principle
In the concrete work of this technology, firstly, the sender performs mathematical transformation on the information, and the obtained information only corresponds to the original information; The original information is obtained by inverse transformation at the receiving end. As long as the mathematical transformation method is excellent, the transformed information has strong security in transmission and is difficult to decipher and tamper with. This process is called encryption, and the corresponding inverse transformation process is called decryption.
There are two different encryption technologies. One is symmetric encryption. Both parties have a secret key, which can only be used if both parties know it. Usually used in an isolated environment. For example, when using an automatic teller machine (ATM), the user needs to input a user identification number (PIN). After the bank confirms this number, the two parties conduct the transaction on the basis of obtaining the password. If the number of users is too large and beyond the manageable range,
The other is asymmetric encryption, also known as public key encryption. A key is a key pair consisting of a public key and a private key. It is encrypted with a private key and can be decrypted with a public key. However, because the public key cannot be calculated, the public key will not damage the security of the private key. The public key does not need to be kept secret, but it can be spread publicly. The private key must be kept secret, and it needs to be reported to the authentication center and database when it is lost.
algorithm
There are many algorithms for digital signature, and the three most widely used ones are: Hash signature, DSS signature and RSA signature.
1. hash signature
Hash signature is not a computationally intensive algorithm, so it is widely used. It can reduce the consumption of server resources and reduce the load of the central server. The main limitation of Hash is that the receiver must hold a copy of the user's key to verify the signature, because both parties know the key that generated the signature, which is easy to crack and may forge the signature.
2.DSS and RSA signatures
DSS and RSA adopt public key algorithm, and there is no restriction of Hash. RSA is the most popular encryption standard, and there are RSA software and class libraries in the core of many products. Before the rapid development of Web, RSA Data Security Company was responsible for the integration of digital signature software and Macintosh operating system, and added signature drag-and-drop function to Apple's collaboration software PowerTalk. Users only need to drag the data to the corresponding icon to complete the electronic digital signature. Unlike DSS, RSA can be used for data encryption and authentication. Compared with hash signature, in public key system, the security factor is higher because the key that generates the signature is only stored in the user's computer.
function
Digital signature can solve the problems of denial, forgery, tampering and counterfeiting. Specific requirements: the sender can't deny the message signature sent afterwards, the receiver can verify the message signature sent by the sender, the receiver can't forge the sender's message signature, the receiver can't partially tamper with the sender's message, and one user in the network can't impersonate another user as the sender or receiver. Digital signature is widely used, which is a breakthrough to ensure EDI security. Digital signature can be used in all occasions that need to identify users, such as encrypted letters, business letters, order purchasing systems, remote financial transactions, automatic mode processing, etc.
regret
The introduction of digital signature will inevitably bring some new problems, which need to be further solved. Digital signature needs the support of relevant legal provisions.
1. It is necessary for the legislature to pay enough attention to digital signature technology, speed up the pace of legislation and formulate relevant laws as soon as possible, so as to fully realize the special authentication function of digital signature and effectively promote the development of online affairs such as e-commerce.
2. If the sender's information has been digitally signed, then the receiver must have digital signature software, which requires high popularity of the software.
3. Suppose someone leaves an organization after sending information, and the authority of the original digital signature is cancelled. In the past, the original confirmation information could only be found in the cancellation confirmation form, so the appraisal center needs to combine the time information for appraisal.
4. It is the cost of infrastructure (identification center, online database access, etc.). ) paid by public funds or charged to users during the service period? If you charge during the service period, will it affect the comprehensive promotion of this technology?
implement
There are many ways to realize digital signature. At present, asymmetric encryption technology and symmetric encryption technology are widely used. Although the implementation steps of these two technologies are different, the general workflow is the same. Users can download or buy digital signature software first, and then install it on personal computers. After the key pair is generated, the software automatically transmits the public key to the outside world. Due to the storage requirements of public keys, it is necessary to establish a certification center (CA) to determine personal information and its key. Appraisal center is a third-party member that the government participates in management to ensure the security and centralized management of information. When the user obtains the public key, he first requests digital confirmation from the authentication center. After the authentication center confirms the user's identity, it sends digital confirmation, and at the same time, the authentication center sends confirmation information to the database. Then the user signs the transmitted information with the private key, which ensures the integrity and authenticity of the information, so that the sender can't deny the sending of the information and then send it to the receiver; After receiving the information, the receiver uses the public key to confirm the digital signature, and enters the database to check the status and credibility of the user's confirmation information; Finally, the database returns the user confirmation status information to the receiver. However, when using this technology, the signer must pay attention to protecting the private key, because it is an important foundation of public key system security. If the key is lost, you should immediately report the cancellation to the certification center and put it in the confirmation cancellation list. Secondly, the authentication center must be able to quickly confirm the identity of users and the relationship between their keys. Once the user's request is received, the authentication center shall immediately authenticate the security of the information and return the information.