Summarize it yourself, okay?

Digital signatures are established on the basis of public key encryption systems. The calculation method involved in the generation of digital signatures is the well-known hash function function, also known as "hash function function" ( Hash Function). A hash function is actually a mathematical calculation process. This calculation process is based on a numeric expression or compressed form (usually (called a "message digest" or "message identifier"). In the case of a secure hash function (sometimes called a one-way hash function), to obtain a known hash function It is actually impossible to deduce the original information from the results. Therefore, the hash function function allows the software to operate on a smaller and predictable amount of data to generate digital signatures, while maintaining a high degree of correlation with the original information content. , and effectively guarantees that the information has not been modified in any way after being digitally signed.

The so-called digital signature is a digital string that can only be generated by the sender of the information and cannot be forged by others. It is also a guarantee for the sender. A proof of the authenticity of the information sent by the signer. When signing a document or any other information, the signer must first accurately define the scope of the content to be signed. Then, the hash function function in the signer's software will calculate the uniqueness of the signed information. The hash function result value (for practical purposes). Finally, the hash function result value is converted into a digital signature using the signer's private password. The resulting digital signature is specific to the signed information and the private password used to create the digital signature. are all unique.

A digital signature (a digital signature of the hash function result of a message) is attached to the message and is stored and transmitted along with the message. However, as long as it can be maintained with the corresponding A reliable link between information, it can also be stored and transmitted as a separate unit of data. Because a digital signature is unique to the information it signs, it becomes useless if it permanently loses contact with the information. Meaning.

Signing on a written document is a means of confirming the document. Compared with traditional handwritten signatures, digital signatures have many characteristics.

First of all, the signatures in digital signatures are the same as The information is separate, and a method is needed to connect the signature and the information. In a traditional handwritten signature, the signature and the signed information are a whole;

Secondly, in terms of signature verification methods , digital signatures use a public method to verify the signature, and anyone can check it. The verification of traditional handwritten signatures is made by an experienced receiver by comparing it with a reserved signature sample. Judgmental;

Finally, in a digital signature, a copy of a valid signature is also a valid signature, while in a traditional handwritten signature, a copy of the signature is invalid.

Digital A signature can have two functions at the same time: confirming the source of the data, and ensuring that the data has not been modified or changed in the process of being sent. Therefore, in some aspects, the function of the data signature is more similar to the integrity detection value function. However, a major difference between the two is that digital signatures must be able to ensure the following characteristics, that is, the sender cannot deny the signature of the message afterwards. This is very important. Therefore, the recipient of the information can use the digital signature to To make a third party convinced of the identity of the signer and the fact that the message was sent. When the two parties dispute whether the message was sent or not and its content, the digital signature can become a strong evidence. Generally speaking, those who are more affected by the tampering of information It is the receiver. Therefore, it is better for the receiver to use a different digital signature from the information sender to show the difference. This is a function that the integrity detection value does not have. In this sense, confirming a digital signature, some It has the same meaning as confirming the source of a written document by identifying a handwritten signature.

Using a method that combines digital signature and encryption technology can effectively solve the problem of integrity during information transmission. Issues such as identity authentication and non-repudiation.

(1) Integrity. Because it provides a way to confirm

The technology and method of electronic document integrity can identify the document as an unaltered original.

(2) Verifiability. The source of the electronic document can be confirmed. Because the electronic document generated by the sender with the private key The signature can only be decrypted by the public key corresponding to the sender's private key, so the source of the document can be confirmed.

(3) Non-repudiation. Since only the sender has the private key, he cannot Deny that the electronic file was not sent by it.

2. Confirmation of digital signature

The confirmation of digital signature is a verification with reference to the original information and the given public password. The process of digital signature, and then determines whether the digital signature created using a private password for the same message is consistent with the referenced public password. By using the same hash function used to create the digital signature, the new signature of the original message is calculated. The hash function result is used to confirm the data signature. Then, using the public password and the new hash function result, the validator can check whether the digital signature was signed using the corresponding private password, and the newly calculated hash Whether the hash function result matches the original hash function result value that was converted into a digital signature during the signing process.

Confirmation software will recognize a digital signature as "confirmed" if:

(1) The signer's private password is used to sign the information, and the public password is used to confirm the digital signature, because the public password will only confirm the signer's use of the private password. Sign a digital signature. In fact, the public password has confirmed that the signature was made by the private password;

(2) The information has not been changed. During the confirmation process, this can be confirmed by The conclusion is drawn by comparing the hash function result calculated by the author with the hash function result in the digital signature.

3. Digital signature process

The use of digital signatures generally involves The following steps can be completed by the signer or the recipient of the signed information:

(1) The user generates or obtains a unique encryption cipher group.

(2) The sender prepares a message on the computer (such as in the form of an email).

(3) The sender prepares a "message digest" using a secure hash function. Number The signature is generated by a hash function value. The function value is generated by the signed message and a given private password and is unique to it. To ensure the security of the hash function value, it should be passed through any The possibility that the combination of the message and the private password will produce the same digital signature is zero.

(4) The sender encrypts the message digest by using the private password. The private password is applied by using a mathematical algorithm In the message digest text, the digital signature contains the encrypted message digest.

(5) The sender attaches the digital signature to the message.

(6) The sender will The digital signature and information (encrypted or unencrypted) are sent to the electronic recipient.

(7) The recipient uses the sender's public password to confirm the sender's electronic signature. Use the sender's public password to confirm the sender's electronic signature. Authentication using the sender's public password proves that the message comes exclusively from the sender.

(8) The recipient uses the same secure hash function to create a "message digest" of the message.

(9) The recipient compares the two message digests. If they are the same, the recipient can be sure that the message has not changed in any way after it was signed. Even if there is one byte after the message is signed changes, the data summary created by the recipient will be different from the data summary created by the sender.

(10) The recipient obtains the certification certificate from the certification authority (or sends the message through Obtained by a person), this certificate is used to confirm the authenticity of the digital signature on the message sent by the sender. The certification authority is a typical third party entrusted to manage the certification business in the digital signature system. The certificate contains the sender’s Public password and name (and possibly other additional information), digitally signed by the certifying authority.