A private key refers to a private key of a user in a Public Key Infrastructure (PKI) system.
A public key refers to a public key of a user in the PKI system.
A CA refers to an entity that issues certification authority in the PKI system. Request file of a certificate refers to a collection of information submitted to the CA by a user during the request for certificate.
A self-signature refers to a signature to request file of a certificate by using a private key of a user in the request file of a certificate submitted to the CA.
With the spread of informationization and digitalization, the key security receives more and more attentions from people. Online banking service, interne games, payment platforms, online stock exchanges and the like are all based on the security of private keys; in other words, the security of all online transactions of users relies on the private keys they keep. Therefore, the security of the private keys is extremely critical for online tradeoff, and in effect, the private key protection needs to start on generating correlative a key pair and transmitting the public key information or request file of a certificate over the network.
With current technologies, a key pair (a public key and a private key) is generated while a user is applying for certificate. This procedure is as follows: generating a public-private key pair from a client side; then, generating request file of a certificate according to the generated public key and information of the user; signing the generated request file of a certificate using the private key generated by the client side; and finally, transmitting the signed request file of a certificate to a CA through the network to be authenticated by the CA to become a certificate. However, as the client side is not a perfectly secured environment, hackers may filch the private key of the user through a Trojan program, or replace the public key of the user and the self-signature of the request file of a certificate by intercepting the request file of a certificate sent by the user, and seek profits using the private key before being detected by the user.
To sum up, there exist security vulnerabilities during the request for certificate in the prior art, a major problem of which is that the security of the environment of generating the key pair and the public key information or the request file of a certificate in the network transmission cannot be guaranteed.