Digital signatures are often used to verify software and software makers to ensure that the software code is not in any way.
Tarnish.
Alternatively, using digital signatures to ensure software "cleaning" and "authentic", that is, software
From its manufacturer or publisher until the end user has not been tampered with others during this time.
This article gives a simple review of the relevant concepts of digital signatures, given Java to create and use
Digital signature specific method.
First, digital signature and its function
Digital Signing Algorithm (DSA) is one of the "Public Key Cardiode Algorithm", so let us
"Private Key / Public Keys" begins to make a simple review.
1. Private key encryption and limitations
Private Key Encryption System encrypts and decrypts using unique keys (ie, private keys). This key
The sender and the recipient must be shared. That is, if the armor is to be encrypted by it, the one needs to use a key.
Encrypt information; after the acceptance of the message, you must use the same key to decrypt information.
This method obviously has a very serious disadvantage. For example, the received parties must have the same key, this
Seeking must have a safe protocol to ensure the reliability of key transfer; second, there is an urgent encryption message
When you want to send, you may not complete the transfer due to no keys of the recipient; third, if you want to send the news to a lot
Different groups need to correspond to each group, maintain many different keys.
In order to overcome the weaknesses of the private key encryption system, people introduced the public key encryption system.
2. Public key encryption
Public key encryption does not require a sender and recipient of a message to know the other party's key, you can access
This encryption information.
The public key encryption system uses a key pair (public key and private key) to encrypt and decrypt information.
Its encryption is also very simple: information encrypted with public key can only be unwave with the private key corresponding to it;
Information with private key encrypted, anyone who has a per capita with the corresponding public key can be unbearable. Therefore, private
There is always a personal storage without having to pass it, and the public key can be authorized to use others without destroying security.
There will always be one-to-one relationship between sex, public key and private key. Specifically,
First, if the information is encrypted with the public key of the recipient, only those who should receive this message
Can decrypt it (ie, only people who have a private key corresponding to the public key can be decrypted). E.g,
The armor is to send an encrypted email from B, and the armor must be encrypted with the public key of B.
Second, if the information is encrypted by the sender's private key, any of the officials of the sender
The recipient can decrypt information to determine that the information is indeed from the sender, and information
The content has not been disrupted by any unintentional or malicious destruction.
The second point described above is the meaning of digital signature.
3. Digital signature features
A digital signature is a fixed length binary digital stream, which is attached to the signed data.
It can be used with any type of digital data, except for the most ordinary code software. Can also be used in passwords,
Email and electronic documentation. The main functions of digital signatures are: preventing the original document from being contaminated or changed;
Prevent don't use your heart to use others name to spread fraudulent news; and who is the certificate of document author
According to, wait.
Second, create and use digital signatures with Java
In addition to the features mentioned above, there is a more realistic meaning of digital signatures with Java. The most common is:
Applying digital signatures can break through some of the browser's security in security. For example, your browser is general
Will reject the online Java program read and write the files of your local hard drive or get your local information (such as your user)
Name, etc.), even if you confirm that the Java program is "reliable" (in fact you can't fully confirm
A program is really "reliable"). If you have to run the Java program, you must close your browsing
Safety inspection function of the unit, but this is tantamount to set the local system as "no fire in the city." Use a digital sign
The name can be perfectly solved this problem: When the browser "feel" is used to you, after the signature Java applet,
It automatically searches for the matching digital signature and checks, if successful, the browser determines the Java applet.
It is "trust", so I am released. In this way, it is guaranteed that security, but also allows the true "trusted" Java program to have many privileges (see the Java program).
In JDK1.1, the work related to digital signatures is done by the tool program javakey.
Javakey is a command line tool provided by Sun to generate a number of archive files (JAR files).
Word signature and manage the key database.
Below we will take a specific example to see the steps to create and use digital signatures,
The concept and explanation will be given in the example.
1. Creation of Java Programs and Digital Signatures (Steps to Encrypted or Signed)
The following Java applet is very simple, its main function is: get the current login of Win95 / 98 system
The user's name string, then writes it to the Test.txt file of the current directory of the local hard drive.
