CA Certificate, Signature

1, I now do not have a personal CA certificate, using the. How does Citic invest in online trading to ensure safety?

If you do not currently have a personal CA certificate, use. Citic Building online transactions, the system is actually using the CA certificate RSA system to encrypt. When you enter your account and password to log in, the system uses the online trading server CA certificate to establish an encrypted secure channel. You enter the account number and password, the client uses the public key in the peer server Certificate asymmetric encryption, and then the encrypted data transfer to the online trading server. Since only the online trading server has the corresponding private key to decrypt and submit the delegate, it fundamentally ensures the confidentiality and non-modification of the transaction information. The identification of the trader and the non-repudiation of the transaction, if no personal CA certificate cannot be guaranteed with a digital signature. At this time, the online transaction in accordance with the Telephone Commission, credit card Entrustment and other delegates in the same way, through the authentication of the account password, to verify the identity of the trader, and ultimately establish the legitimacy and non-repudiation of the transaction.

2, since. Citic Investment online transactions have used the server CA certificate encryption to ensure security, why also apply for a personal CA certificate?

As mentioned earlier, the personal CA certificate is your personal digital ID on-line. If you use a personal CA certificate for online transactions, the equivalent of each transaction, the system in addition to verifying the correctness of your account password, but also to see if your ID (digital signature) is correct, this two-step verification, increase the reliability of online transactions in the identification link.

3, that is not the application of the personal CA certificate, it is absolutely safe, the account password leakage also does not matter

Using a personal CA certificate for online transactions, the trader has to have a certificate private key in addition to the trading account password. However, because of the telephone delegation, the hot self-service entrust, the mobile phone delegation and so on delegate way, only carries on the authentication of the account password, so if your password leaks, also is very dangerous. In addition, the leakage of certificates can also cause security problems. If you want to use digital certificates for online transactions in public (such as Internet cafes, etc.), be sure to use them on a floppy disk, and do not load personal certificates onto the public computer hard drive.

4, if I applied for a personal digital certificate, but I change the computer or reload after how to recover?

If the original certificate needs to be restored, it must be backed up in advance, such as a backup to a floppy disk or other media. If you do not have a backup, you cannot recover it, only re-apply for the certificate.

5. I have a lot of funds account, can I use the same digital certificate?

Generally not. A digital certificate corresponds to a fund account. Unless the account holder and personal information of all funds accounts are consistent, a certificate will be applied. Because in the personal certificate, there is the certificate holder's name, social Security number and other personal information, online transactions to log in, the need to verify the school's personal information and funds account for the consistency of personal information.

6, how to apply for personal CA certificate Online Trading?

1, I go to the Sales department counter 2, fill in the "Personal CA certificate Online Transaction opening application" (2 copies), and show my ID card 3, the Sales Department counter business staff stamp will be a copy of the application for return After 4, 2 trading days, login "win online trading", click on the "Download personal Sheca Certificate" button, according to the "personal CA certificate Online Transaction opening application" filled in the content input, the system for information verification, automatic download and installation of personal certificates. 5, re-login, will enable the personal CA certificate transactions. The certificate can also be properly backed up by the trading software.

7. What is CA

The English name of the CA is Certificate Authority, the certificate authority, which is the issuer of the digital certificate.

8. What is a digital certificate

A digital certificate is a file that is digitally signed by the Certificate Authority center that contains public key owner information and a public key. The simplest certificate contains a public key, a name, and a digital signature for the Certificate Authority Center. A digital certificate is a series of data that identifies the identity of a network user, and is used to identify the parties to a communication in a network communication, that is, to solve the "Who am I" problem on the internet, just as every one of us must have an identity card or driver's license to prove a personal identity. To indicate our identity or some kind of qualification. The digital certificate is issued by the authoritative and impartial third party agency, CA Center, and the encryption technology with the core of digital certificate can encrypt and decrypt the information transmitted on the network, verify the digital signature and signature, ensure the confidentiality and integrity of the information transmitted on the Internet, the authenticity of the transaction entity identity, and the non-repudiation of the signature information. So as to ensure the security of network applications.

9, based on the digital certificate encryption system

The digital certificate adopts the public key cryptosystem, which uses a pair of matching keys to encrypt and decrypt. Each user has a private key (private key) that is only available to me, decrypts and signs it, and has a public key (public key) that can be publicly disclosed for encrypting and validating signatures. When a confidential file is sent, the sender encrypts the data using the receiver's public key, and the receiver decrypts it with its own private key, so that the information can arrive at the destination safely and without error, even if intercepted by a third party, and cannot be decrypted because there is no corresponding private key. The encryption process is ensured by means of a digital process, that is, only the private key can be decrypted. In the public key cryptosystem, the RSA system is commonly used.

10. What is a digital signature

A digital signature is not a digital image of a written signature. It's actually an electronic code that allows recipients to easily verify the identity and signature of the sender on the web. It can also verify that the original text of the file is not changed during transmission. The signature process of digital signature is that the sender generates a digest based on the information to be sent and encrypts the digest with its own private key to form a unique signature. Information and a numeric digest encrypted with its own private key are combined into a digital signature. The user uses their own private key to deal with the information, because the key is only for me, so that the other people can not generate files, also formed a digital signature. With digital signatures, you can confirm the following two points: (1) The guarantee information is sent by the signer's own signature, the signer can not deny or difficult to deny; (2) The receiving Party may verify that the information has not been modified since it was issued and that the documents issued are real documents.

11, what is non-symmetric encryption

Asymmetric encryption is an encryption method in the encryption system based on digital certificate. When the message is sent, the sender encrypts the data with the receiver's public key, and the receiver decrypts it with its own private key, so that the information can arrive at the destination safely and without error, even if it is intercepted by a third party and cannot be decrypted because there is no corresponding private key. The encryption process is ensured by means of a digital process, that is, only the private key can be decrypted.

12. Root certificate, personal certificate, private key file

The root certificate, the personal certificate, and the private key are 3 separate portions of the personal certificate issue and are saved in 3 separate disk files. A root certificate is a certificate issuer's own certificate that can be used to verify the legality of other certificates, such as personal certificates issued by the issuer. Personal credentials contain the personally identifiable information of the certificate holder, the public key, and the signed number of the CA issuer, identifying the identity of the certificate holder in the network communication A private key file is a file that holds the private key, and a pair of public key pairs that match the public key in the certificate, which is an important part of the certificate-based encryption system. The private key file is the private file of the certificate holder and needs to be kept properly. The private key file has a private key protection password protection, to some extent avoid the loss of the private key is exploited by others.

13, the role of CAs

The security technology provided by CA can identify the data, sender and receiver of the Internet to ensure the security, integrality, reliability and non-repudiation of the transaction. The digital certificate-based authentication, digital signature, digital envelope and so on are the common and feasible security problem solutions. The Digital Security certificate establishes a strict authentication system, which can ensure the security of e-commerce. Confidentiality of transaction information Non-modifiable nature of trading information Certainty of trader's identity Non-repudiation of transactions In short, we can use the digital certificate, through the use of symmetric and asymmetric cryptography and other cryptographic technology to establish a rigorous set of identity authentication system, so as to ensure that: information in addition to the sender and receive party add is not stolen by others; The information is not tampered with during transmission; the sender is able to confirm the recipient's identity through a digital certificate The sender cannot deny its own information.

CA Certificate, Signature