digital signature
Principle
Theintegrityofadigitallysignedfileiseasytoverify(itdoesnotrequireaseamseal,aseamsignature,orahandwritingexpert),andthedigitalsignatureisnon-repudiation(Non-repudiation).
Simplyput,theso-calleddigitalsignatureissomedataattachedtothedataunit,orthecryptographictransformationofthedataunit.Thisdataortransformationallowstherecipientofthedataunittoconfirmthesourceofthedataunitandtheintegrityofthedataunitandprotectthedatafrombeingforgedbysomeone(forexample,therecipient).Itisamethodtosignmessagesinelectronicform.Asignedmessagecanbetransmittedinacommunicationnetwork.Bothpublickeycryptosystemsandprivatekeycryptosystemscanobtaindigitalsignatures,mainlydigitalsignaturesbasedonpublickeycryptosystems.Includingordinarydigitalsignaturesandspecialdigitalsignatures.CommondigitalsignaturealgorithmsincludeRSA,ElGamal,Fiat-Shamir,Guillou-Quisquarter,Schnorr,Ong-Schnorr-Shamirdigitalsignaturealgorithm,Des/DSA,ellipticcurvedigitalsignaturealgorithm,andfiniteautomatadigitalsignaturealgorithm.Specialdigitalsignaturesincludeblindsignatures,proxysignatures,groupsignatures,undeniablesignatures,fairblindsignatures,thresholdsignatures,signatureswithmessagerecoveryfunctions,etc.,whicharecloselyrelatedtospecificapplicationenvironments.Obviously,theapplicationofdigitalsignaturesinvolveslegalissues.TheUSFederalGovernmenthasformulateditsownDigitalSignatureStandard(DSS)basedonthediscretelogarithmprobleminafinitefield.
Features
Everyonehasapairof"keys"(digitalidentities),oneofwhichisonlyknowntohim/her(key),andtheotherispublic(publickey).Thekeyisusedwhensigning,andthepublickeyisusedwhenverifyingthesignature.Andbecauseanyonecansignoffandclaimthatshe/heisyou,thepublickeymustberegisteredwithaperson(identitycertificationauthority)trustedbytherecipient.Afterregistration,theidentitycertificationauthoritywillissueyouadigitalcertificate.Aftersigningthedocument,yousendthedigitalcertificatetogetherwiththedocumentandsignaturetotherecipient,andtherecipientaskstheidentitycertificationauthoritytoverifywhetherthedocumentisreallyissuedwithyourkey.
Theuseofdigitalsignaturesincommunicationsgenerallyhasthefollowingcharacteristics:
Authentication
Thepublickeyencryptionsystemallowsanyonetousethepublickeyforencryptionwhensendinginformation,Usetheprivatekeytodecryptwhenreceivingthemessage.Ofcourse,thereceivercannotbe100%sureofthesender'strueidentity,butcanonlybereasonablysureifthecryptographicsystemhasnotbeendeciphered.
Theimportanceofauthenticationisparticularlyprominentinfinancialdata.Forexample,supposeabanktransmitsinstructionsfromitsbranchtoitscentralmanagementsystem.Theformatoftheinstructionis(a,b),whereaistheaccountnumberoftheaccountandbisthecurrentamountoftheaccount.Atthistime,aremotecustomercandeposit100yuanfirst,observethetransmissionresult,andthensendinstructionsintheformat(a,b)oneafteranother.Thismethodiscalledareplayattack.
Integrity
Bothpartieswhotransmitdataalwayswanttoconfirmthatthemessagehasnotbeenmodifiedduringtransmission.Encryptionmakesitverydifficultforthirdpartiestoreaddata,butthirdpartiescanstilltakefeasiblemethodstomodifydataduringtransmission.Apopularexampleisahomomorphicattack:Recallthattheabovebanksentinstructionsintheformat(a,b)fromitsbranchtoitscentralmanagementsystem,whereaistheaccountnumberandbistheamountintheaccount..Aremotecustomercandeposit100yuanfirst,theninterceptthetransmissionresult,andthentransmit(a,b),sothatheimmediatelybecomesamillionaire.
