Recently in Research cryptography cryptography, signature aspects of things. After a few days of learning to some basic knowledge of the finishing
PKI:PKI is the acronym for Public Key Infrastructure, which translates to the PKI, which is the infrastructure that supports shared key management and supports authentication, encryption, integrity, and accountability services in the X509 standard.
CA:CA is the initials of Certificate Authority, translated by means: certification authority, its main role is responsible for the issuance of the management of digital certificates authoritative third-party institutions. The CA confirms the public key information of the other person through the certificate, and the certificate has the CA's signature. A certificate can be used as a valid evidence to hold a CA liable for a loss due to a certificate of trust. It is also known as a trusted third party because the CA is willing to give a commitment to take responsibility.
Digital certificate is divided into encryption certificate, signing certificate, what is the difference why should be set to two instead of one? The fundamental difference is that the signature key pair is used for data integrity detection, to ensure anti-forgery and anti-repudiation, the loss of the signature private key, and will not affect the verification of the previous signature data, therefore, the signature private key does not need to be backed up, therefore, the signature key is not required and should not need to be managed by the holder Encryption key pair is used to encrypt the data, if the encryption private key is lost, it will cause the previous encrypted data cannot be decrypted, which is unacceptable in the actual application, the encrypted private key should be backed up by a trusted third party (commonly referred to as the CA) to ensure the availability of encrypted data, so the encryption key pair can be generated by a third party , and back up. Because of the difference between the use and management of the signature key and the encryption key, it determines the rationality and inevitability of using the double certificate. "
The process of digital signature: "When sending a message, the sender uses a hash function to generate a message digest from the message text and then encrypts the digest with its own private key, which is sent to the receiver as a digital signature of the message and the message. The receiver first calculates the message digest from the original message received with the same hash function as the sender, and then decrypts the appended digital signature with the sender's public key, and if the two digests are the same, then the receiver can confirm that the digital signature is the sender.
Digital signature has two functions: one is to determine that the message is actually sent by the sender's signature, because others can not impersonate the sender's signature. Second, the digital signature can determine the integrity of the message. Because the digital signature is characterized by the characteristics of the file, if the file changes, the value of the numeric digest will also change. Different files will get different numeric summaries. A digital signature involves a hash function, the sender's public key, and the sender's private key. ”
Digital encryption: The sender uses the receiver's public key for data encryption, then transmits a receiver, and the receiver uses his own private key to reveal the data. Because the private key only has his own, so that the confidentiality of the data, because others are eavesdropping on encrypted data, can not be decrypted.
The basic knowledge of cryptography is organized