1. The principle of public key and private key
-
Zhang San has two keys, one is the public key and the other is the private key
-
Zhang San gave the public key to his friends: Li Si, Wang Wu, Zhao Liu, one for each
-
Zhao Liu wants to write a confidential letter to Zhang San. After he finished writing, he encrypted it with Zhang San's public key to achieve the effect of confidentiality.
-
After Zhang San received the letter, he decrypted it with the private key and saw the contents of the letter. What I want to emphasize here is that as long as Zhang San's private key is not leaked, this letter is safe, even if it falls into the hands of others, it cannot be decrypted.
-
Zhang San wrote back to Zhao Liu and decided to use "digital signature". After he finished writing, he first used the Hash function to generate a digest of the letter.
-
Then, Zhang San uses the private key to encrypt this summary to generate a "digital signature" (signature).
- Zhang San attached this signature to the letter and sent it to Zhao Liu together.
8) After Zhao Liu receives the letter, he removes the digital signature, decrypts it with Zhang San's public key, and obtains the summary of the letter. This proves that the letter was indeed sent by Zhang San.
9) Zhao Liu then uses the Hash function on the letter itself, and compares the obtained result with the summary obtained in the previous step. If the two match, it proves that the letter has not been altered.
10) A complication arises. Wang Wu wanted to deceive Zhao Liu. He secretly used Zhao Liu's computer and exchanged his own public key for Zhang San's public key. At this time, what Zhao Liu actually possessed was Wang Wu's public key, but he thought it was Zhang San's public key. Therefore, Wang Wu can pretend to be Zhang San, use his private key to make a "digital signature", write to Zhao Liu, and let Zhao Liu use the fake Zhang San's public key to decrypt.
- Later, Zhao Liu felt something was wrong and found that he could not determine whether the public key really belonged to Zhang San. He thought of a way and asked Zhang San to go to a "certificate authority" (CA for short) to certify the public key. The certificate center uses its own private key to encrypt Zhang San's public key and some related information together to generate a "digital certificate".
- After Zhang San gets the digital certificate, he can rest assured. If you write a letter to Zhao Liu in the future, you only need to attach a digital certificate while signing it.
- After Zhao Liu receives the letter, he uses the CA's public key to unlock the digital certificate, and then he can get Zhang San's real public key, and then he can prove whether the "digital signature" is really signed by Zhang San.
2. Detailed explanation of HTTPS
Websites with HTTP protocol are easy to be tampered with and hijacked, for example, some unscrupulous operators will plant advertisements in your pages through proxy servers.
Therefore, many websites choose to use the HTTPS protocol. The HTTPS protocol provides content encryption, identity authentication, and data integrity through the TLS layer and certificate mechanism.
- Next, let's look at an example of applying "digital certificate": https protocol. This protocol is mainly used for web encryption.
- First, the client sends an encrypted request to the server
- After the server encrypts the webpage with its own private key, it sends it to the client together with its own digital certificate
- The "Certificate Manager" of the client (browser), has a list of "Trusted Root Certification Authorities". The client will check whether the public key to unlock the digital certificate is in the list according to this list
- If the URL recorded in the digital certificate is inconsistent with the URL you are browsing, it means that this certificate may be used fraudulently, and the browser will issue a warning
- If the digital certificate is not issued by a trusted authority, the browser will issue another warning
Original URL: http://www.youdzone.com/signature.html
Reprinted: https://blog.csdn.net/baidu_36327010/article/details/78659665