digital signature

honggarae 03/02/2022 989

Principle

Theintegrityofadigitallysignedfileiseasytoverify(itdoesnotrequireaseamseal,aseamsignature,orahandwritingexpert),andthedigitalsignatureisnon-repudiation(Non-repudiation).

Simplyput,theso-calleddigitalsignatureissomedataattachedtothedataunit,orthecryptographictransformationofthedataunit.Thisdataortransformationallowstherecipientofthedataunittoconfirmthesourceofthedataunitandtheintegrityofthedataunitandprotectthedatafrombeingforgedbysomeone(forexample,therecipient).Itisamethodtosignmessagesinelectronicform.Asignedmessagecanbetransmittedinacommunicationnetwork.Bothpublickeycryptosystemsandprivatekeycryptosystemscanobtaindigitalsignatures,mainlydigitalsignaturesbasedonpublickeycryptosystems.Includingordinarydigitalsignaturesandspecialdigitalsignatures.CommondigitalsignaturealgorithmsincludeRSA,ElGamal,Fiat-Shamir,Guillou-Quisquarter,Schnorr,Ong-Schnorr-Shamirdigitalsignaturealgorithm,Des/DSA,ellipticcurvedigitalsignaturealgorithm,andfiniteautomatadigitalsignaturealgorithm.Specialdigitalsignaturesincludeblindsignatures,proxysignatures,groupsignatures,undeniablesignatures,fairblindsignatures,thresholdsignatures,signatureswithmessagerecoveryfunctions,etc.,whicharecloselyrelatedtospecificapplicationenvironments.Obviously,theapplicationofdigitalsignaturesinvolveslegalissues.TheUSFederalGovernmenthasformulateditsownDigitalSignatureStandard(DSS)basedonthediscretelogarithmprobleminafinitefield.

Features

Everyonehasapairof"keys"(digitalidentities),oneofwhichisonlyknowntohim/her(key),andtheotherispublic(publickey).Thekeyisusedwhensigning,andthepublickeyisusedwhenverifyingthesignature.Andbecauseanyonecansignoffandclaimthatshe/heisyou,thepublickeymustberegisteredwithaperson(identitycertificationauthority)trustedbytherecipient.Afterregistration,theidentitycertificationauthoritywillissueyouadigitalcertificate.Aftersigningthedocument,yousendthedigitalcertificatetogetherwiththedocumentandsignaturetotherecipient,andtherecipientaskstheidentitycertificationauthoritytoverifywhetherthedocumentisreallyissuedwithyourkey.

Theuseofdigitalsignaturesincommunicationsgenerallyhasthefollowingcharacteristics:

Authentication

Thepublickeyencryptionsystemallowsanyonetousethepublickeyforencryptionwhensendinginformation,Usetheprivatekeytodecryptwhenreceivingthemessage.Ofcourse,thereceivercannotbe100%sureofthesender'strueidentity,butcanonlybereasonablysureifthecryptographicsystemhasnotbeendeciphered.

Theimportanceofauthenticationisparticularlyprominentinfinancialdata.Forexample,supposeabanktransmitsinstructionsfromitsbranchtoitscentralmanagementsystem.Theformatoftheinstructionis(a,b),whereaistheaccountnumberoftheaccountandbisthecurrentamountoftheaccount.Atthistime,aremotecustomercandeposit100yuanfirst,observethetransmissionresult,andthensendinstructionsintheformat(a,b)oneafteranother.Thismethodiscalledareplayattack.

Integrity

Bothpartieswhotransmitdataalwayswanttoconfirmthatthemessagehasnotbeenmodifiedduringtransmission.Encryptionmakesitverydifficultforthirdpartiestoreaddata,butthirdpartiescanstilltakefeasiblemethodstomodifydataduringtransmission.Apopularexampleisahomomorphicattack:Recallthattheabovebanksentinstructionsintheformat(a,b)fromitsbranchtoitscentralmanagementsystem,whereaistheaccountnumberandbistheamountintheaccount..Aremotecustomercandeposit100yuanfirst,theninterceptthetransmissionresult,andthentransmit(a,b),sothatheimmediatelybecomesamillionaire.