Non-repudiation
Inthecontextofciphertext,thetermdenialreferstonon-acknowledgmentofactionsrelatedtothemessage(thatis,theclaimthatthemessagecomesfromathirdparty).Therecipientofthemessagecanusedigitalsignaturestopreventallsubsequentdenials,becausetherecipientcanshowthesignaturetootherstoprovethesourceoftheinformation.
Mainfunctions
Networksecurity,mainlynetworkinformationsecurity,requirescorrespondingsecuritytechnicalmeasurestoprovideappropriatesecurityservices.Asoneofthemeanstoensurenetworkinformationsecurity,digitalsignaturemechanismcansolvetheproblemsofforgery,denial,impersonationandtampering.Oneofthepurposesofdigitalsignaturesistoreplacetraditionalmanualsignaturesandsealsinthenetworkenvironment,whichplaysanimportantrole:(1)Anti-counterfeiting(forgery).Onlythesignerknowstheprivatekey,soitisimpossibleforotherstoconstructthecorrectone.
(2)Identifiestheidentity.Sincethetraditionalhand-signedsignatureisusuallywhenthetwopartiesmeetdirectly,theidentityisself-evident.Inanetworkenvironment,thereceivermustbeabletoauthenticatetheidentityclaimedbythesender.
(3)Tamper-proof(anti-disruptionoftheintegrityofinformation).Fortraditionalmanualsigning,ifyouwanttosigna200-pagecontract,doyoujustsignattheendofthecontract?Orsigneverypage?Ifyouonlysignattheendofthecontract,theotherpartywillnotsecretlychangethepages?Fordigitalsignatures,thesignatureandtheoriginalfilehaveformedamixedoveralldata,whichcannotbetamperedwith,thusensuringtheintegrityofthedata.
(4)Anti-replay.Forexample,indailylife,AborrowsmoneyfromBandwritesaloannotetoBatthesametime.WhenApaysbackthemoney,hemustaskBfortheIOUtornup.Otherwise,IamafraidhewillusetheIOUagain.Apaysbackthemoney.Inthedigitalname,iftechnologiessuchasaddingaserialnumberandatimestamptothesignedmessageareused,replayattackscanbeprevented.
(5)Non-repudiation.Asmentionedearlier,digitalsignaturescanidentifyidentitiesandcannotbeforged,soaslongasthesignedmessageispreserved,itisasifthemanuallysignedcontracttextispreserved,thatis,theevidenceispreserved,andthesignercannotdenyit.Whatifthereceiverhasindeedreceivedthesignedmessagefromtheotherparty,butdeniesit?Itisnecessarytopreventthereceiver'sdenial.Inthedigitalsignaturesystem,thereceiverisrequiredtoreturnaself-signedmessageindicatingthatithasreceivedittotheotherpartyorathirdpartyorintroduceathird-partymechanism.Neitherpartycandenythisoperation.
(6)Confidentiality(confidentiality).Withtheguaranteeofconfidentiality,interceptionattacksareinvalidated.Manuallysigneddocuments(liketext)arenotconfidential.Oncethedocumentsarelost,theinformationinthemisverylikelytobeleaked.Thedigitalsignaturecanencryptthemessagetobesigned.Ofcourse,ifthesigningofthesignaturedoesnotrequireconfidentiality,encryptioncanalsobeomitted.
Ensuretheintegrityofinformationtransmission,theidentityofthesender,andpreventdenialintransactions.
Digitalsignaturetechnologyistoencryptthedigestinformationwiththesender’sprivatekeyandsendittothereceivertogetherwiththeoriginaltext.Thereceiverusesitsownpublickeytodecrypttheencryptedsummaryinformation,andthenusestheHASHfunctiontogenerateasummaryofthereceivedoriginaltext,andcompareitwiththedecryptedsummaryinformation.Iftheyarethesame,itmeansthatthereceivedinformationiscompleteandhasnotbeenmodifiedduringtransmission.Otherwise,itmeansthattheinformationhasbeenmodified,sothedigitalsignaturecanverifytheintegrityoftheinformation.
Digitalsignatureisanencryptionprocess,anddigitalsignatureverificationisadecryptionprocess.
