Public key, private key, digital signature, digital certificate detailed _ public key



Original (English): http://www.youdzone.com/signature.html

This article (Chinese, translated) is reproduced in: http://www.ruanyifeng.com/blog/2011/08/what_is_a_digital_signature.html

1.

Bob has two keys, one is the public key, the other is the private key.

2.

Bob gave his public key to his friends----patty, Doug, Susan----each one.

3.

Susan is going to write a confidential letter to Bob. When she finished, she used Bob's public key to encrypt it, and it was a secret effect.

4.

When Bob received the letter and decrypted it with his private key, he saw the contents of the letter. The point here is that, as long as Bob's private key does not leak, this letter is safe, even if it falls in the hands of others, can not decrypt.

5.

Bob wrote back to Susan and decided to use a "digital signature". When he finished writing, he used the hash function to generate a summary of the letter (Digest).

6.

Bob then uses the private key to encrypt the digest, generating a "digital signature" (signature).

7.

Bob attached the signature to the letter and sent it to Susan.

8.

After receiving the letter, Susan took off her digital signature and decrypted it with Bob's public key to get a summary of the letter. It turns out that the letter was actually from Bob.

9.

Susan then uses the hash function on the letter itself, comparing the resulting result with the summary obtained from the previous step. If the two are consistent, the letter has not been modified.

10.

A complex situation arose. Doug tried to cheat Susan by secretly using Susan's computer and swapping out Bob's public key with his public key. At this point, Susan actually owned Doug's public key, but thought it was Bob's public key. So Doug could impersonate Bob and use his private key as a "digital signature", write to Susan and let Susan decrypt it with a fake Bob's public key.

11.

Later, Susan felt wrong and found herself unable to determine whether the public key really belonged to Bob. She thought of a way to ask Bob to find "Certificate Center" (certificate Authority, CA) for public key authentication. The certificate center uses its own private key to encrypt the bob's public key and some related information, generating a "digital certificate" (Digital certificate).

12.

Bob will be relieved when he gets his digital certificate. Later write to Susan, as long as the signature of the same time, and then attach a digital certificate on the line.

13.

Susan received the letter, using the CA's public key to unlock the digital certificate, you can get the real public key bob, and then can prove that "digital signature" is really Bob signed.

If you feel a little confused after reading, you can look at the next personal summary. http://blog.csdn.net/sum_rain/article/details/36897095