The relationship between public, private, signature, digital certificate

Others 2019-09-03 20:20:49 views: null

The relationship between public, private, signatures, digital certificates (Photo)

Original Address: https://www.jianshu.com/p/3c5212b47bec

 

Graphic explanation

  1. Bob has two keys, one public key, and the other is the private key.

     

  2. Bob gave the public his friends ---- Patty, Doug, Susan ---- a person.

  3. Susan give Bob wrote a confidential letter. After she finished with Bob's public key encryption, you can achieve the effect of confidentiality

     
     

  4. After Bob receivers, with the private key to decrypt, to see the contents of the letter. It should be emphasized that, as long as Bob's private key does not leak, this letter is safe, even fall into the hands of others, can not be decrypted.

     

  5. Bob reply to Susan, decided ** "digital signature" **. Abstract After he finished first with Hash function to generate letters (digest)

     

  6. Then, Bob uses a private key, to encrypt the digest to generate the "digital signature" (signature)

     

  7. Bob will be the signature, attached to the letter below, sent with the Susan.

     

  8. After receiving Susan, remove the digital signature, decrypt Bob's public key, to get a summary of the letter. It is evident that this letter is indeed sent by Bob.

  9. Susan reuse letters Hash function itself, the result will be obtained, compared with the digest obtained in the previous step. If they match, as evidenced by this letter has not been modified.

     

  10. Complex cases - Doug trying to deceive Susan, Susan he secretly used the computers, with their own public go for Bob's public key. At this point, Susan actually owns Doug's public key, but thought it was Bob's public key. Therefore, Doug can impersonate Bob, made with their own private key "digital signature", wrote to Susan, Susan let decrypted with the public key Bob false.

     

  11. Later, Susan feels wrong, found himself unable to determine whether the public key really belongs to Bob. She thought of a way to find Bob requirements "certificate authority" (certificate authority, referred to as CA), make public key authentication. Certificate Center with its private key, encrypted with the public key and Bob's some information to generate the "digital certificates" (Digital Certificate)

     

  12. Bob later to get a digital certificate, you can rest assured. Susan wrote later to give, as long as at the same time signature, and then attach a digital certificate on the line.

     

  13. 苏珊收信后,用CA的公钥解开数字证书,就可以拿到鲍勃真实的公钥了,然后就能证明"数字签名"是否真的是鲍勃签的。

     

下面,我们看一个应用"数字证书"的实例:https协议。这个协议主要用于网页加密。

  1. 首先,客户端向服务器发出加密请求。

  2. 服务器用自己的私钥加密网页以后,连同本身的数字证书,一起发送给客户端。

  3. 客户端(浏览器)的"证书管理器",有"受信任的根证书颁发机构"列表。客户端会根据这张列表,查看解开数字证书的公钥是否在列表之内。

     

  4. 如果数字证书记载的网址,与你正在浏览的网址不一致,就说明这张证书可能被冒用,浏览器会发出警告。

     
     
    19 .如果这张数字证书不是由受信任的机构颁发的,浏览器会发出另一种警告
     
     

    20.如果数字证书是可靠的,客户端就可以使用证书中的服务器公钥,对信息进行加密,然后与服务器交换加密信息。

总之

  数字签名 就是使用个人私密和加密算法加密的摘要和报文,是私人性的。而数字证书是由CA中心派发的,具有一定的权威性,一般无法进行伪造。

Guess you like

Origin www.cnblogs.com/skzxc/p/11454510.html
Recommended
Ranking
SpringBoot-integrate redis
[Sword pointing to offer] Interview question 03: Repeated numbers in an array
Arrangement "Offer Penalty for prove safety" string
Browser prevent the automatic generation of fill and Echo have been saved account solutions
Work hard and never slacken——2022 Yinmai Information Year-End Summary
Install jdk7 on Linux system
App common dependency management tools
EduCoder-Web程序设计基础-html5— 给表单组件添加说明-第1关:label标签相关概念
Machine learning - clustering - density clustering algorithm notes
Ant's large model is exposed, AI+ finance enters the "big model" era
Daily
More
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)

Code World

© 2018 codetd.com