密码设备API接口扩展设计及安全性分析
更新日期:2021-05-27     浏览次数:160
核心提示:摘要为了解决标准API接口不支持SSL服务器所需密钥对由外部(如密钥管理中心)产生、送入SSL服务器安装部署的问题,在原标准基础上,采用非对称和对称密码

摘要 为了解决标准API接口不支持SSL服务器所需密钥对由外部(如密钥管理中心)产生、送入SSL服务器安装部署的问题,在原标准基础上,采用非对称和对称密码体制设计了密钥对外送产生、传输的密码设备API接口和密码协议,定义了RSA证书密钥对API接口参数,实现了外送密钥对密钥管理功能要求,并通过BAN逻辑证明了所设计API扩展接口的安全性。 The standard API interface does not allow the key pair required by the SSL server to be generated externally(for example,by the key management center)and to be sent to the SSL server for installation and deployment.The study aims to solve this problem.On the basis of the original standard,asymmetric and symmetric cryptosystems are used to design the API interface and cryptographic protocol of the cryptographic device for generating and transmitting the key pair.The API interface parameters of the RSA certificate key pair are defined,the key management function of the exported key pair is realized,and finally,the security of the designed API extension interface was proved by BAN logic.
作者 田晨光 容晓峰 杜志强 TIAN Chenguang;RONG Xiaofeng;DU Zhiqiang(School of Computer Science and Engineering,Xi’an Technological University,Xi’an 710021,China)
出处 《西安工业大学学报》 CAS 2021年第1期86-93,共8页 Journal of Xi’an Technological University
关键词 密码设备 密钥管理 密码API BAN逻辑 cryptographic equipment key management cryptographic API BAN logic