摘要
为了保证签名的有效性,提出了一种安全增强的认证中心(CA)签名方案。方案基于RSA算法,采用(t,n)秘密共享将CA私钥安全分发到t个签名服务器,使用主动秘密技术对私钥份额周期性更新、恢复及验证有效性,并使用分阶段签名机制进行签名。最后通过Java和OpenSSL对方案进行了实现。理论分析和实验结果表明,该方案增强了签名过程的安全性,具有一定的应用价值。
In order to guarantees the credibility of the signature,proposed a high-security scheme of signature for certificate authority.Distributed the CA private key to signature servers with(t,n) secret sharing,and updated the private key sharing periodically using the proactive secret scheme.Used a phased-based RSA signature mechanism,so it strengthens the safety of CA private key and signature.Finally,adopted Java and OpenSSL to realize it.The experimental results show that it streng-then the security,so it has a certain value.
出处
《计算机应用研究》
CSCD
北大核心
2010年第7期2665-2667,共3页
Application Research of Computers
关键词
认证中心
私钥
主动秘密共享
分阶段签名
certificate authority
private key protection
proactive secret sharing
stages signature
