Principles of digital certificates

The digital certificate uses a public key system, that is, a pair of matching keys are used for encryption and decryption. Each user sets a specific private key (Private Key) that is only known to him and uses it for decryption and signature.
Set a Public Key (Public Key) that is shared by a group of users for encryption and signature verification. When a confidential file is sent, the sender encrypts the data using the public key of the receiver, while the receiver encrypts the data
Use your own private key for decryption, so that the information can be securely reached to the destination. Add a number
The encryption process is an irreversible process, that is, only private keys can be used for decryption. In the public key cryptography system, an RSA System is commonly used. The mathematical principle is to divide a large number into the product of two prime numbers and encrypt them.
And decryption use two different keys. Even if the plaintext, ciphertext, and encryption key (Public Key) are known, it is impossible to calculate the decryption key (Private Key. Based on current computer technology
It takes thousands of years to crack the 1024-bit RSA key currently used. The public key technology solves the issue of key Publishing Management. Merchants can disclose their public keys while retaining their private keys.
A shopper can encrypt the information sent by using the public key of a person's bank and send it to the merchant securely. Then, the merchant decrypts the information using its own private key.

You can also use your own private key to process the information. Because the key is only owned by yourself, a file cannot be generated by others, and a digital signature is formed. Use a digital signature
Confirm the following two points:

(1) ensure that the information is sent by the signatory's own signature, and the signatory cannot deny or be hard to deny.

(2) ensure that no modification has been made to the information since it was issued and that the issued document is a real document.

The specific method of digital signature is:

(1) Based on the hash agreed by both partiesAlgorithmObtain a fixed-digit message digest. Mathematical guarantee: As long as any bit in the message is modified, the Digest value of the re-calculated packet will
Does not match the original value. This ensures that the packets cannot be modified.

(2) encrypt the digest value with the private key of the sender, and then send the digest value together with the original message to the receiver. The generated message is called a digital signature.

(3) After receiving the digital signature, the receiver uses the same hash algorithm to calculate the digest value of the message, and then compares it with the digest value of the packet decrypted by the sender's public key. If they are equal
The plaintext does come from the so-called sender.