signature=1d1ad92532e771ca7401d9d6b0ef5a98,远程密钥RKL实现.doc

远程密钥RKL实现

远程密钥下载(RKL)在XFS中实现

江清源

2013-05-15

TOC \o "1-3" \h \z \u HYPERLINK \l "_Toc311194384" 1缩写、符号和术语 PAGEREF _Toc311194384 \h 2

HYPERLINK \l "_Toc311194385" 2RKL简介 PAGEREF _Toc311194385 \h 3

HYPERLINK \l "_Toc311194386" 2.1加密算法介绍 PAGEREF _Toc311194386 \h 3

HYPERLINK \l "_Toc311194387" 2.1.1对称与非对称算法比较 PAGEREF _Toc311194387 \h 4

HYPERLINK \l "_Toc311194388" 2.1.2非对称算法的用途 PAGEREF _Toc311194388 \h 5

HYPERLINK \l "_Toc311194389" 2.2金融系统的密钥管理 PAGEREF _Toc311194389 \h 5

HYPERLINK \l "_Toc311194390" 2.2.1传统ATM采用的密钥管理体系 PAGEREF _Toc311194390 \h 5

HYPERLINK \l "_Toc311194391" 2.2.2RKL(Remote Key Loading) PAGEREF _Toc311194391 \h 6

HYPERLINK \l "_Toc311194392" 2.3RKL下载主密钥的思想 PAGEREF _Toc311194392 \h 7

HYPERLINK \l "_Toc311194393" 3Signature协议的RKL PAGEREF _Toc311194393 \h 7

HYPERLINK \l "_Toc311194394" 3.1操作流程 PAGEREF _Toc311194394 \h 7

HYPERLINK \l "_Toc311194395" 3.1.1初始化阶段 PAGEREF _Toc311194395 \h 7

HYPERLINK \l "_Toc311194396" 3.1.2交换公钥 PAGEREF _Toc311194396 \h 9

HYPERLINK \l "_Toc311194397" 3.1.3下载主密钥 PAGEREF _Toc311194397 \h 10

HYPERLINK \l "_Toc311194398" 3.2XFS层接口 PAGEREF _Toc311194398 \h 11

HYPERLINK \l "_Toc311194399" 4Certificate协议的RKL PAGEREF _Toc311194399 \h 11

HYPERLINK \l "_Toc311194400" 4.1操作流程 PAGEREF _Toc311194400 \h 11

HYPERLINK \l "_Toc311194401" 4.1.1初始阶段 PAGEREF _Toc311194401 \h 12

HYPERLINK \l "_Toc311194402" 4.1.2交换公钥证书 PAGEREF _Toc311194402 \h 14

HYPERLINK \l "_Toc311194403" 4.1.3下载主密钥 PAGEREF _Toc311194403 \h 15

HYPERLINK \l "_Toc311194404" 4.2XFS层接口 PAGEREF _Toc311194404 \h 16

HYPERLINK \l "_Toc311194405" 5测试数据 PAGEREF _Toc311194405 \h 17

HYPERLINK \l "_Toc311194406" 5.1签名协议测试数据 PAGEREF _Toc311194406 \h 17

HYPERLINK \l "_Toc311194407" 5.1.1GrgPK PAGEREF _Toc311194407 \h 17

HYPERLINK \l "_Toc311194408" 5.1.2HostPK PAGEREF _Toc311194408 \h 18

HYPERLINK \l "_Toc311194409" 5.1.3要下载的主密钥明文 PAGEREF _Toc311194409 \h 19

HYPERLINK \l "_Toc311194410" 5.2证书协议模拟测试数据 PAGEREF _Toc31119441