If the text is the original article, shall not be reproduced without permission
of the original bloggers blog address: https://blog.csdn.net/qq21497936
original bloggers blog Navigation: https://blog.csdn.net/qq21497936/article/details / 102 478 062
This article blog address: https://blog.csdn.net/qq21497936/article/details/104378208
table of Contents
Digital signature certificate basic questions
What is code signing certificate?
Who needs a code signing certificate?
How do people know my signature is authentic it?
After purchasing a code signing certificate, I need to do?
Digital certificates (digital signature)
Certification status of the current stage
Digital certificates popular explanation
The purpose of a digital signature
Relationship inference digital signatures and 360 and other antivirus software
Digital certificates Development Notes
" Digital certificates Development Notes of (a): introduction of digital certificates "
The digital certificate Development Notes (a): Introduction of digital certificates
Before then
Windows software development, will be killed for research and some 360 digital certificates defense antivirus software, also introduced, as well as familiar with the current digital certificate market (mainly software code signing certificate end).
Digital signature certificate basic questions
What is code signing certificate?
As more and more active on Internet content, end users need a way to verify the legitimacy of downloadable content network.
Code signing is a place digital signature software and other executable files and scripts. Code signing software can provide the identity of the author, and verify software since its initial distribution has not been tampered with.
Software code signing does not change, it only provides an additional layer of credibility to your end users.
If you purchase software from a store, it is easy to know the software publisher and can see if the package has been tampered with. Unfortunately, if you buy software online, these factors are not obvious. Therefore, when downloading Java applets on the Internet, plug-ins, when Microsoft® ActiveX® controls, and other executable files, end-users will take some risks.
Code Signing Certificates help achieve the same level of trust with the customer to buy in the store.
The use of digital signatures to improve your security software. GoDaddy using the code signing certificate to verify the origin and integrity of the code, in order to enhance the user confidence.
Who needs a code signing certificate?
Network security alert awareness than ever before. Unless you can prove the legitimacy of the software, otherwise most of the network users will not download. Code Signing Certificates can inspire customer confidence and provide the required proof of your verification code.
Software developers can use code signing certificates to provide customers with additional assurance, let them know and ensure that content producers has not been tampered with. Signed code can also prevent the code
It has been tampered with unidentified third party prior to distribution.
Content publishers to digitally sign software components, macros, firmware images, virus updates, configuration files or other types of content to ensure secure delivery over the Internet or other mechanisms.
When the specified code fragment (such as Active X controls, Java applets and other active network script code) source code may not be obvious, code signing is particularly important.
Most Internet users are aware of potential risks through the Internet to download content involved. Importantly, your end users can trust code that you post on the Internet. Code Signing Certificates
It helps the customer to confirm the safety and security of the software.
How code signing operation?
Newer operating systems and Internet browsers are usually set to a high level of network security, content and therefore often need to be signed. For example, Internet Explorer® use
Authenticode® signature technology to identify software publisher and make sure it has not been tampered with.
When downloading files from a web site code-signing, the certificate can be extracted from the file. Internal list browser by a certificate authority repeatedly check this information, and then verify the signature in the certificate.
Once the signature software is tampered with in any way for others, the digital signature will be destroyed, and warn customers: Code has been modified and no longer be trusted.
How do people know my signature is authentic it?
When someone tries to download or run unsigned code, their browser will attempt to verify the security of downloaded content. Pop-up security warnings or unable to load web content, depending on the security settings of the browser. These warnings allow users to doubt and confusion.
When an end user wants to run unsigned applications or executable files, electronic signature codes will prevent unnecessary warning dialog box appears.
After purchasing a code signing certificate, I need to do?
After purchasing a code signing certificate, you need to provide a certificate signing request (CSR) by the computer to provide a signature for the code. According to the use of the certificate, you can automatically create the CSR, or you can use tools like OpenSSL to generate CSR.
