Digital Signature
Reference Wiki entry: http://en.wikipedia.org/wiki/Digital_signature
Purpose of Digital Signature
:
A valid digital signature can be used to verify that a digital information (File) is created by a specific sender and is not modified during transmission.
It is often used in software distribution, financial transactions, e-government, and other fields that require information forgery and tampering detection.
Digital signature and electronic signature: digital signature is an implementation method of electronic signature. The meaning of electronic signatures is more extensive. Electronic signatures are legally binding in the United States and EU Member States. China has also introduced the Electronic Signature Law of the People's Republic of China
Therefore, files containing digital signatures are legally valid.
Digital Signature implementation method: asymmetric encryption. Asypolicric Cryptography
The RSA algorithm is commonly used. The digital signature is based on three algorithms:
- The algorithm used to generate a pair of private keys and public keys.
- Signature signing algorithm: generates a Digital Signature Based on the information (File) and private key to be signed.
- Signature Verification Algorithm: provides information, signature, and public key to determine whether the signature is trusted.
There is an RSA library in Haskell, and the corresponding function is: codec. crypto. RSA
Generatekeypair
: Randomgen
G => G-> int
-> (Publickey
,
Privatekey
,
G)
Sign : Privatekey -> Bytestring -> Bytestring |
|
Verify : Publickey -> Bytestring -> Bytestring -> Bool |
However, in actual use, direct use of asymmetric encryption algorithms is slow. Therefore, you can use MD5 or SHA-1 to obtain the signature and then perform encryption and decryption on the file signature. These algorithms have two important features: 1. A signature generated with a specific private key must be verified by the corresponding public key. (This is understandable) 2. It is not feasible to generate a valid digital signature for a person or organization that does not have a specific private key. (To put it bluntly, there is no private key to forge a signature)
Digital Certificate
A digital certificate is issued by an authority. It contains the public key, the name of the certificate holder, and the digital signature file of the Certificate Authority. A digital certificate is issued by a third party, which also has its own digital certificate, known as the "root certificate ".
Example of a digital certificate:
Application of digital signatures in the security field:
A file with a valid digital certificate can generally be trusted as a secure file. For example, how can I determine that a software downloaded from the Internet is not a Trojan? Looking at the digital signature, if it contains the digital signature of a well-known company, it is generally considered safe. (Unless the company doesn't want to mix up, it intentionally adds malicious code or the private key is stolen, but this situation is too rare)
But are all Digitally Signed files normal and secure? Not necessarily. Some Trojans carry digital signatures! Although the signature is difficult to forge, it is not difficult to apply for a digital signature.
Anti-fake and shoddy digital certificates.