Public Key digital signature algorithm Signature Based on PKI)
DSADigital Signature Algorithm, Digital Signature Algorithm, used as part of the Digital Signature standard), it is another public key Algorithm, it cannot be usedEncryption, Used only as a digital signature. DSA uses a public key to verify the data integrity and identity of the Data sender for the receiver. It can also be used by a third party to determine the authenticity of the signature and signed data. The security of the DSA algorithm is based on the difficulty of solving discrete logarithm. Such signature standards have great compatibility and applicability and become one of the basic components of the network security system.
The following parameters are used in the DSA Signature Algorithm:
1. p is the prime number of L-bit length, where L ranges from 512 to 1024 and is a multiple of 64.
2. q is a factor with a length of 160 bits and is also a factor that interacts P-1.
3. Where h is an arbitrary number smaller than 1 and greater than 1.
4. x is the number smaller than q.
In addition, the algorithm uses a one-way hash function Hm ). SHA ). The three parameters p, q, and g are public and can be public to all users in the network. The private key is x, and the Public Key is y.
When signing a message m:
1) The sender generates a random number k less than q.
2) sender generation: r and s are the sender's signatures, and the sender sends them to the receiver.
3) The signature is verified by the recipient through calculation: If v = r, the signature is valid.
DSA Signature:
Public Key:
Prime Number of p 512 to 1024 bits, q 160 bits long, and a factor that is used to interol P-1 level. h is an arbitrary number smaller than P-1 and must be greater than 1.
Private Key: x less than q
Signature: k selects a random number less than q
Verification: If v = r, the signature is verified.
Digital Signature and digital envelope Based on PKI
Public KeyPasswordIn practice, the system includes two methods: Digital Signature and digital envelope.
Digital signature refers to the data obtained by encrypting the hash digest of raw data with your own private key. The information recipient decrypts the digital signature attached to the original information using the public key of the Information sender to obtain the hash digest, and compares it with the hash digest generated by the original data, you can check whether the original information is tampered. This ensures the non-repudiation of data transmission.
Hash algorithms are a type of Hash functions that meet special requirements. These special requirements are:
1. The received input message data has no length limit;
2. Generate a fixed-length Digest ("digital fingerprint") Output for any input message data;
3. The summary can be conveniently calculated by the message;
4. It is difficult to generate a message for a specified digest, and the specified Digest can be obtained from the message;
5. It is difficult to generate two different packets with the same digest.
The numeric envelope function is similar to a common envelope. Under legal restrictions, a normal envelope ensures that only the recipient can read the content of the letter. A digital envelope uses the password technology to ensure that only the specified recipient can read the content of the information. The single-key and Public-Key Cryptographic systems are used in the digital envelope. The information sender first encrypts the information using a random symmetric password, and then uses the receiver's public key to encrypt the symmetric password. The symmetric password encrypted by the Public Key is called a digital envelope. When transmitting information, the information receiver must first use its own private key to decrypt the digital envelope and obtain a symmetric password to decrypt the information. This ensures the authenticity and integrity of data transmission.
- PKI Basic Content 1)
- PKI basic content 2)
- Introduction to PKI 4)
- Introduction to PKI 5)
- Introduction to PKI 6)