1. Let’s first introduce the simple steps of digital signature:
- The sender first performs one-way hash encryption on the information (plain text) to generate a hash value.
- The sender performs a signature operation on the hash value and RSA private key to generate signed ciphertext.
- Send <data + signature ciphertext>
- The receiver uses the sender's public key to decrypt the ciphertext (verify the sender's identity)
- The receiver uses the data for one-way hashing to generate a hash value (to verify whether the data has been tampered with)
- verify
2. Specific implementation steps:
1. Generate the public key and private key corresponding to the RSA encryption algorithm
1.1 Generate private key
- rsa.GenerateKey generates a private key
- X509 canonical serialization of the generated private key
- Build pem Block
- Create a pem file and store the serialized private key into a pem block: pem.Ecode
1.2 Generate public key (the public key information is in the private key)
- Get public key information publicKey
- Ditto for X509 specification serialization and creating pem chunks
- And generate a public file, filling the ciphertext into the pem block
——————————————Data signature——————————————————
2. First perform one-way hashing of the plaintext information
- There are two ways to choose: sha256.Sum256 [suitable for short message hashing] and sha256.New [suitable for long message hashing]
3. Use decryption from private.pem
- Open the private.pem file to obtain the private key information message [pem type]
- Strip the b array of block.Bytes in pem.Decode for message in pem
- Parse the array according to the X509 specification to obtain the private key privateKey
4. Use the private key to encrypt the hashed value
- The hashed here uses the first hashing method to encrypt the plaintext data.
- Sign using rsa's SignPKCS1v15
——————————————Data signature verification——————————————————
5. Decrypt using public.pem
- Open the public.pem file to obtain the private key information message [pem type]
- Strip the b array of block.Bytes in pem.Decode for message in pem
- Parse the array according to the X509 specification to obtain the private key key
- A type assertion is needed here, and forced conversion
6. Use the public key to encrypt the hashed value
- The hashed here uses the first hashing method to encrypt the plaintext data.
- Sign using rsa's VerifyPKCS1v15
----------Finish--------------------------