After you submit your application, we will confirm the company information you provide. If needed, Registration Authority (RA) may contact you and ask you to provide additional information. The progress of the verification process, you can monitor through your account.
After the code signing certificate Once issued, we'll send you an email with a link you can click this link to download and install the certificate file and any associated intermediate certificates. You can even at the signature at the time of signing the code stamped using Authenticode display validity of the certificate.
Digital certificates (digital signature)
Outline
Digital certificates (also called digital IDs) refers to a digital communications in the Internet communications identity of the parties sign the certification information that people can use to identify each other's identity online.
In the form of a digital certificate to encrypt or decrypt data and other network users information exchange in a computer network to ensure the integrity and security of information and data.
Digital certificate of the term is not original, but from English digital certificate translation. Digital certificates are essentially an electronic document by the Electronic Certification Authority (hereinafter referred to as CA one kind of center) awarded more authority and impartiality of the certificate, have a major impact on e-commerce activities, such as our various when e-commerce shopping platform, a digital certificate must be installed on your computer to ensure the safety of funds.
CA center uses is based on digital encryption technology as the core digital certificate authentication technology,, CA digital certificate can be done by the center for all kinds of information transmitted over the Internet encryption, decryption, digital signature and signature authentication and other treatment, but also can guarantee not to be invaded by criminals in the process of digital transmission of , or even by the invasion can not see its contents .
If you install a digital certificate in the process of e-commerce activities, even if their account passwords or other personal information was stolen, their account information and financial security can still be effectively protected. Digital certificates equivalent to social identity, can prove their identity through digital certificates and users are performing e-commerce activities, and identify each other's identity, CA center plays a key role in the application process digital certificate, as the third-party organization, it must ensure that it has a certain authority and fairness.
Certification status of the current stage
The current stage of the country's qualification CA center is issued by the Ministry of Industry and Information Technology, nationwide only about 30 qualification with digital certification companies.
principle
The basic architecture of the digital certificate is a public key PKI, i.e., embodiments using a pair of keys for encryption and decryption. Wherein the key comprises a public key and a private key, a private key for signing and decrypting the main, defined by the user, only the user knows; encryption key is used for signature verification and may be shared by multiple users.
The basic principle of digital certificates is mainly reflected in:
- Among the sender before sending the message, the recipient must first contact, while the use of public key encrypted information, the information transmission process has been performed in the ciphertext state, including also the recipient receives the encrypted, to ensure that the single information transfer sex, if the information is stolen or intercepted, it must use the recipient's private key before interpreting the data, and the data can not be changed, it is also advantageous to protect the integrity and security of the information.
- Signed digital certificate data similar to the encryption process, the encrypted data in the embodiment, only the receiver, or just to change the data information can be opened, add their own signature and then transmitted to the sender, and the receiver having a unique private key and privacy resistance, which also guarantees the authenticity of the signature and reliability, and thus protect the security of the information.
There are many versions of the digital certificate format, mainly X.509v3 (1997), X509v4 (1997), X.509v1 (1988) and so on. More commonly used version is TUTrec.x.509V3, developed by the International Telecommunications Union, including information on the serial number of the certificate, the certificate is valid, and a public key. No matter which version of the digital certificate as long as a digital certificate, the user can be applied to network security.
feature
safety
There will be two different certificate when users request a certificate, respectively, for computer work as well as for interactive user authentication information, if used by different computer, users need to re-obtain a certificate for computer authentication used by the user, and can not be backed up , so that even if someone else stole the certificate can not obtain user account information to protect the account information.
Uniqueness
Digital certificates according to different user identity to give its appropriate access rights, if carried out for the computer account login, and users no credentials to back up, it is impossible to implement the operation, can only view account information, digital certificates, as if the "key" in general, so-called " only a key to open a lock, "is its uniqueness of expression.
