When conducting e-commerce transactions through the Internet, it is necessary to ensure that secure transmission, identity authentication and non-repudiation can be realized during the transaction.
Sex and data integrity. Because digital certificate authentication technology adopts encrypted transmission and digital signature, it can meet the above requirements, so
It has been widely used in e-commerce at home and abroad.
Public key encryption is the theoretical basis of digital certificate authentication technology. First, we introduced the principles of public key encryption and digital signature.
1. public key encryption and digital signature
In cryptography, the data transmitted by both sides of information exchange is generally called "message", and the message before encryption is called "plaintext message", that is, plaintext.
Text, the encrypted message is called "ciphertext message", that is, ciphertext. A set of rules adopted in plaintext encryption is called encryption algorithm, and the decrypted text is obtained.
A set of rules used in encryption is called decryption algorithm. Encryption and decryption operations are usually carried out under the control of keys, including encryption keys and encryption keys.
The difference between decryption keys. Without the decryption key, the ciphertext is unreadable. The encryption and decryption algorithm itself is open and belongs to pure mathematics.
Fan Chou. Cryptography mainly focuses on key management, because the security of encrypted communication is only related to the key. Encrypted communication mode
There are mainly two kinds of symmetric encryption and asymmetric encryption.
1. 1 symmetric encryption
Symmetric encryption is used to solve the encryption problem of data itself, and modern symmetric encryption methods are mostly realized by complex mathematical algorithms. encrypt
Excellent performance, but symmetric encryption itself has several disadvantages:
The key of 1. must be delivered in advance, which makes the key easy to be stolen during in-band transmission. Conventional means cannot solve this high risk.
2. Key management is difficult.
3. Because the key * * * is shared, it is impossible to authenticate the encryption machine.
Although symmetric encryption is powerful enough to encrypt the data itself, it cannot solve the security of in-band key transmission.
Security and the authentication of encryption machine, so it can not be suitable for sensitive information transmission activities based on internet platform such as modern e-commerce. but
Public key encryption just makes up for these shortcomings and paves the way for the development of e-commerce.
1.2 public key encryption
Public key encryption uses a pair of keys, which consists of a public key and a private key. Public keys are widely distributed. Individuals hold private keys safely, but this is not the case.
Open. Data encrypted with a public key can only be decrypted with a private key. Conversely, data encrypted with a private key can only be solved with a public key.
Secret. Using public key mechanism, we can design the following communication process:
1.a publicly publishes his public key;
2.b encrypts plaintext with A's public key to obtain ciphertext and sends it to A;
3. Decrypt the ciphertext with an undisclosed private key.
Because there is no in-band transmission of keys, this solves the problem of data confidentiality in Internet transactions. And the data has not been tampered with,
Both parties to the transaction can verify the identity of the other party, and the initiator of the transaction cannot deny his own data. These three problems are all realized by digital signature.
1.3 digital signature
Digital signature is realized by one-way hash function and public key algorithm. The one-way hash function maps messages to a fixed length.
The message digest, that is, the hash value, is completely different if the message is slightly changed, and one-way means that it cannot be inferred from the hash value.
Message value. Using these characteristics of one-way hash function, the following algorithms can be designed to realize digital signature:
1.a encrypts the message m to be sent to B as MP with B's public key;
2. Calculate the hash value H with one-way hash algorithm, and encrypt it as HP with the private key of A;
3. Pack MP and HP into a data block and send it to B. ..
After receiving the message, B simply uses the hash algorithm to calculate the hash value HQ for MP again and compare it with HP.
The same data block is true, but different data blocks are false. If it is true, then B decrypts MP with its own private key to get M.
It can be seen that as long as any one of MP and HP has the slightest change, then B will consider the data block invalid after receiving it. this is
Data cannot be tampered with. Since only A has its own private key, it is not difficult to see that once B's
After verification, A is absolutely "undeniable" that the data block was sent by him in encryption.
How does B confirm the authenticity of A's public key without being tampered with by the "middleman"? This is the Public key infrastructure (public)
Key infrastructure, PKI for short).
2. Public key infrastructure
Essentially, PKI is the infrastructure to protect public keys. As we all know, the security foundation of cryptography lies in the protection of keys.
Guard, the secret key is a secret. The public key is public, anyone can access it, and it seems that there is no need to protect it. However, open
The key must be where everyone can get it. If this place has the right to write to everyone, fine.
Someone can overwrite someone else's public key with a fake public key, so the secret communicated with this person will be decrypted by the fake person. Really.
On the contrary, the receiver cannot read. Therefore, the public key should also be protected. At present, the best data integrity protection technology is based on public
Digital signature of public key. The digital signature of the public key becomes a certificate, and the institution that signs the public key becomes a visa institution.
2. 1 digital certificate
Digital certificate is a kind of digital identification, which provides users with identity authentication on the Internet. It is a number of centers authorized by certificates.
A file containing the owner information of the public key and the public key. The simplest certificate contains a public key, one named.
And the digital signature of the certification authority. The format of the certificate follows the international standard of ITUT X.509
The following is the download address of the information I provided:
/view/98b 5553 a 5802 16fc 700 AFD 30 . html