证书certificate生成和验证的具体过程[收藏]

证书certificate生成和验证的具体过程[收藏]，好东西！好好收藏！

 

1.device generates a request(pkcs#10), encrypt it with its private key, then sends it to ca in asn message format, also include pkcs#10
pkcs#10:
device info
key size
device public key
(

challenge password)

ca info:
serial no.
available date of certificate
ca public key
hmac algorithm
crl location

2.ca generate a random hmac symmetric key

hmac function
3.pkcs#10 + ca info + random hmac symmetric key----------------------------->hmac
signature rsa algorithm
4.random hmac symmetric key + ca private key------------------------->encrypted hmac symmetric key
5.a certificate includes:
pkcs#10 (device info, key size, device public key, challenge password)
ca info (serial no., available date, ca public key, hmac algorithm, crl)
hmac signature
encrypted hmac symmetric key
ca sends this certificate to the device which send the request(pkcs#10) to ca

如图1
6.after receiving the certificate.
rsa alogorithm
encrypted hmac symmetric key + ca public key(included in ca info)-----------------------------> random hmac symmetric key generated by ca

hmac function
7.pkcs#10 + ca info + random hmac symmetric key computed just now----------------------->hmac signature

8.whether the hmac signature received from ca and the hmac signature computed just now by device are same or not !

如图2