In the ISO7498-2 standard, digital signature is defined as "some data attached to a data unit, or the cryptographic transformation of the data unit, which allows the receiver of the data unit to confirm the source and integrity of the data unit and protect the data from being forged by people (such as the receiver)". The American Electronic Signature Standard (DSS, FIPS 186-2) defines digital signature as "using a set of rules and a parameter to calculate data, and the identity of the signer and the integrity of the data can be confirmed through this result". According to the above definition, PKI(Public Key Infrastructino) provides the cryptographic conversion of data units, and enables the receiver to judge the source of data and verify the data.
The core executing agency of PKI is the electronic certification service provider, commonly known as CA(Certificate Authority), and the core element of PKI signature is the digital certificate issued by CA. The PKI services it provides are authentication, data integrity, data confidentiality and non-repudiation. The method is to encrypt/decrypt by using the certificate public key and its corresponding private key to generate the signature and verification signature of the digital message. Digital signature is the use of public key cryptography and other cryptographic algorithms to generate a series of symbols and codes, forming an electronic password for signature, rather than writing signatures and seals; This kind of electronic signature is also technically verifiable, and its verification accuracy is incomparable with manual signature and stamp verification in the physical world. This signature method can be used for authentication in a large number of trusted PKI domains or multiple trusted PKI domains, especially for security authentication and transmission on the Internet and WAN.
The biggest difference between "digital signature" and ordinary text signature is that it can use graphic files with distinctive personality. You can use a scanner or drawing tool to make your signature, seal and even photos into BMP files as the material of "digital signature".
At present, there are many softwares that can provide "digital signature" function, and the usage and principle are similar, among which "OnSign" is the most commonly used one. After installing "OnSign", the shortcut button of "OnSign" will appear on the toolbars of programs such as Word and Outlook. You need to enter your password every time you use it to ensure that others can't steal it.
For the file sent by using "OnSign", the recipient also needs to install "OnSign" or "OnSign Viewer" to make it have the function of recognizing "digital signature". According to the design of "OnSign", any tampering and interception of document content will invalidate the signature. Therefore, when the other party approves your "digital signature", you can be sure that this file was sent by yourself and has not been tampered with or intercepted. Of course, if the recipient is not at ease, he can also click the blue question mark on "Digital Signature" and "OnSign" will automatically check it again. If there is something wrong with the file, a red warning sign will appear on the "Digital Signature".
In the network era when e-mail is frequently used, making good use of "digital signature", just like "registered letter" in traditional letters, undoubtedly adds another protective barrier to the security of network transmission files.
Example: Now let's get down to business. JAVA's digital Signature class is encapsulated in the signature class (java.security.Signature).
Next, I will write three functions (that is, three Java classes):