Signingprocess
Whensendingamessage,thesenderusesahashfunctiontogenerateamessagedigestfromthemessagetext,andthenencryptsthedigestwiththesender’sprivatekey,Thisencrypteddigestwillbesenttothereceiverasthedigitalsignatureofthemessagetogetherwiththemessage.Thereceiverfirstusesthesamehashfunctionasthesendertocalculatethemessagedigestfromthereceivedoriginalmessage,andthenThepublickeyisusedtodecryptthedigitalsignatureattachedtothemessage.Ifthetwodigestsarethesame,thereceivercanconfirmthatthemessageisthesender.
Digitalsignaturehastwofunctions:First,itcanconfirmthatthemessageisindeedsignedandsentbythesender,becauseotherscannotfakethesender’ssignature.Thesecondisthatthedigitalsignaturecanconfirmtheintegrityofthemessage.Becausethecharacteristicofthedigitalsignatureisthatitrepresentsthecharacteristicsofthedocument,ifthedocumentischanged,thevalueofthedigitaldigestwillalsochange.Differentfileswillgetdifferentdigitalsummaries.Adigitalsignatureinvolvesahashfunction,therecipient'spublickey,andthesender'sprivatekey.
Howtouse
Youcandigitallysigneveryemailyousend.Thisdoesnotrefertoinscriptions,whicharegenerallymistakenforsignatures.
InmainlandChina,digitalsignaturesarelegallyeffectiveandarebeingwidelyused.In2000,thenew"ContractLaw"ofthePeople'sRepublicofChinaconfirmedthelegaleffectsofelectroniccontractsandelectronicsignaturesforthefirsttime.OnApril1,2005,thefirst"ElectronicSignatureLaw"ofthePeople'sRepublicofChinawasformallyimplemented.
Mailcertificate
Personalsecuritymailcertificatewithdigitalsignaturefunctionisakindofusercertificate,whichreferstothecertificatethattheunitusermusthavewhensendingandreceivingemailsusingthecertificatemechanismtoensuresecurity..Thepersonalsecurityemailcertificateisadigitalsecuritycertificatethatconformstothex.509standard.ItcombinesdigitalcertificatesandS/MIMEtechnologytoencryptanddigitallysignordinaryemailstoensurethesecurity,confidentiality,andsenderidentityoftheemailcontentConfirmationandnon-repudiation.Thepersonalsecuritymailcertificatewithdigitalsignaturefunctioncontainsthee-mailaddressofthecertificateholder,thepublickeyofthecertificateholder,theissuer(CA),andtheissuer'ssignatureofthecertificate.Therealizationofthepersonalsecuritymailcertificatefunctiondependsonwhetherthemailsystemusedbytheusersupportsthecorrespondingfunction.MSOutlook,OutlookExpress,FoxmailandCAsecureemailsystemsallsupportcorrespondingfunctions.Theuseofpersonalsecurityemailcertificatescansendandreceiveencryptedanddigitallysignedemailstoensuretheconfidentiality,integrityandnon-repudiationofemailtransmissions,andtoensuretheauthenticityoftheidentitiesofallpartiesintheemailcommunication.
Implementationmethod
Thedigitalsignaturealgorithmisimplementedbypublickeyencryptiontechnology.Inpublickeyencryptiontechnology,eachuserhasapairofkeys:apublickeyandaprivatekey.Thepublickeycanbereleasedfreely,buttheprivatekeyiskeptsecret;anotherrequirementistomakeitimpossibletocalculatetheprivatekeyfromthepublickey.
Commondigitalsignaturealgorithmsincludethreealgorithms:
1.Passwordgenerationalgorithm;
2.Markingalgorithm;
3.Verificationalgorithm.
Digitalsignaturetechnologyismostlyimplementedbasedonhashdigestandasymmetrickeyencryptionsystem.Ifthesignerwantstodigitallysignafile,hemustfirstobtaintheprivatekeyandpublickeyfromatrustedthird-partyorganization(digitalcertificatecertificationcenterCA),whichrequirestheuseofPKItechnology.
