{"id":441,"date":"2007-10-20T22:25:00","date_gmt":"2007-10-20T14:25:00","guid":{"rendered":"http:\/\/note.systw.net\/note\/?p=441"},"modified":"2025-11-04T01:41:17","modified_gmt":"2025-11-03T17:41:17","slug":"certification","status":"publish","type":"post","link":"https:\/\/systw.net\/note\/archives\/441","title":{"rendered":"Certification"},"content":{"rendered":"\n<p><strong>certification(\u6191\u8b49)<\/strong><br>\u7528\u9014:\u53ef\u5728\u7db2\u8def\u4e0a\u8b49\u660e\u767d\u5df1\u7684\u8eab\u4efd\u53ca\u6240\u6301\u6709\u7684public key<br>\u5167\u5bb9:\u4e3b\u8981\u5305\u542b\u4f7f\u7528\u8005\u8cc7\u6599\u53capublic key<br>\u61c9\u7528:\u53ef\u505a\u70ba\u7db2\u8def\u8eab\u5206\u8b49\u6216\u6578\u4f4d\u5370\u9451,\u5e6b\u52a9\u7db2\u8def\u4ea4\u6613\u6642\u78ba\u8a8d\u8eab\u5206<br>\u767c\u884c\u8a72certification\u7684CA\u6703\u7528CA\u7684private key\u505a\u6578\u4f4d\u7c3d\u7ae0,\u4ee5\u8b49\u660e\u662f\u7531CA\u6240\u767c\u884c<br>\u76ee\u524d\u4f7f\u7528\u7684\u7d71\u4e00\u683c\u5f0f\u70bax.509<\/p>\n\n\n\n<p><strong>X.509 certification<\/strong><br>\u7531itu-t\u6240\u63d0\u51fa\u7684\u6578\u4f4dcertification\u6a19\u6e96\u683c\u5f0f<br>\u5167\u5bb9\u5305\u62ec\u4ee5\u4e0b\u8cc7\u8a0a<br>version(\u7248\u672c):certification\u7248\u672c<br>serial number(\u5e8f\u865f):certification\u7684\u552f\u4e00\u7de8\u865f<br>signature algorithm identifier(\u7c3d\u7ae0\u6f14\u7b97\u6cd5):\u7c3d\u7f72\u6b64certification\u7684\u6f14\u7b97\u6cd5<br>issuer distinguished name(\u6191\u8b49\u767c\u884c\u8005):\u767c\u884ccertification\u7684\u55ae\u4f4d<br>validate period(\u6709\u6548\u671f\u9650):\u6b64certification\u53ef\u7528\u7684\u6709\u6548\u6642\u9593<br>subject distinguished name(\u6191\u8b49\u6301\u6709\u8005):<br>subject&#8217;s public key information(\u6301\u6709\u8005\u516c\u958b\u91d1\u9470)<br>issuer unique identifier(\u767c\u884c\u8005\u8eab\u4efdid),\u5c6c\u9644\u52a0\u6b04\u4f4d<br>subject unique identifier(\u6301\u6709\u8005\u8eab\u4efdid),\u5c6c\u9644\u52a0\u6b04\u4f4d<br>extensions(\u5176\u4ed6\u8cc7\u8a0a),\u5c6c\u9644\u52a0\u6b04\u4f4d<br>issuer&#8217;s signature(\u672c\u6191\u8b49\u767c\u884c\u8005\u7c3d\u7ae0):\u767c\u884c\u8a72certification\u7684CA\u7528private key\u6240\u505a\u7684\u7c3d\u7ae0<br>ps:<br>X509\u6191\u8b49(v1,2,3) ITU1988,\u516c\u958b\u91d1\u9470\u6191\u8b49\u683c\u5f0f\u7684\u6a19\u6e96 rfc3280<br>1993\u516c\u4f48\u7248\u672c2,1997\u516c\u4f48\u7248\u672c3,2000\u63a8\u51faX.509-2000\u6216X.509V4(PKI\/PMI, ISO\/IEC 