Simply put, the so-called digital signature is some data attached to the data unit, or the cryptographic transformation of the data unit. This kind of data or transformation allows the receiver of the data unit to confirm the source and integrity of the data unit, and protects the data from being forged by people (such as the receiver). This is a method of signing an electronic message, and the signed message can be transmitted in a communication network. Digital signature can be obtained based on both public key cryptosystem and private key cryptosystem. At present, digital signature is mainly based on public key cryptosystem. Include general digital signature and special digital signature. Common digital signature algorithms include RSA, ElGamal, Fiat-Shamir, Guillou-Quisqour, Schnorr, Ong-Schnorr-Shamir, Des/DSA, elliptic curve digital signature algorithm and finite automaton digital signature algorithm. Special digital signatures include blind signature, proxy signature, group signature, undeniable signature, fair blind signature, threshold signature, signature with message recovery function and so on. It is closely related to the specific application environment. Obviously, the application of digital signature involves legal issues, and the federal government of the United States has formulated its own digital signature standard (DSS) based on the discrete logarithm problem over a finite field. Some countries, such as France and Germany, have enacted digital signature laws.

There are many ways to realize digital signature. At present, public key encryption technology is widely used in digital signature, such as PKCS (public key cryptography standards), digital signature algorithm, x.509 and PGP(Pretty Good Privacy) based on RSA data security. 1994 The American Institute of Standards and Technology issued the digital signature standard, which made the public key encryption technology widely used. The public key encryption system adopts asymmetric encryption algorithm.

The current digital signature is based on public key system, which is another application of public key encryption technology. The main way is that the message sender generates a hash value (or message digest) of 128 bits from the message body. The sender encrypts this hash value with his own private key to form the sender's digital signature. Then, the digital signature will be sent to the recipient of the email as an attachment. The receiver of the message first calculates the hash value (or message digest) of 128 bits from the received original message, and then decrypts the digital signature attached to the message with the public key of the sender. If the two hash values are the same, the receiver can confirm that the digital signature belongs to the sender. The original message can be authenticated by digital signature.

Signing a written document is a means to confirm the document, which has two functions: first, because a person's signature is difficult to deny, it confirms the fact that the document has been signed; Second, because the signature is not easy to forge, it confirms the true facts of the document.

There are similarities between digital signature and written document signature. Using digital signature can also confirm the following two points: first, the information was sent by the signer; Second, the information has not been modified from release to receipt. In this way, digital signatures can be used to prevent electronic information from being tampered with because it is easy to be modified, or to send information in the name of others. Or send (receive) a letter and deny it.

There are three widely used digital signature methods, namely: RSA signature, DSS signature and Hash signature. These three algorithms can be used separately or together. Digital signature is realized by encrypting and decrypting data through cryptographic algorithm, and digital signature can be realized through DES calculation and RSA algorithm. However, these three technologies are more or less flawed, or there are no mature standards.

The biggest convenience of using RSA or other public key cryptography algorithms is that there is no key distribution problem (the more complex the network, the more network users, the more obvious its advantages). Because public key encryption uses two different keys, one is the public key and the other is the private key. The public key can be stored in the system directory, in the unencrypted e-mail, on the yellow pages of the telephone (business telephone) or on the bulletin board, and any user on the Internet can obtain the public key. The private key is user-specific and held by the user himself, and can decrypt the information encrypted by the public key.

The digital signature technology in RSA algorithm is actually realized by a hash function. The characteristic of digital signature is that it represents the characteristics of a file. If the file changes, the value of the digital signature will also change. Different files will get different digital signatures. One of the simplest hash functions is to accumulate the binary code of the file and take the last few digits. Hash functions are public to both parties that send data. Only by adding digital signature and verification can the secure transmission on the public network be truly realized. The file transfer process with digital signature and verification is as follows:

The sender first obtains the digital signature from the original text with a hash function, then encrypts the digital signature with the developer's private key with a public key system, and attaches the encrypted digital signature to the original text to be sent;

The sender selects a key to encrypt the file and sends the encrypted file to the receiver through the network;

The sender encrypts the key with the public key of the receiver and sends the encrypted key to the receiver through the network;

The receiver decrypts the key information with its own private key to obtain the plaintext of the key;

The receiver decrypts the file with the secret key to obtain an encrypted digital signature;

The receiver decrypts the digital signature with the public key of the sender to obtain the plaintext of the digital signature;

The receiver recalculates the digital signature using the obtained plaintext and hash function and compares it with the decrypted digital signature. If the two digital signatures are the same, it means that the file was not destroyed during transmission.

If a third party impersonates the sender to send a file, because the receiver uses the sender's public key when decrypting the digital signature, as long as the third party does not know the sender's private key, the decrypted digital signature and the calculated digital signature must be different. This provides a safe way to confirm the identity of the sender.

A secure digital signature assures the receiver that the file really comes from the purported sender. Since the private key of the signature is only kept by the sender himself, no one else can make the same digital signature, so he cannot deny that he participated in the transaction.

Although both the encryption and decryption process of digital signature and the encryption and decryption process of private key use public key system, the implementation process is just the opposite, and the key pairs used are also different. Digital signature uses the sender's key pair, the sender encrypts with his own private key, and the receiver decrypts with the sender's public key. This is a one-to-many relationship: anyone who owns the sender's public key can verify the correctness of the digital signature, while the encryption and decryption of the private key use the receiver's key pair, which is a many-to-one relationship: anyone who knows the receiver's public key can send encrypted information to the receiver, and only the only person who owns the receiver's private key can decrypt the information. In fact, users usually have two pairs of keys, one for encrypting and decrypting digital signatures and the other for encrypting and decrypting private keys. This method provides higher security.

According to the purpose and type of signature design, it can be divided into:

Commercial signature

Formal signature

Signed by Lian Bi.

English signature

digital signature