Detailed digital signature
幄 2001-7-25
There are currently many technical guarantees of information, such as encryption technology, access control technology, authentication technology, and security audit technology, but most of these technologies are used to prevent us, once the information is broken, we cannot guarantee information Integrity. To this end, an emerging security technology used to ensure information integrity - digital signature technology has become a topic that people are very concerned. So what is digital signature technology? What special features do it? The concept has appeared in digital signature technology, once there has been a "digital signature" technology, simply, in the handwritten board, then transfer the image to the electronic document, which is transmitted to the electronic document, and this "digitized signature" can be cut, then Paste on any document, so illegal replication becomes very easy, so this way of signing is unsafe. Digital signature technology and digital signature technology are two distinct security technologies, digital signatures are not related to the user's name and handwriting form, which actually uses information on the information sent by the information sender's private key transformation. For different document information, the sender's digital signature is not the same. No private key, anyone cannot complete illegal copying. In this sense, "Digital Signature" is to process the packet to be transmitted by a one-way function to authenticate the source of the message and verify whether the message is changed. Principle This technique is in a specific operation, first, the sender is first applied to the information, and the resulting information is unique corresponding to the original information; inverse transformations of the recipient, resulting in the original information. As long as the mathematical transformation method is excellent, the transformed information has strong security in the transmission, it is difficult to decipher, tamper. This process is called encryption, and the corresponding reverse transformation process is referred to as decryption. There are now two different types of encryption techniques, one is symmetric encryption, both parties have a shared key, only can be used in the case of both sides know the key, usually in an isolated environment, such as using ATM When the user needs to enter a user identification number (PIN), after the bank confirms this number, the two sides conduct transactions on the basis of the password. If the number of users is too large, this mechanism does not exceed the scope of management. reliable. The other is asymmetric encryption, also known as the public key encryption, the key is a key pair composed of the public key and the private key, encrypts with a private key, and can decrypt the public key, but due to the public The key is unable to calculate the private key, so the public key does not damage the security of the private key, the public key does not need to be kept secret, can be disclosed, and the private key must be kept confidential, and the Identification Center and the database are required. There are many algorithms for algorithm digital signatures, the most widely used: HASH signature, DSS sign, and RSA signature. 1. HASH Signing HASH Signature does not belong to strong computational intensive algorithms, applying more widely. It can reduce the consumption of server resources and reduce the load of the central server. The main limitations of haveh are the receiving part must hold a copy of the user key to verify the signature, because both parties know that the name of the signature is generated, it is easier to attack, there is a possibility of forged signatures. 2. DSS and RSA Signatures DSS and RSA use public key algorithms, there is no limitations of Hash. RSA is the most popular encryption standard, and there are RSA software and class libraries in the kernel of many products. Before the Web rapid development, RSA data security company is responsible for the integration of digital signature software and Macintosh operating system. On the Apple's collaboration software PowerTalk, the signature drag and drop function is added, and the user only drags the data that needs to be encrypted to the corresponding icon. On, the digital signature of the electronic form is completed. Unlike DSS, RSA can be used either to encrypt data or as an identity authentication. Compared to the HASH signature, in the public key system, since the generated key is stored only in the user's computer, the safety factor is large.