9594-8)<br>\u5c6c\u65bcX.500\u5efa\u8b70\u7cfb\u5217\u4e00\u90e8\u4efd<br>\u85c9\u7531X.500\u7684\u76ee\u9304\u7d50\u69cb,\u5b9a\u7fa9\u4e86\u4e00\u500b\u63d0\u4f9b\u7d66\u4f7f\u7528\u8005\u78ba\u8a8d\u6027\u670d\u52d9\u7684\u67b6\u69cb<br>\u8a8d\u8b49\u548c\u7d50\u69cb\u7528\u5728\u8a31\u591a\u4e0d\u540c\u5730\u65b9ex,S\/MIME,IPsec,SSL\/TSL,SET<br>\u4e09\u7a2e\u78ba\u8a8d:\u55ae\u5411\u78ba\u8a8d(\u53ea\u6709\u50b3\u9001\u7aef\u53ef\u78ba\u8a8d),\u96d9\u5411\u78ba\u8a8d,\u4e09\u5411\u78ba\u8a8d<br>\u4f7f\u7528ASN.1(\u62bd\u50cf\u8a9e\u610f\u8868\u793a\u6cd5\u7de8\u78bc)<\/p>\n\n\n\n<p><br><strong>certification\u985e\u5225<\/strong><br>\u5e38\u898b\u7684\u6709\u4ee5\u4e0b\u5e7e\u7a2e<br>CA certification:CA\u81ea\u5df1\u7684\u6578\u4f4d\u6191\u8b49<br>server certification:ex:SSL\u6191\u8b49<br>\u8edf\u9ad4\u51fa\u7248\u8005certification<br>\u500b\u4ebacertification<br>&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;<\/p>\n\n\n\n<p><strong>CA(certification authority,\u6191\u8b49\u4e2d\u5fc3)<\/strong><br>\u4efb\u52d9<br>\u3000\u7522\u751f\u6191\u8b49:\u5c07\u4f7f\u7528\u8005\u8cc7\u6599\u548cpublic key\u7c3d\u7f72\u6210\u6578\u4f4d\u6191\u8b49<br>\u3000\u7ba1\u7406,\u8a3b\u92b7,\u6062\u5fa9,\u5132\u5b58\u7b49\u6191\u8b49\u76f8\u95dc\u696d\u52d9<br>\u3000\u626e\u6f14\u53ef\u4fe1\u4efb\u7684\u7b2c\u4e09\u65b9\u6a5f\u69cb<br>\u3000\u89e3\u6c7a\u516c\u9470\u5206\u914d\u554f\u984c<br>\u76ee\u6a19<br>\u3000\u4fdd\u5bc6\u6027 &#8211; \u7dad\u6301\u8cc7\u8a0a\u70ba\u79c1\u5bc6\u7684<br>\u3000\u5b8c\u6574\u6027 &#8211; \u8a3c\u660e\u8cc7\u8a0a\u672a\u7d93\u64cd\u63a7\u6216\u4fee\u6539<br>\u3000\u78ba\u8a8d\u6027 &#8211; \u8a3c\u660e\u500b\u4eba\u6216\u61c9\u7528\u7a0b\u5f0f\u7684\u8eab\u4efd<br>\u3000\u4e0d\u5f97\u5426\u8a8d\u6027 &#8211; \u4fdd\u8b49\u500b\u4eba\u4e0d\u80fd\u5426\u8a8d\u6240\u505a\u7684\u4e8b<br>ps:<br>CA\u67b6\u69cb<br><strong>Root authority(\u6839\u6388\u6b0a)<\/strong><br>\u6700\u9802\u5c64CA,\u8ca0\u8cac\u9a57\u8b49\u7b2c\u4e8c\u5c64CA(\u4e5f\u53ebRA),\u6839\u4e0d\u53ea\u4e00\u500b<br>\u7576\u6839\u6388\u6b0a\u65b0\u7684RA\u6642,\u6703\u7522\u751f\u4e00\u500bX.509\u6191\u8b49,\u8a3b\u660e\u5df1\u8a8d\u53ef\u8a72RA,\u4e26\u5305\u542b\u65b0RA\u7684public key\u4e26\u4e88\u4ee5\u7c3d\u7f72,\u5728\u4ea4\u7d66RA<br><strong>RA(Registration