CN101674301B - Method for storing certificate - Google Patents

Abstract

Translated fromChinese

本发明公开了一种存储证书的方法，属于信息安全领域。所述方法包括：客户端计算机向安全设备发送选择应用目录文件、对象目录文件、存储目录文件、存储文件的指令，并将证书写入安全设备的存储文件中。通过客户端的计算机与安全设备的交互操作，将证书写入到安全设备的指定文件中，实现了证书的共享存储。

The invention discloses a method for storing certificates, which belongs to the field of information security. The method includes: the client computer sends instructions for selecting the application directory file, the object directory file, the storage directory file, and the storage file to the security device, and writes the certificate into the storage file of the security device. Through the interactive operation between the client computer and the security device, the certificate is written into the specified file of the security device, and the shared storage of the certificate is realized.

Description

Translated fromChinese

一种存储证书的方法A way to store certificates

技术领域technical field

本发明涉及信息安全领域，特别涉及一种存储证书的方法。The invention relates to the field of information security, in particular to a method for storing certificates.

背景技术Background technique

随着信息产业的快速发展，信息技术的发展不仅给人们的生活带来了极大的便利，还从根本上改变了人们的生活方式、行为方式和价值观念，同时信息技术在商业中的广泛应用对经济和社会发展也产生了巨大而深刻的影响。用户可以利用各种安全设备进行信息的传递、存储或身份认证等。With the rapid development of the information industry, the development of information technology not only brings great convenience to people's lives, but also fundamentally changes people's lifestyles, behaviors and values. At the same time, information technology is widely used in business. Applications have also had a huge and profound impact on economic and social development. Users can use various security devices for information transfer, storage or identity authentication.

安全设备(如智能卡和USB KEY等)是一种带有处理器和存储器的装置，主要用于信息传输、信息存储的安全，以及对网络传输信息内容的审计和身份认证，具有抗攻击的特性，安全性极高。正是由于安全设备的这些特性，它们可以在信息高速发达的今天，处理认证信息(如数字证书和权力，授权和加密密钥等)，并且还能够为敏感信息提供安全的存储和计算工具。其中，敏感信息可能包括：私钥和密钥片断、计数和保存的值、口令和共享的秘密、授权和许可等。A security device (such as a smart card and USB KEY) is a device with a processor and a memory, which is mainly used for the security of information transmission and information storage, as well as auditing and identity authentication of network transmission information content, and has the characteristics of anti-attack , extremely high security. It is precisely because of these characteristics of security devices that they can process authentication information (such as digital certificates and rights, authorization and encryption keys, etc.) in today's rapid information development, and can also provide secure storage and computing tools for sensitive information. Among them, sensitive information may include: private keys and key fragments, counts and saved values, passwords and shared secrets, authorizations and permissions, etc.

然而在现有技术中，用于认证和授权等的这些安全设备缺乏在不同级别上的互操作性，并且在安全设备上的数字证书的存放格式也缺乏工业标准，使得创建能够使用来自不同的技术厂商的证书工作的应用变得很困难，并且在应用领域解决这个问题也必然会增加开发和维护的成本；而且证书与在特定的硬件结构下使用特定的应用编程接口的特定的应用绑定在一起，也给客户端的用户带来了很大的问题；同时，允许多种应用有效的共享数字证书的机制也还不成熟，现有技术中不能实现证书的共享，这使应用开发者和用户受到很大的限制。However, in the prior art, these security devices used for authentication and authorization lack interoperability at different levels, and the storage format of digital certificates on security devices also lacks industrial standards, making it possible to create certificates that can be used from different The application of the certificate work of technology manufacturers becomes very difficult, and solving this problem in the application field will inevitably increase the cost of development and maintenance; and the certificate is bound to a specific application that uses a specific application programming interface under a specific hardware structure Together, it also brings a lot of problems to the users of the client; at the same time, the mechanism that allows multiple applications to effectively share digital certificates is not yet mature, and the sharing of certificates cannot be realized in the existing technology, which makes application developers and Users are very limited.

发明内容Contents of the invention

为了实现证书的共享，使得不同厂商生产的安全设备之间可以互相通用，本发明实施例提供了一种存储证书的方法。所述技术方案如下：In order to realize the sharing of certificates so that security devices produced by different manufacturers can use each other, the embodiment of the present invention provides a method for storing certificates. Described technical scheme is as follows:

一种存储证书的方法，所述方法包括：A method of storing credentials, the method comprising:

安全设备与客户端计算机建立连接；The security device establishes a connection with the client computer;

所述安全设备接收所述客户端计算机发送的选择应用目录文件的指令，所述选择应用目录文件的指令中携带所述应用目录文件的文件ID；The security device receives an instruction for selecting an application directory file sent by the client computer, and the instruction for selecting an application directory file carries a file ID of the application directory file;

所述安全设备根据所述应用文件目录的文件ID选择应用目录文件；The security device selects the application directory file according to the file ID of the application file directory;

所述安全设备接收所述客户端计算机发送的选择对象目录文件的指令，所述选择对象目录文件的指令中携带所述对象目录文件的文件ID；The security device receives an instruction for selecting an object directory file sent by the client computer, and the instruction for selecting an object directory file carries the file ID of the object directory file;

所述安全设备根据所述对象目录文件的文件ID选择对象目录文件；The security device selects the object directory file according to the file ID of the object directory file;

所述安全设备接收所述客户端计算机发送的读取对象目录文件内容的指令，并将读取到的所述对象目录文件的内容发送给所述客户端计算机；The security device receives an instruction to read the content of the object directory file sent by the client computer, and sends the read content of the object directory file to the client computer;

所述客户端计算机根据欲写入所述安全设备的证书的信息的类型，从所述对象目录文件的内容中获取所述证书的信息的类型对应的数据存储文件，并将所述证书的信息写入所述数据存储文件中。The client computer obtains the data storage file corresponding to the type of certificate information from the content of the object directory file according to the type of certificate information to be written into the security device, and stores the certificate information Write to the data storage file.

所述应用目录文件的文件ID为0x5015。The file ID of the application directory file is 0x5015.

所述对象目录文件的文件ID为0x5031。The file ID of the object directory file is 0x5031.

所述证书的信息的类型包括：证书信息，还包括私钥信息和/或公钥信息。The type of information of the certificate includes: certificate information, and private key information and/or public key information.

所述安全设备与客户端计算机建立连接之后，所述方法还包括：After the security device establishes a connection with the client computer, the method further includes:

在所述安全设备中分别创建用于存储所述私钥信息的文件、用于存储所述公钥信息的文件和用于存储所述证书信息的文件；respectively creating a file for storing the private key information, a file for storing the public key information, and a file for storing the certificate information in the security device;

在所述安全设备中创建文件ID为0x5031的对象目录文件，并将所述用于存储所述私钥信息的文件中的内容、所述用于存储所述公钥信息的文件中的内容和所述用于存储所述证书信息的文件中的内容写入所述对象目录文件中。Create an object directory file with a file ID of 0x5031 in the security device, and store the content in the file for storing the private key information, the content in the file for storing the public key information, and The content in the file for storing the certificate information is written into the object directory file.

所述客户端计算机根据欲写入所述安全设备的证书的信息的类型，从所述对象目录文件的内容中获取所述证书的信息的类型对应的数据存储文件，具体包括：The client computer obtains the data storage file corresponding to the type of certificate information from the content of the object directory file according to the type of certificate information to be written into the security device, specifically including:

所述客户端计算机根据接收到的所述对象目录文件的内容获得所述证书的信息的类型对应的存储目录文件ID；The client computer obtains the storage directory file ID corresponding to the type of certificate information according to the received content of the object directory file;

所述安全设备接收所述客户端计算机发送的选择存储目录文件的指令，所述选择存储目录文件的指令中携带所述存储目录文件ID；The security device receives an instruction for selecting a storage directory file sent by the client computer, and the instruction for selecting a storage directory file carries the storage directory file ID;

所述安全设备根据所述存储目录文件ID选择存储目录文件；The security device selects a storage directory file according to the storage directory file ID;

所述安全设备接收所述客户端计算机发送的读取所述存储目录文件的指令，并将读取到的所述存储目录文件的内容发送给所述客户端计算机；The security device receives an instruction to read the storage directory file sent by the client computer, and sends the read content of the storage directory file to the client computer;

所述客户端计算机根据接收到的所述存储目录文件的内容，获得所述证书的数据存储文件ID。The client computer obtains the data storage file ID of the certificate according to the content of the received storage directory file.

当所述证书的信息的类型为证书信息时，所述客户端计算机根据接收到的所述对象目录文件的内容获得所述证书的信息的类型对应的存储目录文件ID，具体包括：When the type of the certificate information is certificate information, the client computer obtains the storage directory file ID corresponding to the type of the certificate information according to the content of the received object directory file, specifically including:

所述客户端计算机在所述对象目录文件的内容中查找A4数据，所述A4数据为证书信息的标志；The client computer searches for A4 data in the content of the object directory file, and the A4 data is a sign of certificate information;

如果存在所述A4数据，读取所述A4数据后第1个字节的数据的值，作为第一读取值；If the A4 data exists, read the value of the first byte of data after the A4 data as the first read value;

读取所述第一读取值个字节的数据；Read the data of the first read value bytes;

判断所述第一读取值个字节的数据中的第1个字节的数据是否为30；Judging whether the first byte of data in the first read value bytes of data is 30;

如果是，读取所述30数据后第1个字节的数据的值，作为第二读取值；如果否，结束所述方法；If yes, read the value of the first byte of data after the 30 data, as the second read value; if not, end the method;

读取所述第二读取值个字节的数据；Read data of the second read value bytes;

判定所述第二读取值个字节的数据中的第1个字节的数据是否为04；Determine whether the first byte of data in the second read value bytes of data is 04;

如果是，读取所述04数据后的第1个字节的数据的值，作为第三读取值；如果否，结束所述方法；If yes, read the value of the first byte of data after the 04 data as the third read value; if not, end the method;

读取所述第三读取值个字节的数据，将所述第三读取值个字节的数据作为所述证书信息的存储目录文件ID；Read the data of the third read value bytes, and use the data of the third read value bytes as the storage directory file ID of the certificate information;

如果不存在所述A4数据，结束所述方法。If the A4 data does not exist, the method ends.

