Digital signature of public key private key encryption and decryption digital certificate

From http://codefine.co/1455.html

Start by defining several basic concepts:

1, the key pair, in the asymmetric encryption technology, there are two keys, divided into the private key and the public key, the private key is the owner of the key holder, not public, the public key is the key to the bearer of the announcement to others.

2, public key, the public key is used to encrypt data, the public key encrypted data can only use the private key decryption.

3, the private key, as above, is used to decrypt the public key encrypted data.

4, summary, the need to transfer the text, do a hash calculation, generally using SHA1,SHA2 to obtain.

5, signature, the use of the private key to the text needs to be transmitted to encrypt the digest, the resulting ciphertext is known as the signature of the transmission process.

6, signature verification, data receiving end, get the transmission of text, but need to confirm whether the text is sent out of the content, whether the midway has been tampered with. So take the public key that you hold to decrypt the signature (one key in the key pair encrypts the data must be decrypted with another key.) ), get a summary of the text, and then use the same hash algorithm as the sender to calculate the digest value, and then compare with the decrypted summary, found that the two are exactly the same, the text has not been tampered with.

In fact, the two concepts of encryption, decryption and digital signature are introduced, and the process of implementation is exactly the opposite.

In the process of signing, it is very important that the party receiving the data need to keep the public key, but to know that each sender has a public key, then the person receiving the data need to save a lot of public key, which is not managed at all. And the local saved public key may be tampered with and replaced, can not be found. How to solve this problem? A unified Certificate Authority manages all public keys that need to be sent to the data party, authenticating and encrypting the public key. This body is what we often call a CA. Authentication of the encrypted public key, that is, the certificate, also known as the CA certificate, the certificate contains a lot of information, the most important is the requester's public key.

When the CA authority encrypts the public key, it uses a unified key pair, and the private key is used when encrypting the public key. In this way, after the applicant has received the certificate, when sending the data, with their own private key to generate a signature, the signature, the certificate and send the content to each other, the other side to obtain the certificate, the certificate needs to be decrypted to get to the certificate of the public key, decryption needs to use the CA agency "unified key pair" public key Often say the CA root certificate, we usually need to go to the certification authority to download and install to the corresponding client receiving data, such as the browser above. This public key needs to be installed only once. With this public key, you can decrypt the certificate, get the sender's public key, and then decrypt the sender's signature, get the summary, recalculate the summary, and compare it to verify the integrity of the data content.

Here the pure text, it is boring, can be combined with the above mentioned article link in the picture to understand together, these text to the picture understanding should have some help. HTTPS is a comprehensive use of cryptographic decryption and digital signature instances, understand the above concepts and procedures, combined with the key pair exchange process is not difficult to understand HTTPS.

Digital signature of public key private key encryption and decryption digital certificate