1 Preface
With the rapid development of computer network technology and software technology, as well as the wide application of Internet has caused great impact to the traditional working way, e-Government (e-government) system came into being under such environment, the current e-government this "paperless" Office methods have played a more and more important role in the actual work of the Government, it is dependent on the computer and network technology exists, which means that e-government applications inevitably exist by the interconnection of the free and open to bring information security hidden dangers, e-government activities are all government actions, Requires a high degree of reliability and security, so the data transmitted on e-government systems must have anti-negative, integrity, security, and authentication mechanisms. Digital signature Technology This kind of information security technology, which can guarantee the integrality, confidentiality and anti negative of data, will be widely used in e-government system. Due to the applicability of Java in Network programming. As well as the improvement of Java security system structure and the convenience of the current Java Development Network security software, it is more safe and realistic to realize digital signature with Java in e-government system.
Introduction of 2 encryption algorithm and digital signature technology
2.1 Encryption algorithm
Symmetric cryptography is the same as the encryption and decryption key, or it is known that one can easily deduce another. So the two sides of communication must agree on a key before communicating. In the symmetric encryption system, the key must be kept secret, and any third party can easily decrypt the cipher if it gets the key.
Asymmetric cryptography is the communication between the two sides encryption key and encryption key is not the same, each user generates a key pair, one is the private key by the owner to save, not public, another as a public key can be sent to the Internet (such as the Yellow Pages of the website) and other public places for others to query and download.
The encryption algorithm of mixed key is the combination of symmetric cipher system and asymmetric cipher system, because the asymmetric algorithm is complex to decrypt and the speed is slow, and symmetric cipher algorithm is fast, so it is usually combined with symmetric cipher and asymmetric cipher system.
2.2 Digital Signature Technology
The digital signature is relative to the handwritten signature, refers to the use of a certain data exchange protocol, using a cryptographic algorithm to deal with the data (such as files, contracts, notifications, etc.) encrypted processing, generate a piece of information, attached to the original text sent together, this information similar to the actual signature or seal, the receiver to verify it, Determine the identity of the sender and the authenticity of the original.
The principle and function of 2.2.1 digital signature
The digital signature is mainly uses the asymmetric encryption algorithm, first uses the one-way hash function, will send the data to generate the message digest Md_1, the sender uses own private key to the message digest encryption to generate the digital signature, attaches the digital signature to the original text to send together. When the receiver receives the message, it decrypts the signature with the sender's public key and gets the message digest. Then using the received original data for one-way hash function calculation, get message digest md_2 to verify, if md_1=md_2, the signature success.
The algorithm used in 2.2.2 digital signature
The flowchart for digital signatures is shown in figure (i):
Figure (i)
As can be seen from the flowchart, the digital signature includes the signature algorithm and the verification algorithm, which is mainly used by RSA and DSA.
2.2.3 Digital Signature function
From the principle of digital signature and flow chart, we can see that digital signature mainly has the following functions:
(1) To ensure the integrity of the information; According to the nature of the hash function, once the original information has been changed, the resulting digital digest will change greatly, thus preventing the original information from being tampered with in this way.
(2) anti-repudiation; Using a public key encryption algorithm, the sender cannot deny sending information because only the sender has a private key.
(3) Prevent the receiving party from forging a message, claiming that it originated from the sender.
3 implementation of digital signature technology based on Java language in e-government
In E-government, to really implement paperless office, it is very important to realize the circulation of electronic documents, and realize the circulation of official documents, there will be the following security issues: 1 Information integrity, 2 of the sender's non-repudiation, 3 the confidentiality of sending information. This shows that the electronic government system in the inevitable use of digital signature technology, and Java in the realization of digital signature has a great advantage, mainly in the following areas:
The 1Java platform provides two sets of API:JCA and JCE for security and encryption services;
The 2 JCA (Java Cryptography Architecture) provides basic cryptographic frameworks such as certificates, digital signatures, message digests, and key pair generator;
3JCE is extended on the basis of JCA, including encryption algorithm, key exchange, key generation and message authentication Service interfaces.
3. 1 Digital signature technology using hybrid cipher system in e-government system
In e-government system if the original text is transmitted in clear text on the network in the digital signature, can not guarantee the confidentiality of the original information, but to ensure the confidentiality of the original information, it is necessary to treat the original information sent to carry out encryption operations, if the original use of asymmetric cryptographic algorithm, because the use of asymmetric cryptographic algorithm in the decryption when the computational volume is very large, Will affect the speed of the operation. Therefore, the use of symmetric cipher algorithm to encrypt the original text, and the use of asymmetric cryptographic algorithm to achieve digital signature technology, using this hybrid cryptosystem, not only to achieve digital signature, to ensure the transmission process in the original confidentiality, but also to improve the efficiency of the operation.
The flowchart for digitally signing with a mixed key is shown in Figure (ii):
Figure (ii)
3.2 Using the Java language to implement the digital signature of a mixed key
As mentioned earlier, JAVA2 provides a lot of mechanisms for implementing security policy, so it is a feasible scheme to implement digital signature in E-government as a software development platform, the following gives an example of the main algorithm to explain how to achieve digital signature with JAVA2, Because it's used in e-government systems, receiving and sending files are usually relatively fixed, here is not to consider the security of public key transmission, first assume that the receiver uses the public key that is the sender's use of the private key corresponding to the public key, the algorithm generated message digest algorithm for MD5, the signature algorithm using RSA, The symmetric encryption algorithm for the original text uses des:
The main classes to be used in JAVA2 are basically encapsulated in java.security.* and javax.crypto.* two packages
(1) Introduction of Java packages to be used
/* The class containing the input and output * *
Import java.io.*;
/* contains key pair generator class, Key Management class, signature class * *
Import java.security.*;
/* contains a variety of cryptographic algorithm classes such as: des and RSA, etc. * *
Import javax.crypto.*;
(2) The sender's code (assuming that the data to be transferred is saved in the file Info.dat):
/* Generate the RSA algorithm's public key PubKey and private key Prikey, where the public key generation is assumed to be sent to the receiving party securely via a third party.