Authority,\u5340\u57df\u7ba1\u7406\u4e2d\u5fc3):<\/strong><br>\u662fCA\u7684\u8a3c\u66f8\u767c\u653e,\u7ba1\u7406\u7684\u5ef6\u4f38<br>RA\u8a8d\u53ef\u65b0\u7684CA\u6642,\u6703\u7522\u751f\u4e26\u7c3d\u7f72\u4e00\u500b\u8a3b\u660e\u5176\u8a8d\u53ef\u7684\u6191\u8b49,\u4e5f\u5305\u542b\u4e86CA\u7684public key<br>RA\u4f5c\u70bauser\u548cCA\u7684\u4e2d\u9593\u4eba\u89d2\u8272\u3002\u53ef\u914d\u5c0d\u548c\u78ba\u8a8duser\u8eab\u4efd\uff0c\u7136\u5f8c\u5411CA\u905e\u4ea4\u8b49\u66f8\u7684\u7533\u8acb<br><strong>CA(certificate authority,\u6191\u8b49\u7ba1\u7406\u4e2d\u5fc3):<\/strong><br>\u5c07\u6191\u8b49\u6578\u4f4d\u5316\u7c3d\u7ae0\u7684\u7ba1\u7406\u55ae\u4f4d<br>PKI\u7684\u4fe1\u4efb\u57fa\u790e<br>ps:<br><strong>chain of trust(\u4fe1\u4efb\u93c8)<\/strong><br>\u6578\u4f4d\u7c3d\u7ae0\u6703\u900f\u904echain of trust\u4f86\u9a57\u8b49\u5be6\u9ad4<br>\u9019\u7a2ecertification path(\u6191\u8b49\u8def\u5f91)\u662f\u4e00\u9023\u4e32\u901a\u5f80\u6839\u6388\u6b0a\u7684\u6191\u8b49<br>\u4e5f\u5c31\u662f\u4e00\u9023\u4e32\u4e92\u76f8\u80cc\u66f8\u7684\u6191\u8b49,\u6309\u7167\u5176\u7c3d\u767c\u6191\u8b49\u8207\u80cc\u66f8\u7684\u5148\u5f8c\u9806\u5e8f,\u6392\u5217\u6210\u4e00\u500b\u53ef\u4ee5\u7372\u5f97\u4fe1\u4efb\u7684\u8def\u5f91<\/p>\n\n\n\n<p><strong>PKI(public key infrastructure,\u516c\u958b\u91d1\u9470\u57fa\u790e\u5efa\u8a2d)<\/strong><br>\u4efb\u52d9:\u63d0\u4f9b\u7d44\u7e54\u9019\u4e9b\u69cb\u6210\u8981\u7d20\u4e26\u5c0d\u5404\u7a2e\u6587\u4ef6\u8207\u5354\u5b9a\u5b9a\u7fa9\u6a19\u6e96\u7684\u65b9\u6cd5<br>\u505a\u6cd5:\u5efa\u7acbCA\u7ba1\u7406,\u7c3d\u767c,\u8a3b\u92b7,\u4f7f\u7528\u8005\u7684\u6578\u4f4d\u6191\u8b49<br>ex:<br>GCA(government certification authority,\u653f\u5e9c\u6191\u8b49\u7ba1\u7406\u4e2d\u5fc3),1998\u5e74\u53f0\u7063\u6210\u7acb\u7684\u6191\u8b49\u7ba1\u7406\u4e2d\u5fc3<\/p>\n\n\n\n<p><strong>GPKI(\u653f\u5e9c\u6a5f\u95dc\u516c\u958b\u91d1\u9470\u57fa\u790e\u5efa\u8a2d)<\/strong><br>\u968e\u5c64\u5f0f\u516c\u958b\u91d1\u9470\u57fa\u790e\u5efa\u8a2d,\u5305\u542b\u4ee5\u4e0b<br>GRCA(\u6191\u8b49\u7e3d\u7ba1\u7406\u4e2d\u5fc3),\u81ea\u7c3d\u6191\u8b49,CA\u4ea4\u4e92\u8a8d\u8b49\u6191\u8b49<br>\u53ef\u5728\u5206\u70ba\u4ee5\u4e0b<br>\u3000GCA(\u653f\u5e9c\u6191\u8b49\u7ba1\u7406\u4e2d\u5fc3),\u653f\u5e9c\u6a5f\u95dc\u6191\u8b49<br>\u3000GtestCA(\u653f\u5e9c\u6e2c\u8a66\u6191\u8b49\u7ba1\u7406\u4e2d\u5fc3)<br>\u3000MOEACA(\u96fb\u5b50\u5de5\u5546\u6191\u8b49\u7ba1\u7406\u4e2d\u5fc3),\u5546\u7528\u6191\u8b49<br>\u3000MOICA(\u5167\u653f\u90e8\u6191\u8b