当所述证书的信息的类型为私钥信息时，所述客户端计算机根据接收到的所述对象目录文件的内容获得所述证书的信息的类型对应的存储目录文件ID，具体包括：When the type of the certificate information is private key information, the client computer obtains the storage directory file ID corresponding to the type of the certificate information according to the content of the received object directory file, specifically including:

所述客户端计算机在所述对象目录文件的内容中查找A0数据，所述A0数据为私钥信息的标志；The client computer searches for A0 data in the content of the object directory file, and the A0 data is a sign of private key information;

如果存在所述A0数据，读取所述A0数据后第1个字节的数据的值，作为第一读取值；If the A0 data exists, read the value of the first byte of data after the A0 data as the first read value;

读取所述第一读取值个字节的数据；Read the data of the first read value bytes;

判断所述第一读取值个字节的数据中的第1个字节的数据是否为30；Judging whether the first byte of data in the first read value bytes of data is 30;

如果是，读取所述30数据后第1个字节的数据的值，作为第二读取值；如果否，结束所述方法；If yes, read the value of the first byte of data after the 30 data, as the second read value; if not, end the method;

读取所述第二读取值个字节的数据；Read data of the second read value bytes;

判定所述第二读取值个字节的数据中的第1个字节的数据是否为04；Determine whether the first byte of data in the second read value bytes of data is 04;

如果是，读取所述04数据后的第1个字节的数据的值，作为第三读取值；如果否，结束所述方法；If yes, read the value of the first byte of data after the 04 data as the third read value; if not, end the method;

读取所述第三读取值个字节的数据，将所述第三读取值个字节的数据作为所述私钥信息的存储目录文件ID；Read the data of the third read value bytes, and use the data of the third read value bytes as the storage directory file ID of the private key information;

如果不存在所述A0数据，结束所述方法。If the A0 data does not exist, the method ends.

当所述证书的信息类型为公钥信息时，所述客户端计算机根据接收到的所述对象目录文件的内容获得所述证书的信息的类型对应的存储目录文件ID，具体包括：When the information type of the certificate is public key information, the client computer obtains the storage directory file ID corresponding to the type of information of the certificate according to the content of the received object directory file, specifically including:

所述客户端计算机在所述对象目录文件的内容中查找A1数据，所述A1数据为公钥信息的标志；The client computer searches for A1 data in the content of the object directory file, and the A1 data is a sign of public key information;

如果存在所述A1数据，读取所述A1数据后的第1个字节的数据的值，作为第一读取值；If the A1 data exists, read the value of the first byte of data after the A1 data as the first read value;

读取所述第一读取值个字节的数据；Read the data of the first read value bytes;

判断所述第一读取值个字节的数据中的第1个字节的数据是否为30；Judging whether the first byte of data in the first read value bytes of data is 30;

如果是，读取所述30数据后第1个字节的数据的值，作为第二读取值；如果否，结束所述方法；If yes, read the value of the first byte of data after the 30 data, as the second read value; if not, end the method;

读取所述第二读取值个字节的数据；Read data of the second read value bytes;

判定所述第二读取值个字节的数据中的第1个字节的数据是否为04；Determine whether the first byte of data in the second read value bytes of data is 04;

如果是，读取所述04数据后的第1个字节的数据的值，作为第三读取值；如果否，结束所述方法；If yes, read the value of the first byte of data after the 04 data as the third read value; if not, end the method;

读取所述第三读取值个字节的数据，将所述第三读取值个字节的数据作为所述公钥信息的存储目录文件ID；Read the data of the third read value bytes, and use the data of the third read value bytes as the storage directory file ID of the public key information;

如果不存在所述A1数据，结束所述方法。If the A1 data does not exist, the method ends.

所述客户端计算机根据接收到的所述存储目录文件的内容，获得所述证书的信息的数据存储文件ID，具体包括：The client computer obtains the data storage file ID of the certificate information according to the received content of the storage directory file, specifically including:

所述客户端计算机在所述存储目录文件的内容中查找A1数据；The client computer searches for A1 data in the content of the storage directory file;

如果存在所述A1数据：If the A1 data exists:

读取所述A1数据后的第一个字节的数据的值，作为第一读取值；Read the value of the data of the first byte after the A1 data, as the first read value;

读取所述第一读取值个字节的数据；Read the data of the first read value bytes;

判断所述第一读取值个字节的数据中的第1个字节的数据是否为30；Judging whether the first byte of data in the first read value bytes of data is 30;

如果是，读取所述30数据后第1个字节的数据的值，作为第二读取值；如果否，结束所述方法；If yes, read the value of the first byte of data after the 30 data, as the second read value; if not, end the method;

读取所述第二读取值个字节的数据；Read data of the second read value bytes;

判定所述第二读取值个字节的数据中的第1个字节的数据是否为30；Determine whether the first byte of data in the second read value bytes of data is 30;

如果是，读取所述30数据后的第1个字节的数据的值，作为第三读取值；如果否，结束所述方法；If yes, read the value of the first byte of data after the 30 data, as the third read value; if not, end the method;

读取所述第三读取值个字节的数据；Read the data of the third read value bytes;

判定所述第三读取值个字节的数据中的第1个字节的数据是否为04；Determine whether the first byte of data in the third read value bytes of data is 04;

如果是，读取所述04数据后的第1个字节的数据的值，作为第四读取值；如果否，结束所述方法；If yes, read the value of the first byte of data after the 04 data as the fourth read value; if not, end the method;

读取所述第四读取值个字节的数据，作为所述证书的存储文件ID；Read the data of the fourth read value bytes as the storage file ID of the certificate;

读取所述第四读取值个字节的数据后的第1个字节的数据，判定是否为02；Read the data of the first byte after the data of the fourth read value bytes, and determine whether it is 02;

如果是，读取所述02数据后的第1个字节的数据的值，作为第五读取值；如果否，结束所述方法；If yes, read the value of the first byte of data after the 02 data as the fifth read value; if not, end the method;

读取所述第五读取值个字节的数据，作为所述证书的信息在所述数据存储文件中的偏移地址；Read the fifth read value bytes of data as the offset address of the certificate information in the data storage file;

读取所述第五读取值个字节的数据后的第1个字节的数据，判定是否为08；Read the data of the first byte after the data of the fifth read value bytes, and determine whether it is 08;

如果是，读取所述08数据后的第1个字节的数据的值，作为第六读取值；如果否，结束所述方法；If yes, read the value of the first byte of data after the 08 data as the sixth read value; if not, end the method;

读取所述第六读取值个字节的数据，作为所述证书的长度；Read the sixth read value bytes of data as the length of the certificate;

如果不存在所述A1数据，结束所述方法。If the A1 data does not exist, the method ends.

所述将所述证书的信息写入所述数据存储文件中，具体包括：The writing the information of the certificate into the data storage file specifically includes:

所述安全设备接收所述客户端计算机发送的选择数据存储文件的指令，所述选择数据存储文件的指令中携带所述数据存储文件ID；The security device receives an instruction for selecting a data storage file sent by the client computer, and the instruction for selecting a data storage file carries the ID of the data storage file;

所述安全设备根据所述数据存储文件ID选择数据存储文件；The security device selects a data storage file according to the data storage file ID;

所述客户端计算机向所述安全设备发送写数据指令，所述写数据指令中携带所述证书的信息；The client computer sends a write data command to the security device, and the write data command carries the information of the certificate;

所述安全设备将所述证书的信息写入所述数据存储文件中。The security device writes the certificate information into the data storage file.

本发明实施例提供的技术方案带来的有益效果是：The beneficial effects brought by the technical solution provided by the embodiments of the present invention are:

通过客户端的计算机与安全设备的交互操作，将证书写入到安全设备的指定文件中，实现了证书的共享存储。Through the interactive operation between the client computer and the security device, the certificate is written into the specified file of the security device, and the shared storage of the certificate is realized.

附图说明Description of drawings

图1是本发明实施例1中提供的存储证书的方法流程图；FIG. 1 is a flowchart of a method for storing certificates provided in Embodiment 1 of the present invention;

图2是本发明实施例2中提供的存储证书的方法流程图；FIG. 2 is a flowchart of a method for storing certificates provided in Embodiment 2 of the present invention;

图3是本发明实施例3中提供的存储证书的方法流程图。Fig. 3 is a flowchart of a method for storing certificates provided in Embodiment 3 of the present invention.

具体实施方式Detailed ways

为使本发明的目的、技术方案和优点更加清楚，下面将结合附图对本发明实施方式作进一步地详细描述。In order to make the object, technical solution and advantages of the present invention clearer, the implementation manner of the present invention will be further described in detail below in conjunction with the accompanying drawings.

实施例1Example 1

本实施例提供了一种存储证书的方法，在本发明实施例中，证书的信息类型至少包括证书信息，进一步还可以包括私钥信息、公钥信息中的一个或两个，安全设备以智能卡为例，详细说明如何将证书的各种信息分别写入到安全设备中。This embodiment provides a method for storing certificates. In the embodiment of the present invention, the information type of the certificate includes at least certificate information, and may further include one or both of private key information and public key information. The security device uses a smart card As an example, how to write various information of the certificate into the security device in detail.

在说明存储证书的方法之前，首先说明一下智能卡的初始化过程，具体如下：Before explaining the method of storing certificates, first explain the initialization process of the smart card, as follows:

步骤001：在智能卡上分别创建存储私钥信息、公钥信息、证书信息的文件；Step 001: Create files for storing private key information, public key information, and certificate information on the smart card;

其中，在本实施例中，存储私钥信息的文件的文件ID可以为0x4400、存储公钥信息的文件的文件ID为0x4401、存储证书信息的文件的文件ID可以为0x4404。Wherein, in this embodiment, the file ID of the file storing the private key information may be 0x4400, the file ID of the file storing the public key information may be 0x4401, and the file ID of the file storing certificate information may be 0x4404.

