分类: LINUX
2008-03-08 11:45:17
Digital
signature
From
Wikipedia, the free encyclopedia
This
article concerns cryptographic signatures. For signatures in digital form, see
.
A
digital signature or digital signature scheme is a type of used to
simulate the security properties of a handwritten on paper. Digital
signature schemes normally give two algorithms, one for signing which involves
the user's secret or , and one for verifying
signatures which involves the user's . The output of the
signature process is called the "digital signature."
# 注释 :数字签名或者数字签名方案是“非对称加密”的一种,用于模仿日常在纸质上的签名。
# 数字签名方案一般给出两种算法 :
# -)1、一个调用户的 private key ,用于进行签名。
# -)2、一个调用用户的公钥,用于校验签名。
# 签名过程的输出称为“数字签名”
A signature provides of a "message". Messages may be anything, from to a , or even a message sent in a more complicated . Digital signatures are used to create (PKI) schemes in which a user's public key (whether for , digital signatures, or any other purpose) is tied to a user by a issued by a . PKI schemes attempt to unbreakably bind user information (name, address, phone number, etc.) to a public key, so that public keys can be used as a form of .
# 注释 :一个签名提供对一个消息的“认证”。消息可以是任何内容,从电子邮件到合同,甚至是其他更加复杂的数据。
# 数字签名用于建立 PKI 方案,在该方案中,一个用户的身份和一个数字证书绑定在一起,证书由 CA 颁发。PKI 方案的目的是用公钥来表示一个用户的身份
Digital signatures are often used to implement , a broader term that refers to any electronic data that carries the intent of a signature, but not all electronic signatures use digital signatures. In some countries, including the , and in the , electronic signatures have legal significance. However, laws concerning electronic signatures do not always make clear their applicability towards cryptographic digital signatures, leaving their legal importance somewhat unspecified.
# 注释 :数字签名一般是用于实现“电子签名”,电子签名是一个意义上更加广泛的术语,不仅仅是数字签名而已,可以包括指纹等实现方式
A digital signature scheme typically consists of three algorithms:
# 注释 :一个数字签名方案应该包括下面3种算法 :
# -)1、key generation (G 算法)随机生成一个 key 对(PK,SK)。PK 是校验用,SK 是签名用
# -)2、算法 S :输入一个消息 m ,以及 SK ,产生一个签名 σ
# -)3、算法 V :输入一个消息 m,以及 PK,一个签名 σ ,得出校验结果(接受/拒绝)
A
algorithm
G that randomly produces a "key pair" (PK, SK) for the
signer. PK is the verifying key, which is to be public, and SK is
the signing key, to be kept private.
A
signing algorithm S, that on input of a message m and a
signing key SK, produces a signature σ.
A
signature verifying algorithm V, that on input a message m,
a verifying key PK, and a signature σ, either accepts or rejects.
Two main properties are required. First, signatures computed honestly should always verify. That is, V should accept (m, PK, S (m, SK)) where SK is the secret key related to PK, for any message m. Secondly, it should be hard for any adversary, knowing only PK, to create valid signature(s)
# 注释 :其中 V 算法中的 σ=S(m,SK)
