public key and private key
What is a digital signature?
Author: David Youd
Translated by: Ruan Yifeng
Original URL:
http://www.youdzone.com/signature.html
http://www.blogjava.net/yxhxj2006/archive/2012/10/15/389547.html
1.
Bob has two keys, one is the public key and the other is the private key.
2.
Bob gave the public key to his friends—Patty, Doug, Susan—one each.
3.
Susan is going to write a confidential letter to Bob. After she writes it, she encrypts it with Bob's public key to achieve the effect of secrecy.
4.
After Bob receives the letter, he decrypts it with his private key and sees the content of the letter. It should be emphasized here that as long as Bob's private key is not leaked, the letter is safe and cannot be decrypted even if it falls into the hands of others.
5.
Bob writes back to Susan and decides to use a "digital signature". After he finished writing, he first used the Hash function to generate a digest of the letter.
6.
Bob then uses his private key to encrypt this digest to generate a "digital signature".
7.
Bob attaches the signature to the letter and sends it to Susan together.
8.
After Susan receives the letter, she takes off the digital signature and decrypts it with Bob's public key to get the summary of the letter. This proves that the letter is indeed sent by Bob.
9.
Susan then uses the Hash function on the letter itself, and compares the result with the summary obtained in the previous step. If the two agree, it proves that the letter has not been revised.
10.
A complicated situation arises. Doug wanted to deceive Susan. He secretly used Susan's computer and traded his public key for Bob's public key. At this point, Susan actually had Doug's public key, but thought it was Bob's. Therefore, Doug can impersonate Bob, make a "digital signature" with his private key, write to Susan, and ask Susan to decrypt it with the fake Bob's public key.
11.
Later, Susan felt something was wrong and found herself unable to determine whether the public key really belonged to Bob. She thought of a way to ask Bob to find a "certificate authority" (CA) to certify the public key. The certificate authority uses its own private key to encrypt Bob's public key and some related information to generate a "Digital Certificate".
12.
After Bob gets the digital certificate, he can rest assured. If you write to Susan in the future, you only need to attach the digital certificate when you sign it.
13.
After Susan receives the letter, she uses the CA's public key to unlock the digital certificate, and she can get Bob's real public key, and then she can prove whether the "digital signature" is really signed by Bob.
14.
Next, let's look at an example of applying a "digital certificate": https protocol. This protocol is mainly used for web page encryption.
15.
First, the client makes an encrypted request to the server.
16.
After the server encrypts the web page with its own private key, it sends it to the client together with its own digital certificate.
17.
The client's (browser) "Certificate Manager" has a list of "Trusted Root Certification Authorities". Based on this list, the client will check whether the public key for unlocking the digital certificate is in the list.
18.
If the URL recorded in the digital certificate is inconsistent with the URL you are browsing, it means that the certificate may be used fraudulently, and the browser will issue a warning.
19.
If the digital certificate is not issued by a trusted authority, the browser will issue another warning.
20.