1.Digitalsignatureandverificationwithhashalgorithm
Thehashfunctionisakindof"compressionfunction".ThehashfunctioncanbeusedtoThelengthoftheinputistransformedintoafixed-lengthoutputthroughthehashfunctionalgorithm.Thehashvalueoftheoutputisthemessagedigest,alsocalledthedigitaldigest.Inaformaldigitalsignature,thesenderfirstappliesahashalgorithmtothesentfiletoobtainafixed-lengthmessagedigest(MessageDigest);thenusesitsownprivatekey(Secretkey,SK)tosignthemessagedigesttoformasendParty’sdigitalsignature.Thedigitalsignaturewillbesenttothereceiverasateampiecetogetherwiththeoriginaltext;thereceiverfirstdecryptsthedigitalsignaturewiththesender’spublickeytoobtainthesender’sdigitaldigest,andthenusesthesamehashfunctiontohashtheoriginaltexttogetAnewmessagedigest,andfinallycomparethemessagedigestwiththereceivedmessagedigest.ThespecificprocessisshowninFigure1.
2.Digitalsignatureandverificationbasedonasymmetrickeyencryptionsystem
Thesenderfirstencryptstheoriginaltextwithitsownprivatekeytoobtainadigitalsignature,Thensendtheoriginaltextanddigitalsignaturetotherecipient.Thereceiverusesthesender’spublickeytodecryptthedigitalsignature,andfinallycomparesitwiththeoriginaltext.AsshowninFigure2,digitalsignatureisanelectronicsignaturemethodthatiswidelyusedine-commerceande-government,withmaturetechnologyandstrongoperability..Itusesstandardizedproceduresandscientificmethodstoverifytheidentityofthesignatoryandtherecognitionofthecontentofanelectronicdata.Theuseofdigitalsignaturetechnologycanverifywhethertheoriginaltextofthedocumenthaschangedduringthetransmissionprocess,andensuretheintegrity,authenticityandnon-repudiationofthetransmittedelectronicdocument.
Signingsteps
Javasigningsteps
1.PuttheappletclassfilePackagedinto*.jar(youcanenterjarinthecommandlinetoviewthehelp)
2,firstwehavetogenerateakeystore,otherwisethefollowingerrorwillbereportedwhensigning
jarsignererror:java.lang.RuntimeException:Keystoreloading:C:\DocumentsandSettings\ij2ee\.keystore(Thesystemcannotfindthespecifiedfile.).(Theij2eehereisCurrentsystemusername)
Thestatementtogeneratethekeystore:keytool-genkey-aliasalias,youcanwriteityourself-keyalgRSA-keystore.keystore
ThefollowingaresomeofthedigitalsignaturesthatwillappearStepoperation:
Enterthekeystorepassword:
Enterthenewpasswordagain:
Whatareyourfirstandlastnames?
[Unknown]:ij2ee
Whatisthenameofyourorganizationalunit?
[Unknown]:mtk
Whatisthenameofyourorganization?
[Unknown]:mtk
Whatisthenameofyourcityorarea?
[Unknown]:suzhou
Whatisthenameofyourstateorprovince?
[Unknown]:jiangsu
Whatisthetwo-lettercountrycodeofthisunit
[Unknown]:cn
CN=ij2ee,OU=mtk,O=mtk,L=suzhou,ST=jiangsu,C=cn,correct??
[No]:y
Enteredmasterpassword
(Ifthepasswordisthesameasthekeystore,pressEnter):
Atthistime,.keystorewillbegeneratedinthebindirectoryofjdk.Movethis.keystorefiletotheC:\DocumentsandSettings\directoryofthecurrentsystemuser.
3.Createadigitalcertificate
Enterthefollowingcommandsinthecommandline,PeakCAandpeakCALibhavetheirownnames.3650isthevalidnumberofdays,whichisabout10years.Whencreatingacertificate,youneedtofillinsomeinformationaboutthecertificateandtheprivatekeypasswordcorrespondingtothecertificate.
keytool-genkey-aliaspeakCA-keyalgRSA-keysize1024-keystorepeakCALib-validity3650
4.Exportthecertificatetothecertificatefile
p>
Enterthefollowingcommandsinthecommandline,namepeakCAandpeakCALibarbitrarily,and******istheenteredpassword.
keytool-export-aliaspeakCA-filepeakCA.cer-keystorepeakCALib-storepass******-rfc
5.Authorizethejarfile,inthecommandlineEnterthefollowinginstructionsinthebox
jarsigner-keystorepeakCALibmyapplet.jarpeakCA
Officesignaturesteps
1.Toprotecttheauthenticityofthedocumentcontent,Youcanaddinvisibledigitalsignatures.Thereisa"Sign"buttonatthebottomofthesigneddocument.