步骤002：在智能卡上创建文件ID为0x5031的文件，并在该文件ID为0x5031的文件中写入步骤001中创建的文件的信息。Step 002: Create a file with a file ID of 0x5031 on the smart card, and write the information of the file created in step 001 into the file with a file ID of 0x5031.

其中，文件的信息可以但不限于包括文件的TLV(tag length value，标签长度值)编码格式等。Wherein, the file information may include, but is not limited to, the TLV (tag length value, tag length value) encoding format of the file.

其中，在本实施例中，写入数据可以为：Wherein, in this embodiment, the write data can be:

A006300404024400(文件ID为0x4400的TLV编码格式)A006300404024400 (TLV encoding format with file ID 0x4400)

A106300404024401(文件ID为0x4401的TLV编码格式)A106300404024401 (TLV encoding format with file ID 0x4401)

A406300404024404(文件ID为0x4404的TLV编码格式)A406300404024404 (TLV encoding format with file ID 0x4404)

至此，完成对智能卡的初始化过程。So far, the initialization process of the smart card is completed.

在智能卡完成初始化之后，参见图1，提供了一种将证书中的私钥信息写入智能卡的方法，具体包括：After the smart card is initialized, as shown in Figure 1, a method for writing the private key information in the certificate to the smart card is provided, including:

步骤101：智能卡与客户端计算机建立连接；Step 101: the smart card establishes a connection with the client computer;

步骤102：客户端计算机向智能卡发送选择应用目录文件(文件ID为0x5015)的选择文件指令；Step 102: the client computer sends a file selection instruction for selecting an application directory file (file ID is 0x5015) to the smart card;

其中，该步骤中的选择文件ID为0x5015的应用目录文件的选择文件指令具体可以为：APDU apdu(0x00，0xA4，0x00，0x00，0x02，0x5015)。Wherein, the file selection command for selecting the application directory file whose file ID is 0x5015 in this step may specifically be: APDU apdu(0x00, 0xA4, 0x00, 0x00, 0x02, 0x5015).

步骤103：智能卡接收客户端计算机发送的选择文件ID为0x5015的应用目录文件的选择文件指令，并选择文件ID为0x5015的文件，并将执行结果返回给客户端计算机；Step 103: the smart card receives the file selection instruction for selecting the application directory file with the file ID of 0x5015 sent by the client computer, selects the file with the file ID of 0x5015, and returns the execution result to the client computer;

当智能卡选择文件成功时，执行结果即为选择文件ID为0x5015的应用目录文件成功所对应的成功标识，需要说明的是，成功标识可以包括很多种，如0x9000等；When the smart card selects the file successfully, the execution result is the success identification corresponding to the success of selecting the application directory file whose file ID is 0x5015. It should be noted that the success identification can include many types, such as 0x9000, etc.;

当智能卡选择文件失败时，执行结果即为选择文件ID为0x5015的应用目录文件失败所对应的失败标识。When the smart card fails to select a file, the execution result is the failure identifier corresponding to the failure to select the application directory file whose file ID is 0x5015.

步骤104：客户端计算机判断接收到的智能卡返回的执行结果是否为成功标识；Step 104: the client computer judges whether the received execution result returned by the smart card is a successful identification;

如果是，则客户端计算机判定智能卡选择文件成功，执行步骤105；If yes, then the client computer determines that the smart card selects the file successfully, and executes step 105;

如果否，结束证书的存储操作。If not, end the storage operation of the certificate.

步骤105：客户端计算机向智能卡发送选择对象目录文件(文件ID为0x5031)的选择文件指令；Step 105: the client computer sends to the smart card a file selection instruction for selecting the object directory file (the file ID is 0x5031);

其中，该步骤中的选择对象目录文件的选择文件指令具体可以为：APDUapdu(0x00，0xA4，0x00，0x00，0x02，0x5031)。Wherein, the file selection instruction of the file selection object directory in this step may specifically be: APDUapdu(0x00, 0xA4, 0x00, 0x00, 0x02, 0x5031).

步骤106：智能卡接收到客户端计算机发送的选择文件ID为0x5031的对象目录文件的选择文件指令，并选择文件ID为0x5031的文件，将执行结果返回给客户端的计算机；Step 106: the smart card receives the file selection instruction for selecting the object directory file whose file ID is 0x5031 sent by the client computer, selects the file whose file ID is 0x5031, and returns the execution result to the client computer;

当智能卡选择文件成功时，执行结果即为选择文件ID为0x5031的对象目录文件成功所对应的成功标识，需要说明的是，成功标识可以包括很多种，如0x9000等；When the smart card selects the file successfully, the execution result is the successful identification corresponding to the successful selection of the object directory file whose file ID is 0x5031. It should be noted that the successful identification can include many types, such as 0x9000, etc.;

当智能卡选择文件失败时，执行结果即为选择文件ID为0x5031的对象目录文件失败所对应的失败标识。When the smart card fails to select a file, the execution result is the failure identifier corresponding to the failure to select the object directory file whose file ID is 0x5031.

步骤107：客户端计算机判断接收到的智能卡返回的执行结果是否为成功标识；Step 107: the client computer judges whether the received execution result returned by the smart card is a successful identification;

如果是，则客户端计算机判定智能卡选择文件成功，执行步骤108；If yes, then the client computer judges that the smart card selects the file successfully, and executes step 108;

如果否，结束证书的存储操作。If not, end the storage operation of the certificate.

步骤108：客户端计算机向智能卡发送读取对象目录文件(文件ID为0x5031)的读取文件指令；Step 108: the client computer sends a read file instruction to the smart card to read the object directory file (the file ID is 0x5031);

其中，该步骤中读取文件ID为0x5031的对象目录文件的读取文件指令具体可以为：APDU apdu(0x80，0xB0，0x00，0x00，0x00，0x00)。Wherein, in this step, the instruction to read the object directory file whose file ID is 0x5031 may specifically be: APDU apdu(0x80, 0xB0, 0x00, 0x00, 0x00, 0x00).

步骤109：智能卡接收到客户端计算机发送的读取文件ID为0x5031的对象目录文件的读取文件指令，并将执行结果发送给客户端计算机；Step 109: the smart card receives the instruction to read the object directory file whose file ID is 0x5031 sent by the client computer, and sends the execution result to the client computer;

当智能卡读取文件成功时，执行结果为读取文件ID为0x5031的对象目录文件成功所对应的成功标识，以及文件ID为0x5031的对象目录文件中的数据内容。需要说明的是，成功标识可以包括很多种，如0x9000等；When the smart card reads the file successfully, the execution result is the success identifier corresponding to the success of reading the object directory file with the file ID 0x5031, and the data content in the object directory file with the file ID 0x5031. It should be noted that the successful identification can include many types, such as 0x9000, etc.;

当智能卡读取文件失败时，执行结果即为读取文件ID为0x5031的对象目录文件失败所对应的失败标识。When the smart card fails to read the file, the execution result is the failure identifier corresponding to the failure to read the object directory file whose file ID is 0x5031.

步骤110：客户端计算机判断智能卡返回的执行结果中是否包括成功标识；Step 110: the client computer judges whether the execution result returned by the smart card includes a success identifier;

如果包括成功标识，则说明客户端计算机已经获取到了智能卡中的对象目录文件的内容。客户端计算机可以在智能卡拔离计算机之前不再重复获得该对象目录文件中的内容，因此，在将证书中的各种信息类型逐一写入智能卡的情况下，可以不再重复步骤101至步骤109。If the successful identification is included, it means that the client computer has acquired the content of the object directory file in the smart card. The client computer can no longer repeatedly obtain the contents of the object directory file before the smart card is pulled out of the computer. Therefore, in the case of writing various types of information in the certificate to the smart card one by one, it is not necessary to repeat steps 101 to 109 .

客户端计算机接收到的执行结果中还包括文件ID为0x5031的对象目录文件的数据内容，具体的数据内容可以如下所示：The execution result received by the client computer also includes the data content of the object directory file whose file ID is 0x5031, and the specific data content can be as follows:

A0 06 30 04 04 02 44 00A0 06 30 04 04 02 44 00

A1 06 30 04 04 02 44 01A1 06 30 04 04 02 44 01

A4 06 30 04 04 02 44 04A4 06 30 04 04 02 44 04

客户端计算机根据欲写入智能卡中的证书的信息类型，从接收到的数据内容中选择该信息类型所对应的存储目录文件ID。According to the information type of the certificate to be written into the smart card, the client computer selects the storage directory file ID corresponding to the information type from the received data content.

当欲写入智能卡的证书的信息类型为私钥信息时，具体的操作如下所示：When the information type of the certificate to be written into the smart card is private key information, the specific operation is as follows:

(1)查找数据中的A0数据，其中，A0代表的是私钥标志。(1) Find the A0 data in the data, where A0 represents the private key symbol.

(2)如果查找到A0数据，则读取A0后面1个字节的数据(在本实施例中A0后面的数据为06)作为第一读取值；如果查找不到A0，则结束证书的存储操作；(2) If A0 data is found, then read the data of 1 byte behind A0 (in this embodiment, the data behind A0 is 06) as the first read value; if A0 cannot be found, then end the certificate storage operations;

(3)读取第一读取值06后面的6个字节的数据，查找所读取数据的第1个字节，如果查找到第1个字节为30，则读取30后面的1个字节的数据(本实施例中30后面的第1个字节的数据为04)作为第二读取值；如果查找到第1个字节不是30，则结束证书的存储操作；(3) Read the data of the 6 bytes after the first read value 06, search for the first byte of the read data, if the first byte is found to be 30, then read the 1 after 30 The data of bytes (the data of the first byte after 30 in this embodiment is 04) is used as the second read value; if the first byte is found to be not 30, the storage operation of the certificate is ended;

(4)读取第二读取值04后面的4个字节，查找所读取数据的第1个字节，如果查找到04，则读取04后面的1个字节的数据(本实施例中04后面的1个字节的数据为02)作为第三读取值；如果查找到第1个字节不是04，则结束证书的存储操作；(4) Read the 4 bytes behind the second read value 04, search for the first byte of the read data, if 04 is found, then read the data of 1 byte behind 04 (this implementation In the example, the data of 1 byte after 04 is 02) as the third read value; if the first byte is not 04, the storage operation of the certificate is ended;

(5)读取第三读取值02后面的2个字节，得到的数据为A0所代表的数据的存储路径(在本实施例中为4400，即私钥数据的存储路径为文件ID为0x4400的文件)，并执行步骤111。(5) Read the 2 bytes behind the third read value 02, and the obtained data is the storage path of the data represented by A0 (in this embodiment, it is 4400, that is, the storage path of the private key data is the file ID is 0x4400), and execute step 111.

