📄 ospki-book.htm
字号:
<HTML><HEAD><TITLE>The Open–source PKI Book</TITLE><METANAME="GENERATOR"CONTENT="Modular DocBook HTML Stylesheet Version 1.55"><LINKREL="NEXT"TITLE="Purpose of this document"HREF="this-document.htm"></HEAD><BODYCLASS="BOOK"BGCOLOR="#FFFFFF"TEXT="#000000"LINK="#0000FF"VLINK="#840084"ALINK="#0000FF"><DIVCLASS="BOOK"><ANAME="OSPKI-BOOK"></A><DIVCLASS="TITLEPAGE"><H1CLASS="TITLE"><ANAME="AEN2">The Open–source PKI Book</A></H1><H2CLASS="SUBTITLE">A guide to PKIs and Open–source Implementations</H2><H3CLASS="AUTHOR"><ANAME="AEN9">Symeon (Simos) Xenitellis</A></H3><DIVCLASS="AFFILIATION"><SPANCLASS="ORGNAME">OpenCA Team<BR></SPAN></DIV><PCLASS="COPYRIGHT">Copyright © 1999, 2000 by Symeon (Simos) Xenitellis</P><DIV><DIVCLASS="ABSTRACT"><P></P><P> This document describes Public Key Infrastructures, the PKIX standards, practical PKI functionality and gives an overview of available open–source PKI implementations. Its aim is foster the creation of viable open–source PKI implementatations. </P><P> The latest version of this document can be found at the OSPKI Book WWW site at <ICLASS="EMPHASIS">http://ospkibook.sourceforge.net/</I>. </P><P></P></DIV></DIV><DIVCLASS="LEGALNOTICE"><P></P><P> Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation; with the Invariant Sections being the chapters <AHREF="contributions.htm">Chapter 13</A> ("Contributions") and the Colophon ("About this document"), with Front-Cover Texts being the text "The Open–source PKI Book, A guide to PKIs and Open–source Implementations" and with Back-Cover Texts being the text "The author's studies are funded by State's Scholarship Foundation (SSF) of Greece". A copy of the license is included in <AHREF="license.htm">Appendix E</A> entitled "GNU Free Documentation License". </P><P></P></DIV><HR></DIV><DIVCLASS="TOC"><DL><DT><B>Table of Contents</B></DT><DT>1. <AHREF="this-document.htm">Purpose of this document</A></DT><DT>2. <AHREF="introduction-to-cryptography.htm">Introduction to Cryptography</A></DT><DD><DL><DT><AHREF="introduction-to-cryptography.htm#WHATISCRYPTO">Cryptographic Algorithms</A></DT><DT><AHREF="digests.htm">Message Digests</A></DT><DT><AHREF="signatures.htm">Digital Signatures</A></DT><DT><AHREF="certificates.htm">Certificates</A></DT><DT><AHREF="ca.htm">Certification Authority</A></DT></DL></DD><DT>3. <AHREF="description-pki.htm">Basic functionality of a Public Key Infrastructure[TODO]</A></DT><DD><DL><DT><AHREF="description-pki.htm#AEN156">Creation of the key–pair and the certificate request</A></DT><DT><AHREF="x161.htm">Signing of the certificate request by the Certification Authority</A></DT><DT><AHREF="x164.htm">Certification Authority chains</A></DT><DT><AHREF="x169.htm">Typical uses of public key cryptography</A></DT></DL></DD><DT>4. <AHREF="implementation-overview.htm">General implementation overview</A></DT><DD><DL><DT><AHREF="implementation-overview.htm#SOFTWAREPREREQUISITES">Prerequisites</A></DT><DD><DL><DT><AHREF="implementation-overview.htm#USEFUL-SOFTWARE">Useful open–source software</A></DT></DL></DD><DT><AHREF="initialisation.htm">Initialisation of the Certification Authority</A></DT><DD><DL><DT><AHREF="initialisation.htm#GENERATEKEYPAIR">Generate the RSA key–pair for the CA</A></DT><DT><AHREF="initialisation.htm#CREATESELFSIGNEDCACERT">Create a self–signed CA Certificate</A></DT></DL></DD><DT><AHREF="keygensign.htm">User/Server key generation and signing</A></DT><DD><DL><DT><AHREF="keygensign.htm#GENERATEKEY">Generate