Bob has a public and private key.
Bob's public key is public and can be obtained by anyone. But only Bob has his own private key. Both the public key and the private key can be used to encrypt the information separately, and the encrypted information can be decrypted with the other key accordingly.
For example, when Susan encrypts information with Bob's public key, she sends it to Bob. Bob gets the message, decrypts it with his private key, and obtains Susan's information. Other people, even if they get the information, cannot know the content of the information because there is no private key to Bob.
In another case, if Bob replies to Susan, a digital signature can be generated with the private key, which is placed at the end of the message. The purpose is to identify the information when it is modified.
When doing a data signature, Bob calculates the information with a hash and generates a summary of the information. Hash calculation is irreversible, that is, the information can not get the original information digest.
Bob then encrypts the information digest with the private key and generates a digital signature.
Finally Bob puts the digital signature at the end of the message. Send both the information and the signature to Susan.
After Susan receives the message and the signature, the digital signature is decrypted with the public key to get the message digest. The hash is used to calculate the information to get another message digest. If the two summaries are the same, the information has not been modified.
The complex situation has arisen.
Doug tried to trick Susan into replacing Bob's public key with her own public key, so Doug could impersonate Bob to communicate with Susan.
How do you make sure Bob's public key can't be disguised? A digital certificate appears.
Bob finds a recognized digital certificate authority that authenticates his public key. The certification authority, with its own private key, encrypts Bob's public key, Bob's information, and the certificate information, generating a digital certificate.
After Bob gets the digital certificate, he can replace the previous digital signature with a digital certificate.
After Susan receives Bob's information, it uses the public key of the digital certificate authority to decrypt the digital certificate, so that Bob can get the real public key.
Reference
- What is a Digital Signature? An introduction to Digital Signatures, by David Youd
- What is a digital signature?
- Cryptography Notes
- Public keys are used to encrypt information, private keys are used for digital signatures
What is a Digital Signature?