什么是数字签名
编辑整理:整理来源:优酷,浏览量:76,时间:2022-12-11 23:49:01
什么是数字签名,什么是数字签名简述,什么是数字签名和认证技术
前沿:什么是数字签名
数字签名,就是使用数字证书的私钥对数据的摘要加密得到的数据,以保证数据的完整性、真实性和不可抵赖。
给你举个网银数字签名的例子,网银签名的整个流程如下:
客户端发起交易
网银通过脚本(如javascript)将交易数据作为参数,送给签名方法
签名方法,通过csp的实现,usbkey进行签名
网银将签名结果和交易数据原文送往网银服务器
网银服务器利用签名验证设备对签名结果进行验证,并与交易数据原文进行比对,判断是否签名有效、判断数据没有被篡改
若验证成功,保存数据库
返回验证结来自果
结束
很多人应该了解所谓数字签名算法,其实很简单,无外乎就是先计算哈希再使用私钥加密,这样可以得到一个具有不可否认性的数字签名。
我们以 SHA256withRSA 算法来举例说明,假设明文数据是 data ,然后经过以下过程:
使用 SHA256 算法对 data 计算出它的哈希值再使用 RSA256 算法对哈希值进行加密(私钥加密)这样就可以得到 data 的数字签名了,可事实果真如此吗?
为了验证上面的过程是否正确,我们来设计一个小实验来验证它。我们先用 JDK 计算一个 SHA256withRSA 算法的签名,然后再自己分步骤使用 SHA256 和 RSA256 来计算一个签名,两个签名对比一下,看看是否一致。
下面我们来设计这段程序,首先我们先生成一对 RSA 秘钥对,这里就不贴生成秘钥的源码了,直接把生成后的结果发出来:
/tmp/rsa_pub.pem
-----BEGIN RSA PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwMBtz2j9vpBgVi83KuoIeEmm5oBTG+t1W+UKz1EbCgDQCebOShNlq1gFPqxk2k6X5P9iLn703wh1FPiZmOIMIDbSCCPfcAGmBpH3odqAcoZgPAtb3g1hGtDx+vBbGLLzOY1zXeTeA2QNoyiPN+hS4qehLAlv6qqe5lbMkhlDvu0XiIlcqEVpX9CJDK5rVB085wHmq1hb8C4cPg6ToQaiHVRbWOoiem0Jw5F89XP7LwLjsA3W/VO1JYrM7G1OM1zNunTLBus+18n9bKwLaCOd4Cd8l0qwrEE0j+/cH2tze+9fI6bduOXgNLShTmRMnEe49lc2mq8bk1JKmqd12uHSxwIDAQAB -----END RSA PUBLIC KEY-----/tmp/rsa_pri.pem
-----BEGIN RSA PRIVATE KEY----- MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDAwG3PaP2+kGBWLzcq6gh4SabmgFMb63Vb5QrPURsKANAJ5s5KE2WrWAU+rGTaTpfk/2IufvTfCHUU+JmY4gwgNtIII99wAaYGkfeh2oByhmA8C1veDWEa0PH68FsYsvM5jXNd5N4DZA2jKI836FLip6EsCW/qqp7mVsySGUO+7ReIiVyoRWlf0IkMrmtUHTznAearWFvwLhw+DpOhBqIdVFtY6iJ6bQnDkXz1c/svAuOwDdb9U7UliszsbU4zXM26dMsG6z7Xyf1srAtoI53gJ3yXSrCsQTSP79wfa3N7718jpt245eA0tKFOZEycR7j2VzaarxuTUkqap3Xa4dLHAgMBAAECggEAYcD1r+vKTFwCT5MwglYgp4iK2XmZLJ60bT9yxQOYF/GjkHH6ivzdYhGIz2k02LZlOGEAlR4T6Azs/A68LxntFmVXDYPL7I0Ze1mJ4g7jd7GImssT80CLz8LKBf7h5FvVGIoRSTwqEEQs2mNWhv8PEh37kk7S8ItJfP3mT+36Opg3zPy7K6+awaB6yjzF+FNyc0pqbNk9tzCjzp9tIGuZlpKDMmabjl3aLew7e+LxqRwSvlc5OnHJ3MkXU814Nm4zEUiVtNNjzvPpPZLERGHUEQH8ND4NT/uPpVQJEnATz2FFa+aFz1sdXibhD8kmW8q956b2WePLlb9qRwCuvzHJOQKBgQDsC9Bccc6nKwXcEY08tmGdWS57m74r6pJ6pIm2oge+SLIBMeq3w/xhUkhzshdSpXJ7BgLKiLwRKxKnsUbqkJYn6I/Vn/zwZH8fka78/OWigKMq5C0iecvg9aClaEvBb0iopNxIiX+eAGMlJLQ7N9Wj8ZKu0k3ffkdP4+ehFCAXrQKBgQDRC7ITRcsKgWtvHlz1Lfw9PpAcP9gYEIbphXfdINGCGGXcQnM4fIYM92jGKP5qv9oHNklBY07vwape+chOVQis5QGgYaGIe/ekaIJ/y4b+8r7DIwUE/SD7Y7/Dhj5+s9/VmH6EeOEsY7dSmKkI38YAJHih3xW/t6M41kpXwxAywwKBgQDGsj8nwklBoM6i7EdmxuOur0aYmIZhs2iwQlcGXKiF/e2RYfKB1EFbrwb8FPrbABg5BNtOoAEntolSjcDzbNhpKbQCEFW8CeyUp26U2VF4FC7FySNRNRNw/3LGKeAzKTkRdQ1VJiE94HeU6aupeZumEJD4BmG08ziWQHNXvXgyVQKBgQC/5p6odo93q2r2bMclA/vkNQSSCkHThYhz4uQwCKqLZN5NHmsrVZSxXoW+M2+qi0gZCsqgzgtuqTg/S8mHryPxo6CknDtvUW36bT4vFqVscWaROBqpg729SMqHMTs5kOJP8FdkQJtk5n0pw56Y2OOoydI7ttD+WBPsXzuL6TN7hQKBgQC6DwuS5hyVYAEj/2k/SOtOVgo8oq0OSlJxnzYkogkVoi4og3uQi/6n/cP7GUJWCx4e89aX1taWQ+BmVgxLdTb9oIThPyt2wKCDKMOjGB3XAhd95L11fMt54Flc/PnwYjrKTUEwcTbQ18zL0Om0Wl+NkejrMe9U7bvCEzlmdQySZQ== -----END RSA PRIVATE KEY-----Java 测试程序源码(部分):
