Shulou(Shulou.com)06/01 Report--

Digital signature

Note that here we do not encrypt the data directly with the signature algorithm, but hash the data first. This is done for efficiency.

Digital signatures can achieve the following functions:

Message authentication (Message Authenctication)

Data integrity (Data Integrity)

Non-repudiation (Non-repudiation)

Digital signature has the security elements of privacy, authentication, integrity and non-repudiation.

Here is a further security topic, that is, I also want to ensure the privacy of the information. So we want to encrypt the data, too.

There must be two pairs of public/private keys throughout the process. One pair is used for encryption and one pair is used for signature.

The private key of the pair used for encryption is in the hands of the recipient, because as long as the receiver publishes his public key, anyone who wants to communicate with him secretly can use this public key to receive the communication.

It is easy to understand that the private key of the pair used to sign is in the hands of the sender.

With these two pairs of keys, we have to examine another question, that is, encrypting and then signing first or signing first in encryption.

We generally do not sign and then encrypt, because if we accept it in this way, we can pass the information on to a third party by impersonating the sender. After receiving the information, the method is to unlock the information with your own private key, get the signed data, and then encrypt the information with the public key given by the third party and send it to the third party.

So we use encryption before signing.

two。 Certificat

Based on the description of the public key and certificate above, we can go further. My public key is to be released, in order to avoid the abuse of public key, we have to have a mechanism to manage it. This is the PKI (Public key Infrastruct) that I want to talk about. The components of PKI are:

Certificate Public Key Certificate, commonly referred to as' digital certificate'.

Private key token Private Key tokens.

Certificate authorization Certification Authority.

Register and authorize Registration Authority.

Certificate management system Certificate Management System.

The important concept here is the certificate, which is actually the X.509 certificate, which is issued by CA, and CA will sign the entire information. The public key given to the user is stored in the certificate. In addition to the public key, there is also certificate customer information, expired information, publisher and use.

The following is the certificate issuance process.

CA is the certification authority

CA has a hierarchical structure, the certificate of the root CA is self-signed, and the subordinate certificate is signed by the superior.

RA institutions that validate certificate applicants

Private Key Tokens private key tokens prevent private keys from being stolen, and have security guarantees even if the stored machine is hacked.

3. New cryptographic technology

Elliptic Curve Cryptography

Quantum computation

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.