the RSA key–pair for a user/server</A></DT><DT><AHREF="keygensign.htm#GENERATECSR">Generate a certificate request</A></DT><DT><AHREF="keygensign.htm#SIGNCSR">Ask the CA to sign the certificate request</A></DT></DL></DD></DL></DD><DT>5. <AHREF="standards-specifications.htm">PKI standards and specifications</A></DT><DD><DL><DT><AHREF="standards-specifications.htm#PKIX-STANDARD">Internet X.509 Public Key Infrastructure (PKIX)</A></DT><DT><AHREF="apki-standard.htm">Architecture for Public-Key Infrastructure (<SPANCLASS="ACRONYM">APKI</SPAN>)</A></DT><DT><AHREF="fpki.htm">The NIST Public Key Infrastructure Program</A></DT></DL></DD><DT>6. <AHREF="pkix.htm">Internet X.509 Public Key Infrastructure (PKIX)</A></DT><DD><DL><DT><AHREF="pkix.htm#PKIX-ABBREVIATIONS">Abbreviations</A></DT><DT><AHREF="pkix-concepts.htm">Concepts</A></DT><DD><DL><DT><AHREF="pkix-concepts.htm#CERTIFICATE-USING-SYSTEMS-AND-PKI">Certificate–using Systems and PKIs</A></DT><DT><AHREF="pkix-concepts.htm#CERTIFICATE-USING-SYSTEMS-AND-PMI">Certificate–using Systems and PMIs</A></DT></DL></DD><DT><AHREF="pkix-overview.htm">Overview of the PKIX approach</A></DT><DD><DL><DT><AHREF="pkix-overview.htm#PKIX-PARTS">PKIX standardisation areas</A></DT><DT><AHREF="pkix-overview.htm#PKIX-FUNCTIONALITY">Public–key infrastructure functionality</A></DT><DT><AHREF="pkix-overview.htm#PKIX-PKI">Public–Key Infrastructure (PKI)</A></DT><DT><AHREF="pkix-overview.htm#PKIX-PMI">Privilege Management Infrastructure (PMI)</A></DT></DL></DD></DL></DD><DT>7. <AHREF="implementations.htm">Open-Source Implementations</A></DT><DD><DL><DT><AHREF="implementations.htm#IMPL-PYCA">The pyCA Certification Authority</A></DT><DT><AHREF="impl-openca.htm">The OpenCA Project[TODO]</A></DT><DD><DL><DT><AHREF="impl-openca.htm#OPENCA-DESCRIPTION-LAYOUT">OpenCA Layout</A></DT><DT><AHREF="impl-openca.htm#OPENCA-ABBREV">OpenCA Abbreviations</A></DT><DT><AHREF="impl-openca.htm#SOFTWARE-TYPE">Software packages</A></DT><DT><AHREF="impl-openca.htm#FUNCTIONALITYCA">Functionality of the CA Server <ICLASS="EMPHASIS">(CAServer)</I></A></DT><DT><AHREF="impl-openca.htm#FUNCTIONALITYRA">Functionality of the RA Server <ICLASS="EMPHASIS">(RAServer)</I></A></DT><DT><AHREF="impl-openca.htm#FUNCTIONALITYLOCALRA">Functionality of the RA Operators <ICLASS="EMPHASIS">(RAOperators)</I></A></DT><DT><AHREF="impl-openca.htm#OPENCA-STATUS">Status of the OpenCA Project</A></DT><DT><AHREF="impl-openca.htm#OPENCA-FUTURE-WORK">Future OpenCA work</A></DT></DL></DD><DT><AHREF="impl-oscar.htm">The Oscar Public Key Infrastructure Project</A></DT><DT><AHREF="impl-jonah.htm">Jonah: Freeware PKIX reference implementation</A></DT><DT><AHREF="impl-mozilla.htm">Mozilla Open Source PKI projects</A></DT><DD><DL><DT><AHREF="impl-mozilla.htm#IMPL-MOZILLA-PSM">Personal Security Manager (<SPANCLASS="ACRONYM">PSM</SPAN>)</A></DT><DT><AHREF="impl-mozilla.htm#IMPL-MOZILLA-NSS">Network Security Services (<SPANCLASS="ACRONYM">NSS</SPAN>)</A></DT><DT><AHREF="impl-mozilla.htm#IMPL-MOZILLA-JAVASCRIPT">JavaScript API for Client Certificate Management</A></DT></DL></DD><DT><AHREF="impl-mispc.htm">MISPC Reference Implementation</A></DT></DL></DD><DT>8. <AHREF="support.htm">How to get software support</A></DT><DT>9. <AHREF="hardware-software-supported.htm">Supported Crypto hardware and Software architectures</A></DT><DD><DL><DT><AHREF="hardware-software-supported.htm#HARDWARE-BULL">TrustWay Crypto PCI 