(A) Java signature steps
1. Package the applet's class file into *. Jar (you can enter jar at the command line for help).
2. First, we need to generate a keystore, otherwise we will report the following errors when signing:
Jarsigner error: Java. lang. runtime exception: keystore loading: c: DocumentsSandSettingsijee.keystore (the system cannot find the specified file. ). (ij2ee here is the current system user name)
The statement that generates the keystore: keytool-genkey-alias alias. You can write it yourself-keyalrsa-keystore.keystore.
Here are some steps of the digital signature that will appear:
Enter the keystore password:
Enter the new password again:
What's your first and last name?
[unknown ]:ijee
What is the name of your organizational unit?
[unknown ]:mtk
What is the name of your organization?
[unknown ]:mtk
What is the name of your city or region?
[Unknown]: Suzhou
What is the name of your state or province?
[Unknown]: Jiangsu
What is the two-letter country code of this unit?
[unknown]: cn
Is CN = ij2ee, OU=mtk, O=mtk, L = Suzhou, ST = Jiangsu and C=cn correct?
[no ]: y
Entered master password
(If it is the same as the keystore password, press Enter):
At this time. The keystore will be generated in the bin directory of jdk. Move this. The keystore file is in the directory of the current system user of C: DocumentsSandSettings.
3. Create a digital certificate
Enter the following command at the command line. PeakCA and peakCALib can be named by themselves. 3650 is a valid number of days, which is about 10 year. When creating a certificate, you need to fill in some information of the certificate and the private key password corresponding to the certificate.
keytool-genkey-aliaspeacka-keyalgRSA-keysize 1024-keystorepeakCALib-validity 3650
4. Export the certificate to a certificate file.
Enter the following command at the command line. PeakCA and peakCALib can be named at will, and * * * * is the entered password.
keytool-export-aliaspeakCA-filepeakca . cer-keystorepeakCALib-store pass * * * * * *-RFC
5. Authorize the jar file and enter the following instructions at the command line.
jarsigner-keystorepeakcalibmyaplet . jarpeakca
(b) office signing step
1. To protect the authenticity of the document content, you can add an invisible digital signature. There is a "Sign" button at the bottom of the signed document.
2. Click the Files tab.
3. Click on "Information".
4. Under Permissions, click Protect Document, Protect Workbook or Protect Presentation.
5. Click Add Digital Signature.
6. Read the message displayed in Word, Excel or PowerPoint, and then click OK.
7. In the Signature dialog box, in the Purpose of signing this document box, type the purpose.
8. Click "Signature".
9. After the file is digitally signed, the "Sign" button will appear, and the file will become read-only to prevent modification.
Second, the application example of digital signature
If Alice transmits digital information to Bob, in order to ensure the confidentiality, authenticity, integrity and non-repudiation of the information transmission, it is necessary to digitally encrypt and sign the transmitted information. The transmission process is as follows:
Alice prepares digital information (plaintext) to be transmitted;
Alice hashes the digital information to obtain an information summary;
Alice encrypts the information digest with her private key to get Alice's digital signature and attach it to the digital information;
Alice randomly generates an encryption key, and uses this password to encrypt the information to be sent to form ciphertext;
Alice encrypts the randomly generated encryption key with Bob's public key, and sends the encrypted DES key to Bob together with the ciphertext.
Bob receives the ciphertext and the encrypted DES key sent by Alice, decrypts the encrypted DES key with his own private key, and obtains the encryption key randomly generated by Alice.
Bob then decrypts the received ciphertext with the random key to get the digital information of plaintext, and then discards the random key.
Bob decrypts Alice's digital signature with Alice's public key to get the message digest.
Bob hashes the received plaintext again using the same hashing algorithm to get a new message digest.
Bob compares the received message digest with the newly generated message digest, and if they are consistent, it means that the received message has not been modified.