《esam操作过程》由会员分享,可在线阅读,更多相关《esam操作过程(14页珍藏版)》请在金锄头文库上搜索。
1、1终端关于 ESAM 的操作说明主要参考文件: Ref1:, Ref2:, Ref3:主要调试软件: Sw1:, 该软件模拟实际应用中主站的加密模块功能.名词解释: 密钥: 按是否公开分成公钥和私钥 公钥: 用于他方在接收到己方数据后,对数据有效性进行验证 私钥: 用于己方对即将发送给他方的数据进行加密 测试密钥:用于研发测试用的一套密钥套件(国网购买 ESAM 芯片上未打商标标识) 正式密钥:用于正式产品中的一套密钥套件(国网购买 ESAM 芯片上打商标标识) (PS:因此,终端需要保存主站公钥,主站需要保存终端公钥) 1、由于每个终端只能对应单个主站,因此主站公钥和主控公钥直接保存在 ES
2、AM 芯片中;而每个主站可以对应许 多个终端,因此终端公钥需要主站数据库一一保存. 2、测试密钥和正式密钥是两个不同的硬件芯片.21.终端非对称密钥对 1 注册主站: 随机数 1 -+-签名(主站私钥)- -解密获得终端公钥 1(终端公钥 2)-| | |终端: 随机数 2 - -验签(主站公钥),-加密终端公钥 1(终端私钥 2)说明: 通过以上流程, 主站获得了“终端公钥“. 说明: “读取终端随机数“与“更新密钥请求“两条指令唯一区别在于后者返回值中附加了序列号.举例: 获取终端随机数-A5 21 A5 00 00 6B 16A528A59100011122334455667788639
3、EBB32FFEFCAF311AFBDFDCA5C2BB1559C428F51668ED53FA7EBBA0840AB5CDBA80A52265A5584C4E235EF66C1ADCD3DEDDA54EA3C65FA4E8306F648EF58E35D76D4941D47B68915ECE5F4B8FC742ABE33B57DF88EA2FAF4091537751E544767E8BC44A63E15489B8682F701BF5485B1916073328CA0739F43A7BD9F8920F40029CE59B99CC1C28E163获取的终端公钥 2 为:6E80AA01D6001A
4、9734D2C8926234F87614C7B3F60CB829A759C1C6322F14102C93CEADA7551E6F32665324F9A698425038C772C10BED6935634ED5A01C3A4E8EBCD689573A0D6182A4306371FD15ADA15AF8AB861359B3D0D7A9E1B6C76B1C4113F53AF2D69223A34B35EACF141371C09854D4243070D168334B111A815FD3C38853650301000181081122334455667788-43.主控公钥更新主站: - -新公钥密文+签
5、名(cal)-|(请求更新) | | 终端: -随机数+序列号- -说明: 通过以上流程,主站下发给终端“主控公钥“举例:获取终端随机数+序列号-A5 2A A5 00 00 74 16A524A51001AEF028C309D7D07CDB1F44E5675F372450F897303E95EA046CF4905EB32D1A7411AE1612A2397F54E8AEEE2EAB74BBD62C8770C5D9315257601BBD1E3542FC9817B9FE0064E59EAE03B3FD00DD2F1DD9F16F2997ED7C3815BD5E50324FB6E928AA3E7
6、0DA4A2020EBE1FE414F4EB0B8728CA85A46CB2F77C0D6808DD88C5FCD70517B45CC3CC50318102DA8A5748AC5073719A82C23E38030D7A6FBD03FB3057B8858EB6C762D059C299B1423A480B418CE0D5CFEEDF91703FAF5EB9FFAA5E3F4FFA58934B389355E5A7ED29AB2FE8FCE8DC4FEDBACE85275384F628D88029ECA25B7182418848E7EFE2A5A15BA52934C0F16B10A467EE3FE2
7、59CB0E7FE7B6A588196C3D422ECD434692F8D1C0EB8D339C816A5 2A A5 00 00 74 16A525A51001B73C0675ADBAFE92550A7E0B31A82293692E5CF320115A72816F4C619EB3B3C83A4B02BADB13E7A4D315D0AE98F1B87CF8481BAC1BE31A48D7215EA9A13FFA430FB805542404A772EFB9648C08785018B7CB7827695F808149D727A4854E3111873FC7481EE9A9A3D78BE47B1AB
8、D7F13B6096AFCE61A65D829486EE4AF359E3929876F96C9E53A6D88081850ACE83D8BA66556E9CA19A1EB15FB6E4D990F55D96CDF994E07446FFC0FA39F21E432C632957E0E5B24F5B55EFB44FD31AFB869FE7B8E7D693CF72EEE42AE7723855DE84161EF3B49C8DBF6854FDB9DE981B2DBAF4A5DB5240AA660CBBAB1802EE4463DE9B24DE32580EE1196FF9BCD8CF46D1FF72D797D6
