What is a Digital Signature? (What is a digital signature?) )

2012-07-14 WCDJ

The concept of digital signature is easy to understand, and the details are discussed in detail in the commentary.

English Original: http://www.youdzone.com/signature.html (by David Youd)

Chinese version: http://www.ruanyifeng.com/blog/2011/08/what_is_a_digital_signature.html (by Nanyi)

-------------------------------------------------------------------------------------------------------

What is a Digital Signature? An introduction to Digital signatures by David Youd

1.

Bob has two keys, one is the public key, the other is the private key.

2.

Bob gave his public key to his friends----patty, Doug, Susan----each one.

3.

Susan is going to write a confidential letter to Bob. When she finished, she used Bob's public key to encrypt it, and it was a secret effect.

4.

When Bob received the letter and decrypted it with his private key, he saw the contents of the letter. The point here is that, as long as Bob's private key does not leak, this letter is safe, even if it falls in the hands of others, can not decrypt.

5.

Bob wrote back to Susan and decided to use a "digital signature". When he finished writing, he used the hash function to generate a summary of the letter (Digest).

6.

Bob then uses the private key to encrypt the digest, generating a "digital signature" (signature).

7.

Bob attached the signature to the letter and sent it to Susan.

8.

After receiving the letter, Susan took off her digital signature and decrypted it with Bob's public key to get a summary of the letter. It turns out that the letter was actually from Bob.

9.

Susan then uses the hash function on the letter itself, comparing the resulting result with the summary obtained from the previous step. If the two are consistent, the letter has not been modified.

10.

A complex situation arose. Doug tried to cheat Susan by secretly using Susan's computer and swapping out Bob's public key with his public key. At this point, Susan actually owned Doug's public key, but thought it was Bob's public key. So Doug could impersonate Bob and use his private key as a "digital signature", write to Susan and let Susan decrypt it with a fake Bob's public key.

11.

Later, Susan felt wrong and found herself unable to determine whether the public key really belonged to Bob. She thought of a way to ask Bob to find "Certificate Center" (certificate Authority, CA) for public key authentication. The certificate center uses its own private key to encrypt the bob's public key and some related information, generating a "digital certificate" (Digital certificate).

12.

Bob will be relieved when he gets his digital certificate. Later write to Susan, as long as the signature of the same time, and then attach a digital certificate on the line.

13.

Susan received the letter, using the CA's public key to unlock the digital certificate, you can get the real public key bob, and then can prove that "digital signature" is really Bob signed.

14.

Next, let's look at an instance of applying a digital certificate: HTTPS protocol. This protocol is primarily used for Web page encryption.

15.

First, the client sends an encryption request to the server.

16.

The server encrypts the Web page with its own private key and sends it to the client along with its own digital certificate.

17.

The client (browser) certificate Manager, which has a list of trusted root certification authorities. Depending on this list, the client will see if the public key that unlocks the digital certificate is within the list.

18.

If a digital certificate records a URL that is inconsistent with the URL you are browsing, it means that the certificate may be used and the browser will issue a warning.

19.

If this digital certificate is not issued by a trusted organization, the browser emits another warning.

20.

If the digital certificate is reliable, the client can use the server's public key in the certificate, encrypt the information, and then exchange encrypted information with the server.

Finish