Non-repudiation

Inthecontextofciphertext,thetermdenialreferstonon-acknowledgmentofactionsrelatedtothemessage(thatis,theclaimthatthemessagecomesfromathirdparty).Therecipientofthemessagecanusedigitalsignaturestopreventallsubsequentdenials,becausetherecipientcanshowthesignaturetootherstoprovethesourceoftheinformation.

Mainfunctions

Networksecurity,mainlynetworkinformationsecurity,requirescorrespondingsecuritytechnicalmeasurestoprovideappropriatesecurityservices.Asoneofthemeanstoensurenetworkinformationsecurity,digitalsignaturemechanismcansolvetheproblemsofforgery,denial,impersonationandtampering.Oneofthepurposesofdigitalsignaturesistoreplacetraditionalmanualsignaturesandsealsinthenetworkenvironment,whichplaysanimportantrole:(1)Anti-counterfeiting(forgery).Onlythesignerknowstheprivatekey,soitisimpossibleforotherstoconstructthecorrectone.

(2)Identifiestheidentity.Sincethetraditionalhand-signedsignatureisusuallywhenthetwopartiesmeetdirectly,theidentityisself-evident.Inanetworkenvironment,thereceivermustbeabletoauthenticatetheidentityclaimedbythesender.

(3)Tamper-proof(anti-disruptionoftheintegrityofinformation).Fortraditionalmanualsigning,ifyouwanttosigna200-pagecontract,doyoujustsignattheendofthecontract?Orsigneverypage?Ifyouonlysignattheendofthecontract,theotherpartywillnotsecretlychangethepages?Fordigitalsignatures,thesignatureandtheoriginalfilehaveformedamixedoveralldata,whichcannotbetamperedwith,thusensuringtheintegrityofthedata.

(4)Anti-replay.Forexample,indailylife,AborrowsmoneyfromBandwritesaloannotetoBatthesametime.WhenApaysbackthemoney,hemustaskBfortheIOUtornup.Otherwise,IamafraidhewillusetheIOUagain.Apaysbackthemoney.Inthedigitalname,iftechnologiessuchasaddingaserialnumberandatimestamptothesignedmessageareused,replayattackscanbeprevented.

(5)Non-repudiation.Asmentionedearlier,digitalsignaturescanidentifyidentitiesandcannotbeforged,soaslongasthesignedmessageispreserved,itisasifthemanuallysignedcontracttextispreserved,thatis,theevidenceispreserved,andthesignercannotdenyit.Whatifthereceiverhasindeedreceivedthesignedmessagefromtheotherparty,butdeniesit?Itisnecessarytopreventthereceiver'sdenial.Inthedigitalsignaturesystem,thereceiverisrequiredtoreturnaself-signedmessageindicatingthatithasreceivedittotheotherpartyorathirdpartyorintroduceathird-partymechanism.Neitherpartycandenythisoperation.

(6)Confidentiality(confidentiality).Withtheguaranteeofconfidentiality,interceptionattacksareinvalidated.Manuallysigneddocuments(liketext)arenotconfidential.Oncethedocumentsarelost,theinformationinthemisverylikelytobeleaked.Thedigitalsignaturecanencryptthemessagetobesigned.Ofcourse,ifthesigningofthesignaturedoesnotrequireconfidentiality,encryptioncanalsobeomitted.

Ensuretheintegrityofinformationtransmission,theidentityofthesender,andpreventdenialintransactions.

Digitalsignaturetechnologyistoencryptthedigestinformationwiththesender’sprivatekeyandsendittothereceivertogetherwiththeoriginaltext.Thereceiverusesitsownpublickeytodecrypttheencryptedsummaryinformation,andthenusestheHASHfunctiontogenerateasummaryofthereceivedoriginaltext,andcompareitwiththedecryptedsummaryinformation.Iftheyarethesame,itmeansthatthereceivedinformationiscompleteandhasnotbeenmodifiedduringtransmission.Otherwise,itmeansthattheinformationhasbeenmodified,sothedigitalsignaturecanverifytheintegrityoftheinformation.

Digitalsignatureisanencryptionprocess,anddigitalsignatureverificationisadecryptionprocess.