Keypairgenerator Doublekeygen = keypairgenerator.getinstance ("RSA");
Doublekeygen.init (1024);
KeyPair Doublekey = Doublekeygen.generatekeypair ();
Privatekey Prikey = Doublekey.getprivate ();
PublicKey PubKey = Doublekey.getpublic ();
/* The public key PubKey is saved in the file PubKey.dat file for the receiver to use/objectoutputstream out = new. ObjectOutputStream (Newfileoutputstream ("PubKey.dat");
Out.writeobject (PubKey);
Out.close ();
/* key key*/to generate DES algorithm
Keypairgenerator Singlekeygen = keygenerator.getinstance ("DES");
Singlekeygen.init (64);
Key Singlekey = Singlekeygen.generatekey ();
* * Read the original data to be transmitted from the file Info.dat and save it in the array info_plain[].
ObjectInputStream in=new ObjectInputStream (New FileInputStream ("Info.dat"));
byte[info_plain= (byte[]) in.readobject ();
In.close ();
/* Generate message digest for raw information to be transmitted md_1*/
MessageDigest messagedigest = messagedigest.getinstance ("MD5");
Messagedigest.update (Info_plain);
byte[] Md_1 = Messagedigest.digest ();
/* Encrypt the information to be transmitted with Des and save the encrypted data in the array des_info[] * *
Cipher Cipher = cipher.getinstance ("DES"); Cipher.init (Cipher.encrypt_mode,singlekey);
Byte[] des_info[] = cipher.dofinal (Info_plain);
/* Merge message digest md_1[] and symmetric key singlekey into byte array md_key[] and form a digital signature by encrypting the array with the private key in the RSA algorithm and saving it in the array rsa_sign[].
An algorithm for merging arrays (mainly by adding a symmetric key to the message digest array after the loop, forming a new array md_key[], the symmetric key is converted to a byte type by forcing the type)
Cipher Cipher = cipher.getinstance ("RSA");
Cipher.init (Cipher.encrypt_mode, Prikey);
Byte[]rsa_sign[] = cipher.dofinal (Md_key);
* * will need to transmit the original text and digital signatures written to file En_info.dat, en_info.dat that is the information transmitted on the net * *
ObjectOutputStream out = new ObjectOutputStream (New FileOutputStream ("En_info.dat)");
Out.writeobject (Des_info);
Out.writeobject (rsa_sign);
Out.close ();
(3) The code of the Receiving party
The receiving party receives the file En_info.dat, which consists of two parts of 1 text: A digital signature that holds the array des_info[];2 sender: Stored in the rsa_sign[] array; The public key is read out from the PubKey.dat file and saved in the variable PubKey.
/* Read the cipher text and numbers from the file En_info.dat
Word Signature Two array * *
This part of the algorithm is slightly
/* The digital signature is saved in the rsa_sign[] array and the sender's public key is decrypted with an array of message digests and symmetric keys md_key[]*/
Public key decryption algorithm slightly (decryption and encryption algorithm is basically the same)
Int len = Md_key.length ();
Byte[]md_1 = new byte[];
Byte[]key =new byte[]
for (int i=0; i<128;i++)/* Because the number produced with MD5 is summarized as 128-bit * *
Md_1[i]=md_key[i]; /* Extracts the Summary section and assigns it to the array md_1*/
/* The 128-bit later element in the array is the symmetric key */
while (i<len-1)
{Key[i]=md_key[i];/* To extract the symmetric key and assign it to the array key[]*/
Key Singlekey = (Privatekey) key; /* Convert symmetric key coercion type to key type * *
* When the symmetric key is obtained, the ciphertext is converted to plaintext through the decryption algorithm of DES, then the message digest is generated using the MD5 algorithm and stored in the array md_2[].
Algorithms for decrypting and generating message digests
/* will md_1[] and md_2[] to do comparison, if equal, then the signature is correct * *
for (int i=0;i<128;i++)
{if md_1[i]!= Md_2[i]
{
System.out.println ("Signature error!");
System.exit ();
}
}
System.out.println ("Signature success!");
Because only the main algorithm is given, no consideration is given to the anomalies that may occur during the execution of the program as well as some basic input and output statements.
4 concluding remarks
It is very important to discuss the technology of mixed key digital signature with Java language. Because not only realizes the digital signature technology, but also guarantees the original text in the network transmission the confidentiality; The digital signature technology has the widespread application in the e-government system, here we only discuss the digital signature technology, But without the confidentiality of public key, the security of public key will be a future research topic.
Reference documents:
[1] Zhang, et. JAVA2 application Programming in 150 cases [M]. Beijing: Electronics Industry Press, 2003.8:296-313
[2] Zhang Xiyong. Principle and application of network security [M]. Beijing: Science Press, 2003.5:134-141
[3] Feng Deng. Computer Communication network security [M]. Beijing: Tsinghua University Press, 2001.2:212-219
[4] Mohan Atreya. Digital signature [M]. Beijing: Tsinghua University Press, 2003.1:51-53
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