9、BCC02FF846ABBC034E720AFC9FA16A521A500006B16A526A590016EF76300567E6B55C1F1F013D3AF723E99137A94DAB03F5B0BA32E86CD2AFB01BD5F428A3E9DDAF208554E76DC1739FCF6694D7324DC32B2EA197525AF790F8EB29859A0B77381F5A25E4CAB9D856070A855F670F0B571E7C68F3DCB7D77325010E103D0966AC64B3DEA60D20EEBC9B815AAC276E5D1D7865F6A6AB
10、9FBB0607E48C97FC0F3251A5380A49619914803A2780537A6BD55988D50643AFD41FEE89DEC782626C5DF26651790D12FA5F65D082D0DAD4699EB773B048B206977BA563A6F86BA7BFED23FCAACAB59FDF05E30B18058152734C26118398234936E0F30657909CC28ECB1FD1217E4F65ADB02F5B82F4EE44BCC74DC79D089D614B6E38A032FDCB987C24A42A9077B4BCA38791297213
11、51939472984DED29DA3AD8CEAD5B6303F3693059E40AC65BDC112A4AC739C6575B4C3413E8E196902E9F71C7B92155329162987F5899745D018BD83C5D511743FB85310E38DB5C967CF66939E96086FB651CD0941CDA2FC6FF54CBB79ACD3B2DB8DBCA26CA03F0F7848B12369EC640D94E1B21B3B98C36C108C51E2820DFCC0E16-| |(返回验证结果) 终端: -验证(主控公钥)-说明:由于中的主控公钥和主站公
12、钥均不变,故只要主站随机数固定,生成的签名 也固定不变.举例主站根据随机数生成签名(如图)签名:C30541DBD3EC387800C4B71016254E6FE1524E7F310E68404AE884FBEA6D676C0B41CB3529E478A195487EEAB77C716025FBF36DE19EEF91758BFB921C21EA0E04E93A7FBD0583289865DFACF7CF86D876F2DA5A2B002F8AD11AE318556EE22758A9B28FBB454D98871492633237970C8D5AE84BE49E7D713B018F9A1967
13、6D10发送至终端(根据返回值判断终端保存的公钥正确性)-A523A58900011234567812345678C30541DBD3EC387800C4B71016254E6FE1524E7F310E68404AE884FBEA6D676C0B41CB3529E478A195487EEAB77C716025FBF36DE19EEF91758BFB921C21EA0E04E93A7FBD0583289865DFACF7CF86D876F2DA5A2B002F8AD11AE318556EE22758A9B28FBB454D98871492633237970C8D5AE84BE49E7D713B0
14、18F9A19676D105316A523A58900091234567812345678443D20F9ACE6C86A327E2C800EFA170B21570B5095AA4D88378CBE3BFD197A881F433FB0ADE92E4EAA23683820C448FDB543BE4531DB31E211352C7C1C3D1A8B40DA82A59D88A84D6A96C2F37A731EA661FFD175888BEF31139E4A03909C3BA9EBD34B6DF1189DFA4F96901D1672B41818FA9406130783403126B869A5C729A
15、FAE16-验签(主站公钥),-解密会话密钥(终端私钥 2),生成新终端密钥对,加密新终端公钥 1(会话密钥),加密并签名(终端私钥 2)说明: 通过以上流程, 主站获得了“新终端公钥 1“举例获取终端随机数-A521A500006B16A529A5 11010164A15A877A41F6BBB471D4C65E9183E9F9BA8E294EAC8B32CBC0D85C948607F73335AC265CA530DDECE7938B3B944489EA3C620CC5F3E5EDB6CAEAF8E9B2202283FEFCB94F91A4A432D05D8C08B96D2855718622B0643F6A3717BDF973231D9724934D77BBBE4731F3268DE4AA3D66549FC769270375F5E41A2441F6948140AC12345678123456785C13800FF909EE691815A551B869797D9C0D5CF8DC04A29BB13E