2.Clickthe"File"tab.
3.Click"Information".
4.Under"Permissions",click"ProtectDocuments","ProtectWorkbooks"or"ProtectPresentations".
5.Click"AddDigitalSignature".
6.ReadthemessagedisplayedinWord,ExcelorPowerPoint,andthenclick"OK".
7.Inthe"Signature"dialogbox,inthe"Purposeforsigningthisdocument"box,typethepurpose.
8.Click"Sign".
9.Afterthefileisdigitallysigned,the"Sign"buttonwillappear,andthefilewillbecomeread-onlytopreventmodification.
Applicationexample
IfAlicetransmitsdigitalinformationtoBob,inordertoensuretheconfidentiality,authenticity,integrityandnon-repudiationoftheinformationtransmitted,thetransmittedinformationneedstobedigitallyencryptedAndsignature,thetransmissionprocessis:
Alicepreparesthedigitalinformation(plaintext)tobetransmitted;
AliceisdigitalTheinformationishashedtoobtainaninformationdigest;
AliceusesherprivatekeytoencrypttheinformationdigesttoobtainAlice'sdigitalsignatureandattachittothedigitalinformation;
Alicerandomlygeneratesanencryptionkey,andusesthispasswordtoencrypttheinformationtobesenttoformaciphertext;
AliceusesBob’spublickeytoencrypttheencryptionkeythatwasrandomlygeneratedjustnow,andsendstheencryptedDESkeytogetherwiththeciphertexttoBob;
BobreceivesTheciphertextandencryptedDESkeysenttoAlice,firstdecrypttheencryptedDESkeywithyourownprivatekey,andgettheencryptionkeyrandomlygeneratedbyAlice;
Bobthenusestherandomkeytodecryptthereceivedciphertexttoobtainthedigitalinformationintheplaintext,andthendiscardstherandomkey;
BobusesAlice’spublicThekeydecryptsAlice’sdigitalsignaturetogetthemessagedigest;
BobusesthesamehashalgorithmtohashthereceivedplaintextagaintogetanewMessagesummary;
Bobcomparesthereceivedmessagesummarywiththenewlygeneratedmessagesummary.Iftheyareconsistent,thereceivedmessagehasnotbeenmodified.
Differentiateattacks
Howtodistinguishdigitalsignatureattacks?Therearetwomethods:
1.Toviewthedetailedinformationofthedigitalsignature,weshouldviewthedetailedinformationofthedigitalsignatureandclickthe"DetailedInformation"button.
WewillfindthedifferencebetweenthedigitalsignatureofanormalEXEandaninfected(orbundledTrojan)EXE.
ThedigitalsignaturedetailsofthenormalEXE.
ThetamperedEXEdigitalsignatureinformationisinvalid.
2.Usethedigitalsignatureverificationprogramsigcheck.exe(YoucanfindthistoolonBaidu,oneofthecomponentsofthefamoussystemtoolkitSysinternalsSuite.)
Abnormalresults
Theresultoftheabnormaldigitalsignatureis:
C:\DocumentsandSettings\litiejun\??\modify.exe:
Verified:Unsigned
Filedate:15:462008-5-23
Publisher:n/a
Description:n/a
Product:n/a
Version:n/a
Fileversion:n/a
Normalresult
Thedigitalsignaturenormalresultis:
C:\DocumentsandSettings\litiejun\??\che.exe:
Verified:Signed
Signingdate:16:282008-4-29
Publisher:n/a
Description:n/a
Product:n/a
Version:n/a
Fileversion:n/a
Latest: John von Neumann
Next: Shen Kuo
