Digital signatures are encrypted with a private key and decrypted with a public key. General transmission encryption uses public key encryption and private key decryption. They are all asymmetric encryption algorithms.
The following is some information about digital signatures that I found:
Encrypting files only solves the problem of confidentiality of transmitted information, but prevents others from destroying the transmitted files, and how to Determining the identity of the sender requires other means, and this means is a digital signature. In e-commerce security and confidentiality systems, digital signature technology plays a particularly important role. Digital signature technology is used in source identification, integrity services, and non-repudiation services in e-commerce security services. In e-commerce, a perfect digital signature should have the ability that the signatory cannot deny it, others cannot forge it, and the authenticity can be verified in front of a notary.
There are many ways to implement digital signatures. At present, digital signatures mostly use public key encryption technology, such as PKCS (Public Key Cryptography Standards), Digital Signature Algorithm, x.509, etc. based on RSA Date Security Company. PGP (Pretty Good Privacy). In 1994, the American Institute of Standards and Technology announced the digital signature standard, which made public key encryption technology widely used. The public key encryption system uses an asymmetric encryption algorithm.
The current digital signature is based on the public key system, which is another application of public key encryption technology. Its main method is that the sender of the message generates a 128-bit hash value (or message digest) from the message text. The sender encrypts this hash value with its own private key to form the sender's digital signature. This digital signature will then be sent to the recipient of the message as an attachment to the message. The receiver of the message first calculates the 128-bit hash value (or message digest) from the original message received, and then uses the sender's public key to decrypt the digital signature attached to the message. If the two hash values ??are the same, the receiver can confirm that the digital signature belongs to the sender. The original message can be authenticated through digital signature.
Signing a written document is a means of confirming the document. It has two functions: first, because your signature is difficult to deny, thus confirming the fact that the document has been signed; second, because The signature cannot be easily counterfeited, establishing the fact that the document is authentic.
Digital signatures are similar to written document signatures. Using digital signatures can also confirm the following two points: first, the information is sent by the signer; second, the information is received from the time it is signed to the time it is received. No modifications have been made so far. In this way, digital signatures can be used to prevent electronic information from being forged because it is easily modified, or from sending information in someone else's name. Or it may happen that a letter is sent (received) and later denied.
There are three main digital signature methods that are widely used, namely: RSA signature, DSS signature and Hash signature. These three algorithms can be used individually or combined. Digital signatures are implemented through encryption and decryption of data using cryptographic algorithms. Digital signatures can be implemented using DES and RSA algorithms. However, all three technologies have more or less defects, or there are no mature standards.
The greatest convenience of using RSA or other public key cryptographic algorithms is that there is no key distribution problem (the more complex the network and the more network users there are, the more obvious its advantages will be). Because public key encryption uses two different keys, one of which is public and the other is secret. The public key can be stored in the system directory, in an unencrypted e-mail message, in the telephone yellow pages (business phone) or on a bulletin board. Any user on the Internet can obtain the public key. The private key is exclusive to the user and is held by the user himself. It can decrypt information encrypted by the public key.
The digital signature technology in the RSA algorithm is actually implemented through a hash function. The characteristic of a digital signature is that it represents the characteristics of the file. If the file changes, the value of the digital signature will also change. Different files will get different digital signatures. One of the simplest hash functions is to accumulate the binary codes of the file and take the last few bits. The hash function is public to both parties sending the data.
DSS digital signature was jointly developed by the National Institute of Standards and the National Security Agency. Since it was promulgated and implemented by the U.S. government, it is mainly used by companies doing business with the U.S. government, and is less commonly used by other companies. It is only a signature system, and the U.S. government does not advocate the use of any encryption software that weakens the government's eavesdropping capabilities. This is in the national interest of the United States.
Hash signature is the most important digital signature method, also called Digital Digest or Digital Finger Print. It is different from the RSA digital signature which is a separate signature. This digital signature method closely links the digital signature with the information to be sent. It is more suitable for e-commerce activities.
Combining the individual content of a business contract with a signature increases credibility and security compared to transmitting the contract and signature separately. The Digital Digest encryption method is also called Secure Hash Algorithm (SHA: Secure Hash Algorithm) or MD5 (MD Standard For Message Digest), and was designed by RonRivest. This encoding method uses a one-way Hash function to "summary" the plaintext to be encrypted into a string of 128-bit ciphertext. This string of ciphertext is also called a digital fingerprint (Finger Print). It has a fixed length, and different plaintext summaries must be consistent. In this way, this string of abstracts can become a "fingerprint" to verify whether the plaintext is the "real person".
Only by adding digital signatures and verification can truly secure transmission on the public network be achieved. The file transmission process of adding digital signature and verification is as follows:
(1) The sender first uses a hash function to obtain the digital signature from the original text, and then uses the public key system to digitally sign the digital signature with the private key of the developed party Encrypt and append the encrypted digital signature to the original text to be sent;
(2) The sending party selects a secret key to encrypt the file and transmits the encrypted file through the network to Receiver;
(3) The sender encrypts the secret key with the receiver's public key, and transmits the encrypted secret key to the receiver through the network;
(4) The recipient uses its own private key to decrypt the key information and obtains the plaintext of the secret key;
(5) The recipient uses the secret key to decrypt the file and obtains the encrypted
(6) The receiver uses the sender’s public key to decrypt the digital signature and obtains the plaintext of the digital signature;
(7) The receiver uses the obtained The plaintext and hash function recalculate the digital signature and compare it with the decrypted digital signature. If the two digital signatures are the same, the file was not corrupted during transmission.
If a third party impersonates the sender and sends a file, because the recipient uses the sender's public key when decrypting the digital signature, as long as the third party does not know the sender's private key, The decrypted digital signature and the calculated digital signature are necessarily different. This provides a secure way to confirm the identity of the sender.
Secure digital signatures provide the recipient with assurance that the file is indeed from the purported sender. Since the signature private key is only kept by the sender, others cannot make the same digital signature, so he cannot deny that he participated in the transaction.
Although the encryption and decryption process of digital signatures and the encryption and decryption process of private keys both use the public key system, the implementation process is exactly the opposite, and the key pairs used are also different. Digital signatures use the sender's key pair. The sender uses his own private key to encrypt, and the receiver uses the sender's public key to decrypt. This is a one-to-many relationship: anyone with the sender's public key can verify the correctness of the digital signature, and the private key is encrypted and decrypted using the recipient's key pair, which is a many-to-one relationship. Relationship: Anyone who knows the recipient's public key can send an encrypted message to the recipient, and only the only person with the recipient's private key can decrypt the message. In practice, a user usually has two key pairs, one key pair is used to encrypt and decrypt the digital signature, and the other key pair is used to encrypt and decrypt the private key. This approach provides greater security.