Current location - Quotes Website - Personality signature - Double certificate mechanism
Double certificate mechanism
What is a double certificate of documents?

Single certificate:

Users use a unique certificate and the corresponding private key to sign and encrypt.

When signing, user A encrypts the abstract (signature) of information with his own private key, and user B decrypts it with A's public key to compare whether the abstract is correct. If it is correct, then B determines the identity of A, that is, the signature is successful.

When encrypting, user A encrypts information to B with B's public key, and B decrypts it with its own private key, thus obtaining information.

Double certificate:

Include a signing certificate and an encryption certificate.

When signing, use the signing certificate, which is only used to verify identity. Its public key and private key are generated by A and kept by itself, and CA is not responsible for its keeping task.

Encryption certificate is used when transmitting encrypted data, and its private key and public key are generated by CA and kept by CA (stub).

Since a single certificate can handle everything, why use dual certificates?

Logically:

If the signature private key is lost, it doesn't matter much if the user creates another pair, so there is no need to give the signature key to the CA.

If the encryption key is lost, I can't decrypt the information sent by others. I have to get the stub from CA.

A single certificate, if the private key is lost, how to recover the information obtained before?

Therefore, logically speaking, these two keys have different properties and should be handled separately.

In terms of security:

A single certificate increases the risk that the user's signature is forged.

National will:

States should ensure the ability to monitor certain communications when necessary. If a single certificate is adopted, no one can decrypt it except himself (theoretically), which is not conducive to national security. Therefore, the laws of many countries stipulate the use of dual certificates.

Double certificate issuing process:

Although it is a dual-key dual-certificate, from the process point of view, one process can be done.

1, the user generates a signature key pair and sends a certificate request to RA/CA (the request contains 1 public keys).

2.RA/CA requests an encryption key pair from KMC.

3. Issue two certificates and send them to the user together with the encryption key (encrypted by signing the certificate).

4. The user uses his own signature private key to decrypt and obtain two certificates+encryption keys.

Related articles
  • Is Xuhui a big developer? How to judge the strength of a developer?
  • How to write the message of parents' expectations for their children in senior one?
  • Classic Quotation: Go somewhere else, this man has a brain problem.
  • What's Genshin Impact Ye Wan's line?
  • Count the emperors who disappeared without a trace after abdication in the history of China.
  • NBA strike (players protest against police violence)
  • Let your girlfriend's warm-hearted signature give your girlfriend a warm-hearted short confession signature.
  • Don't electronic invoices have electronic seals?
  • How does the electronic tax bureau copy the report?
  • Who knows what kind of characters the poem "The Shepherd Boy" describes? This was written by Lu, a poet in the Tang Dynasty.

    • copyright 2024 Quotes Website All rights reserved