2000</A></DT><DT><AHREF="hardware-gtgi.htm">PowerCrypt Encryption Accelerator</A></DT><DT><AHREF="hardware-rainbow.htm">CryptoSwift eCommerce Accelerator</A></DT><DT><AHREF="software-muscle.htm">Movement for the Use of Smart Cards in a Linux Environment (<SPANCLASS="ACRONYM">MUSCLE</SPAN>)</A></DT><DT><AHREF="hardware-slb-linux-starter-kit.htm">Linux Smart Card Starter's Kit from Schlumberger</A></DT><DT><AHREF="software-gpkcs11.htm">The gpkcs11 PKCS#11 open–source implementation</A></DT><DT><AHREF="cdsa.htm">Common Data Security Architecture (<SPANCLASS="ACRONYM">CDSA</SPAN>)</A></DT><DT><AHREF="software-pam.htm">Single Sign–on</A></DT><DT><AHREF="software-keyman.htm">The KeyMan PKI Management Tool</A></DT><DT><AHREF="xdas.htm">Distributed Audit Service (<SPANCLASS="ACRONYM">XDAS</SPAN>)</A></DT><DT><AHREF="gss-api.htm">Generic Security Service API (<SPANCLASS="ACRONYM">GSS-API</SPAN>)</A></DT><DT><AHREF="sntp.htm">Simple Network Time Protocol (<SPANCLASS="ACRONYM">SNTP</SPAN>)</A></DT><DT><AHREF="ldap.htm">Lightweight Directory Access Protocol (<SPANCLASS="ACRONYM">LDAP</SPAN>)</A></DT><DT><AHREF="smime-cms.htm">S/MIME CMS [TODO]</A></DT></DL></DD><DT>10. <AHREF="critical-discussion.htm">Critical discussion[TODO]</A></DT><DT>11. <AHREF="opensource-benefits.htm">Benefits of an Open–Source PKI implementation[TODO]</A></DT><DT>12. <AHREF="trademarks.htm">Trademarks</A></DT><DT>13. <AHREF="contributions.htm">Contributions</A></DT><DT>A. <AHREF="perl-modules-installation.htm">Perl modules</A></DT><DD><DL><DT><AHREF="perl-modules-installation.htm#PERL-MODULES-WHERE-TO-FIND">Locating Perl modules</A></DT><DT><AHREF="perl-module-manual-installation.htm">Installing Perl modules</A></DT></DL></DD><DT>B. <AHREF="sample-openssl-usage.htm">Sample Certificate Documents</A></DT><DD><DL><DT><AHREF="sample-openssl-usage.htm#SAMPLE-PRIV-ENC-KEY">Sample Encrypted Private Key in PEM format (2048 bits)</A></DT><DT><AHREF="sample-priv-key.htm">Sample Private Key in PEM format (2048 bits)</A></DT><DT><AHREF="sample-key-components.htm">Sample Private Key in TXT format (2048 bits)</A></DT><DT><AHREF="sample-ca-cert.htm">Sample CA Certificate in PEM format</A></DT><DT><AHREF="sample-ca-cert-txt.htm">Sample CA Certificate in TXT format</A></DT><DT><AHREF="sample-cr.htm">Sample certificate request in PEM format</A></DT><DT><AHREF="sample-cr-txt.htm">Sample certificate request in TXT format</A></DT></DL></DD><DT>C. <AHREF="appendix-pkc.htm">Description of Public Key Algorithms</A></DT><DD><DL><DT><AHREF="appendix-pkc.htm#HOW-RSA-WORKS">How does RSA work?</A></DT><DD><DL><DT><AHREF="appendix-pkc.htm#HOW-RSA-WORKS-DESCRIPTION">Description</A></DT><DT><AHREF="appendix-pkc.htm#HOW-RSA-WORKS-EXAMPLE">Practical example</A></DT></DL></DD><DT><AHREF="how-elgamal-works.htm">How does El Gamal work?</A></DT><DD><DL><DT><AHREF="how-elgamal-works.htm#HOW-ELGAMAL-WORKS-DESCRIPTION">Description</A></DT><DT><AHREF="how-elgamal-works.htm#HOW-ELGAMAL-WORKS-EXAMPLE">Example</A></DT></DL></DD></DL></DD><DT>D. <AHREF="openca-installation.htm">OpenCA Installation details</A></DT><DD><DL><DT><AHREF="openca-installation.htm#SOFTWARE-INSTALLATION-SEQUENCE">Software installation sequence</A></DT><DD><DL><DT><AHREF="openca-installation.htm#INSTALL-GENERIC-PERL-MODULES">Installation of Perl modules</A></DT><DT><AHREF="openca-installation.htm#OPENCA-PERL-MODULES">Installation of OpenCA–specific modules</A></DT><DT><AHREF="openca-installation.htm#INSTALL-OPENCA">Installation of