PKI basic theory-2

Source: Internet
Author: User

 

Digital signatures operate in two distinct functions: signature construction and signature
Verification. Following are the steps in signature construction:

The digital signature has two distinct functions: Signature construction and signature verification: hash the message first, and then encrypt it with your own private key. Here there is no CIA or undeniable C.

Signature construction

1. A message is created by the sender.
2. A hash is taken of that message.
3. That hash is encrypted with the sender's private key.
4. The encrypted hash, the digital signature, is sent with the original message.

 

---------------------------------------------- Following are the steps in signature verification: signature verification

1. The encrypted hash is separated from the original message.

 

2. A hash is taken of the original message.
3. The encrypted hash is decrypted with the sender's private key.
4. The decrypted hash is compared with the hash of the original message.
5. If both hashes are the same, the signature, and consequently the sender's identity, is verified.

 

------------------------------------------------

In summary, a digital signature is the hash of a message, which is encrypted with the sender's private key. the signature must be verified to verify the sender's identity. this is done by the cipher er, who decrypts the signature with the sender's public key, makes a hash of the original message, and compares both hashes. if both are the same, the sender's identity is verified

Two images can be viewed through appeal: when a message is first hashed and then encrypted with the sender's private key, how can this digital signature be checked and the receiver decrypts the message with the sender's public key, obtain a hash value. The original message is hash by the receiver. At this time, two hash values are obtained to compare whether the two hash values are the same. If they are the same, the sender's identity will be confirmed. The question is, what is the message? Does the message mean you have no problem?

------------------------------------------------

Authentication occurs in Phase 1 of IKE; consequently, we focus on Phase 1. authentication takes place in the first Phase of IKE, So we focus on the first Phase of IKE and how the Authentication both peer occurs. The pre-share key is not discussed here.

Both sender and handler er have received a certificate from the same certification authority (CA). both the sender and handler er have a copy of the CA's public key.

When we build a PKI architecture, we usually install the CA digital certificate on the entity, then the CA certificate is actually the CA Public Key;

------------------------------------------------

At a high level, certificate authentication can involve verifying digital signatures. the digital signature of the IKE peer is verified. also, the digital signature of the CA is verified to ensure the certificate provided by the authenticator has truly been issued by the CA. for the peer to receive a certificate from the CA, the peer must first have a public private key pair (typically RSA ). this key pair is signed by the CA and used as part of the digital signature offered by the peer described later in this chapter.

At a high level, CA participates in digital signatures. The digital signature of the IKE peer is checked, that is, the digital signature of the CA is checked to ensure that the certificate is provided by the trusted CA. When an entity receives a certificate from a CA, it must use RSA to generate a key pair. This key pair is signed by the CA and is used as part of the digital signature provided by the entity. That is to say, the entity first generates a key pair (the key pair is generated based on the RSA of the asymmetric key algorithm), and then the entity submits the message to the CA, contains at least the entity's own key pair... Then the CA encrypts the message with its own private key to generate a digital signature.

In theoretical research, various roles have emerged: including CA, the top of the layer, digital certificate, digital signature, asymmetric key algorithm RSA, and their general functions. Of course it's not that clear...

 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.