Signingprocess

Whensendingamessage,thesenderusesahashfunctiontogenerateamessagedigestfromthemessagetext,andthenencryptsthedigestwiththesender’sprivatekey,Thisencrypteddigestwillbesenttothereceiverasthedigitalsignatureofthemessagetogetherwiththemessage.Thereceiverfirstusesthesamehashfunctionasthesendertocalculatethemessagedigestfromthereceivedoriginalmessage,andthenThepublickeyisusedtodecryptthedigitalsignatureattachedtothemessage.Ifthetwodigestsarethesame,thereceivercanconfirmthatthemessageisthesender.

Digitalsignaturehastwofunctions:First,itcanconfirmthatthemessageisindeedsignedandsentbythesender,becauseotherscannotfakethesender’ssignature.Thesecondisthatthedigitalsignaturecanconfirmtheintegrityofthemessage.Becausethecharacteristicofthedigitalsignatureisthatitrepresentsthecharacteristicsofthedocument,ifthedocumentischanged,thevalueofthedigitaldigestwillalsochange.Differentfileswillgetdifferentdigitalsummaries.Adigitalsignatureinvolvesahashfunction,therecipient'spublickey,andthesender'sprivatekey.

Howtouse

Youcandigitallysigneveryemailyousend.Thisdoesnotrefertoinscriptions,whicharegenerallymistakenforsignatures.

InmainlandChina,digitalsignaturesarelegallyeffectiveandarebeingwidelyused.In2000,thenew"ContractLaw"ofthePeople'sRepublicofChinaconfirmedthelegaleffectsofelectroniccontractsandelectronicsignaturesforthefirsttime.OnApril1,2005,thefirst"ElectronicSignatureLaw"ofthePeople'sRepublicofChinawasformallyimplemented.

Mailcertificate

Personalsecuritymailcertificatewithdigitalsignaturefunctionisakindofusercertificate,whichreferstothecertificatethattheunitusermusthavewhensendingandreceivingemailsusingthecertificatemechanismtoensuresecurity..Thepersonalsecurityemailcertificateisadigitalsecuritycertificatethatconformstothex.509standard.ItcombinesdigitalcertificatesandS/MIMEtechnologytoencryptanddigitallysignordinaryemailstoensurethesecurity,confidentiality,andsenderidentityoftheemailcontentConfirmationandnon-repudiation.Thepersonalsecuritymailcertificatewithdigitalsignaturefunctioncontainsthee-mailaddressofthecertificateholder,thepublickeyofthecertificateholder,theissuer(CA),andtheissuer'ssignatureofthecertificate.Therealizationofthepersonalsecuritymailcertificatefunctiondependsonwhetherthemailsystemusedbytheusersupportsthecorrespondingfunction.MSOutlook,OutlookExpress,FoxmailandCAsecureemailsystemsallsupportcorrespondingfunctions.Theuseofpersonalsecurityemailcertificatescansendandreceiveencryptedanddigitallysignedemailstoensuretheconfidentiality,integrityandnon-repudiationofemailtransmissions,andtoensuretheauthenticityoftheidentitiesofallpartiesintheemailcommunication.

Implementationmethod

Thedigitalsignaturealgorithmisimplementedbypublickeyencryptiontechnology.Inpublickeyencryptiontechnology,eachuserhasapairofkeys:apublickeyandaprivatekey.Thepublickeycanbereleasedfreely,buttheprivatekeyiskeptsecret;anotherrequirementistomakeitimpossibletocalculatetheprivatekeyfromthepublickey.

Commondigitalsignaturealgorithmsincludethreealgorithms:

1.Passwordgenerationalgorithm;

2.Markingalgorithm;

3.Verificationalgorithm.

Digitalsignaturetechnologyismostlyimplementedbasedonhashdigestandasymmetrickeyencryptionsystem.Ifthesignerwantstodigitallysignafile,hemustfirstobtaintheprivatekeyandpublickeyfromatrustedthird-partyorganization(digitalcertificatecertificationcenterCA),whichrequirestheuseofPKItechnology.