如果不包括成功标识，结束证书的存储操作。If the successful identification is not included, the storage operation of the certificate is terminated.

步骤111：客户端计算机向智能卡发送选择存储目录文件(文件ID为0x4400)的选择文件指令；Step 111: the client computer sends a file selection instruction for selecting a storage directory file (file ID is 0x4400) to the smart card;

其中，本步骤中选择文件ID为0x4400的存储目录文件的选择文件指令具体可以为：APDU apdu(0x00，0xA4，0x00，0x00，0x02，0x4400)。Wherein, the file selection instruction for selecting the storage directory file whose file ID is 0x4400 in this step may specifically be: APDU apdu(0x00, 0xA4, 0x00, 0x00, 0x02, 0x4400).

步骤112：智能卡接收选择文件ID为0x4400的存储目录文件的选择文件指令，并选择文件ID为0x4400的文件，并将执行结果返回给客户端计算机；Step 112: the smart card receives a file selection instruction for selecting a storage directory file with a file ID of 0x4400, selects a file with a file ID of 0x4400, and returns the execution result to the client computer;

当智能卡选择文件成功时，执行结果为选择文件ID为0x4400的存储目录文件成功所对应的成功标识。需要说明的是，成功标识可以包括很多种，如0x9000等；When the smart card selects the file successfully, the execution result is the success identifier corresponding to the successful selection of the storage directory file whose file ID is 0x4400. It should be noted that the successful identification can include many types, such as 0x9000, etc.;

当智能卡选择文件失败时，执行结果即为选择文件ID为0x4400失败所对应的失败标识。When the smart card fails to select the file, the execution result is the failure identifier corresponding to the failure to select the file whose ID is 0x4400.

步骤113：客户端计算机判断接收到的智能卡返回的执行结果是否为成功标识；Step 113: the client computer judges whether the received execution result returned by the smart card is a successful identification;

如果是，则客户端计算机判定智能卡选择文件成功，则执行步骤114；If yes, then the client computer determines that the smart card selects the file successfully, and then executes step 114;

如果否，则结束证书的存储操作。If not, the storage operation of the certificate ends.

步骤114：客户端计算机向智能卡发送读取存储目录文件(文件ID为0x4400)的读取文件指令；Step 114: the client computer sends a read file instruction to the smart card to read the storage directory file (the file ID is 0x4400);

其中，该步骤中读取文件ID为0x4400的存储目录文件的读取文件指令具体可以为：APDU apdu(0x80，0xB0，0x00，0x00，0x00，0x00)。Wherein, in this step, the file reading instruction for reading the storage directory file whose file ID is 0x4400 may specifically be: APDU apdu(0x80, 0xB0, 0x00, 0x00, 0x00, 0x00).

步骤115：智能卡接收并执行读取文件ID为0x4400的存储目录文件的读取文件指令，并将执行结果返回给客户端计算机；Step 115: the smart card receives and executes the instruction to read the storage directory file whose file ID is 0x4400, and returns the execution result to the client computer;

当智能卡读取文件成功时，执行结果为读取文件ID为0x4400的存储目录文件成功所对应的成功标识，以及文件ID为0x4400的存储目录文件中的数据内容。需要说明的是，成功标识可以包括很多种，如0x9000等；When the smart card reads the file successfully, the execution result is the success identification corresponding to the successful reading of the storage directory file with the file ID of 0x4400, and the data content in the storage directory file with the file ID of 0x4400. It should be noted that the successful identification can include many types, such as 0x9000, etc.;

当智能卡读取文件失败时，执行结果即为读取文件ID为0x4400的存储目录文件失败所对应的失败标识。When the smart card fails to read the file, the execution result is the failure identifier corresponding to the failure to read the storage directory file whose file ID is 0x4400.

步骤116：客户端计算机判断智能卡返回的执行结果中是否包括成功标识；Step 116: the client computer judges whether the execution result returned by the smart card includes a success identifier;

如果包括成功标识，则客户端计算机所接收到的执行结果中还包括文件ID为0x4400的存储目录文件的数据内容，具体的数据内容如下：If the successful identification is included, the execution result received by the client computer also includes the data content of the storage directory file whose file ID is 0x4400, and the specific data content is as follows:

A1 13 30 11 30 0B 04 02 43 01 02 01 00 80 02 00 8D 02 02 04 00A1 13 30 11 30 0B 04 02 43 01 02 01 00 80 02 00 8D 02 02 04 00

客户端计算机根据接收到的数据内容，进行如下操作：The client computer performs the following operations according to the received data content:

(1)查找数据中的A1数据；(1) Find the A1 data in the data;

如果查找到A1，则读取A1后面的第1个字节的数据(本实施例中为13)作为第一读取值；If A1 is found, then read the data of the first byte after A1 (13 in this embodiment) as the first read value;

如果查找不到A1，则结束证书的存储操作。If A1 cannot be found, the certificate storage operation ends.

(2)读取第一读取值13后面的0x13个字节的数据，查找所读取数据的第1个字节，如果是30，则读取30后面的第1个字节的数据(本实施例中为11)作为第二读取值；如果不是30，则结束证书的存储操作；(2) Read the data of 0x13 bytes behind the first read value 13, search for the first byte of the read data, if it is 30, then read the data of the first byte after 30 ( In the present embodiment, be 11) as the second read value; If not 30, then end the storage operation of the certificate;

(3)读取第二读取值11后面的0x11个字节的数据，查找所读取数据的第1个字节，如果是30，则读取30后面的第1个字节的数据(本实施例中为0B)作为第三读取值；如果不是30，则结束证书的存储操作；(3) Read the data of 0x11 bytes behind the second read value 11, search for the first byte of the read data, if it is 30, then read the data of the first byte after 30 ( In the present embodiment, OB) is used as the third read value; if it is not 30, then end the storage operation of the certificate;

(4)读取第三读取值0B后面的0x0B个字节的数据，查找所读取数据的第1个字节，如果是04，则读取04后面的第1个字节的数据(本实施例中位02)作为第四读取值；如果不是04，则结束证书的存储操作；(4) Read the data of 0x0B bytes behind the third read value 0B, search for the first byte of the read data, if it is 04, then read the data of the first byte after 04 ( In the present embodiment, bit (02) is used as the fourth read value; if it is not 04, the storage operation of the certificate is ended;

(5)读取第四读取值02后面的0x02个字节的数据，所得到的数据为私钥数据的存储路径(在本实施例中为4301，即私钥数据的存储路径为0x4301)；(5) Read the data of 0x02 bytes behind the fourth read value 02, and the obtained data is the storage path of the private key data (in this embodiment, it is 4301, that is, the storage path of the private key data is 0x4301) ;

(6)读取4301后面的数据，查找所读取数据的第1个字节，如果是02，读取02后面的1个字节的数据(本实施例中为01)作为第五读取值；如果不是02，则结束证书的存储操作；(6) Read the data behind 4301, search for the first byte of the read data, if it is 02, read the data of 1 byte behind 02 (01 in this embodiment) as the fifth read value; if it is not 02, end the storage operation of the certificate;

(7)读取第五读取值01后面的0x01个字节的数据，所述数据为私钥数据在数据存储文件中的偏移地址(本实施例中为00，即私钥数据在数据存储文件中的偏移地址为00)；(7) Read the data of 0x01 bytes behind the fifth read value 01, the data is the offset address of the private key data in the data storage file (00 in this embodiment, that is, the private key data is in the data storage file The offset address in the storage file is 00);

(8)读取00后面的数据，查找所读取数据的第1个字节，如果是80，则读取80后面的1个字节数据(本实施例中为02)作为第六读取值；如果不是80，则结束证书的存储操作；(8) read the data after 00, look for the first byte of the read data, if it is 80, then read 1 byte data (02 in this embodiment) after 80 as the sixth read value; if it is not 80, end the storage operation of the certificate;

(9)读取第六读取值02后面的0x02个字节的数据，所得数据位私钥数据的长度(在本实施例中为008D，即私钥数据的长度为008D)(9) Read the data of 0x02 bytes behind the sixth read value 02, and the length of the obtained data bit private key data (008D in this embodiment, that is, the length of the private key data is 008D)

至此，客户端计算机得到如下信息：将要存放私钥数据的数据存储文件的文件ID为0x4301，将要存放的私钥数据在数据存储文件的偏移地址为00，将要存放的私钥数据占用数据存储文件的空间为0x8D。So far, the client computer has obtained the following information: the file ID of the data storage file to store the private key data is 0x4301, the offset address of the private key data to be stored in the data storage file is 00, and the private key data to be stored occupies the data storage The space of the file is 0x8D.

如果不包括成功标识，则结束证书的存储操作。If no successful identification is included, the certificate storage operation ends.

步骤117：客户端计算机向智能卡发送选择数据存储文件(文件ID为0x4301)的选择文件指令；Step 117: the client computer sends a file selection instruction for selecting a data storage file (file ID is 0x4301) to the smart card;

其中，选择文件ID为0x4301的数据存储文件的选择文件指令具体可以为：APDU apdu(0x00，0xA4，0x00，0x00，0x02，0x4301)。Wherein, the file selection command for selecting the data storage file whose file ID is 0x4301 may specifically be: APDU apdu(0x00, 0xA4, 0x00, 0x00, 0x02, 0x4301).

