In the ISO7498-2 standard, digital signature is defined as "some data attached to a data unit, or the cryptographic transformation of the data unit, which allows the receiver of the data unit to confirm the source and integrity of the data unit and protect the data from being forged by people (such as the receiver)". The definition of digital signature in American Electronic Signature Standard (DSS, FIPS 186-2) is: "A set of rules and a parameter are used to calculate data, and the identity of the signer and the integrity of the data can be confirmed by this result". According to the above definition, PKI(Public Key Infrastructino) provides the cryptographic conversion of data units, and enables the receiver to judge the source of data and verify the data.
The core executing agency of PKI is the electronic certification service provider, commonly known as CA(Certificate Authority), and the core element of PKI signature is the digital certificate issued by CA. The PKI services it provides are authentication, data integrity, data confidentiality and non-repudiation. The method is to encrypt/decrypt by using the certificate public key and its corresponding private key to generate the signature and verification signature of the digital message. Digital signature is the use of public key cryptography and other cryptographic algorithms to generate a series of symbols and codes, forming an electronic password for signature, rather than writing signatures and seals; This kind of electronic signature is also technically verifiable, and its verification accuracy is incomparable with manual signature and stamp verification in the physical world. This signature method can be used for authentication in a large number of trusted PKI domains or cross authentication in multiple trusted PKI domains, especially for security authentication and transmission on the Internet and WAN.