Brief principles of digital signature RSA

A digital signature is a method of signing a message that is stored in electronic form. Messages that are signed by this method can be transmitted over the network. The digital signature is based on an asymmetric key encryption algorithm, such as the DSA/RSA algorithm. One of the benefits that can be achieved immediately from a public key system is to solve the problem of key management, a new member of the public key system only needs a copy of the Public key table, and the encryption key of his choice can be published to everyone. The ability to attach a digital signature to a message sent in many applications is a more important benefit of the public key system.

The sender first encodes the message m with his own private key, resulting in an intermediate cipher message CL. This step does not provide any protection to M, but only printed on the sender's own unique mark (because it is only his own to know that the decryption of his own use of the private key). Then the second encryption, this time using the receiver's public key to generate a cryptographic message C2, which can be transmitted on an open communication channel. When the receiver receives the C2, it decrypts the message with his private key, which is the same as the usual process, but the result is not m but C1, so it has to be decrypted with the sender's public key, thus getting the original message m.

In general, the so-called m should not be the complete message required for delivery, but a summary of the complete information. This involves a MD5 numeric digest algorithm. MD5 Digital Digest is the most popular one of the current Digital Digest algorithm, through a certain operation, the unequal length of data encryption into a fixed-length value, the value is the summary of this information. The summary of digital information, coupled with the public key system, forms a complete digital signature system.

MD5 (full name: Message digest algorithm 5) algorithm was proposed by the MIT Computer Science Laboratory in the 90 's, which was designated by the Internet e-mail Secrecy Protocol (PEM) as a message compression algorithm Digest agorithm), which is used for secure compression (secure hashing) of a message before it is digitally signed. The algorithm can compress messages of any length to 128 bits and then digitally sign them. In the first few years, MD5 was considered safe because there was no viable way to calculate two messages with the same compression value in a valid time, or to calculate a message with a given compression value in a valid time period.

A typical application of MD5 is to produce a fingerprint (fingerprint) of a message (string) to prevent "tampering". To give an example, You write a paragraph in a file called Readme.txt, and create a MD5 value for the Readme.txt and record it, and then you can spread the file to someone else, and if someone modifies anything in the file, you'll see that it has been modified when you recalculate the MD5 value of the file. If there is a third-party certification body, with MD5 can also prevent the file author's "Repudiation", which is called Digital signature application.

The important thing in this process is that the sender's signature prevents impersonation and denial! This is because the CL created in the first step is a signed message encoded with the sender's private key. Any third party, if he does not know the sender's private key, it is impossible for him to forge a message that the sender claims to send. If he uses another key, it will not work at the end of the decryption phase. Likewise, the sender cannot deny that he sent the message m after the event. Because, if a message succeeds in using the sender's public key to translate the solution, the original must be encoded with the sender's private key. Many public key algorithms can be used for digital signatures. The most widely used algorithm is the United States National Technical Standards Agency (NlsT) introduced in 1991 the Digital Signature Algorithm DSA (digitally signature algorithm).

Source: http://jeanscheng.blog.163.com/blog/static/112534011200941210341483/

Why you need to generate a digital digest when generating RSA digital signatures and verifying RSA digital signatures. Because the Digital digest is MD5. ^_^