Digital signature and PKI
With the rapid development of e-mail and e-commerce, people are faced with the great challenge of how to exchange security information, which leads to the components of PKI and related programs, such as digital signature or different encryption mechanisms, becoming particularly important. The term PKI is interpreted as a framework system, through which users on the Internet can exchange secure information and data and meet the four security requirements of business for confidentiality, integrity, authenticity and non-repudiation. Its composition mainly includes hardware, software, personnel, guiding principles and methods.
So, how does PKI actually work? By using mathematically related key pairs or public key encryption (or asymmetric) algorithms, that is, private key and public key, the undeniable problem that symmetric algorithms can't solve can be solved. For example, information encrypted by the receiver's public key ensures that only a specific receiver can read it, and that this receiver can only use the corresponding private key to decrypt the information. The privacy of information can be protected by a specific program of PKI.
The relationship between PKI technology and smart cards or USB keys is that the storage of private keys and digital certificates issued by third-party certification bodies can be realized on extremely secure smart cards or USB keys. Because the microchip carried by the smart card or USB Key can realize the functions of storing, encrypting/decrypting and generating the key in the card, the digital signature can be started by inputting the corresponding PIN, and the digital signature can be automatically calculated and generated by the private key stored on the smart card or USB Key. This includes a series of calculation processes. Firstly, the hash value of the email body is calculated, then the hash value is encrypted with the private key, and then the encrypted hash value, that is, the digital signature, is sent with the original text. Through the sender's public key, a specific receiver can decrypt the digital signature. The hash value of the original message should also be calculated in the recipient's PC and then compared with the decrypted message. If they match exactly, the receiver can fully trust the integrity and authenticity of the information. The sender's public key is obtained through the authentication center (the core part of PKI).
Although many people now store private keys and digital certificates in the hard disk of computers, it is better to store private keys and digital certificates on smart cards or USB Key for security reasons. This can prevent hackers from stealing the private keys of legitimate users by implanting virus programs and pretending to be legitimate users to conduct fraud and illegal transactions on the network. In addition, from the perspective of ease of use, smart cards or USB Key are more convenient to carry and use at any time.
With people's increasing awareness of the importance of online transaction authentication, digital signature and PKI technology will play an important role in the fields of banks, governments, registration agencies, enterprise financial management, authentication centers, PC secure login and legal reading and writing of e-mail.