文档章节

What is a Digital Signature?数字签名

Zuo_W
 Zuo_W
发布于 2012/10/15 10:01
字数 962
阅读 70
收藏 0

                  感谢David Youd。

                        sayi

一函数f若满足下列二条件,则f称为单向函数:

   ① 对于所有属于 f 定义域的任一 x ,可以很容易计算 f( x ) = y;
   ②对于几乎所有(Almost All)属于 f 值域的任一 y ,则在计算上不可能(Computationally Infeasible)求出 x 使得 y = f( x );

单向函数具有交换性,所谓交换性定义如下:

   交换性(Commutatve Property )
   令Z为一集合,F为将Z映射至Z本身的函数集合。令z∈Z,F[x](z)表示此函数集合的第x个函数,若F[x](F[y])) = F[y](F[x](z)),则称此函数集合具有交换性。

What is a Digital Signature? 

 An introduction to Digital Signatures, by David Youd


Bob

(Bob's public key)


(Bob's private key)

Bob has been given two keys. One of Bob's keys is called a Public Key, the other is called a Private Key.

Bob's Co-workers:

Anyone can get Bob's Public Key, but Bob keeps his Private Key to himself

Pat Doug Susan

Bob's Public key is available to anyone who needs it, but he keeps his Private Key to himself. Keys are used to encrypt information. Encrypting information means "scrambling it up", so that only a person with the appropriate key can make it readable again. Either one of Bob's two keys can encrypt data, and the other key can decrypt that data.

Susan (shown below) can encrypt a message using Bob's Public Key. Bob uses his Private Key to decrypt the message. Any of Bob's coworkers might have access to the message Susan encrypted, but without Bob's Private Key, the data is worthless.

"Hey Bob, how about lunch at Taco Bell. I hear they have free refills!" HNFmsEm6Un BejhhyCGKOK JUxhiygSBCEiC 0QYIh/Hn3xgiK BcyLK1UcYiY lxx2lCFHDC/A

HNFmsEm6Un BejhhyCGKOK JUxhiygSBCEiC 0QYIh/Hn3xgiK BcyLK1UcYiY lxx2lCFHDC/A "Hey Bob, how about lunch at Taco Bell. I hear they have free refills!"

With his private key and the right software, Bob can put digital signatures on documents and other data. A digital signature is a "stamp" Bob places on the data which is unique to Bob, and is very difficult to forge. In addition, the signature assures that any changes made to the data that has been signed can not go undetected.

To sign a document, Bob's software will crunch down the data into just a few lines by a process called "hashing". These few lines are called a message digest. (It is not possible to change a message digest back into the original data from which it was created.)

Bob's software then encrypts the message digest with his private key. The result is the digital signature.

Finally, Bob's software appends the digital signature to document. All of the data that was hashed has been signed.

Bob now passes the document on to Pat.

First, Pat's software decrypts the signature (using Bob's public key) changing it back into a message digest. If this worked, then it proves that Bob signed the document, because only Bob has his private key. Pat's software then hashes the document data into a message digest. If the message digest is the same as the message digest created when the signature was decrypted, then Pat knows that the signed data has not been changed.

Plot complication...

Doug (our disgruntled employee) wishes to deceive Pat. Doug makes sure that Pat receives a signed message and a public key that appears to belong to Bob. Unbeknownst to Pat, Doug deceitfully sent a key pair he created using Bob's name. Short of receiving Bob's public key from him in person, how can Pat be sure that Bob's public key is authentic?

It just so happens that Susan works at the company's certificate authority center. Susan can create a digital certificate for Bob simply by signing Bob's public key as well as some information about Bob.

Bob Info: 
    Name 
    Department 
    Cubical Number

Certificate Info: 
    Expiration Date 
    Serial Number

Bob's Public Key: 
    


Now Bob's co-workers can check Bob's trusted certificate to make sure that his public key truly belongs to him. In fact, no one at Bob's company accepts a signature for which there does not exist a certificate generated by Susan. This gives Susan the power to revoke signatures if private keys are compromised, or no longer needed. There are even more widely accepted certificate authorities that certify Susan.

Let's say that Bob sends a signed document to Pat. To verify the signature on the document, Pat's software first uses Susan's (the certificate authority's) public key to check the signature on Bob's certificate. Successful de-encryption of the certificate proves that Susan created it. After the certificate is de-encrypted, Pat's software can check if Bob is in good standing with the certificate authority and that all of the certificate information concerning Bob's identity has not been altered.