步骤118：智能卡接收选择文件ID为0x4301的数据存储文件的选择文件指令，并选择文件ID为0x4301的文件，再将执行结果返回给客户端计算机；Step 118: The smart card receives a file selection instruction for selecting a data storage file with a file ID of 0x4301, selects a file with a file ID of 0x4301, and then returns the execution result to the client computer;

当智能卡选择文件成功时，执行结果为选择文件ID为0x4301的数据存储文件成功所对应的成功标识。需要说明的是，成功标识可以包括很多种，如0x9000等；When the smart card selects the file successfully, the execution result is the success identifier corresponding to the successful selection of the data storage file whose file ID is 0x4301. It should be noted that the successful identification can include many types, such as 0x9000, etc.;

当智能卡选择文件失败时，执行结果即为选择文件ID为0x4301失败所对应的失败标识。When the smart card fails to select the file, the execution result is the failure identifier corresponding to the failure to select the file whose ID is 0x4301.

步骤119：客户端计算机判断智能卡返回的执行结果是否为成功标识；Step 119: the client computer judges whether the execution result returned by the smart card is a successful identification;

如果是，则客户端计算机判定智能卡选择文件成功，执行步骤120；If yes, then the client computer judges that the smart card selects the file successfully, and executes step 120;

如果否，结束证书的存储操作。If not, end the storage operation of the certificate.

步骤120：客户端计算机向智能卡发送写数据指令，其中，欲写入智能卡的数据为私钥信息；Step 120: the client computer sends a data write command to the smart card, wherein the data to be written into the smart card is private key information;

其中，写数据指令具体可以为：APDU apdu(0x80，0xD6，0x00，0x00，0x00，0x00)。Among them, the write data command can specifically be: APDU apdu(0x80, 0xD6, 0x00, 0x00, 0x00, 0x00).

步骤121：智能卡接收并执行写数据指令，将私钥信息写入文件ID为0x4301的数据存储文件中，并将执行结果返回给客户端计算机；Step 121: the smart card receives and executes the write data instruction, writes the private key information into the data storage file whose file ID is 0x4301, and returns the execution result to the client computer;

当智能卡写入数据成功时，执行结果为写入文件ID为0x4301的数据存储文件成功所对应的成功标识。需要说明的是，成功标识可以包括很多种，如0x9000等；When the smart card writes data successfully, the execution result is the success identifier corresponding to the successful writing of the data storage file whose file ID is 0x4301. It should be noted that the successful identification can include many types, such as 0x9000, etc.;

当智能卡写入文件失败时，执行结果即为写入文件ID为0x4301的数据存储文件失败所对应的失败标识。When the smart card fails to write the file, the execution result is the failure identifier corresponding to the failure to write the data storage file whose file ID is 0x4301.

步骤122：客户端计算机判断智能卡返回的执行结果是否为成功标识；Step 122: the client computer judges whether the execution result returned by the smart card is a successful identification;

如果是，则存储私钥数据成功；If yes, the private key data is stored successfully;

如果否，则结束证书的存储操作。If not, the storage operation of the certificate ends.

可代替的，在上述步骤110中，当欲写入智能卡的证书的信息类型为公钥信息时，具体的操作如下所示：Alternatively, in the above step 110, when the information type of the certificate to be written into the smart card is public key information, the specific operation is as follows:

(1)查找数据中的A1数据，其中，A1代表的是公钥标志。(1) Find the A1 data in the data, where A1 represents the public key token.

(2)如果查找到A1数据，则读取A1后面1个字节的数据(在本实施例中A1后面的数据为06)作为第一读取值；如果查找不到A1数据，则结束证书的存储操作；(2) If the A1 data is found, then read the data of 1 byte behind A1 (in this embodiment, the data behind A1 is 06) as the first read value; if the A1 data cannot be found, then end the certificate storage operations;

(3)读取第一读取值06后面的6个字节的数据，查找所读取数据的第1个字节，如果查找到第1个字节为30，则读取30后面的1个字节的数据(本实施例中30后面的第1个字节的数据为04)作为第二读取值；如果查找到第1个字节不是30，则结束证书的存储操作；(3) Read the data of the 6 bytes after the first read value 06, search for the first byte of the read data, if the first byte is found to be 30, then read the 1 after 30 The data of bytes (the data of the first byte after 30 in this embodiment is 04) is used as the second read value; if the first byte is found to be not 30, the storage operation of the certificate is ended;

(4)读取第二读取值04后面的4个字节，查找所读取数据的第1个字节，如果查找到04，则读取04后面的1个字节的数据(本实施例中04后面的1个字节的数据为02)作为第三读取值；如果查找到第1个字节不是04，则结束证书的存储操作；(4) Read the 4 bytes behind the second read value 04, search for the first byte of the read data, if 04 is found, then read the data of 1 byte behind 04 (this implementation In the example, the data of 1 byte after 04 is 02) as the third read value; if the first byte is not 04, the storage operation of the certificate is ended;

(5)读取第三读取值02后面的2个字节，得到的数据为A1所代表的数据的存储路径(在本实施例中为4401，即公钥数据的存储路径为文件ID为0x4401的文件)，并执行步骤211。(5) Read the 2 bytes behind the third read value 02, and the obtained data is the storage path of the data represented by A1 (in this embodiment, 4401, that is, the storage path of the public key data is that the file ID is 0x4401), and execute step 211.

如果不包括成功标识，结束证书的存储操作。If the successful identification is not included, the storage operation of the certificate is terminated.

步骤211：客户端计算机向智能卡发送选择存储目录文件(文件ID为0x4401)的选择文件指令；Step 211: the client computer sends a file selection instruction for selecting a storage directory file (file ID is 0x4401) to the smart card;

其中，本步骤中选择文件ID为0x4401的存储目录文件的选择文件指令具体可以为：APDU apdu(0x00，0xA4，0x00，0x00，0x02，0x4401)。Wherein, in this step, the file selection instruction for selecting the storage directory file whose file ID is 0x4401 may specifically be: APDU apdu(0x00, 0xA4, 0x00, 0x00, 0x02, 0x4401).

步骤212：智能卡接收选择文件ID为0x4401的存储目录文件的选择文件指令，并选择文件ID为0x4401的文件，并将执行结果返回给客户端计算机；Step 212: The smart card receives a file selection instruction for selecting a storage directory file with a file ID of 0x4401, selects a file with a file ID of 0x4401, and returns the execution result to the client computer;

当智能卡选择文件成功时，执行结果为选择文件ID为0x4401的存储目录文件成功所对应的成功标识。需要说明的是，成功标识可以包括很多种，如0x9000等；When the smart card selects the file successfully, the execution result is the success identifier corresponding to the successful selection of the storage directory file whose file ID is 0x4401. It should be noted that the successful identification can include many types, such as 0x9000, etc.;

当智能卡选择文件失败时，执行结果即为选择文件ID为0x4401失败所对应的失败标识。When the smart card fails to select the file, the execution result is the failure identifier corresponding to the failure to select the file whose ID is 0x4401.

步骤213：客户端计算机判断接收到的智能卡返回的执行结果是否为成功标识；Step 213: the client computer judges whether the received execution result returned by the smart card is a successful identification;

如果是，则客户端计算机判定智能卡选择文件成功，则执行步骤214；If yes, then the client computer determines that the smart card selects the file successfully, and then executes step 214;

如果否，则结束证书的存储操作。If not, the storage operation of the certificate ends.

步骤214：客户端计算机向智能卡发送读取存储目录文件(文件ID为0x4401)的读取文件指令；Step 214: the client computer sends a read file instruction for reading the storage directory file (file ID is 0x4401) to the smart card;

其中，该步骤中读取文件ID为0x4401的存储目录文件的读取文件指令具体可以为：APDU apdu(0x80，0xB0，0x00，0x00，0x00，0x00)。Wherein, in this step, the instruction to read the storage directory file whose file ID is 0x4401 may specifically be: APDU apdu(0x80, 0xB0, 0x00, 0x00, 0x00, 0x00).

步骤215：智能卡接收并执行读取文件ID为0x4401的存储目录文件的读取文件指令，并将执行结果返回给客户端计算机；Step 215: the smart card receives and executes the instruction to read the storage directory file whose file ID is 0x4401, and returns the execution result to the client computer;

当智能卡读取文件成功时，执行结果为读取文件ID为0x4401的存储目录文件成功所对应的成功标识，以及文件ID为0x4401的存储目录文件中的数据内容。需要说明的是，成功标识可以包括很多种，如0x9000等；When the smart card reads the file successfully, the execution result is the success identification corresponding to the successful reading of the storage directory file with the file ID of 0x4401, and the data content in the storage directory file with the file ID of 0x4401. It should be noted that the successful identification can include many types, such as 0x9000, etc.;

当智能卡读取文件失败时，执行结果即为读取文件ID为0x4401的存储目录文件失败所对应的失败标识。When the smart card fails to read the file, the execution result is the failure identifier corresponding to the failure to read the storage directory file whose file ID is 0x4401.

步骤216：客户端计算机判断智能卡返回的执行结果中是否包括成功标识；Step 216: the client computer judges whether the execution result returned by the smart card includes a success identifier;

如果包括成功标识，则客户端计算机所接收到的执行结果中还包括文件ID为0x4401的存储目录文件的数据内容，具体的数据内容如下：If the successful identification is included, the execution result received by the client computer also includes the data content of the storage directory file whose file ID is 0x4401, and the specific data content is as follows:

A1 13 30 11 30 0B 04 02 43 00 02 01 00 80 02 00 8D 02 02 04 00A1 13 30 11 30 0B 04 02 43 00 02 01 00 80 02 00 8D 02 02 04 00

客户端计算机根据接收到的数据内容，进行如下操作：The client computer performs the following operations according to the received data content:

(1)查找数据中的A1数据；(1) Find the A1 data in the data;

如果查找到A1，则读取A1后面的第1个字节的数据(本实施例中为13)作为第一读取值；If A1 is found, then read the data of the first byte after A1 (13 in this embodiment) as the first read value;

如果查找不到A1，则结束证书的存储操作。If A1 cannot be found, the certificate storage operation ends.