Import java.awt. *;
Import java.io. *;
Import java.lang. *;
Import java.applet. *;
Public class myapp extends applet {
DataOutputStream out_file;
Public void paint (graphics g) {
Try {
String YourName = System.getProperty ("User.Name");
OUT_FILE = New DataOutputStream (New FileoutputStream ("Test.txt"));
OUT_FILE.WRITECHARS ("Your name:" YourName "/ N");
OUT_FILE.CLOSE ();
g.drawstring ("Your Name Has Been Written to File ", 20, 20);
}
Catch (IOException E) {
g.drawstring ("File I / O Error", 12, 12);
}
Catch (securityException se) {
g.drawstring ("You CAN Not Write to Disk or Get User Name.", 12, 12);
}
}
}
// end of myapp.java
After compiling myapp.java into myapp.class, send it to your browser with myApp.html below.
(The command is appletViewer myApp.html).
java security example: myApp </ title></p>
<p><H1> Java Security Example: My Application </ h1></p>
<p><p></p>
<p><applet code = myApp.class width = 500 height = 200></p>
<p></ applet></p>
<p><p></p>
<p>Here's the <a href=myapp.java> Source </a>.</p>
<p><p></p>
<p>/ * End of myapp.html * / We discovers that "You CAN NOT WRITE to DISK or Get User Name" is displayed on your browser.</p>
<p>This is because the username and write local hard drive are prohibited by the system security feature.</p>
<p>Below we create a digital signature so that the user's user does not need to change the security check of your browser.</p>
<p>Features can complete the program function (ie: read username, write files).</p>
<p>Step 1: Create an entity and set it to "trusted".</p>
<p>Javakey -CS Kompass True</p>
<p>The entity here refers to the signator (individual, company or organization), which is assumed to "kompass". Participate</p>
<p>The number "-cs" tells Javakey to create a signator and put it into the database (without parameters run Javakey)</p>
<p>Detailed help information will be obtained). Optional parameter "true" means signing "Kompass" is "</p>
<p>"(The default is" untrusted ").</p>
<p>Step 2: Generate a key pair (public key and private key) and output to file (optional).</p>
<p>Javakey -GK Kompass DSA 512 KOMPASS_PUB KOMPAMPASS_PRIV</p>
<p>Where "DSA" is the name of the encryption algorithm, "512" is the length of the key, "Kompass_Pub",</p>
<p>"Kompass_Priv" is the name of the two key output files, respectively.</p>
<p>Step 3: Generate a license (CERTIFICATE).</p>
<p>Javakey -gc certificate_directive_kompass</p>
<p>The license here is a digital signature that can be handed over to the recipient.</p>
<p>The above parameter "CERT_DIRECTIVE_KOMPAMPAMPAMPASS" is not an output file name, but a default</p>
<p>Parameter configuration file name. Popularly, it is like a ".ini" file, Javakey according to the file</p>
<p>Content decisions how to generate a license. Therefore, the signator must be edited with text before performing this step.</p>
<p>Mr. Mr. This configuration file (learning the name indicating file - Directive file).</p>
<p>The following is given the contents of the file CERT_DIRECTIVE_KOMPAMPAMPass:</p>
<p>Issuer.name = kompass</p>
<p>Issuer.cert = 1</p>
<p>SUBJECT.NAME = kompass</p>
<p>Subject.real.name = kompass</p>
<p>Subject.org.Unit = javasoft</p>
<p>Subject.org = Sun Microsystems</p>
<p>Subject.country = US</p>
<p>Start.date = 31 May 1999</p>
<p>End.date = 30 May 2012</p>
<p>Serial.Number = 1001</p>
<p>Out.File = kompass.key</p>
<p>/ * End of cort_directive_kompass * /</p>
<p>As can be seen from the last line of the above, the name of the output file is defined as "kompass.key", namely:</p>
<p>Digital signature "kompass.key" will be sent together to the recipient with the signature file.</p>
<p>Other information included in the above documents mainly: issuer information (ISSUER), theme information</p>