1.Digitalsignatureandverificationwithhashalgorithm

Thehashfunctionisakindof"compressionfunction".ThehashfunctioncanbeusedtoThelengthoftheinputistransformedintoafixed-lengthoutputthroughthehashfunctionalgorithm.Thehashvalueoftheoutputisthemessagedigest,alsocalledthedigitaldigest.Inaformaldigitalsignature,thesenderfirstappliesahashalgorithmtothesentfiletoobtainafixed-lengthmessagedigest(MessageDigest);thenusesitsownprivatekey(Secretkey,SK)tosignthemessagedigesttoformasendParty’sdigitalsignature.Thedigitalsignaturewillbesenttothereceiverasateampiecetogetherwiththeoriginaltext;thereceiverfirstdecryptsthedigitalsignaturewiththesender’spublickeytoobtainthesender’sdigitaldigest,andthenusesthesamehashfunctiontohashtheoriginaltexttogetAnewmessagedigest,andfinallycomparethemessagedigestwiththereceivedmessagedigest.ThespecificprocessisshowninFigure1.

2.Digitalsignatureandverificationbasedonasymmetrickeyencryptionsystem

Thesenderfirstencryptstheoriginaltextwithitsownprivatekeytoobtainadigitalsignature,Thensendtheoriginaltextanddigitalsignaturetotherecipient.Thereceiverusesthesender’spublickeytodecryptthedigitalsignature,andfinallycomparesitwiththeoriginaltext.AsshowninFigure2,digitalsignatureisanelectronicsignaturemethodthatiswidelyusedine-commerceande-government,withmaturetechnologyandstrongoperability..Itusesstandardizedproceduresandscientificmethodstoverifytheidentityofthesignatoryandtherecognitionofthecontentofanelectronicdata.Theuseofdigitalsignaturetechnologycanverifywhethertheoriginaltextofthedocumenthaschangedduringthetransmissionprocess,andensuretheintegrity,authenticityandnon-repudiationofthetransmittedelectronicdocument.

Signingsteps

Javasigningsteps

1.PuttheappletclassfilePackagedinto*.jar(youcanenterjarinthecommandlinetoviewthehelp)

2,firstwehavetogenerateakeystore,otherwisethefollowingerrorwillbereportedwhensigning

jarsignererror:java.lang.RuntimeException:Keystoreloading:C:\DocumentsandSettings\ij2ee\.keystore(Thesystemcannotfindthespecifiedfile.).(Theij2eehereisCurrentsystemusername)

Thestatementtogeneratethekeystore:keytool-genkey-aliasalias,youcanwriteityourself-keyalgRSA-keystore.keystore

ThefollowingaresomeofthedigitalsignaturesthatwillappearStepoperation:

  • Enterthekeystorepassword:

  • Enterthenewpasswordagain:

  • Whatareyourfirstandlastnames?

  • [Unknown]:ij2ee

  • Whatisthenameofyourorganizationalunit?

  • [Unknown]:mtk

  • Whatisthenameofyourorganization?

  • [Unknown]:mtk

  • Whatisthenameofyourcityorarea?

  • [Unknown]:suzhou

  • Whatisthenameofyourstateorprovince?

  • [Unknown]:jiangsu

  • Whatisthetwo-lettercountrycodeofthisunit

  • [Unknown]:cn

  • CN=ij2ee,OU=mtk,O=mtk,L=suzhou,ST=jiangsu,C=cn,correct??

  • [No]:y

  • Enteredmasterpassword

  • (Ifthepasswordisthesameasthekeystore,pressEnter):

  • Atthistime,.keystorewillbegeneratedinthebindirectoryofjdk.Movethis.keystorefiletotheC:\DocumentsandSettings\directoryofthecurrentsystemuser.

3.Createadigitalcertificate

Enterthefollowingcommandsinthecommandline,PeakCAandpeakCALibhavetheirownnames.3650isthevalidnumberofdays,whichisabout10years.Whencreatingacertificate,youneedtofillinsomeinformationaboutthecertificateandtheprivatekeypasswordcorrespondingtothecertificate.

keytool-genkey-aliaspeakCA-keyalgRSA-keysize1024-keystorepeakCALib-validity3650

4.Exportthecertificatetothecertificatefile

p>

Enterthefollowingcommandsinthecommandline,namepeakCAandpeakCALibarbitrarily,and******istheenteredpassword.

keytool-export-aliaspeakCA-filepeakCA.cer-keystorepeakCALib-storepass******-rfc

5.Authorizethejarfile,inthecommandlineEnterthefollowinginstructionsinthebox

jarsigner-keystorepeakCALibmyapplet.jarpeakCA

Officesignaturesteps

1.Toprotecttheauthenticityofthedocumentcontent,Youcanaddinvisibledigitalsignatures.Thereisa"Sign"buttonatthebottomofthesigneddocument.

