IKE协议中的公钥证书的分析与实现

IKE协议是IPSec协议族中的重要组成部分，能够动态地建立和维护安全关联SA。它支持4种认证方法，其中的3种需用到公钥证书。对IKE中的公钥证书进行分析，指出需要建立一些机制来提高协议对证书的有效使用，在FreeS／W/AN基础上实现了一个简单的证书机制，用于对IKE相关部分的分析。这个证书机制也可用于独立的Intranet的IPSec应用。

Analysis and Implementation of the Public Key Certificates in IKE

A key component of the IP security architecture is the Internet key exchange protocol (IKE).IKE is used to dynamically establish and maintain security associations(SAs). Four different authentication methods are allowed in IKE and three of them are associated with public key certificate. This paper analyzes the use of certificates in IKE. Some special mechanisms must be adopted due to the efficiency of certificates. A simple certificate prototype is established for IKE implementing in FreeS/WAN. Based on this prototype, it could further continue the analysis. This prototype could also be applied in the application of IPSec in Intranet.