<p>(Subject), license information (expiration date and serial number), etc.</p>
<p>Step 4: Create an archive file (JAR file).</p>
<p>Jar cf signmyapp.jar myapp.class myapp.html</p>
<p>What is needed here is that JAR is another command line tool provided by Sun for generating and maintenance.</p>
<p>Archive file (.jar file). JAR is a packaging tool that packed a Java applet along with a file, an image, an animation, and other files into a file to facilitate the release and transmission of Java products. versus</p>
<p>Winzip and other tools, JAR can also compress files when packaging. Detailed information about JAR</p>
<p>See the relevant information on Sun.</p>
<p>The function of the above command is to package the file "myapp.class" with "myapp.html" as an archive file.</p>
<p>Signmyapp.jar.</p>
<p>The reason for this step is required because Javake can only sign the archive file.</p>
<p>Step 5: Signing the archive file.</p>
<p>Javakey -gs sign_directive_kompass signalmyapp.jar</p>
<p>Like the third step above, "sIGN_DIRECTIVE_KOMPAMPAMPASS" is also a configuration file (indication</p>
<p>File), used to tell Javake how to sign the file. "SIGN_DIRECTIVE_KOMPAMPASS"</p>
<p>The content is as follows:</p>
<p>Signer = kompass</p>
<p>CERT = 1</p>
<p>CHAIN = 0</p>
<p>Signature.file = kpssig</p>
<p>/ * End of sign_directive_kompass * /</p>
<p>Step 6: Change the file name.</p>
<p>Ren signmyapp.jar.sig signmyapp.jar</p>
<p>We noticed that the output file name is not specified in the fifth step in the fifth step. Javakey in this case</p>
<p>Add ".sig" as the output file name after the name of the signed file.</p>
<p>To specify the output file, join the line in "Sign_Directive_KOMPAMPASS":</p>
<p>Out.file = signmyapp.jar</p>
<p>At this point, we have completed the job of digital signatures. "Kompass.Key" and</p>
<p>"Signmyapp.jar" (filed after signature) is passed to the user.</p>
<p>2. Use of digital signatures (steps to decrypt or users should perform)</p>
<p>Step 1: Get a license (ie digital signature - kompass.key) and files after signature.</p>
<p>Step 2: Create a signature entity and set it to "trusted".</p>
<p>Javakey -c Kompass True</p>
<p>Step 3: Pour the license into the database.</p>
<p>Javakey -ic Kompass Kompass.Key</p>
<p>The last step: Run the Java program.</p>
<p>AppletViewer signmyapp.html</p>
<p>We noticed that ".html" here is not "MyApp.html" given above. In fact, these two</p>
<p>The difference is small, "signmyapp.html" just a parameter:</p>
<p>Archive = "signmyapp.jar"</p>
<p>It tells the browser all useful files (here myapp.class) all in the archive file</p>
<p>In other places.</p>
<p>The content of SignmyApp.html is as follows:</p>
<p><html></p>
<p><title> java security example: myapp, soudned </ title></p>
<p><H1> Java Security Example: The Signed Application </ h1></p>
<p><p></p>
<p><applet code = myapp.class archive = "signmyapp.jar" width = 500 height = 200></p>
<p></ applet></p>
<p><p></p>
<p>Here's the <a href=myapp.java> Source </a>. <P></p>
<p>/ * End of signmyapp.html * /</p>
<p>Now, we finally saw the long-awaited results: browser played "Your Name HAS</p>
<p>Been Written to File <Test.txt> ";" Test.txt "is indeed created, and</p>
<p>Its content is the name of the user log in to WIN95 / 98:</p>
<p>Y o U r n a m E: m a w e n q i a n</p>
<p>create function dddlr (@fzr int) returns int asbegin declare @pfzr int declare @res int select @ pfzr = (select dlrbh from dlxx where wtrbh = @ fzr) if @pfzr is null select @ res = @fzr else select @ res = DBO.DDDLR (@pfzr) return @resend</p></div><div class="text-center mt-3 text-grey">