2.Clickthe"File"tab.

3.Click"Information".

4.Under"Permissions",click"ProtectDocuments","ProtectWorkbooks"or"ProtectPresentations".

5.Click"AddDigitalSignature".

6.ReadthemessagedisplayedinWord,ExcelorPowerPoint,andthenclick"OK".

7.Inthe"Signature"dialogbox,inthe"Purposeforsigningthisdocument"box,typethepurpose.

8.Click"Sign".

9.Afterthefileisdigitallysigned,the"Sign"buttonwillappear,andthefilewillbecomeread-onlytopreventmodification.

Applicationexample

IfAlicetransmitsdigitalinformationtoBob,inordertoensuretheconfidentiality,authenticity,integrityandnon-repudiationoftheinformationtransmitted,thetransmittedinformationneedstobedigitallyencryptedAndsignature,thetransmissionprocessis:

  1. Alicepreparesthedigitalinformation(plaintext)tobetransmitted;

  2. AliceisdigitalTheinformationishashedtoobtainaninformationdigest;

  3. AliceusesherprivatekeytoencrypttheinformationdigesttoobtainAlice'sdigitalsignatureandattachittothedigitalinformation;

  4. Alicerandomlygeneratesanencryptionkey,andusesthispasswordtoencrypttheinformationtobesenttoformaciphertext;

  5. AliceusesBob’spublickeytoencrypttheencryptionkeythatwasrandomlygeneratedjustnow,andsendstheencryptedDESkeytogetherwiththeciphertexttoBob;

  6. BobreceivesTheciphertextandencryptedDESkeysenttoAlice,firstdecrypttheencryptedDESkeywithyourownprivatekey,andgettheencryptionkeyrandomlygeneratedbyAlice;

  7. Bobthenusestherandomkeytodecryptthereceivedciphertexttoobtainthedigitalinformationintheplaintext,andthendiscardstherandomkey;

  8. BobusesAlice’spublicThekeydecryptsAlice’sdigitalsignaturetogetthemessagedigest;

  9. BobusesthesamehashalgorithmtohashthereceivedplaintextagaintogetanewMessagesummary;

  10. Bobcomparesthereceivedmessagesummarywiththenewlygeneratedmessagesummary.Iftheyareconsistent,thereceivedmessagehasnotbeenmodified.

Differentiateattacks

Howtodistinguishdigitalsignatureattacks?Therearetwomethods:

1.Toviewthedetailedinformationofthedigitalsignature,weshouldviewthedetailedinformationofthedigitalsignatureandclickthe"DetailedInformation"button.

WewillfindthedifferencebetweenthedigitalsignatureofanormalEXEandaninfected(orbundledTrojan)EXE.

ThedigitalsignaturedetailsofthenormalEXE.

ThetamperedEXEdigitalsignatureinformationisinvalid.

2.Usethedigitalsignatureverificationprogramsigcheck.exe(YoucanfindthistoolonBaidu,oneofthecomponentsofthefamoussystemtoolkitSysinternalsSuite.)

Abnormalresults

Theresultoftheabnormaldigitalsignatureis:

C:\DocumentsandSettings\litiejun\??\modify.exe:

Verified:Unsigned

Filedate:15:462008-5-23

Publisher:n/a

Description:n/a

Product:n/a

Version:n/a

Fileversion:n/a

Normalresult

Thedigitalsignaturenormalresultis:

C:\DocumentsandSettings\litiejun\??\che.exe:

Verified:Signed

Signingdate:16:282008-4-29

Publisher:n/a

Description:n/a

Product:n/a

Version:n/a

Fileversion:n/a

Latest: John von Neumann

Next: Shen Kuo