Shulou(Shulou.com)06/01 Report--

Digital signature refers to the data obtained by the sender after encrypting the digital fingerprint with his own private key, including asymmetric key encryption and digital signature, which can be used to encrypt the data. it can also be used by the receiver to verify the legitimacy of the sender's identity. When using a digital signature, the receiver needs to use the sender's public key to unlock the digital signature to get the digital fingerprint.

Digital fingerprint, also known as information summary, refers to the data obtained by the sender after calculating the plaintext information through the HASH algorithm. When using digital fingerprint, the sender will send to the receiver the digital fingerprint generated by the local hash operation of the plaintext (but also through the digital signature), as well as the ciphertext generated after encrypting the plaintext with the peer public key. The receiver uses the same HASH algorithm to match the data fingerprint generated by the plaintext calculation and the received digital fingerprint. If it is consistent, it can be sure that the plaintext information has not been tampered with.

The encryption and decryption process of the digital signature is shown in figure 1-20. A should also obtain the public key of B in advance. The details are as follows (corresponding to the serial number in the figure):

Figure 1-20 schematic diagram of the encryption and decryption process of a digital signature

(1) A uses the public key of B to encrypt the plaintext to generate ciphertext information.

(2) A uses HASH algorithm to perform HASH operation on plaintext to generate digital fingerprint.

(3) A uses its own private key to encrypt the digital fingerprint to generate a digital signature.

(4) A sends the ciphertext message and the digital signature to B.

(5) B uses the public key of A to decrypt the digital signature and get the digital fingerprint.

(6) after receiving the encrypted message from A, B uses his private key to decrypt the ciphertext and get the initial plaintext.

(7) B uses the HASH algorithm to HASH the restored plaintext using the same HASH algorithm as A to generate digital fingerprints. Then B compares the generated digital fingerprint with the digital fingerprint obtained from A. if it is consistent, B accepts the plaintext; if it is inconsistent, B discards the plaintext.

From the encryption / decryption process of the above digital signature, we can see that the digital signature technology not only proves that the information has not been tampered with, but also proves the identity of the sender. Digital signature and digital envelope technology can also be used in combination. However, there is also a problem with digital signature technology, that is, obtaining the other party's public key may be tampered with and cannot be found.

Just imagine, if the * intercept the file of B sending the public key to An at the beginning, and then change B's public key by exchanging the civet cat for the prince, which may eventually cause A to get the public key of the * *, rather than B's.

The specific process is as follows: * the person intercepts the public key information sent by B to An and digitally signs the forged public key information with his own private key, and then sends it to A together with the forged public key information encrypted with A's public key (* the person has also learned of A's public key). After receiving the encrypted information, A can successfully decrypt the plaintext (forged B's public key information) by using its own private key, because the encryption of this information is carried out with A's public key, and it can also be verified that the plaintext has not been tampered with by HASH operation again. At this time, An always thinks that this information is sent by B, that is, he thinks that the forged public key information belongs to B. as a result, when A sends encrypted data to B using the fake B's public key, B must not be able to decrypt it. At this point, there is a need for a way to ensure that a particular public key belongs to a specific owner, and that is digital certificate technology. Because the user can be queried and verified by the certificate authority when he receives the public key digital certificate of another user.

[experience] many people can't tell the difference between asymmetric key encryption and digital signature, which is easy to understand. Asymmetric encryption uses the receiver's public key to encrypt the data, and after arriving at the other side, the ciphertext is also decrypted through the receiver's own private key and restored to plaintext. The whole data encryption and decryption process uses the receiver's key. On the contrary, the digital signature is signed through the sender's private key, and when the signed data arrives at the receiver, it is decrypted by the sender's public key in advance. The whole process of data signature and decryption uses the sender's key.

The above content is extracted from Huawei's official book, Huawei × × Learning Guide, which has just been listed. It is the key book of the country's 13th five-year Plan and the ICT training material officially designated by Huawei. Dangdang, JD.com and other bookstores can be officially purchased! The practical video course of this book will be released soon, please follow my course center: http://edu.51cto.com/lecturer/user_id-55153.html

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.