Chinaunix首页 | 论坛 | 博客
  • 博客访问: 561328
  • 博文数量: 375
  • 博客积分: 0
  • 博客等级: 民兵
  • 技术积分: 15
  • 用 户 组: 普通用户
  • 注册时间: 2013-09-20 10:21
文章分类

全部博文(375)

文章存档

2015年(1)

2014年(374)

分类: LINUX

2014-08-18 13:37:55

原文地址:[Wiki] 什么是 PKI 作者:ailms

In , a public key infrastructure (PKI) is an arrangement that binds with respective user identities by means of a (CA). The user identity must be unique for each CA. The binding is established through the registration and issuance process, which, depending on the level of assurance the binding has, may be carried out by software at a CA, or under human supervision. The PKI role that assures this binding is called the Registration Authority (RA) . For each user, the user identity, the public key, their binding, validity conditions and other attributes are made unforgeable in issued by the CA.

# 注释 :所谓 PKI 就是一个通过 CA 绑定公钥和用户身份的系统。对于每个 CA 来说,用户身份信息必须是唯一的,整个绑定过程是从注册到确认(发放证书),

# 证书的发放可以是通过软件下载,也可以是人工送上门。PKI 角色中负责该角色的就是 RA (注册中心)。

The term (TTP) may also be used for (CA). The term PKI is sometimes erroneously used to denote which, however, do not require the use of a CA.

# 注释 :CA 有时也被成为 TTP(受信任第三方)。


# 注释 :一般来说,PKI 由客户端软件、服务器软件、硬件(例如 smart card)、法律合同和保证书、操作流程组成。
# 一个签名者的公钥证书可以被第3方用于验证一个消息的数字签名是否就是来自该签名者的私钥所加密而成的。

# 注释:每个 PKI 系统都和自己的目录方案紧密的联系在一起,每个客户的公钥一般存贮(嵌入到)LDAP 目录中


PKI software

When deploying a PKI, the most important part is an appropriate CA software. There are several solutions on the market:

  • Microsoft: and contain a CA software, which is integrated into the and doesn't require additional licence fees. This is currently the most popular solution on the market.[]
  • - A built-in CA, leveraging existing user directory management systems (e.g. , and ). The solution automatically generates digital certificates for users on the user directory, eliminating the common overhead found with other traditional PKI solutions.
  • : Linux supports and , which are two CA solutions. It also supports .
  • : Free software which generates and controls users' public keys.
  • : Offers the Novell Certificate Server, which is integrated into the eDirectory. Alternatively, the eDirectory add-on product cv act PKIntegrated (provided by a third party vendor at additional costs) can be used.
  • : Offers TrustedRoot" a PKI CA Rootstore chaining program (Root Sign) which allows you to get immediate trust for your SSL, S/MIME and code signing certificates by chaining your Microsoft CA or Inhouse CA Root Certificate to the pre-trusted GlobalSign root certificate.
  • : The product Entrust Authority is the most popular among the not-for-free CA solutions.[] Entrust offers PKI software and a managed service options mainly in the .gov space.
  • : Offers a product calledTrustedCA.
  • : Offers a product called CCA.
  • : open source PKI Web GUI project.
  • Certificate System: Formerly the Netscape Certificate Server.
  • ChosenSecurity: Offers a managed PKI for the enterprise using TC TrustCenter technology.
  • : Offers a managed PKI for the banking community.

阅读(524) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~