Digital signature technology has the following characteristics: 1. Authentication, allowing anyone to use the public key to encrypt when sending information, and use the private key to decrypt when receiving information; 2. Data integrity, which refers to the In the process of transmitting information or data, ensure that the information or data is not tampered with without authorization or can be quickly discovered after tampering; 3. Non-repudiation. The recipient of the message can prevent all subsequent denials through digital signatures, because the recipient You can show your signature to others to prove the source of the information.
The operating environment of this tutorial: Windows 7 system, Dell G3 computer.
Digital signature (also known as public key digital signature) is a digital string that can only be generated by the sender of the message and cannot be forged by others. This digital string is also a guarantee of the authenticity of the message sent by the sender of the message. Valid proof. It is a method of authenticating digital information similar to an ordinary physical signature written on paper, but implemented using technology in the field of public key encryption. A set of digital signatures usually defines two complementary operations, one for signing and another for verification. Digital signature is the application of asymmetric key encryption technology and digital digest technology.
The integrity of a digitally signed document is easy to verify (no seal, signature, or handwriting expert required), and the digital signature is non-repudiation (non-repudiation).
Characteristics of digital signature technology
Authentication
The public key encryption system allows any People use the public key to encrypt when sending information, and use the private key to decrypt when receiving information. Of course, the receiver cannot be 100% sure of the sender's true identity, but can only have reason to be sure if the cryptographic system has not been broken.
The importance of authentication is particularly prominent in financial data. For example, suppose a bank transmits instructions from its branches to its central management system. The format of the instruction is (a, b), where a is the account number of the account and b is the current amount of the account. At this time, a remote client can first deposit 100 yuan, observe the transmission results, and then send instructions in the format (a, b) one after another. This method is called a replay attack.
Data integrity
Data integrity refers to the process of transmitting and storing information or data to ensure that the information or data is not tampered with without authorization or after tampering can be discovered quickly.
Both parties transmitting data always want to confirm that the message has not been modified during the transmission process. Encryption makes it very difficult for third parties to read the data, but there are still ways that third parties can modify the data during transmission. A popular example is a homomorphic attack: Recall that the bank above sends an instruction in the format (a, b) from its branch to its central management system, where a is the account number and b is the amount in the account . A remote client can first deposit 100 yuan, then intercept the transmission result, and then transmit (a, b), so that he will immediately become a millionaire.
Non-repudiation
In the context of cryptography, the word repudiation refers to the act of not acknowledging a message (i.e. claiming that the message came from a third party). The recipient of a message can digitally sign it to prevent all subsequent denials, because the recipient can present the signature to others to appear to prove the source of the message.
The important role of digital signature
(1) Anti-impersonation (forgery). The private key is known only to the signer, so it is impossible for others to construct the correct one.
(2) Identity can be identified. Since traditional manual signatures usually require both parties to meet directly, the identity can be clearly understood. In a network environment, the receiver must be able to authenticate the sender's claimed identity.
(3) Anti-tampering (preventing damage to the integrity of the information). For traditional manual signatures, if you want to sign a 200-page contract, should you just sign at the end of the contract? Or sign every page? If you only sign at the end of the contract, will the other party secretly change a few pages? For digital signatures, the signature and the original document have formed a mixed overall data that cannot be tampered with, thereby ensuring the integrity of the data.
(4) Anti-replay. For example, in daily life, A borrows money from B and writes an IOU to B. When A pays back the money, he must ask B for the IOU he wrote and tear it up. Otherwise, he may use the IOU to ask again. A pays back the money. In digital signatures, if techniques such as adding serial numbers and timestamps to signed messages are used, replay attacks can be prevented.
(5) Anti-repudiation. As mentioned before, digital signatures can authenticate identities and cannot be forged. Therefore, as long as the signed message is preserved, it is like preserving the manually signed contract text, that is, the evidence is preserved and the signer cannot deny it. What if the receiver has indeed received the other party's signed message, but denies that it has not been received? To prevent the receiver from denying it. In the digital signature system, the recipient is required to return a signature of his own to represent the received message, to the other party or a third party, or to introduce a third-party mechanism. In this way, neither party can deny it.
(6) Confidentiality (confidentiality). Manually signed documents (like text) are not confidential, and once the document is lost, the information contained in it is very likely to be leaked. Digital signatures can encrypt the hash value of the message to be signed, but do not encrypt the message itself. Of course, if the signature registration does not require confidentiality, encryption is not required.
Ensure the integrity of information transmission, identity authentication of the sender, and prevent denial of transactions.
Digital signature technology encrypts the summary information with the sender's private key and transmits it to the recipient together with the original text. The receiver uses the sender's public key to decrypt the encrypted summary information, and then uses the HASH function to generate a summary information for the received original text, which is compared with the decrypted summary information. If they are the same, it means that the received information is complete and has not been modified during the transmission process. Otherwise, it means that the information has been modified, so the digital signature can verify the integrity of the information.
Digital signature is an encryption process, and digital signature verification is a decryption process.
For more related knowledge, please visit the FAQ column!
The above is the detailed content of What characteristics does digital signature technology have?. For more information, please follow other related articles on the PHP Chinese website!