Convenience
Users can instantly apply for, open and use of digital certificates, and the user needs to follow to select the appropriate digital certificate protection technology. Users do not need to master encryption technology or principle, can be carried out directly by the digital security certificate, is very convenient and efficient. Digital certificates are issued by the CA Center, CA is a central authoritative, high dependence on third parties, whose credentials issued by the state, can effectively protect the security of network data, so that data at the national master them . Users browse the web data information or to conduct online transactions, using digital certificates can guarantee the security of information transfer and transactions.
Download and install
Users in China should first digital certificate authentication network login, if the first login, the system will automatically prompt the user to install the root certificate, the user can simply follow the prompts to complete the installation; if not prompt or root certificate is lost, users need to manually complete the installation in this case, the user would need to select the certificate "root CA certificate" page numbers to install, according to the pop-up dialog box that you choose to install folder location, and click OK. After the download is good, you can double click to open, you can select the location to be installed; After a successful installation, you can directly select Internet browser, and then select the desired content, follow the prompts to complete all operations.
Example: Use one hundred cloud terminal software is digitally signed, and then the following message will pop up on the windows side, with the name of the publisher.
Award
Issues digital certificates that is the process for users as well as their own key and public key to verify the physical transmission of information to the verification center, in the verification center after checking that the applicant will send the appropriate digital certificate. Improved digital certificate which contains information about users and the public key information, some information will be accompanied by a certified center signature. After obtaining a digital certificate, users can implement some of the activities they want to implement the use of digital certificates.
Each digital certificate is different, and the credibility of each certificate there are some differences, therefore, the applicant obtained a digital certificate is unique.
application
Secure e-mail
E-mail using digital certificates can build secure e-mail certificate, the main users of encrypted transmission of e-mail, e-mail security to protect the transmission and reception process. Secure e-mail certificate mainly signature, e-mail address and the public key of a CA certificate holder of such information. After one hand, the combination of digital certificates and e-mail, can be under the protection of encryption and digital signature technology of secure email certificates for secure transmission and receiving e-mail, to ensure the security and integrity of e-mail. At the same time, also to ensure the authenticity of e-mail transmission side and the recipient information. On the other hand, secure e-mail certificate including the public key of this information, we can make sure that e-mail will not be changed because only knows the public key to use e-mail.
Security Endpoint Protection
With the development of computer network technology, the development of e-commerce is also growing fast, application in people's lives and production are increasingly being used, the user terminal and data security issues are also increasing attention. To avoid damage to the terminal or the data information is leaked, the digital certificate as an encryption technique may be used to protect the terminal.
First, the use of legitimate software and hardware, system and network is configured correctly and is checked regularly to prevent the terminal configuration is illegal tampering. Secondly, the use of network security technologies such as firewalls inside and outside the network substantive isolation. At the same time, update the virus database and anti-virus software, terminal system for viruses and scan for security vulnerabilities in real time, to strengthen the security of the terminal system. Once a suspicious message, we must immediately focus on monitoring, impact and prevent the destruction it brings. Finally, strengthening access control terminal, the use of encryption and authentication and other means to strengthen the difficulty of information to crack. Users can set up a digital certificate-based login system, coupled with dynamic encryption, you can achieve verification of the system, the user does not have permission to access the terminal can not enter the system, the user has permission to meet the requirements of access, ensure the consistency of access to the terminal. Also segregation of the terminal network and the main network, data reduction and cross-binding between the two, but also to avoid the mutual influence of the terminal network and the main network, to reduce the risk.
Code Signing protection
Network Information promotion for many users, convenient and economic, but security software is uncertain. For example, when users share the software, use the software to receive and process there are a lot of insecurity, even if the software vendors to ensure the security of the software itself, but it can not resist the pirated software and network insecurity inherent in the band to adverse effects.