(2)读取第一读取值13后面的0x13个字节的数据，查找所读取数据的第1个字节，如果是30，则读取30后面的第1个字节的数据(本实施例中为11)作为第二读取值；如果不是30，则结束证书的存储操作；(2) Read the data of 0x13 bytes behind the first read value 13, search for the first byte of the read data, if it is 30, then read the data of the first byte after 30 ( In the present embodiment, be 11) as the second read value; If not 30, then end the storage operation of the certificate;

(3)读取第二读取值11后面的0x11个字节的数据，查找所读取数据的第1个字节，如果是30，则读取30后面的第1个字节的数据(本实施例中为0B)作为第三读取值；如果不是30，则结束证书的存储操作；(3) Read the data of 0x11 bytes behind the second read value 11, search for the first byte of the read data, if it is 30, then read the data of the first byte after 30 ( In the present embodiment, OB) is used as the third read value; if it is not 30, then end the storage operation of the certificate;

(4)读取第三读取值0B后面的0x0B个字节的数据，查找所读取数据的第1个字节，如果是04，则读取04后面的第1个字节的数据(本实施例中位02)作为第四读取值；如果不是04，则结束证书的存储操作；(4) Read the data of 0x0B bytes behind the third read value 0B, search for the first byte of the read data, if it is 04, then read the data of the first byte after 04 ( In the present embodiment, bit (02) is used as the fourth read value; if it is not 04, the storage operation of the certificate is ended;

(5)读取第四读取值02后面的0x02个字节的数据，所得到的数据为公钥数据的存储路径(在本实施例中为4301，即公钥数据的存储路径为0x4300)；(5) Read the data of 0x02 bytes behind the fourth read value 02, and the obtained data is the storage path of the public key data (4301 in this embodiment, that is, the storage path of the public key data is 0x4300) ;

(6)读取4300后面的数据，查找所读取数据的第1个字节，如果是02，读取02后面的1个字节的数据(本实施例中为01)作为第五读取值；如果不是02，则结束证书的存储操作；(6) Read the data behind 4300, search for the first byte of the read data, if it is 02, read the data of 1 byte behind 02 (01 in this embodiment) as the fifth read value; if it is not 02, end the storage operation of the certificate;

(7)读取第五读取值01后面的0x01个字节的数据，所述数据为公钥数据在数据存储文件中的偏移地址(本实施例中为00，即公钥数据在数据存储文件中的偏移地址为00)；(7) Read the data of 0x01 bytes behind the fifth read value 01, the data is the offset address of the public key data in the data storage file (00 in this embodiment, that is, the public key data is in the data storage file The offset address in the storage file is 00);

(8)读取00后面的数据，查找所读取数据的第1个字节，如果是80，则读取80后面的1个字节数据(本实施例中为02)作为第六读取值；如果不是80，则结束证书的存储操作；(8) read the data after 00, look for the first byte of the read data, if it is 80, then read 1 byte data (02 in this embodiment) after 80 as the sixth read value; if it is not 80, end the storage operation of the certificate;

(9)读取第六读取值02后面的0x02个字节的数据，所得数据位公钥数据的长度(在本实施例中为008D，即公钥数据的长度为008D)(9) Read the data of 0x02 bytes behind the sixth read value 02, the length of the gained data bit public key data (008D in this embodiment, that is, the length of the public key data is 008D)

至此，客户端计算机得到如下信息：将要存放公钥数据的数据存储文件的文件ID为0x4300，将要存放的公钥数据在数据存储文件的偏移地址为00，将要存放的公钥数据占用数据存储文件的空间为0x8D。So far, the client computer has obtained the following information: the file ID of the data storage file to store the public key data is 0x4300, the offset address of the public key data to be stored in the data storage file is 00, and the public key data to be stored occupies the data storage The space of the file is 0x8D.

如果不包括成功标识，则结束证书的存储操作。If no successful identification is included, the certificate storage operation ends.

步骤217：客户端计算机向智能卡发送选择数据存储文件(文件ID为0x4300)的选择文件指令；Step 217: the client computer sends a file selection instruction for selecting a data storage file (file ID is 0x4300) to the smart card;

其中，选择文件ID为0x4300的数据存储文件的选择文件指令具体可以为：APDU apdu(0x00，0xA4，0x00，0x00，0x02，0x4300)。Wherein, the file selection command for selecting the data storage file whose file ID is 0x4300 may specifically be: APDU apdu(0x00, 0xA4, 0x00, 0x00, 0x02, 0x4300).

步骤218：智能卡接收选择文件ID为0x4300的数据存储文件的选择文件指令，并选择文件ID为0x4300的文件，再将执行结果返回给客户端计算机；Step 218: the smart card receives a file selection instruction for selecting a data storage file with a file ID of 0x4300, selects a file with a file ID of 0x4300, and then returns the execution result to the client computer;

当智能卡选择文件成功时，执行结果为读取文件ID为0x4300的数据存储文件成功所对应的成功标识。需要说明的是，成功标识可以包括很多种，如0x9000等；When the smart card selects the file successfully, the execution result is the success identifier corresponding to the success of reading the data storage file whose file ID is 0x4300. It should be noted that the successful identification can include many types, such as 0x9000, etc.;

当智能卡选择文件失败时，执行结果即为选择文件ID为0x4300失败所对应的失败标识。When the smart card fails to select the file, the execution result is the failure identifier corresponding to the failure to select the file whose ID is 0x4300.

步骤219：客户端计算机判断智能卡返回的执行结果是否为成功标识；Step 219: the client computer judges whether the execution result returned by the smart card is a successful identification;

如果是，则客户端计算机判定智能卡选择文件成功，执行步骤220；If yes, then the client computer judges that the smart card selects the file successfully, and executes step 220;

如果否，结束证书的存储操作。If not, end the storage operation of the certificate.

步骤220：客户端计算机向智能卡发送写数据指令，其中，欲写入智能卡的数据为公钥信息；Step 220: the client computer sends a data writing command to the smart card, wherein the data to be written into the smart card is public key information;

其中，写数据指令具体可以为：APDU apdu(0x80，0xD6，0x00，0x00，0x00，0x00)。Among them, the write data command can specifically be: APDU apdu(0x80, 0xD6, 0x00, 0x00, 0x00, 0x00).

步骤221：智能卡接收并执行写数据指令，将公钥信息写入文件ID为0x4300的数据存储文件中，并将执行结果返回给客户端计算机；Step 221: the smart card receives and executes the write data instruction, writes the public key information into the data storage file whose file ID is 0x4300, and returns the execution result to the client computer;

当智能卡写入数据成功时，执行结果为写入文件ID为0x4300的数据存储文件成功所对应的成功标识。需要说明的是，成功标识可以包括很多种，如0x9000等；When the smart card writes data successfully, the execution result is the success identifier corresponding to the successful writing of the data storage file whose file ID is 0x4300. It should be noted that the successful identification can include many types, such as 0x9000, etc.;

当智能卡写入文件失败时，执行结果即为写入文件ID为0x4300的数据存储文件失败所对应的失败标识。When the smart card fails to write the file, the execution result is the failure identifier corresponding to the failure to write the data storage file whose file ID is 0x4300.

步骤222：客户端计算机判断智能卡返回的执行结果是否为成功标识；Step 222: the client computer judges whether the execution result returned by the smart card is a successful identification;

如果是，则存储公钥数据成功；If yes, storing the public key data is successful;

如果否，则结束证书的存储操作。If not, the storage operation of the certificate ends.

可代替的，在上述步骤110中，当欲写入智能卡的证书的信息类型为证书信息时，具体的操作如下所示：Alternatively, in the above step 110, when the information type of the certificate to be written into the smart card is certificate information, the specific operation is as follows:

(1)查找数据中的A4数据，其中，A4代表的是证书标志。(1) Find the A4 data in the data, where A4 represents the certificate logo.

(2)如果查找到A4数据，则读取A4后面1个字节的数据(在本实施例中A4后面的数据为06)作为第一读取值；如果查找不到A4数据，则结束证书的存储操作；(2) If A4 data is found, then read the data of 1 byte behind A4 (in this embodiment, the data behind A4 is 06) as the first read value; if no A4 data is found, then end the certificate storage operations;

(3)读取第一读取值06后面的6个字节的数据，查找所读取数据的第1个字节，如果查找到第1个字节为30，则读取30后面的1个字节的数据(本实施例中30后面的第1个字节的数据为04)作为第二读取值；如果查找到第1个字节不是30，则结束证书的存储操作；(3) Read the data of the 6 bytes after the first read value 06, search for the first byte of the read data, if the first byte is found to be 30, then read the 1 after 30 The data of bytes (the data of the first byte after 30 in this embodiment is 04) is used as the second read value; if the first byte is found to be not 30, the storage operation of the certificate is ended;

(4)读取第二读取值04后面的4个字节，查找所读取数据的第1个字节，如果查找到04，则读取04后面的1个字节的数据(本实施例中04后面的1个字节的数据为02)作为第三读取值；如果查找到第1个字节不是04，则结束证书的存储操作；(4) Read the 4 bytes behind the second read value 04, search for the first byte of the read data, if 04 is found, then read the data of 1 byte behind 04 (this implementation In the example, the data of 1 byte after 04 is 02) as the third read value; if the first byte is not 04, the storage operation of the certificate is ended;

(5)读取第三读取值02后面的2个字节，得到的数据为A1所代表的数据的存储路径(在本实施例中为4404，即证书数据的存储路径为文件ID为0x4404的文件)，并执行步骤211。(5) Read the 2 bytes behind the third read value 02, and the obtained data is the storage path of the data represented by A1 (in this embodiment, it is 4404, that is, the storage path of the certificate data is that the file ID is 0x4404 file), and go to step 211.

如果不包括成功标识，结束证书的存储操作。If the successful identification is not included, the storage operation of the certificate is terminated.

步骤311：客户端计算机向智能卡发送选择存储目录文件(文件ID为0x4404)的选择文件指令；Step 311: the client computer sends a file selection instruction for selecting a storage directory file (file ID is 0x4404) to the smart card;

其中，本步骤中选择文件ID为0x4404的存储目录文件的选择文件指令具体可以为：APDU apdu(0x00，0xA4，0x00，0x00，0x02，0x4404)。Wherein, in this step, the file selection instruction for selecting the storage directory file whose file ID is 0x4404 may specifically be: APDU apdu(0x00, 0xA4, 0x00, 0x00, 0x02, 0x4404).

