Shulou(Shulou.com)06/01 Report--

Purpose of digital signature:

Integrity ensures that data is not tampered with during transmission

Authentication ensures that the data you receive is sent by the corresponding person.

Non-repudiation sender cannot deny signature data

Digital signature elements:

Original text

Abstract

Certificat

Hash algorithm:

Md2, md5 (128bit hash), national secret sm3 (256bit)

The main function is to hash the previously larger data into smaller values.

Hash, generally translated as "hash", is also transliterated as "hash", that is, the input of any length (also known as pre-mapping, pre-p_w_picpath) is transformed into a fixed-length output by hashing algorithm, which is the hash value.

This transformation is a compressed mapping, that is, the space of the hash value is usually much smaller than that of the input, and different inputs may be hashed into the same output. it is not possible to uniquely determine the input value from the hash value (the original text cannot be inferred from the hash value).

Signed packet:

Attached version, hash algorithm, original text, abstract, certificate, CRL

Detached version, hash algorithm, abstract, certificate (the original information is not included in detached, which needs to be sent to the verifying party by other means)

Raw naked signature summary (the original text and certificate information are not included in the naked signature)

Signature verification process:

1. First of all, the client uses the hash algorithm to hash the original data

two。 Then encrypt the hash value using your own private key

The 3.client side sends the certificate, original text, and hash value to the server side.

4.server uses the public key in the certificate to decrypt the encrypted data and get the hash value.

5. Then use the same hash algorithm to hash the original text and compare whether the two hash values are the same.

The purpose of digital envelopes:

Confidentiality ensures that the original text cannot be deciphered after encryption

It solves the disadvantage of using symmetric algorithm or asymmetric algorithm alone.

Digital Envelope process:

A first encrypts the original information with a set of one-time symmetric key-session key (Session Key) randomly generated by the computer to form the ciphertext, then encrypts the session key with the public key of B, and sends the encrypted session key to B together with the ciphertext. After receiving the ciphertext and the encrypted session ciphertext, B first decrypts the encrypted session key with his own private key to obtain the session key, then decrypts the ciphertext with the session key and finally obtains the original text of the information.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.