Digital signature is the basis of network security transaction. Digital signature can not only ensure the integrity of information and the reliability of information sources, but also prevent deception and denial by both parties. Although message authentication can protect both parties from attacks by any third party, it can't protect one party from deception and forgery by the other.
The process of digital signature
1. The user generates or obtains a unique encryption password set.
2. The sender prepares the message on the computer (for example, in the form of email).
3. The sender prepares a "message digest" with a secure hash function. Digital signature is generated by the result value of hash function, which is generated by signature information and given private password and is unique to it. In order to ensure the security of hash function value, the possibility of generating the same digital signature through the combination of arbitrary information and private password should be zero.
4. The sender uses a private password to encrypt the message digest, and uses a mathematical algorithm to apply the private password to the message digest text, and the digital signature contains the encrypted message digest.
5. The sender attaches a digital signature to the email.
6. The sender sends the digital signature and information (encrypted or unencrypted) to the electronic receiver.
7. The receiver uses the sender's public password to confirm the sender's electronic signature, and the authentication certificate information using the sender's public password is specially from the sender.
8. The receiver uses the same secure hash function to create a "message digest" of the message.
9. The receiver compares two message digests. If they are the same, the receiver can be sure that the information has not been changed since it was published. Even if there are byte changes after the message is sent, the data digest created by the receiver will be different from that created by the sender.
10. The receiver obtains the authentication certificate from the certificate authority (or through the information sender) to confirm the authenticity of the digital signature on the information sent by the sender. In the digital signature system, the certification authority is a typical third party entrusted to manage the certification business. The certificate contains the sender's public password and name (and other possible additional information) and is digitally signed by the certificate authority.