步骤312：智能卡接收选择文件ID为0x4404的存储目录文件的选择文件指令，并选择文件ID为0x4404的文件，并将执行结果返回给客户端计算机；Step 312: The smart card receives a file selection instruction for selecting a storage directory file with a file ID of 0x4404, selects a file with a file ID of 0x4404, and returns the execution result to the client computer;

当智能卡选择文件成功时，执行结果为选择文件ID为0x4404的存储目录文件成功所对应的成功标识。需要说明的是，成功标识可以包括很多种，如0x9000等；When the smart card selects the file successfully, the execution result is the success identifier corresponding to the successful selection of the storage directory file whose file ID is 0x4404. It should be noted that the successful identification can include many types, such as 0x9000, etc.;

当智能卡选择文件失败时，执行结果即为选择文件ID为0x4404失败所对应的失败标识。When the smart card fails to select the file, the execution result is the failure identifier corresponding to the failure to select the file whose ID is 0x4404.

步骤313：客户端计算机判断接收到的智能卡返回的执行结果是否为成功标识；Step 313: the client computer judges whether the received execution result returned by the smart card is a successful identification;

如果是，则客户端计算机判定智能卡选择文件成功，则执行步骤314；If yes, then the client computer judges that the smart card selects the file successfully, and then executes step 314;

如果否，则结束证书的存储操作。If not, the storage operation of the certificate ends.

步骤314：客户端计算机向智能卡发送读取存储目录文件(文件ID为0x4404)的读取文件指令；Step 314: the client computer sends a read file instruction for reading the storage directory file (file ID is 0x4404) to the smart card;

其中，该步骤中读取文件ID为0x4404的存储目录文件的读取文件指令具体可以为：APDU apdu(0x80，0xB0，0x00，0x00，0x00，0x00)。Wherein, in this step, the instruction to read the storage directory file whose file ID is 0x4404 may specifically be: APDU apdu(0x80, 0xB0, 0x00, 0x00, 0x00, 0x00).

步骤315：智能卡接收并执行读取文件ID为0x4404的存储目录文件的读取文件指令，并将执行结果返回给客户端计算机；Step 315: the smart card receives and executes the instruction to read the storage directory file whose file ID is 0x4404, and returns the execution result to the client computer;

当智能卡读取文件成功时，执行结果为读取文件ID为0x4404的存储目录文件成功所对应的成功标识，以及文件ID为0x4404的存储目录文件中的数据内容。需要说明的是，成功标识可以包括很多种，如0x9000等；When the smart card reads the file successfully, the execution result is the success identification corresponding to the successful reading of the storage directory file whose file ID is 0x4404, and the data content in the storage directory file whose file ID is 0x4404. It should be noted that the successful identification can include many types, such as 0x9000, etc.;

当智能卡读取文件失败时，执行结果即为读取文件ID为0x4404的存储目录文件失败所对应的失败标识。When the smart card fails to read the file, the execution result is the failure identifier corresponding to the failure to read the storage directory file whose file ID is 0x4404.

步骤316：客户端计算机判断智能卡返回的执行结果中是否包括成功标识；Step 316: the client computer judges whether the execution result returned by the smart card includes a success identifier;

如果包括成功标识，则客户端计算机所接收到的执行结果中还包括文件ID为0x4404的存储目录文件的数据内容，具体的数据内容如下：If the successful identification is included, the execution result received by the client computer also includes the data content of the storage directory file whose file ID is 0x4404, and the specific data content is as follows:

A1 10 30 0E 30 0C 04 02 43 00 02 02 00 8D 80 02 06 5E 00A1 10 30 0E 30 0C 04 02 43 00 02 02 00 8D 80 02 06 5E 00

客户端计算机根据接收到的数据内容，进行如下操作：The client computer performs the following operations according to the received data content:

(1)查找数据中的A4数据；(1) Find the A4 data in the data;

如果查找到A4，则读取A4后面的第1个字节的数据(本实施例中为10)作为第一读取值；If A4 is found, then read the data (10 in this embodiment) of the first byte after A4 as the first read value;

如果查找不到A4，则结束证书的存储操作。If A4 cannot be found, the certificate storage operation ends.

(2)读取第一读取值10后面的10个字节的数据，查找所读取数据的第1个字节，如果是30，则读取30后面的第1个字节的数据(本实施例中为0E)作为第二读取值；如果不是30，则结束证书的存储操作；(2) Read the data of 10 bytes after the first read value 10, search for the first byte of the read data, if it is 30, then read the data of the first byte after 30 ( In this embodiment, OE) is used as the second read value; if it is not 30, then end the storage operation of the certificate;

(3)读取第二读取值0E后面的0E个字节的数据，查找所读取数据的第1个字节，如果是30，则读取30后面的第1个字节的数据(本实施例中为0C)作为第三读取值；如果不是30，则结束证书的存储操作；(3) Read the data of the 0E bytes behind the second read value 0E, search for the first byte of the read data, if it is 30, then read the data of the first byte after 30 ( In this embodiment, OC) is used as the third read value; if it is not 30, then end the storage operation of the certificate;

(4)读取第三读取值0C后面的0C个字节的数据，查找所读取数据的第1个字节，如果是04，则读取04后面的第1个字节的数据(本实施例中位02)作为第四读取值；如果不是04，则结束证书的存储操作；(4) Read the data of 0C bytes behind the third read value 0C, search the first byte of the read data, if it is 04, then read the data of the first byte after 04 ( In the present embodiment, bit (02) is used as the fourth read value; if it is not 04, the storage operation of the certificate is ended;

(5)读取第四读取值02后面的2个字节的数据，所得到的数据为证书数据的存储路径(在本实施例中为4300，即证书数据的存储路径为0x4300)；(5) Read the data of 2 bytes behind the fourth read value 02, and the obtained data is the storage path of the certificate data (4300 in this embodiment, that is, the storage path of the certificate data is 0x4300);

(6)读取4300后面的数据，查找所读取数据的第1个字节，如果是02，读取02后面的1个字节的数据(本实施例中为02)作为第五读取值；如果不是02，则结束证书的存储操作；(6) read the data behind 4300, look for the first byte of the read data, if it is 02, read the data of 1 byte behind 02 (02 in this embodiment) as the fifth read value; if it is not 02, end the storage operation of the certificate;

(7)读取第五读取值02后面的2个字节的数据，所述数据为证书数据在数据存储文件中的偏移地址(本实施例中为008D，即证书数据在数据存储文件中的偏移地址为008D)；(7) Read the data of 2 bytes behind the fifth read value 02, the data is the offset address of the certificate data in the data storage file (008D in this embodiment, that is, the certificate data is in the data storage file The offset address in is 008D);

(8)读取008D后面的数据，查找所读取数据的第1个字节，如果是80，则读取80后面的1个字节数据(本实施例中为02)作为第六读取值；如果不是80，则结束证书的存储操作；(8) Read the data behind 008D, look for the first byte of the read data, if it is 80, then read the 1 byte data behind 80 (02 in this embodiment) as the sixth read value; if it is not 80, end the storage operation of the certificate;

(9)读取第六读取值02后面的2个字节的数据，所得数据位证书数据的长度(在本实施例中为065E，即证书数据的长度为065E)(9) Read the data of 2 bytes behind the sixth read value 02, the length of the obtained data bit certificate data (065E in this embodiment, that is, the length of the certificate data is 065E)

至此，客户端计算机得到如下信息：将要存放证书数据的数据存储文件的文件ID为0x4300，将要存放的证书数据在数据存储文件的偏移地址为0x8D，将要存放的证书数据占用数据存储文件的空间为0x65E。So far, the client computer has obtained the following information: the file ID of the data storage file to store the certificate data is 0x4300, the offset address of the certificate data to be stored in the data storage file is 0x8D, and the certificate data to be stored occupies the space of the data storage file is 0x65E.

如果不包括成功标识，则结束证书的存储操作。If no successful identification is included, the certificate storage operation ends.

步骤317：客户端计算机向智能卡发送选择数据存储文件(文件ID为0x4300)的选择文件指令；Step 317: the client computer sends a file selection instruction for selecting a data storage file (file ID is 0x4300) to the smart card;

其中，选择文件ID为0x4300的数据存储文件的选择文件指令具体可以为：APDU apdu(0x00，0xA4，0x00，0x00，0x02，0x4300)。Wherein, the file selection command for selecting the data storage file whose file ID is 0x4300 may specifically be: APDU apdu(0x00, 0xA4, 0x00, 0x00, 0x02, 0x4300).

步骤318：智能卡接收选择文件ID为0x4300的数据存储文件的选择文件指令，并选择文件ID为0x4300的文件，再将执行结果返回给客户端计算机；Step 318: The smart card receives a file selection instruction for selecting a data storage file with a file ID of 0x4300, selects a file with a file ID of 0x4300, and then returns the execution result to the client computer;

当智能卡选择文件成功时，执行结果为选择文件ID为0x4300的数据存储文件成功所对应的成功标识。需要说明的是，成功标识可以包括很多种，如0x9000等；When the smart card selects the file successfully, the execution result is the success identifier corresponding to the successful selection of the data storage file whose file ID is 0x4300. It should be noted that the successful identification can include many types, such as 0x9000, etc.;

当智能卡选择文件失败时，执行结果即为选择文件ID为0x4300失败所对应的失败标识。When the smart card fails to select the file, the execution result is the failure identifier corresponding to the failure to select the file whose ID is 0x4300.

步骤319：客户端计算机判断智能卡返回的执行结果是否为成功标识；Step 319: the client computer judges whether the execution result returned by the smart card is a successful identification;

如果是，则客户端计算机判定智能卡选择文件成功，执行步骤320；If yes, then the client computer judges that the smart card selects the file successfully, and executes step 320;

如果否，结束证书的存储操作。If not, end the storage operation of the certificate.

