What is a digital signature?
1.
Bob has two keys, one is a public key and the other is a private key.
2.
Bob gave the public key to his friends-Patty, Doug, Susan-each one.
3.
Susan wrote a letter to Bob and encrypted it with Bob's public key after writing to achieve the effect of secrecy.
4.
After receiving the letter, Bob decrypted it with his private key and saw the contents of the letter.
5.
Bob wrote back to Susan and used the Hash function after writing to generate a digest of the letter.
6.
Then, Bob uses the private key to encrypt this digest to generate a "digital signature" (signature).
7.
Bob attached the signature to the letter and sent it to Susan.
8.
After receiving the letter, Susan took off the digital signature and decrypted it with Bob's public key to get a summary of the letter. This proves that this letter was indeed sent by Bob.
9.
Susan then uses the Hash function on the letter itself, and compares the result with the summary obtained in the previous step. If the two are consistent, it proves that the letter has not been modified.
10.
Complicated situations have emerged. Doug wanted to deceive Susan. He secretly used Susan's computer and replaced Bob's public key with his public key. Therefore, he can impersonate Bob and write to Susan.
11.
Susan found that she could not determine whether the public key really belonged to Bob. She thought of a way to ask Bob to find a "certificate authority" (CA) to authenticate the public key. The certificate center uses its own private key to encrypt Bob's public key and some related information together to generate a "Digital Certificate" (Digital Certificate).
12.
After Bob gets the digital certificate, he can rest assured. Write a letter to Susan in the future, as long as you sign and attach a digital certificate.
13.
After receiving the letter, Susan decrypted the digital certificate with the CA's public key, and got Bob's real public key. Then she could prove whether the "digital signature" was actually signed by Bob.
14.
Below, we look at an example of the application of "digital certificate": https protocol. This protocol is mainly used for web page encryption.
15.
First, the client sends an encryption request to the server.
16.
After the server encrypts the webpage with its own private key, it is sent to the client together with its own digital certificate.
17.
The "Certificate Manager" of the client (browser) has a list of "Trusted Root Certification Authorities". Based on this list, the client will check whether the public key for unlocking the digital certificate is in the list.
18.
If the URL recorded in the digital certificate is inconsistent with the URL you are browsing, it means that the certificate may be used fraudulently and the browser will issue a warning.
19.
If this digital certificate is not issued by a trusted organization, the browser will issue another warning.
20.
If the digital certificate is reliable, the client can use the server public key in the certificate to encrypt the information, and then exchange encrypted information with the server.
