Introduction to PKI (4)

Digital Certificate Based on PKI

Digital Certificates are the identity certificates for various entities (cardholders/individuals, merchants/enterprises, gateways/banks) to exchange information and conduct business activities online, all parties to the transaction need to verify the validity of the certificate of the other party, so as to solve the mutual trust problem. A certificate is a digital signature provided by the certificate authority.KeyThe owner information and the files that make public the key.

From the perspective of the purpose of the certificate, digital certificates can be divided into signature certificates andEncryptionCertificate. The signature certificate is mainly used to sign user information to ensure the non-repudiation of information. The encrypted certificate is mainly used to encrypt the information transmitted by users to ensure the authenticity and integrity of information.

To put it simply, a digital certificate is a piece of data that contains the user identity information, the user's public key information, and the digital signature of the identity authentication organization. The digital signature of the authentication organization can ensure the authenticity of the certificate information. The certificate format and content follow the X.509 standard.

Application of digital certificates based on PKI

In order to ensure the authenticity, integrity and non-repudiation of the information transmitted, it is necessary to encrypt and sign the information to be transmitted, the transfer process is as follows:

1) Prepare the plaintext of the digital information to be transmitted ).

(2) Perform hash operation on the number information to obtain an information digest.

3) A uses its own private key SK to encrypt the information digest to obtain the digital signature of a and attach it to the digital information.

4) A randomly generates an encryption keyDESAnd use this key to encrypt the information to be sent to form a ciphertext.

(5) Party A uses Party B's public key PK to encrypt the randomly generated encryption key and transmit the encrypted DES key together with the ciphertext to Party B.

6) Party B decrypts the encrypted DES key after receiving the ciphertext and encrypted DES key from Party A and uses its own private key SK to obtain the DES key.

7) Party B then decrypts the received ciphertext with the DES key to obtain the plaintext digital information, and then discards the DES key (that is, the DES key is voided ).

(8) Party B uses the Public Key PK of Party A to decrypt the digital signature of Party A and obtain the information abstract.

9) B uses the same hash algorithm to re-hash the received plaintext to obtain a new information digest.

10) B compares the received information Abstract With the newly generated information abstract. If they are consistent, it indicates that the received information has not been modified.

1. PKI Basic Content 1)
2. PKI basic content 2)
3. Introduction to PKI 3)
4. Introduction to PKI 5)
5. Introduction to PKI 6)