Detailed digital signatures to be transferred from A Digital Author: defeat 2001-7-25 [Source: Computer World Network]
There are currently many technical guarantees of information, such as encryption technology, access control technology, authentication technology, and security audit technology, but most of these technologies are used to prevent us, once the information is broken, we cannot guarantee information Integrity. To this end, an emerging security technology used to ensure information integrity - digital signature technology has become a topic that people are very concerned. So what is digital signature technology? What special features do it? Concept
Before the digital signature technology appeared, a "digital signature" technology has appeared, simply, is the signature on the table, and then transfer the image to the electronic document, this "digitized signature" can be cut, then paste To arbitrary documents, such illegal replication becomes very easy, so this signature is unsafe. Digital signature technology and digital signature technology are two distinct security technologies, digital signatures are not related to the user's name and handwriting form, which actually uses information on the information sent by the information sender's private key transformation. For different document information, the sender's digital signature is not the same. No private key, anyone cannot complete illegal copying. In this sense, "Digital Signature" is to process the packet to be transmitted by a one-way function to authenticate the source of the message and verify whether the message is changed. Principle This technique is in a specific operation, first, the sender is first applied to the information, and the resulting information is unique corresponding to the original information; inverse transformations of the recipient, resulting in the original information. As long as the mathematical transformation method is excellent, the transformed information has strong security in the transmission, it is difficult to decipher, tamper. This process is called encryption, and the corresponding reverse transformation process is referred to as decryption. There are now two different types of encryption techniques, one is symmetric encryption, both parties have a shared key, only can be used in the case of both sides know the key, usually in an isolated environment, such as using ATM When the user needs to enter a user identification number (PIN), after the bank confirms this number, the two sides conduct transactions on the basis of the password. If the number of users is too large, this mechanism does not exceed the scope of management. reliable. The other is asymmetric encryption, also known as the public key encryption, the key is a key pair composed of the public key and the private key, encrypts with a private key, and can decrypt the public key, but due to the public The key is unable to calculate the private key, so the public key does not damage the security of the private key, the public key does not need to be kept secret, can be disclosed, and the private key must be kept confidential, and the Identification Center and the database are required. There are many algorithms for algorithm digital signatures, the most widely used: HASH signature, DSS sign, and RSA signature. 1. HASH Signing HASH Signature does not belong to strong computational intensive algorithms, applying more widely. It can reduce the consumption of server resources and reduce the load of the central server. The main limitations of haveh are the receiving part must hold a copy of the user key to verify the signature, because both parties know that the name of the signature is generated, it is easier to attack, there is a possibility of forged signatures. 2. DSS and RSA Signatures DSS and RSA use public key algorithms, there is no limitations of Hash. RSA is the most popular encryption standard, and there are RSA software and class libraries in the kernel of many products.
Before the Web rapid development, RSA data security company is responsible for the integration of digital signature software and Macintosh operating system. On the Apple's collaboration software PowerTalk, the signature drag and drop function is added, and the user only drags the data that needs to be encrypted to the corresponding icon. On, the digital signature of the electronic form is completed. Unlike DSS, RSA can be used either to encrypt data or as an identity authentication. Compared to the HASH signature, in the public key system, since the generated key is stored only in the user's computer, the safety factor is large. Functional digital signatures can solve problems such as denial, fake, tampering and pretending. Specific Requirements: The sender cannot deny the sending packet signature, the recipient can verify the message signature sent by the sender, the recipient cannot fake the sender's packet signature, and the recipient cannot partially tamper with the sender. A user in the network cannot pretend that another user as a sender or recipient. The application range of digital signatures is very broad. It is a breakthrough in ensuring electronic data exchange (EDI). Any of the need to judge the user's identity can use digital signatures, such as encryption letters, business letters, Delivery purchase system, remote financial transaction, automatic mode processing, etc. It is necessary to bring some new problems during the introduction of digital signatures, need to be further resolved, and digital signatures require support for relevant legal provisions. 1. Requires legislature to have sufficient attention to digital signature technology, and speed up your legislation, quickly develop relevant laws to fully realize special differential roles with digital signatures, and effectively promote e-commerce and other online transactions. 2. If the sender's information has been digitally signed, then the receiver must have a digital signature software, which requires software to have high popularity. 3. Assume that someone sends a message and then has been separated from an organization, which is canceled with the original digital signature, and the digital signature sent in the past can only find the original confirmation information in the cancel confirmation list, which requires the Identification Center. Combine time information for identification. 4. Infrastructure (Identification Center, Online Access Database, etc.) is the use of public funds or charge users within the time of use? If the fee is charged during the use, will it affect the comprehensive promotion of this technology? There are many ways to implement digital signatures, and there are currently more non-symmetric encryption techniques and symmetric encryption techniques. Although these two technical implementation steps are not the same, the general work program is the same. Users can first download or purchase digital signature software, and then install it on your computer. After generating a key, the software automatically transmits the public key to the outside. Since the storage needs of the public key, an identification center (CA) is required to complete the personal information and its key determination. The Identification Center is a third party member involved in management to ensure the safety and centralized management of information. When the user gets the public key, first request a digital confirmation to the identification center, after the identification center confirms the user's identity, send a digital confirmation, and the identification center sends a confirmation information to the database.