49\u7ba1\u7406\u4e2d\u5fc3),\u81ea\u7136\u4eba\u6191\u8b49<br>\u3000XCA(\u7d44\u7e54\u53ca\u5718\u6191\u8b49\u7ba1\u7406\u4e2d\u5fc3),\u6cd5\u4eba\u53ca\u5718\u9ad4\u6191\u8b49<\/p>\n\n\n\n<p><br>&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;<\/p>\n\n\n\n<p><strong>certification\u61c9\u7528<\/strong><\/p>\n\n\n\n<p><strong>\u9a57\u8b49certification\u6b63\u78ba\u6027<\/strong><br>\u505a\u6cd5:SHA-1(certification content)=CA public key(certification digital signature)<br>1\u5148\u5c07certification\u5167\u5bb9\u900f\u904esha-1\u904b\u7b97\u5f8c\u5f97\u4e00\u8a0a\u606f\u6458\u8981<br>2\u5728\u5c07certification\u6578\u4f4d\u7c3d\u7ae0\u900f\u904eCA\u516c\u9470\u904b\u7b97\u5f8c\u5f97\u5230\u7684\u8a0a\u606f\u6458\u8981\u505a\u6bd4\u8f03<br>3\u82e5\u8a0a\u606f\u6458\u8981\u7686\u76f8\u540c,\u5247certification\u6b63\u78ba<\/p>\n\n\n\n<p><strong>\u52a0\u5bc6<\/strong><br>1\u5148\u5f9eCA\u53d6\u5f97\u5c0d\u65b9certification<br>2\u5f9ecertification\u4e2d\u53d6\u51fa\u5c0d\u65b9public key\u5c0d\u8a0a\u606f\u52a0\u5bc6\u5f8c\u9001\u51fa<br>3\u5c0d\u65b9\u6536\u5230\u5f8c\u7528\u81ea\u5df1\u7684private key\u89e3\u5bc6<\/p>\n\n\n\n<p><strong>\u8a8d\u8b49\u4f86\u6e90<\/strong><br>1\u767c\u9001\u65b9\u5c07private key(message,timestamp)\u9001\u7d66\u5c0d\u65b9<br>2\u5c0d\u65b9\u6536\u5230\u5f8c\u82e5\u53ef\u7528\u767c\u9001\u65b9public key\u89e3\u958b,\u540c\u6642timestamp\u672a\u903e\u6642,\u5247\u53ef\u8b49\u660e\u662f\u5c0d\u65b9<\/p>\n","protected":false},"excerpt":{"rendered":"<p>certification(\u6191\u8b49)\u7528\u9014:\u53ef\u5728\u7db2\u8def\u4e0a\u8b49\u660e\u767d\u5df1\u7684 &#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[375],"tags":[],"class_list":["post-441","post","type-post","status-publish","format-standard","hentry","category-cryptographic-fundamentals"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/441","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/comments?post=441"}],"version-history":[{"count":1,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/441\/revisions"}],"predecessor-version":[{"id":2854,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/441\/revisions\/2854"}],"wp:attachment":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/media?parent=441"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/categories?post=441"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/tags?post=441"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}