorithm, CRL)
HMAC signature
encrypted HMAC symmetric key
CA sends this certificate to the device which send the request(PKCS#10) to CA
6.after receiving the certificate.
RSA alogorithm
encrypted HMAC symmetric key + CA public key(included in CA info)-----------------------------> random HMAC symmetric key generated by CA
HMAC function
7.PKCS#10 + CA info + random HMAC symmetric key computed just now----------------------->HMAC signature
8.whether the HMAC signature received from CA and the HMAC signature computed just now by device are same or not