步骤320：客户端计算机向智能卡发送写数据指令，其中，欲写入智能卡的数据为证书信息；Step 320: the client computer sends a data write command to the smart card, wherein the data to be written into the smart card is certificate information;

其中，写数据指令具体可以为：APDU apdu(0x80，0xD6，0x00，0x00，0x00，0x00)。Among them, the write data command can specifically be: APDU apdu(0x80, 0xD6, 0x00, 0x00, 0x00, 0x00).

步骤321：智能卡接收并执行写数据指令，将证书信息写入文件ID为0x4300的数据存储文件中，并将执行结果返回给客户端计算机；Step 321: the smart card receives and executes the write data command, writes the certificate information into the data storage file with the file ID of 0x4300, and returns the execution result to the client computer;

当智能卡写入数据成功时，执行结果为写入文件ID为0x4300的数据存储文件成功所对应的成功标识。需要说明的是，成功标识可以包括很多种，如0x9000等；When the smart card writes data successfully, the execution result is the success identifier corresponding to the successful writing of the data storage file whose file ID is 0x4300. It should be noted that the successful identification can include many types, such as 0x9000, etc.;

当智能卡写入文件失败时，执行结果即为写入文件ID为0x4300的数据存储文件失败所对应的失败标识。When the smart card fails to write the file, the execution result is the failure identifier corresponding to the failure to write the data storage file whose file ID is 0x4300.

步骤322：客户端计算机判断智能卡返回的执行结果是否为成功标识；Step 322: the client computer judges whether the execution result returned by the smart card is a successful identification;

如果是，则存储证书数据成功；If yes, storing the certificate data is successful;

如果否，则结束证书的存储操作。If not, the storage operation of the certificate ends.

综上，需要说明的是，证书信息为必须写入到智能卡中的，私钥信息和公钥信息为可选写入的，如果有2种及以上需要写入智能卡的证书信息类型，则逐一写入，但对于写入的先后顺序，本实施例不做严格的限制。To sum up, it should be noted that the certificate information must be written into the smart card, and the private key information and public key information are optional. writing, but the sequence of writing is not strictly limited in this embodiment.

本发明实施例提供了一种存储证书的方法，通过客户端计算机与安全设备之间的交互操作，将证书写入到安全设备的指定文件中，完成向安全设备写入证书的过程，实现了证书的共享存储。The embodiment of the present invention provides a method for storing certificates. Through the interactive operation between the client computer and the security device, the certificate is written into the specified file of the security device, and the process of writing the certificate to the security device is completed, realizing Shared storage for certificates.

以上所述仅为本发明的较佳实施例，并不用以限制本发明，凡在本发明的精神和原则之内，所作的任何修改、等同替换、改进等，均应包含在本发明的保护范围之内。The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the present invention. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present invention shall be included in the protection of the present invention. within range.

Claims (11)

1. the method for a Store Credentials is characterized in that, said method comprises:

Safety means and client computer connect;

Said safety means receive the instruction of the selection application directory file of said client computer transmission, carry the file ID of said application directory file in the instruction of said selection application directory file;

Said safety means are selected the application directory file according to the file ID of said application file catalogue;

Said safety means receive the instruction of the alternative catalogue file of said client computer transmission, carry the file ID of said object directory file in the instruction of said alternative catalogue file;

Said safety means are according to the file ID alternative catalogue file of said object directory file;

Said safety means receive the instruction of the reading object catalogue file content of said client computer transmission, and the content of the said object directory file that will read sends to said client computer;

Said client computer is according to the type of info of the certificate of desiring to write said safety means; From the content of said object directory file, obtain the corresponding data storage file of type of info of said certificate, and the information of said certificate is write in the said data storage file.

2. the method for Store Credentials as claimed in claim 1 is characterized in that, the file ID of said application directory file is 0x5015.

3. the method for Store Credentials as claimed in claim 1 is characterized in that, the file ID of said object directory file is 0x5031.

4. the method for the Store Credentials described in claim 1 is characterized in that, the type of info of said certificate comprises: certificate information also comprises private key information and/or public key information.

5. the method for Store Credentials as claimed in claim 4 is characterized in that, after said safety means and client computer connected, said method also comprised:

In said safety means, create respectively and be used to store the file of said private key information, the file that is used to store the file of said public key information and is used to store said certificate information;

In said safety means, creating file ID is the object directory file of 0x5031, and the content that the content of the said content that is used for storing the file of said private key information, the said file that is used for storing said public key information and said is used for storing the file of said certificate information is write in the said object directory file.

6. the method for Store Credentials as claimed in claim 1; It is characterized in that; Said client computer is according to the type of info of the certificate of desiring to write said safety means; From the content of said object directory file, obtain the corresponding data storage file of type of info of said certificate, specifically comprise:

Said client computer obtains the corresponding storage directory file ID of type of info of said certificate according to the content of the said object directory file that receives;

Said safety means receive the instruction of the selection storage directory file of said client computer transmission, carry said storage directory file ID in the instruction of said selection storage directory file;

Said safety means are selected the storage directory file according to said storage directory file ID;

Said safety means receive the instruction of reading said storage directory file that said client computer sends, and the content of the said storage directory file that will read sends to said client computer;

Said client computer obtains the data storage file ID of the information of said certificate according to the content of the said storage directory file that receives.

7. the method for Store Credentials as claimed in claim 6; It is characterized in that; When the type of info of said certificate was certificate information, said client computer obtained the corresponding storage directory file ID of said certificate information according to the content of the said object directory file that receives, and specifically comprises:

Said client computer is searched the A4 data in the content of said object directory file, said A4 data are the sign of certificate information;

If there are said A4 data, read the value of the data of the 1st byte after the said A4 data, as first read value;

Read the data of said first read value byte;

Whether the data of judging the 1st byte in the data of said first read value byte are 30;

If read the value of the data of the 1st byte after said 30 data, as the second reading value; If, do not finish said method;

Read the data of a said second reading value byte;

Whether the data of judging the 1st byte in the data of a said second reading value byte are 04;

If read the value of the data of the 1st byte after said 04 data, as the third reading value; If, do not finish said method;

Read the data of a said third reading value byte, with the data of a said third reading value byte storage directory file ID as said certificate information;

If do not have said A4 data, finish said method.

8. the method for Store Credentials as claimed in claim 6; It is characterized in that; When the type of info of said certificate was private key information, said client computer obtained the corresponding storage directory file ID of said private key information according to the content of the said object directory file that receives, and specifically comprises:

Said client computer is searched the A0 data in the content of said object directory file, said A0 data are the sign of private key information;

If there are said A0 data, read the value of the data of the 1st byte after the said A0 data, as first read value;

Read the data of said first read value byte;

Whether the data of judging the 1st byte in the data of said first read value byte are 30;

If read the value of the data of the 1st byte after said 30 data, as the second reading value; If, do not finish said method;

Read the data of a said second reading value byte;

Whether the data of judging the 1st byte in the data of a said second reading value byte are 04;

If read the value of the data of the 1st byte after said 04 data, as the third reading value; If, do not finish said method;

Read the data of a said third reading value byte, with the data of a said third reading value byte storage directory file ID as said private key information;

If do not have said A0 data, finish said method.

9. the method for Store Credentials as claimed in claim 6; It is characterized in that; When the type of info of said certificate was public key information, said client computer obtained the corresponding storage directory file ID of said public key information according to the content of the said object directory file that receives, and specifically comprises:

Said client computer is searched the A1 data in the content of said object directory file, said A1 data are the sign of public key information;

If there are said A1 data, read the value of the data of the 1st byte after the said A1 data, as first read value;

Read the data of said first read value byte;

Whether the data of judging the 1st byte in the data of said first read value byte are 30;

If read the value of the data of the 1st byte after said 30 data, as the second reading value; If, do not finish said method;

Read the data of a said second reading value byte;

Whether the data of judging the 1st byte in the data of a said second reading value byte are 04;

If read the value of the data of the 1st byte after said 04 data, as the third reading value; If, do not finish said method;

Read the data of a said third reading value byte, with the data of a said third reading value byte storage directory file ID as said public key information;

If do not have said A1 data, finish said method.

10. the method for Store Credentials as claimed in claim 6 is characterized in that, said client computer obtains the data storage file ID of the information of said certificate according to the content of the said storage directory file that receives, and specifically comprises:

Said client computer is searched the A1 data in the content of said storage directory file;

If there are said A1 data:

Read the value of the data of first byte after the said A1 data, as first read value;

Read the data of said first read value byte;

Whether the data of judging the 1st byte in the data of said first read value byte are 30;

If read the value of the data of the 1st byte after said 30 data, as the second reading value; If, do not finish said method;

Read the data of a said second reading value byte;

Whether the data of judging the 1st byte in the data of a said second reading value byte are 30;

If read the value of the data of the 1st byte after said 30 data, as the third reading value; If, do not finish said method;

Read the data of a said third reading value byte;

Whether the data of judging the 1st byte in the data of a said third reading value byte are 04;

If read the value of the data of the 1st byte after said 04 data, as the 4th read value; If, do not finish said method;

Read the data of said the 4th a read value byte, as the data storage file ID of the information of said certificate;

Read the data of the 1st byte after the data of said the 4th a read value byte, take a decision as to whether 02;

If read the value of the data of the 1st byte after said 02 data, as the 5th read value; If, do not finish said method;

Read the data of said the 5th a read value byte, as the offset address of information in said data storage file of said certificate;

Read the data of the 1st byte after the data of said the 5th a read value byte, take a decision as to whether 80;

If read the value of the data of the 1st byte after said 80 data, as the 6th read value; If, do not finish said method;

Read the data of said the 6th a read value byte, as the length of the information of said certificate;

If do not have said A1 data, finish said method.

11. the method for Store Credentials as claimed in claim 6 is characterized in that, said information with said certificate writes in the said data storage file, specifically comprises:

Said safety means receive the instruction of the selection data storage file of said client computer transmission, carry said data storage file ID in the instruction of said selection data storage file;

Said safety means are selected data storage file according to said data storage file ID;

Said client computer sends the write data instruction to said safety means, the information of carrying said certificate in the write data instruction;

Said safety means write the information of said certificate in the said data storage file.

Images