Java digital signatures and digital certificates

Source: Internet
Author: User
Tags decrypt

Digital signatures

Role: Verifies that the jar package is published by the public key publisher and has not been tampered with.

Process:

1, the author uses hash algorithm to generate hash (fingerprint) for Jar package;

2, the author encrypts the hash with the private key,

3, publish the jar package together with the signed hash.

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M02/91/DD/wKioL1j4w9PDBUIPAALs0dbPd9c204.png "style=" float : none; "title=" screenshot from 2017-04-20 22-20-25.png "alt=" Wkiol1j4w9pdbuipaals0dbpd9c204.png "/>


4, the user uses the public key published by the author to decrypt the hash and get the fingerprint of the jar package;

5, the user uses the hash algorithm to generate fingerprints on the jar;

6, compare two fingerprints are consistent.

650) this.width=650; "src=" Https://s2.51cto.com/wyfs02/M01/91/DE/wKiom1j4xVyCHOAGAAK8vHsVd_8195.png "title=" Screenshot from 2017-04-20 22-20-44.png "alt=" Wkiom1j4xvychoagaak8vhsvd_8195.png "/>

Digital certificate: A product of an authoritative authority that uses its own private key to sign the public key of the user who is requesting authentication.

Role: Verify that the publisher of the public key that the user obtains is trustworthy

Process:

1, the applicant carries the material to the certification body to apply for a digital certificate (that is, the certification body to sign its public key);

2, the Certification Body audit, after the approval, the use of the private key to the applicant's public key signature, the applicant obtains the digital certificate;

3, the applicant issued jar and digital certificate;

4, users download jar and digital certificate;

5, the user uses the public key of the authentication authority to decrypt the digital certificate, and obtains the fingerprint of public key publisher's public key;

6, hashing the public key using hash algorithm to generate fingerprint;

7, compared with the public key two fingerprint is consistent, if consistent, the use of digital certificate has not been tampered with, that is, the certification authority signed the public key, indicating that the public key is reliable.

Java digital signatures and digital certificates

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.