Digital signature and authentication center is the core technology of e-commerce. As an important technology of Internet e-commerce, digital signature has been constantly improved and standardized. Starting from the meaning of digital signature, this paper introduces the contents and algorithms involved in digital signature in detail, and combines them to improve them.

introduce

RSA cryptosystem is an earlier public key cryptosystem. 1978, Rivest, Shamir and Adleman of Massachusetts Institute of Technology (MIT) put forward an asymmetric (public key) cryptosystem based on number theory, which is called RSA cryptosystem, in their paper entitled "Methods of obtaining digital signature and public key cryptosystem". RSA is a block cipher system based on "prime decomposition of large integers is a difficult problem".

Encrypting files only solves the confidentiality problem of transmitted information, and other means are needed to prevent others from destroying the transmitted files, and how to determine the identity of the sender. This means a digital signature. In e-commerce system, digital signature technology plays a particularly important role, which is used for source authentication, integrity service and non-repudiation service in e-commerce security service. In e-commerce, a perfect digital signature should have the ability that the signer can't deny it, others can't forge it, and can verify the authenticity in front of a notary.

There are many ways to realize digital signature. At present, public key encryption technology is widely used in digital signature, such as PKCS (public key cryptography standards), digital signature algorithm, x.509 and PGP(Pretty Good Privacy) based on RSA data security. 1994 The American Institute of Standards and Technology issued the digital signature standard, which made the public key encryption technology widely used. The public key encryption system adopts asymmetric encryption algorithm.

The current digital signature is based on public key system, which is another application of public key encryption technology. The main way is that the message sender generates a hash value (or message digest) of 128 bits from the message body. The sender encrypts this hash value with his own private key to form the sender's digital signature. Then, the digital signature will be sent to the recipient of the email as an attachment. The receiver of the message first calculates the hash value (or message digest) of 128 bits from the received original message, and then decrypts the digital signature attached to the message with the public key of the sender. If the two hash values are the same, the receiver can confirm that the digital signature belongs to the sender. The original message can be authenticated by digital signature.

Signing a written document is a means to confirm the document, which has two functions: first, because a person's signature is difficult to deny, it confirms the fact that the document has been signed; Second, because the signature is not easy to forge, it confirms the true facts of the document.

There are similarities between digital signature and written document signature. Using digital signature can also confirm the following two points: first, the information was sent by the signer; Second, the information has not been modified from release to receipt. In this way, digital signatures can be used to prevent electronic information from being tampered with because it is easy to be modified, or to send information in the name of others. Or send (receive) a letter and deny it.

There are three widely used digital signature methods, namely: RSA signature, DSS signature and Hash signature. These three algorithms can be used separately or together. Digital signature is realized by encrypting and decrypting data through cryptographic algorithm, and digital signature can be realized through DES calculation and RSA algorithm. However, these three technologies are more or less flawed, or there are no mature standards.

The biggest convenience of using RSA or other public key cryptography algorithms is that there is no key distribution problem (the more complex the network, the more network users, the more obvious its advantages). Because public key encryption uses two different keys, one is the public key and the other is the private key. The public key can be stored in the system directory, in the unencrypted e-mail, on the yellow pages of the telephone (business telephone) or on the bulletin board, and any user on the Internet can obtain the public key. The private key is user-specific and held by the user himself, and can decrypt the information encrypted by the public key.

The digital signature technology in RSA algorithm is actually realized by a hash function. The characteristic of digital signature is that it represents the characteristics of a file. If the file changes, the value of the digital signature will also change. Different files will get different digital signatures. One of the simplest hash functions is to accumulate the binary code of the file and take the last few digits. Hash function is public to both parties who send data.

DSS digital signature is jointly developed by National Institute of Standardization and National Security Bureau. Because it is promulgated and implemented by the US government, it is mainly used by companies that have business dealings with the US government, and other companies rarely use it. It is only a signature system, and the US government does not advocate the use of any encryption software that weakens the government's eavesdropping ability, believing that this is in the national interest of the United States.

Hash signature is the most important digital signature method, also known as digital digest or digital fingerprint. Unlike RSA digital signature, which is a separate signature, this digital signature method closely links the digital signature with the information to be sent, which is more suitable for e-commerce activities. Compared with transmitting the contract and signature separately, combining the contents of the business contract with the signature will increase the credibility and security. The encryption method of digital digest, also known as SHA (Secure Hash Algorithm) or MD5 (MD standard of message digest), was designed by RonRivest. This coding method uses a one-way hash function to "abstract" the plaintext to be encrypted into a series of ciphertexts with 128 bits. This series of ciphertexts, also known as digital fingerprints, have a fixed length and different plaintext abstracts must be consistent. In this way, this string of abstracts can be used as a "fingerprint" to verify whether the plaintext is "true".

Only by adding digital signature and verification can the secure transmission on the open network be truly realized. The file transfer process with digital signature and verification is as follows:

The sender first obtains the digital signature from the original text with a hash function, then encrypts the digital signature with the developer's private key with a public key system, and attaches the encrypted digital signature to the original text to be sent;

The sender selects a key to encrypt the file and sends the encrypted file to the receiver through the network;

The sender encrypts the key with the public key of the receiver and sends the encrypted key to the receiver through the network;

The receiver decrypts the key information with its own private key to obtain the plaintext of the key;

The receiver decrypts the file with the secret key to obtain an encrypted digital signature;

The receiver decrypts the digital signature with the public key of the sender to obtain the plaintext of the digital signature;

The receiver recalculates the digital signature using the obtained plaintext and hash function and compares it with the decrypted digital signature. If the two digital signatures are the same, it means that the file was not destroyed during transmission.

If a third party impersonates the sender to send a file, because the receiver uses the sender's public key when decrypting the digital signature, as long as the third party does not know the sender's private key, the decrypted digital signature and the calculated digital signature must be different. This provides a secure way to confirm the identity of the sender.

A secure digital signature assures the receiver that the file really comes from the purported sender. Since the private key of the signature is only kept by the sender himself, no one else can make the same digital signature, so he cannot deny that he participated in the transaction.

Although both the encryption and decryption process of digital signature and the encryption and decryption process of private key use public key system, the implementation process is just the opposite, and the key pairs used are also different. Digital signature uses the sender's key pair, the sender encrypts with his own private key, and the receiver decrypts with the sender's public key. This is a one-to-many relationship: anyone who owns the sender's public key can verify the correctness of the digital signature, while the encryption and decryption of the private key use the receiver's key pair, which is a many-to-one relationship: anyone who knows the receiver's public key can send encrypted information to the receiver, and only the only person who owns the receiver's private key can decrypt the information. In fact, users usually have two pairs of keys, one for encrypting and decrypting digital signatures and the other for encrypting and decrypting private keys. This method provides higher security.