9.5.3 Digital Signature principledigital signatures are a way to ensure data integrity and originality. A digital signature can provide strong evidence that the data has not changed since the data was signed, and that it can confirm the identity of the person or entity that signed the data. Digital signature realizes the important security functions of "completeness" and "nonrepudiation", which is the basic requirement of implementing secure e-commerce. digital signatures are typically used when data is distributed in plaintext or unencrypted form. In this case, because the sensitivity of the message itself cannot guarantee encryption, it is important to ensure that the data remains in its original format and is not sent by the impostor. Because in a distributed computing environment, clear text can be easily read or altered by anyone with the right access to the network, whether or not authorized. digital signatures are primarily intended to prove the identity of the sender, just as we see a signature of a file. But the signature to be said now is to take electronic digital signatures in a way. This signature also prevents others from copying, because the encrypted signature becomes unrecognizable and no one else can see the real signature. In the 9th. 5.2 section describes the use of file encryption in file transfer and mail to prevent illegal users to open the principle, in fact, only the use of file encryption is not enough to ensure the true security of mail transmission, because the message content may also be replaced by illegal users, although these illegal users can not view the original message in the real content. This involves how to make sure that the email you receive is a problem for the user you want, and you need to use digital signature technology. However, in the case of mail transmission, it is often not the case that you use file encryption or digital signatures alone, but together, they work together for a very good security protection. The following is still the example of the 9th. 5.2 Example, the difference is only in this message sent by the use of file encryption and digital signature, the implementation of double protection. The following steps are described. N Alice and Bob interchange the public key. NAlice Digitally signs the txt file with her private key. NAlice encrypts the TXT file with Bob's public key. NAlice passes the digitally signed and encrypted file txt to Bob via email or other transmission channels, such as QQ, MSN, etc. NBob decrypts the file encrypted with Bob's own private key after receiving the signed and encrypted message, and then decrypts the digital signature with Alice's public key. Similarly, in this process Cinda can also get Bob, Alice's public key and signed and encrypted bid file TXT. Unable to open the message due to the absence of Bob's private key. And since Alice has digitally signed the file with her private key before sending it, Bob will be able to confirm that he received the message from Alice after receiving the message, and that it cannot be another user. Imagine if a cinda illegal user wants to change the message, posing as Alice to Bob, because Cinda does not have Alice's private key, it is impossible to digitally sign with another user's private key to decrypt the digital signature with Alice's public key.
|
Here to pay attention to file encryption and digital signature sequence, must be signed and then encrypted, so encryption technology can also guarantee the digital signature in the message. If the first encryption, and then signed, illegal users can obtain the message after the public key to crack the digital signature, because the public key can be public, it is easy to be a few people with ulterior motives to get. The signature is likely to be replaced after the digital signature is cracked. Of course, the contents of the message cannot be opened without the recipient's private key. |
The above describes the use of public and private keys for file encryption and digital signature principle, in fact, in practical applications, these public and private key users are not specifically concerned about their composition, but by the certification authority or software generated by themselves. Take the public key, so long code, looks afraid, and as the key location increases, the code length increases, of course, the crack will increase the difficulty, the more secure. But to some extent, there are some effects on usage.
The principle of digital signature
