This article introduces the concepts and principles of CAs, digital certificates, and digital signatures.

Digital signature, also known as public key digital signature and electronic signature, is a method for identifying digital information implemented using public key encryption technology.

A set of digital signatures usually defines two complementary operations, one for generating the signature and another for verifying the signature.

Use the message digest algorithm (MD5/SHA) to generate a message digest for the original message to be transmitted. The sender uses its own private key to encrypt the message digest and generate a digital signature.

The digital signature is transmitted to the receiver together with the digest. The receiver uses the sender's public key to decrypt the digital signature to restore the message digest, and uses the same message digest algorithm (MD5/SHA) to calculate the message original text. Digest, compare the two message digests. If they are different, it means that the message has been tampered with during transmission.

Digital signatures rely on the security of the sender’s public key. How to ensure that the public key comes from the real sender and is not a forgery? This requires relying on digital certificates.

Generation and verification of digital certificates:

After receiving the digital certificate, the recipient uses the public key of the CA center to decrypt the signature information S to obtain the digest H, and then executes the original certificate O The same Hash operation obtains the digest h. The authenticity and integrity of the certificate content can be judged by comparing H and h. If the public key and identity information in the original certificate are from the CA center, it means it is self-signed by the CA.

The format and verification method of the certificate generally follow the X.509 international standard.

Public Key Infrastructure (PKI) is a set of infrastructure consisting of hardware, software, participants, management policies and processes, and its purpose is to create, manage, distribute, use, Store and revoke digital certificates.

Public key infrastructure uses digital certificate authorities (CAs) to link users' personal identities with public keys.

Digital Certificate Authority (CA) is an authoritative organization responsible for issuing and managing digital certificates. As a trusted third party, it is responsible for verifying the legitimacy of public keys in the public key system. responsibility.

The CA center issues a digital certificate to each user who uses a public key. The function of the digital certificate is to prove that the user listed in the certificate legally owns the public key listed in the certificate.

The certificate of the world's authoritative CA center has been set as a trusted root certificate by various software manufacturers. The so-called root certificate means that this certificate is a trusted starting point and can be used to prove other certificates. The process by which these certificates are preset into the software is unknown, and this is also the most critical security link.

Reference: /signature.html