Pat's software then takes Bob's public key from the certificate and uses it to check Bob's signature. If Bob's public key de-encrypts the signature successfully, then Pat is assured that the signature was created using Bob's private key, for Susan has certified the matching public key. And of course, if the signature is valid, then we know that Doug didn't try to change the signed content.

Although these steps may sound complicated, they are all handled behind the scenes by Pat's user-friendly software. To verify a signature, Pat need only click on it.

本文转载自:http://www.youdzone.com/signature.html

Zuo_W
粉丝 8
博文 23
码字总数 11094
作品 0
南京
程序员
私信 提问
【Java小工匠聊密码学】--数字签名-DSA

1、DSA数字签名概述 1.1 DSA加密算算法 DSA(Digital Signature Algorithm)是Schnorr和ElGamal签名算法的变种,被美国NIST作为数字签名标准(DigitalSignature Standard)。 DSA(Digital Sig...

追梦着
2018/06/29
0
0
Java加密技术(六)——数字签名算法DSA

接下来我们介绍DSA数字签名,非对称加密的另一种实现。 DSA DSA-Digital Signature Algorithm 是Schnorr和ElGamal签名算法的变种,被美国NIST作为DSS(DigitalSignature Standard)。简单的说,...

mrliuze
2015/05/27
0
0
Linux 第32天 openssl 私有CA

Linux 第32天 openssl 私有CA 时间: 20180821 目录 OpenSSL 常见的加密算法和协议 一次加密通信过程 数字证书 Openssl命令 使用Openssl构建私有CA OpenSSL SSL (Secure Socket Layer)安全的套...

Winthcloud
2018/08/23
0
0
在RedHat 6.2 64位上面安装postgresql84遇到的问题及解决过程

[root@bogon postgresql]# rpm -ivh postgresql84-libs-8.4.19-1PGDG.rhel6.x86_64.rpm warning: postgresql84-libs-8.4.19-1PGDG.rhel6.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID ......

自由的开源
2013/12/16
0
7
Java的安全学习(包括加密,数字签名,证书和认证)

(1)消息摘要: 消息摘要(Message Digest)又称为数字摘要(Digital Digest)。它是一个唯一对应一个消息或文本的固定长度的值,它由一个单向Hash加密函数对消息进行作用而产生。如果消息在途...

wersdffg
2015/07/21
0
0

没有更多内容

加载失败,请刷新页面

加载更多

微信公众号爬虫项目

项目地址:https://github.com/Chyroc/WechatSogou 项目介绍:基于搜狗微信搜索的微信公众号爬虫接口,可以扩展成基于搜狗搜索的爬虫 项目截图: 欢迎关注我的公众号:【编程资源库】 ,关注...

编程资源库
刚刚
0
0
网络安全-->浅谈HTTPS协议

简介 HTTPS,安全的HTTP,也被称为HTTP over TLS,TLS的前身是SSL。HTTPS的安全基础是SSL。SSL协议位于TCP/IP协议与各种应用层协议之间, 为数据通讯提供安全支持。 SSL协议: SS...

qrainly
1分钟前
0
0
信必优成功案例–海尔优家健康

项目背景 •海尔U+健康是海尔优家旗的健康管理功能模块应用。 •终端用户可以通过蓝牙连接多种设备,汇总自身健康数据,并获得图形化的健康状态跟踪和数据分析服务。 •同时,云端会根据用户...

symbiochina88
3分钟前
0
0
思维导图软件TheBrain零基础教程:如何创建新的“想法”

TheBrain,您的终极数字记忆和无限思维导图软件。我们从一个想法跳到另一个想法,构建越来越复杂的网络,直到新想法形成。TheBrain允许你以同样的方式组织你的信息,而不限制你预先确定的文件...

mnrssj
4分钟前
0
0
小程序自定义actionSheet组件

在微信小程序中,针对操作菜单的需求,官方文档提供了相应的api,如下图所示。 但是小程序自带的操作菜单没有 “标题” 这么一个参数,不能在操作菜单的顶部显示自定义的标题,因为这么一个需...

林梓阳
7分钟前
0
0

没有更多内容

加载失败,请刷新页面

加载更多

返回顶部
顶部