转载请注明原文地址:https://www.9cbs.com/read-92217.html</div><div class="plugin d-flex justify-content-center mt-3"></div><hr><div class="row"><div class="col-lg-12 text-muted mt-2"><i class="icon-tags mr-2"></i><span class="badge border border-secondary mr-2"><h2 class="h6 mb-0 small"><a class="text-secondary" href="tag-2.html">9cbs</a></h2></span></div></div></div></div><div class="card card-postlist border-white shadow"><div class="card-body"><div class="card-title"><div class="d-flex justify-content-between"><div><b>New Post</b>(<span class="posts">0</span>)
</div><div></div></div></div><ul class="postlist list-unstyled">
</ul></div></div><div class="d-none threadlist"><input type="checkbox" name="modtid" value="92217" checked /></div></div></div></div></div><footer class="text-muted small bg-dark py-4 mt-3" id="footer"><div class="container"><div class="row"><div class="col">CopyRight © 2020 All Rights Reserved
</div><div class="col text-right">Processed:
<b>0.037</b>, SQL:
<b>9</b></div></div></div></footer><script src="./lang/en-us/lang.js?2.2.0"></script><script src="view/js/jquery.min.js?2.2.0"></script><script src="view/js/popper.min.js?2.2.0"></script><script src="view/js/bootstrap.min.js?2.2.0"></script><script src="view/js/xiuno.js?2.2.0"></script><script src="view/js/bootstrap-plugin.js?2.2.0"></script><script src="view/js/async.min.js?2.2.0"></script><script src="view/js/form.js?2.2.0"></script><script>
var debug = DEBUG = 0;
var url_rewrite_on = 1;
var url_path = './';
var forumarr = {"1":"Tech"};
var fid = 1;
var uid = 0;
var gid = 0;
xn.options.water_image_url = 'view/img/water-small.png';
</script><script src="view/js/wellcms.js?2.2.0"></script><a class="scroll-to-top rounded" href="javascript:void(0);"><i class="icon-angle-up"></i></a><a class="scroll-to-bottom rounded" href="javascript:void(0);" style="display: inline;"><i class="icon-angle-down"></i></a></body></html><script>
var forum_url = 'list-1.html';
var safe_token = 'lpIwZ30ZmQUXoMLcJpNS3jyFqW8eTAmowLXluBBqNnc_2BMW34cDbxgZEaWyRvECnVXKCqgAqL5sdF_2FZUgFbG2bg_3D_3D';
var body = $('body');
body.on('submit', '#form', function() {
var jthis = $(this);
var jsubmit = jthis.find('#submit');
jthis.reset();
jsubmit.button('loading');
var postdata = jthis.serializeObject();
$.xpost(jthis.attr('action'), postdata, function(code, message) {
if(code == 0) {
location.reload();
} else {
$.alert(message);
jsubmit.button('reset');
}
});
return false;
});
function resize_image() {
var jmessagelist = $('div.message');
var first_width = jmessagelist.width();
jmessagelist.each(function() {
var jdiv = $(this);
var maxwidth = jdiv.attr('isfirst') ? first_width : jdiv.width();
var jmessage_width = Math.min(jdiv.width(), maxwidth);
jdiv.find('img, embed, iframe, video').each(function() {
var jimg = $(this);
var img_width = this.org_width;
var img_height = this.org_height;
if(!img_width) {
var img_width = jimg.attr('width');
var img_height = jimg.attr('height');
this.org_width = img_width;
this.org_height = img_height;
}
if(img_width > jmessage_width) {
if(this.tagName == 'IMG') {
jimg.width(jmessage_width);
jimg.css('height', 'auto');
jimg.css('cursor', 'pointer');
jimg.on('click', function() {
});
} else {
jimg.width(jmessage_width);
var height = (img_height / img_width) * jimg.width();
jimg.height(height);
}
}
});
});
}
function resize_table() {
$('div.message').each(function() {
var jdiv = $(this);
jdiv.find('table').addClass('table').wrap('<div class="table-responsive"></div>');
});
}
$(function() {
resize_image();
resize_table();
$(window).on('resize', resize_image);
});
var jmessage = $('#message');
jmessage.on('focus', function() {if(jmessage.t) { clearTimeout(jmessage.t); jmessage.t = null; } jmessage.css('height', '6rem'); });
jmessage.on('blur', function() {jmessage.t = setTimeout(function() { jmessage.css('height', '2.5rem');}, 1000); });
$('#nav li[data-active="fid-1"]').addClass('active');
</script>