... private static final String algorithm = "RSA"; private static String signatureAlgorithm = "SHA256withRSA"; static { Security.addProvider( new org.bouncycastle.jce.provider.BouncyCastleProvider() ); } private static byte[] pemFile2Bytes(File pemFile) { PemReader reader = null; try { if (!pemFile.isFile() || !pemFile.exists()) { throw new FileNotFoundException(String.format("The file '%s' doesn't exist.", pemFile.getAbsolutePath())); } reader = new PemReader(new FileReader(pemFile)); PemObject pemObject = reader.readPemObject(); byte[] content = pemObject.getContent(); return content; } catch (IOException e) { throw new RuntimeException(e); } finally { if (reader != null) { try { reader.close(); } catch (IOException e) { e.printStackTrace(); } } } } private static PublicKey bytes2PublicKey(byte[] keyBytes) { try { PublicKey publicKey = null; KeyFactory kf = KeyFactory.getInstance(algorithm); EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes); publicKey = kf.generatePublic(keySpec); return publicKey; } catch (NoSuchAlgorithmException e) { throw new RuntimeException("Could not reconstruct the public key, the given algorithm could not be found. " + e.getMessage()); } catch (InvalidKeySpecException e) { throw new RuntimeException("Could not reconstruct the public key. " + e.getMessage()); } } private static PrivateKey bytes2PrivateKey(byte[] keyBytes) { try { KeyFactory kf = KeyFactory.getInstance(algorithm); EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes); return kf.generatePrivate(keySpec); } catch (NoSuchAlgorithmException e) { throw new RuntimeException("Could not reconstruct the private key, the given algorithm could not be found. " + e.getMessage()); } catch (InvalidKeySpecException e) { throw new RuntimeException("Could not reconstruct the private key. " + e.getMessage()); } } public static PublicKey pemFile2PublicKey(String filepath) { byte[] bytes = pemFile2Bytes(new File(filepath)); return bytes2PublicKey(bytes); } public static PrivateKey pemFile2PrivateKey(String filepath) { byte[] bytes = pemFile2Bytes(new File(filepath)); return bytes2PrivateKey(bytes); } public static byte[] sign(byte[] data, PrivateKey privateKey) { try { Signature privateSignature = Signature.getInstance(signatureAlgorithm); privateSignature.initSign(privateKey); privateSignature.update(data); return privateSignature.sign(); } catch (NoSuchAlgorithmException | InvalidKeyException | SignatureException e) { throw new RuntimeException("an error occurred while signing a text"); } } public static boolean verify(byte[] data, byte[] signature, PublicKey publicKey) { try { Signature publicSignature = Signature.getInstance(signatureAlgorithm); publicSignature.initVerify(publicKey); publicSignature.update(data); return publicSignature.verify(signature); } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e.getMessage()); } catch (InvalidKeyException | SignatureException e) { return false; } } public static byte[] encrypt(byte[] data, PrivateKey privateKey) { try { Cipher encryptCipher = Cipher.getInstance("RSA"); encryptCipher.init(Cipher.ENCRYPT_MODE, privateKey); return encryptCipher.doFinal(data); } catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException | IllegalBlockSizeException | BadPaddingException e) { throw new RuntimeException(e.getMessage()); } } public static void main(String[] args) throws Exception { final PublicKey publicKey = pemFile2PublicKey("/tmp/rsa_pub.pem"); final PrivateKey privateKey = pemFile2PrivateKey("/tmp/rsa_pri.pem"); byte[] data = "I Love Beijing".getBytes(UTF_8); byte[] signature1 = sign(data, privateKey); System.out.println("signature1: " + Hex.encodeHexString(signature1)); System.out.println("is signature1 valid? " + verify(data, signature1, publicKey)); System.out.println("--------------"); final byte[] sha = Hashing.sha256().hashBytes(data).asBytes(); System.out.println("sha (hex): " + Hex.encodeHexString(sha)); final byte[] signature2 = encrypt(sha, privateKey); System.out.println("signature2: " + Hex.encodeHexString(signature2)); System.out.println("is signature2 valid? " + verify(data, signature2, publicKey)); System.out.println("are signature1 and signature2 equal? " + Arrays.equals(signature1, signature2)); } ...完整代码请参见 https://gist.github.com/rocketk/4958d33b54e26a3ce068e05cc5b48608
运行的结果:
signature1: 194027d696054bf673c409493e3098b515a77f49e6f20d8eea35ed1f3ed4cf2409fa1e185eb5499c9394dacd0bb4422f89d620d67d66c081a759a16a43cda1d269db34ec8877c1d614ac1bd7dc15491e1f50dca9bca370225feeb5bb02fc9d6fc697b5b4f24b48421505a526f99c5d29909f89d75967055dfe2fa57d3330d5b723c827c67abc224b739a03cf1bfeac28c28541ab9dd63e799372295eae143939777c7017c6e46678f39dc9d675945667ec42d8bf91a4f0274de3a302af65fc6720182b63b615cf9cff57af436c5d54ec072e1debd0ac43308ca02b80ff757c7f589c0fad806aeb982663c23efd5f08dbc03324301b30942739a76e336c4a254e is signature1 valid? true -------------- sha (hex): ffc25c9e7dab979f4ee431d4c68881285378ad523c5e00db3db9e7d62b5f5560 signature2: 1e612e2cdfbb4c5338c8cead1490b7694cb975361c734feb642cfc367e49e2ae54d6802860a30f1222d1be7b2a1c01ea45a3f6c11178908d471f638db29e68b8ff5ce1aa47bf81e9de820bb22a09ecc37feee8c61dea8e9ec4025ce1b871cb8666e126d1d605eaf4b2abbf26c4841f4c2599865a396130e6d9bff5c1094fc0780a68a54c1937fd5a26a9beb2ba76e06087c63ff177df96106a64e5e3495c65917249121cb72fb6d41cdee9a1965266a7ff76f2e05f9c9f64b3ac108d879d1127884fc3b551d223b1d9ad110e74acb0dd53f433ec3a4bdb9fa345890e0c0ee8649a4fa776a0f76a0189878d3a4fc710615e6e0c4f4398591abc317f111448064b is signature2 valid? false are signature1 and signature2 equal? false其中 signature1 表示的是使用 JDK 工具生成的签名(实际上是 bouncycastle 提供的),而 signature2 则是先通过计算哈希再使用 RSA 私钥加密得到的,两个签名并不一致,并且 signature2 在验签的时候是无法验通过的,这是为什么呢?我们一直理解的签名过程中哪里出了问题?
