Introduction to the principle of digital signature (with digital certificate)

The first thing to know is what is called symmetric and asymmetric encryption, which is the message digest knowledge.

1. Asymmetric encryption

On both sides of the communication, if asymmetric encryption is used, this principle is generally adhered to: public key cryptography, private key decryption. At the same time, a key is usually encrypted, and the other key can be decrypted.

Because the public key is public, if it is used to decrypt it, it is easy to decrypt the message by an unnecessary person. Therefore, the private key can also be considered as proof of personal identity.

If the two sides of the communication need to cross-send messages, then should establish two sets of asymmetric encryption mechanism (that is, two pairs of public key key pair), the sender of the message with the other side of the public key to encrypt, the party receiving the message with its own private key decryption.

2. Message Digest

Message digests can convert a message hash to a string of a fixed-length value that is unique. A value that is unique means that the digest of a different message conversion is different, and that it is guaranteed to be unique. the process is irreversible , that is, the text cannot be reversed by a digest (it seems that SHA1 can already be cracked, SHA2 has not.) Generally think that can not be cracked, or crack need to spend too much time, cost-effective low).

With this feature, you can verify the integrity of the message.

Message digests are typically used in digital signatures, which are described in the following directions.

Once you know the basics, you can look at digital signatures and digital certificates.

3. Digital signature

Suppose there is now a communication between A and B, which uses two sets of asymmetric encryption mechanisms between the two.

Now a sends a message to B.

Then, if in the sending process, someone modified the inside ciphertext message, B to get the ciphertext, decrypted after the plaintext, not sent by a, the information is not correct.

To resolve two questions: 1. A's identity authentication 2. A the message integrity sent is then used to the basic knowledge mentioned above.

The process of digital signature is as follows:

Simple explanation:

A: The digest operation will be summarized after the digest (message Integrity), and then the digest with a private key encryption (identity authentication), to obtain a digital signature, cipher and digital signature piece to B.

B: After receiving a message, the ciphertext is decrypted with its own private key, and the plaintext is obtained. After the digital signature is decrypted with the public key of a, the correct digest is obtained (decryption success indicates that A is authenticated).

Summary operation of the plaintext, get the actual received summary, the two summaries are compared, if consistent, the message is not tampered with (message integrity).

Questions:

Abstract using A's private key encryption, if the public key owned by a third party interception, can not get to digest it? Will pose a threat to security.

No. Because the abstract is irreversible introduction of the original text.

4. Digital certificates

After understanding the digital signature, the digital certificate is well understood.

Because the network communication on both sides may not know each other, then need a third party to introduce, this is the digital certificate.

Digital certificates are issued by Certificate Authority (CA Certification center).

The specific description of the digital certificate, need Baidu, not fully understood at present. Remember a todo.

The illustrations are as follows:

First of all a B mutual trust each other certificate. Todo

The communication can then be made, similar to the digital signature above. The difference is that symmetric encryption is used. This is because asymmetric encryption is consuming much more time than symmetric encryption during decryption. If the ciphertext is very long, then the efficiency is relatively low. But the key is generally not very long, the encryption of the symmetric encryption key can improve efficiency.

Introduction to the principle of digital signature (with digital certificate)