premise:
The asymmetric encryption algorithm will generate a public key and a private key. We keep the private key and the public key can be sent to others.
Both public and private keys can encrypt information, and public key encryption and private key decryption. Private key encryption and public key decryption.
The CA certification center can generate a digital certificate, and the public key is public and unforgeable.
The credit hash algorithm can get the digest, and the digest is encrypted with the private key to become a digital signature.
Verify non-repudiation:
You have already got my public key. The content of the letter is encrypted by the private key and sent to you. After you get the letter, use the public key to decrypt the information to prove that the letter was indeed sent by me.
Verify data security:
You have already got my public key. I want to send you a letter, how do you know that my letter has not been changed by others?
I need to digest the content of the letter through the hash algorithm, and then encrypt it with a private key into a digital signature and attach it to the letter.
After you receive the letter, hash the content of the letter to get digestA, and then use my public key to unlock the digital signature to get digestB. Compare digestA and digestB. If they match, the letter is safe and has not been modified.
Digital certificate:
You have a virus. After the virus is removed, you don't know if this is still my public key. How can you ensure that it has not been changed by others?
At this time, I will take my public key to find the CA for authentication. The CA will encrypt my public key with its own private key to generate a digital certificate. I will attach the digital signature and digital certificate to the letter and send it to you.
Anyone can download the CA public key and cannot be forged. Then you take the CA public key to decrypt the digital certificate and get my public key.