OpenCA</A></DT><DT><AHREF="openca-installation.htm#INSTALL-WWW-SERVER">WWW Server installation</A></DT><DT><AHREF="openca-installation.htm#INSTALL-LDAP">LDAP installation</A></DT></DL></DD><DT><AHREF="openssl-cnf-configuration.htm"><TTCLASS="FILENAME">openssl.cnf</TT> configuration for OpenCA</A></DT></DL></DD><DT>E. <AHREF="license.htm">License</A></DT><DD><DL><DT><AHREF="license.htm#AEN2042">GNU Free Documentation License</A></DT><DD><DL><DT><AHREF="license.htm#AEN2046">PREAMBLE</A></DT><DT><AHREF="license.htm#AEN2051">APPLICABILITY AND DEFINITIONS</A></DT><DT><AHREF="license.htm#AEN2061">VERBATIM COPYING</A></DT><DT><AHREF="license.htm#AEN2065">COPYING IN QUANTITY</A></DT><DT><AHREF="license.htm#AEN2071">MODIFICATIONS</A></DT><DT><AHREF="license.htm#AEN2107">COMBINING DOCUMENTS</A></DT><DT><AHREF="license.htm#AEN2112">COLLECTIONS OF DOCUMENTS</A></DT><DT><AHREF="license.htm#AEN2116">AGGREGATION WITH INDEPENDENT WORKS</A></DT><DT><AHREF="license.htm#AEN2119">TRANSLATION</A></DT><DT><AHREF="license.htm#AEN2122">TERMINATION</A></DT><DT><AHREF="license.htm#AEN2125">FUTURE REVISIONS OF THIS LICENSE</A></DT></DL></DD></DL></DD><DT><AHREF="z2128.htm">Colophon</A></DT><DT><AHREF="g2150.htm">Glossary</A></DT><DT><AHREF="b2431.htm">Bibliography</A></DT></DL></DIV><DIVCLASS="LOT"><DLCLASS="LOT"><DT><B>List of Tables</B></DT><DT>6-1. <AHREF="pkix.htm#AEN466">PKIX Terms</A></DT><DT>6-2. <AHREF="pkix-overview.htm#AEN603">Table of RFCs for PKIX documents</A></DT><DT>6-3. <AHREF="pkix-overview.htm#AEN649">PKI functionality</A></DT><DT>6-4. <AHREF="pkix-overview.htm#AEN682">PKI components</A></DT><DT>6-5. <AHREF="pkix-overview.htm#AEN718">PMI components</A></DT><DT>7-1. <AHREF="impl-openca.htm#AEN797">OpenCA Abbreviations</A></DT><DT>7-2. <AHREF="impl-openca.htm#AEN840">Current Versions of OpenCA prerequisite software</A></DT><DT>8-1. <AHREF="support.htm#AEN1200">WWW Support Locations</A></DT><DT>D-1. <AHREF="openca-installation.htm#AEN1674">Software installation matrix</A></DT><DT>D-2. <AHREF="openca-installation.htm#AEN1804">CAServer installation parameters</A></DT><DT>D-3. <AHREF="openca-installation.htm#AEN1839">RAServer WWW Server installation parameters</A></DT><DT>D-4. <AHREF="openca-installation.htm#AEN1879">RAServer installation parameters</A></DT><DT>D-5. <AHREF="openca-installation.htm#AEN1906">RAServer WWW Server installation parameters</A></DT><DT>D-6. <AHREF="openca-installation.htm#AEN1943">RAOperator WWW Server installation parameters</A></DT><DT>D-7. <AHREF="openssl-cnf-configuration.htm#AEN1990"><TTCLASS="FILENAME">openssl.cnf</TT> default values</A></DT></DL></DIV><DIVCLASS="LOT"><DLCLASS="LOT"><DT><B>List of Figures</B></DT><DT>6-1. <AHREF="pkix-overview.htm#PKIENTITIES">PKI Entities</A></DT><DT>6-2. <AHREF="pkix-overview.htm#ACEXCHANGES">Attribute Certificate Exchanges</A></DT><DT>7-1. <AHREF="impl-openca.htm#OPENCA-LAYOUT">Current OpenCA Layout</A></DT></DL></DIV></DIV><DIVCLASS="NAVFOOTER"><HRALIGN="LEFT"WIDTH="100%"><TABLEWIDTH="100%"BORDER="0"CELLPADDING="0"CELLSPACING="0"><TR><TDWIDTH="33%"ALIGN="left"VALIGN="top"> </TD><TDWIDTH="34%"ALIGN="center"VALIGN="top"> </TD><TDWIDTH="33%"ALIGN="right"VALIGN="top"><AHREF="this-document.htm">Next</A></TD></TR><TR><TDWIDTH="33%"ALIGN="left"VALIGN="top"> </TD><TDWIDTH="34%"ALIGN="center"VALIGN="top"> </TD><TDWIDTH="33%"ALIGN="right"VALIGN="top">Purpose of this document</TD></TR></TABLE></DIV></BODY></HTML>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -