How long is the application period? For this problem, the user must think that the digital signature was issued by Microsoft, which should be caused by the user's ignorance of the digital signature. In fact, in daily network browsing, especially when accessing sensitive data, such as online banking, IE browser often asks us to install digital certificates. Because to digitally sign packages and custom programs, you must first obtain a digital certificate. Continue to visit programs or websites, which is a kind of protection for data. So what is a digital signature? Let's take a look at the official definition given by Microsoft: "digital signature" refers to an electronic security mark that can be added to a file. It can be used to verify the publisher of the file and help to verify whether the file has been changed since it was digitally signed. If a file does not have a valid digital signature, there is no guarantee that the file really comes from its claimed source or has not been tampered with (possibly tampered with by a virus) after it is published. It is safer not to open the file unless you are sure of its creator and know its contents. Even a valid digital signature cannot verify that the contents of the file are harmless. You must decide whether you should trust the contents of the file according to the identity of the publisher and the download location of the file. The above statement is a bit too much to understand. Here we can easily understand what "digital signature" and "digital certificate" are through pictures. 1.Bob has two keys, one is the public key and the other is the private key. Bob gave his friends-Patty, Doug and Susan-a public key. Susan wants to write a secret letter to Bob. When she finishes writing, she can encrypt it with Bob's public key, which can achieve the effect of confidentiality. After receiving the letter, Bob decrypted it with the private key and saw the contents of the letter. What I want to emphasize here is that as long as Bob's private key is not leaked, this letter is safe and cannot be decrypted even if it falls into someone else's hands. Bob wrote back to Susan and decided to use "digital signature". After he finished writing, he used a hash function to generate a summary of the letter. 6. Bob then encrypts the digest with the private key and generates a "digital signature". 7. Bob attached his signature to the letter and sent it to Susan. 8. After receiving the letter, Susan took off the digital signature and decrypted it with Bob's public key to get the abstract of the letter. This proves that this letter was indeed sent by Bob. 9.Susan uses a hash function on the letter itself and compares the result with the summary obtained in the previous step. If the two are consistent, it proves that the letter has not been modified. 10. There is a complicated situation. Doug tried to cheat Susan. He secretly used Susan's computer and exchanged his public key for Bob's. At this point, Susan actually owns Doug's public key, but she thinks it is Bob's public key. Therefore, Doug can pretend to be Bob, make a "digital signature" with his private key, write a letter to Susan, and let Susan decrypt it with the forged Bob public key. 1 1. Later Susan felt something was wrong and found that she was not sure whether the public key really belonged to Bob. She thought of a way to get Bob to certify the public key with a certificate authority (CA). The certification authority encrypts Bob's public key and some related information with its own private key to generate a "digital certificate". 12. Bob can rest assured after he gets the digital certificate. Write to Susan again in the future, just attach a digital certificate to your signature. 13. Susan can get Bob's real public key by unlocking the digital certificate with CA's public key after receiving the letter, and then she can prove whether the "digital signature" is really signed by Bob. 14. Next, let's look at an example of applying Digital Certificate: Options-Contents tab-Click Certificate) Certificate Manager with a list of Trusted Root Certification Authorities. According to the list, the client will check whether the public key used to unlock the digital certificate is in the list. 18. If the URL recorded in the digital certificate is inconsistent with the URL you are browsing, it means that this certificate may be fraudulently used and the browser will issue a warning. 19. If this digital certificate is not issued by a trusted organization, the browser will issue another warning. 20. If the digital certificate is reliable, the client can encrypt the information using the server public key in the certificate, and then exchange the encrypted information with the server. (End) After the above understanding, I will return to the question at the beginning of this article. To obtain a digital signature, we can obtain a certificate from a certificate authority or a privately controlled certificate server. Digital signatures are managed by local authorities, not by Microsoft. Therefore, the application period and cost of digital signature should depend on the local issuer. For more information, please contact the local authorities for consultation.