What is a Digital Signature?An introduction to Digital Signatures, by David Youd



Bob

(Bob's public key)


(Bob's private key)

Bob has been given two keys. One of Bob's keys is called a Public Key, the
other is called a Private Key.

Bob's Co-workers:

Anyone can get Bob's Public Key, but Bob keeps his Private Key to himself

Pat Doug Susan

Bob's Public key is available to anyone who needs it, but he keeps his Private Key
to himself. Keys are used to encrypt information. Encrypting information means
"scrambling it up", so that only a person with the appropriate key can make it
readable again. Either one of Bob's two keys can encrypt data, and the
other key can decrypt that data.

Susan (shown below) can encrypt a message using Bob's Public Key. Bob uses his
Private Key to decrypt the message. Any of Bob's coworkers might have access
to the message Susan encrypted, but without Bob's Private Key, the data is
worthless.

"Hey Bob, how about lunch at Taco Bell. I hear they have free refills!"

HNFmsEm6Un
BejhhyCGKOK
JUxhiygSBCEiC
0QYIh/Hn3xgiK
BcyLK1UcYiY
lxx2lCFHDC/A

HNFmsEm6Un
BejhhyCGKOK
JUxhiygSBCEiC
0QYIh/Hn3xgiK
BcyLK1UcYiY
lxx2lCFHDC/A

"Hey Bob, how about lunch at Taco Bell. I hear they have free refills!"

With his private key and the right software, Bob can put digital signatures on
documents and other data. A digital signature is a "stamp" Bob places on the
data which is unique to Bob, and is very difficult to forge. In addition, the
signature assures that any changes made to the data that has been signed can
not go undetected.

To sign a document, Bob's software will crunch down the data into just a few lines
by a process called "hashing". These few lines are called a message digest. (It
is not possible to change a message digest back into the original data from which
it was created.)

Bob's software then encrypts the message digest with his private key. The result
is the digital signature.

Finally, Bob's software appends the digital signature to document. All of the
data that was hashed has been signed.

Bob now passes the document on to Pat.

First, Pat's software decrypts the signature (using Bob's public key) changing it back
into a message digest. If this worked, then it proves that Bob signed the
document, because only Bob has his private key. Pat's software then hashes
the document data into a message digest. If the message digest is the same
as the message digest created when the signature was decrypted, then Pat
knows that the signed data has not been changed.

Plot complication...

Doug (our disgruntled employee) wishes to deceive Pat. Doug makes sure
that Pat receives a signed message and a public key that appears to belong
to Bob. Unbeknownst to Pat, Doug deceitfully sent a key pair he
created using Bob's name. Short of receiving Bob's public key from him
in person, how can Pat be sure that Bob's public key is authentic?

It just so happens that Susan works at the company's certificate
authority center. Susan can create a digital certificate for Bob simply
by signing Bob's public key as well as some information about Bob.

Bob Info:

Name

    Department

    Cubical Number

Certificate Info:

Expiration Date

    Serial Number

Bob's Public Key:

    


Now Bob's co-workers can check Bob's trusted certificate to make sure
that his public key truly belongs to him. In fact, no one at Bob's
company accepts a signature for which there does not exist a certificate
generated by Susan. This gives Susan the power to revoke signatures if
private keys are compromised, or no longer needed. There are even more
widely accepted certificate authorities that certify Susan.

Let's say that Bob sends a signed document to Pat. To verify the signature
on the document, Pat's software first uses Susan's (the certificate
authority's) public key to check the signature on Bob's certificate.
Successful de-encryption of the certificate proves that Susan created it.
After the certificate is de-encrypted, Pat's software can check if
Bob is in good standing
with the certificate authority and that all of the certificate information
concerning Bob's identity has not been altered.

Pat's software then takes Bob's public key from the certificate and uses it
to check Bob's signature. If Bob's public key de-encrypts the signature
successfully, then Pat is assured that the signature was created using Bob's
private key, for Susan has certified the matching public key. And of course,
if the signature is valid, then we know that Doug didn't try to change the
signed content.

Although these steps may sound complicated, they are all handled behind
the scenes by Pat's user-friendly software. To verify a signature, Pat need
only click on it.


(c) 1996, David Youd

Permission to change or distribute is at the discretion of the author

Warning: You may be missing a few lines of text if you print this document.
This seems to occur on pages following pages that have blank space near
the bottom due to moving tables with large graphics in them to the next
page so that the images are not split across pages. If this happens
to you, simply print out document in sections. (Ex: I have the problem on
page 4, so I print pages 1-3, then pages 4-5.)

数字签名 转载:http://www.youdzone.com/signature.html的更多相关文章

  1. 深入浅出HTTPS工作原理(转载)

    转载自: https://blog.csdn.net/wangtaomtk/article/details/80917081 深入浅出HTTPS工作原理 HTTP协议由于是明文传送,所以存在三大风险: ...

