Firstly, it analyzes the basic requirements of information security transmission on the Internet, briefly introduces the basic concept, basic composition and operation mode of PKI, and especially points out that PKI technology can provide security services for information transmission. Then, a secure file transfer scheme based on PKI technology is proposed, which is mainly divided into two modules: identity authentication module and file security transfer module. Through the organic combination of these two modules, the requirements of secure file transmission can be well met, that is, the scheme realizes the requirements of identity authentication, confidentiality, integrity and non-repudiation of secure file transmission.

1) What is an electronic signature?

An electronic signature is not a digital image of a written signature. It is actually an electronic code, through which the recipient can easily verify the identity and signature of the sender on the Internet. It can also verify whether the original text of the file has changed during transmission.

At present, electronic signature can be realized by various technical means. After confirming the exact identity of the signer, electronic signature admits that people can sign electronic records in many different ways. These methods include: digital signature based on PKI public key cryptography; Identification mark based on biometrics; Identification of handprints, voiceprints or retinal scans; Password code, password or personal identification number; This enables the receiver to identify the sender; Computers based on quantum mechanics and so on. But it is mature, easy to use and operable. The electronic signature technology widely used in advanced countries and China is based on PKI (Public Key Infrastructure).

2) Digital signature technology based on PKI.

Electronic signature based on PKI (public key infrastructure) is called "digital signature". It is wrong for some people to call "electronic signature" "digital signature". Digital signature is just a concrete form of electronic signature. Although electronic signature has gained technical neutrality, it also brings inconvenience in use, and the law further stipulates electronic signature. For example, the above-mentioned UNCTAD Model Law on Electronic Signatures and the EU Framework Directive on Electronic Signatures stipulate "reliable electronic signatures" and "advanced electronic signatures". In fact, the function of digital signature is stipulated, which makes digital signature more applicable and operable. At present, the only practical electronic signature is public key cryptography. Therefore, the digital signature technology based on PKI has been widely used, mature and practical at home and abroad. As a public key infrastructure, PKI can provide many online services, such as identity authentication, data confidentiality, data integrity and non-repudiation. They all use digital signature technology.

The core executing agency of PKI is the electronic certification service provider, commonly known as CA(Certificate Authority), and the core element of PKI signature is the digital certificate issued by CA. The PKI services it provides are authentication, data integrity, data confidentiality and non-repudiation. The method is to encrypt/decrypt by using the certificate public key and its corresponding private key to generate the signature and verification signature of the digital message. Digital signature is the use of public key cryptography and other cryptographic algorithms to generate a series of symbols and codes, forming an electronic password for signature, rather than writing signatures and seals; This kind of electronic signature can also be technically verified, and its verification accuracy is incomparable with manual signature and seal. This signature method can be used for authentication in a large number of trusted PKI domains or cross-authentication in multiple trusted PKI domains, especially for security authentication and transmission on WAN.