Digital signature

Digital signature (also called public-key digital signature, electronic signature) is a kind of similar written on paper of ordinary physical signature, but use public-key encryption technology realization, the method used to identify the digital information. A digital signature usually define two complementary operations, one for signatures, another for the verification.

Basic introduction

Digital signature does not refer to put your signature scanning into digital images, or use touchpad acquired signature, more not your inscribe.

Digital signature files are easy to verify the integrity of the (don't need QiFeng chapter, QiFeng signature, also do not need the handwriting expert), and digital signature is can't deny sex (don't need handwriting expert to validation).

Say simply, the so-called digital signature is attached to a unit of data on some of the data, or for data unit of password change. This data or transform allows data unit receiver to confirm units of data sources and units of data integrity and the protection of data, to prevent being (such as receiver) were forged. It is to the electronic forms of information on signature of a kind of method, a signature news can in a communications network transmission. Based on public-key cryptosystem and private key cryptosystem can get digital signature, mainly is based on public key cryptosystems digital signature. Including ordinary digital signatures and special digital signature. Ordinary digital signature algorithm has RSA, Shamir, Fiat - ElGamal, Guillou - Quisquarter, Schnorr, Shamir Ong - Schnorr - digital signature algorithm, Des/DSA, elliptic curve digital signature algorithm and finite automaton digital signature algorithm, etc. Special digital signature that have blind signature, proxy signature, group signature, undeniable signature, fair blind signature, threshold signature, with news recovery features signature, etc, it is closely related with the specific application environment. Obviously, the application of digital signature involves legal issues, the federal government based on finite domains discrete logarithm problem set its own digital-signature standard (DSS).

Digital Signature (our) Digital technology is asymmetric encryption algorithm of typical application. The application process of digital signature, data sending using their own private key to data validation and or other relevant variables with data content to encrypt data and the completion of the legitimate "signature", data receiver is use the other public key to interpret received "digital signatures", and will interpret results are used to data integrity test to confirm signature legitimacy. Digital signature technology is in network system in virtual environment identified the important technology, can completely replace reality in the process of holograph signs ", in technical and legal is guaranteed. In the digital signature applications, the sender's public key can be easily obtained, but he's private-key requires strictly confidential.

The main function

Ensure the integrity of the information transmission, the sender's identity authentication, prevent transaction in a clean happen.

Digital signature technology is based on the information with sender's private-key is encrypted, together with the original transmitted to the receiver. The receiver only in sending public key can decrypt encrypted information, then use HASH function to receive the original produce a information, and the declassified information contrast. If the same, then explaining the information received is complete, during transmission unmodified, or that the information has been modified so digital signatures can validation information integrity.

Digital signature is a encryption process, digital signature verification is a decryption process.

Signature process

The sender of a message with a hash function generated from a message text message digest (hash value). The sender with their own private key to encrypt the hash value. Then, this encrypted hash value will serve as a message of accessories and send a message of message with the recipient. The first message recipient with sender as hash function from the original message received in the message digest, and then calculated with sender's public again to the key message additional digital signature decryption. If two hash values are the same, so the recipient can confirm the digital signature is the sender. Through digital signatures can realize the identification of the original message.

Digital signature has two functions: one is the message is really can be determined by the sender signed concurrent out, because others not fake sender's signature. 2 it is digital signatures can determine the integrity of the news. Because of the characteristics of digital signature is that it represents the documents characteristic, document if change, digital signatures values will change. Different files will get different digital signature. A digital signature involves a hash function, the sender's public key, the sender's private key.

Personal safety email certificate

With digital signature function of personal safety email certificate is a certificate of a user, refers to the unit used when user email certificate mechanisms ensure safety must have the certificate. Personal safety email certificate is accord with x.509 standard digital security certificate and with digital certificate and S/MIME technology on regular E-mail do encryption and digital signature processing, ensure the safety of the E-mail content, confidentiality, the sender's identity confirmed sex and can't deny sex. With digital signature function of personal safety certificate holder email certificate contains the email address, certificate issued by the holder of the public key, who (CA) and those of the certificate issued by the signature. Personal safety email certificate depends on the realization of the function of user use E-mail system whether to support the corresponding function. At present, MS Outlook, Outlook Express, Foxmail and CA safety E-mail systems are supported corresponding function. The use of personal safety email certificate can be transceiver encryption and digital signature mail, email transmission guarantee the confidentiality, integrity, and undeniable sex, securing E-mail communication parties identity authenticity.

Principle characteristics

Everyone has a pair of "keys" (digital identity), one of the only her/him I know (key), another public (public key). Signature with keys, validate the signature with public key. And because anyone can inscribe claimed that he/she is your public key to recipients, so must trust people (identity authentication institutions) to register. After registration identity authentication agency sends you a digital certificate. To file signature, you put this digital certificate issue together with documents and signature recipients, the recipient to identity authentication institutions proofed whether is truly with your keys the documents issued.

In communications in general use digital signature based on the following reasons:

Jian right

Public-key encryption system allow anybody to send the message using public key encrypt digital signatures can let the information receiver confirm the identity of the sender. Of course, the receiver could not 100 percent sure that the sender's true identity, but only in the password system undeciphered until circumstances have reason to be sure.

Jian right in financial data on the importance of behaves particularly outstandingly. For example, suppose a bank will command by its branch transmission to its central management system, the instruction format is (a, b), including a is account number, and b is account of existing amount. Then a remote client may first deposit $100, observe the transmission, the result of the then the barrage of sending format for (a, b) instructions. This method is called replay attack.

integrity

The data transfer both total to confirm messages were not in a transmission process is modified. Encryption makes the third party want to read data very difficulty, however third-party still can take feasible methods in the process of changing data transmission. A common example is isomorphic attack: recall or above the bank from its branch to its central management system to transmit format for (a, b) instructions, including a is account, and b is account of amount. A remote customer can deposit 100 yuan, then intercept transmission results, a retransmission (a, b3), so he immediately becoming a millionaire.

Can't deny

In this background, resisted the ciphertext is a word that is not admit and news about behavior (i.e., says the message from a third party). News of the receiving party may through digital signature to prevent all subsequent resisted the behavior, because the recipient can produce signature to others seem proof sources of information.

How to realize

Digital signature algorithm rely on public-key encryption technology to realize. In public key encryption, where each user has a pair of keys: a public key and a private key. Public key can freely distribute, but private-key is kept secret, Another requirement is to make through public key calculate keystore practice may not happen.

Common digital signature algorithm including three algorithm:

1. The password generate algorithm,

2. Mark algorithm,

3. Verify algorithm.