Case: Due to business needs, you and I need to sign a cooperation agreement. For your convenience, you will send the prepared electronic contract online to me for signature.
1. How to ensure that the contract can only be viewed by myself and will not be maliciously stolen by others? How can I be sure that the sender of the document is you?
In order to meet the confidentiality of electronic contract content and the requirements of sender authentication, we use asymmetric encryption. Asymmetric encryption: it has a pair of unique keys, a public key and a private key. The public key is visible to everyone, and the private key is visible only to itself. The characteristic of asymmetric encryption is that files encrypted with public key can only be decrypted with private key, and files encrypted with private key can only be decrypted with public key. )
2. How do I know your public key in the above process?
The government has authorized an authoritative organization, called CA, to provide network identity authentication services (CA :Certificate Authority, the full name of certificate management organization, that is, the application, issuance and management organization of digital certificates. Its main functions are: generating key pairs, generating digital certificates, distributing keys, managing keys, etc.
I apply to CA for your public key, and use it to decrypt the electronic contract. If the decryption is successful, it means the sender is you.
3. The identity of the document sender has been confirmed, so how to ensure that the electronic contract has not been tampered with during transmission?
The digest algorithm can prove whether the electronic contract has been tampered with in the transmission process (hash algorithm: the text content is generated into a code by an encryption algorithm, that is, an information digest, the main feature of which is that the encryption process does not require a key, and the encrypted data is irreversible).
In other words, only two identical contracts can get the same digest through the same hash algorithm.
4. What if the original and abstract of the file are replaced at the same time during transmission?
In addition to the hash algorithm, asymmetric encryption and CA mentioned above, in order to ensure that the contract meets three requirements from sending to receiving, that is, it is sent by you and can only be sent to me and cannot be tampered with, we also need to apply a new encryption method: symmetric encryption (symmetric encryption: an encryption method using a single-key cryptosystem, and only one password can be used for information encryption and decryption).
When sending files:
You get the original abstract through hash operation and encrypt it with the private key to get your digital signature, and then encrypt the digital signature and the original contract symmetrically to get the ciphertext A- encrypted original.
Then get my public key through CA, and asymmetrically encrypt the symmetric encryption key in the above step, which is my "digital envelope"-encryption key.
Send me the cipher text A together with my digital envelope.
When receiving a file:
I used my private key to decrypt the digital envelope and got the symmetric key-it can be unlocked, which means it was sent to me.
Then decrypt the ciphertext A with a symmetric key to obtain the original text with your digital signature.
Decrypt your digital signature with your public key to get the original abstract of the signature-it can be decrypted, indicating that the sender is you.
Use the same summarization algorithm to get the summarization of the original text, and compare it with the summarization in the decrypted signature-the summarization is consistent, which means that the original text has not been tampered with.
Based on the above-mentioned contract signing and transmission process, it can be seen that the contract signed and managed through a reliable third-party electronic contract platform can ensure information security and tamper resistance, and no one except the parties to the contract can obtain contract information.