  2. Java Security:公钥私钥、数字签名、消息摘要是什么

    1. 鲍勃有两把钥匙,一把是公钥,另一把是私钥. 2. 鲍勃把公钥送给他的朋友们----帕蒂.道格.苏珊----每人一把. 3. 苏珊要给鲍勃写一封保密的信.她写完后用鲍勃的公钥加密,就可以达到保密的 ...

  3. 和安全有关的那些事(非对称加密、数字摘要、数字签名、数字证书、SSL、HTTPS及其他)

    转自http://blog.csdn.net/bluishglc/article/details/7585965 对于一般的开发人员来说,很少需要对安全领域内的基础技术进行深入的研究,但是鉴于日常系统 ...

  4. 使用数字签名实现数据库记录防篡改(Java实现)

    本文大纲 一.提出问题 二.数字签名 三.实现步骤 四.参考代码 五.后记 六.参考资料 一.提出问题 最近在做一个项目,需要对一个现成的产品的数据库进行操作,增加额外的功能.为此,需要对该产品对数据 ...

  5. RAS非对称加密与数字证书数字签名

    它用图片通俗易懂地解释了,"数字签名"(digital signature)和"数字证书"(digital certificate)到底是什么. 我对这些问题的 ...

  6. 【Java密码学】用Java数字签名提供XML安全

    简介 众所周知,XML在产品和项目开发中起着非常重要的作用.通过XML文档可以获取很多信息,还可以使用XML文件进行CRUD(增加.查询.更新和删除)操作.然而值得注意的是,我们如何确保XML中的数据 ...

  7. signature.html

    原文网址:http://www.youdzone.com/signature.html   阮一峰:http://www.ruanyifeng.com/blog/2011/08/what_is_a_d ...

  8. 公钥与私钥的理解,以及https的应用原理

    1.公钥与私钥原理1)鲍勃有两把钥匙,一把是公钥,另一把是私钥2)鲍勃把公钥送给他的朋友们----帕蒂.道格.苏珊----每人一把.3)苏珊要给鲍勃写一封保密的信.她写完后用鲍勃的公钥加密,就可以达到 ...

  9. 公钥与私钥,HTTPS详解

    1.公钥与私钥原理1)鲍勃有两把钥匙,一把是公钥,另一把是私钥2)鲍勃把公钥送给他的朋友们----帕蒂.道格.苏珊----每人一把.3)苏珊要给鲍勃写一封保密的信.她写完后用鲍勃的公钥加密,就可以达到 ...

随机推荐

  1. new pdo 连接很慢的原因和解决办法

    1.使用IP而不是域名,使用域名会让PDO在连接之前进行一次不必要的dns lookup,当DNS缓存过于巨大的时候,这个问题可能会更严重.(即使是运行在本机,使用 127.0.0.1 而不是 loc ...

  2. Hadoop学习(2)-java客户端操作hdfs及secondarynode作用

    首先要在windows下解压一个windows版本的hadoop 然后在配置他的环境变量,同时要把hadoop的share目录下的hadoop下的相关jar包拷贝到esclipe 然后Build Pa ...

  3. Flask Bug记录之JinJa2.exceptions.UndefinedError: 'sqlite3.Row object' has no attribute 'get'

    源码 py文件定义db的工厂函数如下 def get_db(): if "db" not in g: g.db = sqlite3.connect( current_app.con ...

  4. 动态代理 aop切面实现事务管理

    1.定义接口和实现 public interface UserService { public String getName(int id); public Integer getAge(int id ...

  5. php操作string的函数

    函数库来源于:http://www.w3school.com.cn/php/php_ref_string.asp 我常用的 echo()------------输出一个或多个字符串. 如:echo ' ...

  6. Go语言GOPATH详解(Go语言工作目录)

    GOPATH 是 Go语言中使用的一个环境变量,它使用绝对路径提供项目的工作目录. 工作目录是一个工程开发的相对参考目录,好比当你要在公司编写一套服务器代码,你的工位所包含的桌面.计算机及椅子就是你的 ...

  7. POJ 2485 Prim 找最长的边

    A国没有高速公路,因此A国的交通很困难.政府意识到了这个问题并且计划建造一些高速公路,以至于可以在不离开高速公路的情况下在任意两座城镇之间行驶. A国的城镇编号为1到N, 每条高速公路连接这两个城镇, ...

  8. hdu 6140 思维

    题解:这道题中的数能组成的数构成了一个连续区间. 一开始只有 a1​​ 的时候能够构成 [-1, 1][−1,1] 中的所有整数. 如果一堆数能够构成 [-a, b][−a,b] 中的所有整数, 这时 ...

  9. 通过ADB调试安卓程序

    ADB,即 Android Debug Bridge,它是Android开发/测试人员不可替代的强大工具. 1.下载ADB后,将以下四个文件放到某个文件夹下即可.因为打开Cmd默认路径是 C:\Use ...

  10. DSN 建立达梦7(DM)连接

    (DSN)Data Source Name 数据源名称 “ODBC数据源管理器”提供了三种DSN,分别为用户DSN.系统DSN和文件DSN.其中:      用户DSN会把相应的配置信息保存在Wind ...