Trusted Web Services
The number of websites with the development of computer network technology presents a growing trend, in which malicious sites, phishing sites and fake websites is also increasing, which increases the difficulty of their user identification, accidentally the own data information leakage has seriously affected the security of the network. When in doubt users of the site used by, uncertain whether there has been tampered with and when the invasion, they can use technology digital certificates. By digital certificate technology, it is possible for the site to be verified and uncertain checked, increases the chance of using a secure site, but also to avoid losses caused by malicious web sites, phishing sites and fake websites.
As an authorized management
Authorization management system is an important part of information system security, provided corresponding authorization service to users and programs, methods, unauthorized access and use, and the digital certificate must pass in order to be authorized to use the identity management of computer networks. Therefore, to ensure the identity of the authorized security management tools. When the system mutual recognition, identity authorization system work could be carried out. At the same time, the proper use of digital certificates, duly authorized, complete the user authentication system, in order to effectively protect the security of identity authorization management systems.
Digital certificates popular explanation
Outline
Digital certificates sub-certificates and certificate without the private key with a private key:
- Certificate with a private key: the P12 certificate format (suffix .pfx);
- Without the private key of the certificate: a variety of formats, format commonly used is a certificate cer (not .cer extension);
Popular explanation
Digital signature, network security in the use of more, can be achieved authenticity of the user identity; information for integrity, or to ensure the expected data from any unauthorized modifications in the course of storage, transport and treatment, insert, delete, retransmission and other damage, in order to achieve authenticity, validity and consistency of the data.
With the original encrypted password with a period, the original has not been tampered with is detected. Or it is to be understood as these data with the original data comparing whether modified, if your original instructions to be tampered with, or is your source. Usually sign the data with its private key, and then use the public key to verify that the data is modified
- Signature : personal "private" sign
- Test sign : The "public key" to carry out inspection sign
- Encryption : The public's "public key" encryption
- Decryption : The "private key" to decrypt
The purpose of a digital signature
When users download the software, through digital signature verification software from trusted sources, verify that the software has not been tampered with or illegally implanted virus, Trojan horse, protecting users will not be against viruses, malicious code and spyware, but also to protect the interests of software developers so that the software can be quickly and securely posted on the Internet.
Unused digital signature software may not function properly, the Windows system, for example, if users download and run unsigned software, Windows system will issue a red security warning; without signed ActiveX controls, Windows will direct interception allowed to run. Therefore, the digital signature is necessary before issuing a software process.
Promulgate
Digital certificates (code signing certificate) by the authority of the CA mechanism (Wo CA issuing certificates developer identity), developers use WoSign code signing certificate and code signing software wizard to digitally sign software can be implanted to prevent the virus, Trojan horse, reduce intercepts Windows system, allowing users to smooth installation.
Relationship inference digital signatures and 360 and other antivirus software
Software without a digital signature certificates, certain software may be intercepted 360 and other antivirus software, but also to get some information from other sources users chiefs company, the author subjective inference:
- Infer a:
A white list exists by antivirus software: the white list stored white list certificate, digital signature manner, when it is detected that a digital signature is acquired software, the digital signature of a whitelist in the anti-virus software, not interception .
Digital signature itself can also verify the integrity of the exe, antivirus and other anti-virus software do a secondary filter to achieve higher security measures is likely to be intercepted are not in the list, as they can be added to a user manual antivirus software release a local whitelist.
- Inference bis (inference is verified that the notes closest to the right from the digital certificate two manufacturers):
An antivirus software antivirus software software whitelist exist: the white list to save the name (what other fine information) software, antivirus software, open platform to the back-end application over white list ( back free requested approval on the line ), corresponding to there is also a blacklist, because there are cases said digital signature is detected after suspected trojans, the digital signature using other software will be blocked.
These are only the author's subjective inference, need further proof, only as a reference.
原博主博客地址:https://blog.csdn.net/qq21497936
原博主博客导航:https://blog.csdn.net/qq21497936/article/details/102478062
本文章博客地址:https://blog.csdn.net/qq21497936/article/details/104378208
