Digital Signature
When sending a message, the sender generates a Digest from the message text using a hash function, and then encrypts the digest with its own private key, the encrypted digest is sent to the receiver as the digital signature of the message and the message. The receiver first calculates the digest of the message from the received original message using the hash function similar to that of the sender, then, the sender's public key is used to decrypt the digital signature appended to the message. If the two summaries are the same, the receiver can confirm that the digital signature is sent by the sender.
1: The sender generates a message using hash to generate a digest
2: The sender uses its own private key to encrypt digest and generate signature
3: The sender sends the message and signature together to the receiver.
3: The receiver decrypts signature with the public key of the sender to generate a digest
4: The receiver generates the message by using hash,
5: compare two digest entries. If they are the same, the message has not been tampered.
However, the correctness of Public Key + private key cannot be proved.
Digital Certificate
Verify the correctness of the public key in Signature
A digital certificate is a file digitally signed by the certificate authorization center that contains information about the public key owner and the public key. The simplest certificate contains a public key, name, and digital signature of the certificate authorization center.
1: Signature of ca -- use the public key of CA to decrypt
2: Public Key of the certificate owner
3: identity information of the certificate owner
Application Example-send to a specific recipient if Alice sends digital information to Bob now, in order to ensure the confidentiality, authenticity, integrity and non-repudiation of the information transmitted, you need to encrypt and sign the transmitted information. The transfer process is as follows: 1. alice prepares the digital information to be transmitted (plaintext); 2. alice performs a hash operation on the numeric information to obtain an information digest. 3. alice uses her own private key to encrypt the abstract to obtain Alice's digital signature and attach it to the digital information. 4. alice randomly generates an encryption key and encrypts the information to be sent with the next password to form the ciphertext. alice encrypted the randomly generated encryption key with Bob's public key, and sent the encrypted des key together with the ciphertext to Bob; 6.bob receives the ciphertext and the encrypted des key sent by Alice. First, he decrypts the encrypted des key with his private key to obtain the des key; 7.bob then decrypts the received ciphertext with the des key to obtain the plaintext digital information, and then Des key discard; 8.bob decrypts Alice's digital signature with Alice's public key to obtain the information digest; 9.bob uses the same hash algorithm to re-hash the received plaintext, get a new Information abstract. 10.bob compares the received information Abstract With the newly generated information abstract. If they are consistent, the received information has not been modified.
Four steps
1: The sender sends the message in Signature mode.
The RSA asymmetric encryption algorithm in signature can only be used for small data volumes. Therefore, we also need the DES symmetric encryption algorithm to encrypt all messages.
2: Random generates a random number, which is used as the DES symmetric encryption password to encrypt message + signature.
The random number itself is encrypted with the public key of the receiver.
3: The receiver decrypts the random number with its own private key, and decrypts the random number with the DES algorithm to obtain message + signature.
4: Use the public address of the sender
Key to decrypt signature and verify the correctness of the message.
No one else can see any message.