其实在写这段代码验证这个逻辑之前我也以为签名就等同于哈希+加密,但当我运行完上面的程序后我发现我的理解是有错误的,于是我在 Stack Overflow 上去寻找答案,最终把他搞明白了。
原来在计算哈希和加密这两个步骤之间,还要有一个所谓 padding 的过程,即真正的步骤应该是这样:
使用 SHA256 算法对 data 计算出它的哈希值在哈希值前面加上一个固定前缀,用于表示它所使用的哈希算法, SHA256 对应的固定前缀是 '3031300D-底部咨询--底部咨询-000420' (16进制表示)再使用 RSA256 算法对已经加上前缀的哈希值进行加密(私钥加密)那么我们对测试程序稍加调整来验证以上所说的是否正确:
... public static void main(String[] args) throws Exception { final PublicKey publicKey = pemFile2PublicKey("/tmp/rsa_pub.pem"); final PrivateKey privateKey = pemFile2PrivateKey("/tmp/rsa_pri.pem"); byte[] data = "I Love Beijing".getBytes(UTF_8); byte[] signature1 = sign(data, privateKey); System.out.println("signature1: " + Hex.encodeHexString(signature1)); System.out.println("is signature1 valid? " + verify(data, signature1, publicKey)); System.out.println("--------------"); final byte[] sha = Hashing.sha256().hashBytes(data).asBytes(); System.out.println("sha (hex): " + Hex.encodeHexString(sha)); final byte[] signature2 = encrypt(sha, privateKey); System.out.println("signature2: " + Hex.encodeHexString(signature2)); System.out.println("is signature2 valid? " + verify(data, signature2, publicKey)); System.out.println("are signature1 and signature2 equal? " + Arrays.equals(signature1, signature2)); // 以下为新增部分 System.out.println("--------------"); final byte[] paddingSha = Hex.decodeHex("3031300D-底部咨询--底部咨询-000420" + Hex.encodeHexString(sha)); final byte[] signature3 = encrypt(paddingSha, privateKey); System.out.println("signature3: " + Hex.encodeHexString(signature3)); System.out.println("is signature3 valid? " + verify(data, signature3, publicKey)); System.out.println("are signature1 and signature3 equal? " + Arrays.equals(signature1, signature3)); } ...signature3 表示按新的方法生成的签名。
运行结果:
signature1: 194027d696054bf673c409493e3098b515a77f49e6f20d8eea35ed1f3ed4cf2409fa1e185eb5499c9394dacd0bb4422f89d620d67d66c081a759a16a43cda1d269db34ec8877c1d614ac1bd7dc15491e1f50dca9bca370225feeb5bb02fc9d6fc697b5b4f24b48421505a526f99c5d29909f89d75967055dfe2fa57d3330d5b723c827c67abc224b739a03cf1bfeac28c28541ab9dd63e799372295eae143939777c7017c6e46678f39dc9d675945667ec42d8bf91a4f0274de3a302af65fc6720182b63b615cf9cff57af436c5d54ec072e1debd0ac43308ca02b80ff757c7f589c0fad806aeb982663c23efd5f08dbc03324301b30942739a76e336c4a254e is signature1 valid? true -------------- sha (hex): ffc25c9e7dab979f4ee431d4c68881285378ad523c5e00db3db9e7d62b5f5560 signature2: 1e612e2cdfbb4c5338c8cead1490b7694cb975361c734feb642cfc367e49e2ae54d6802860a30f1222d1be7b2a1c01ea45a3f6c11178908d471f638db29e68b8ff5ce1aa47bf81e9de820bb22a09ecc37feee8c61dea8e9ec4025ce1b871cb8666e126d1d605eaf4b2abbf26c4841f4c2599865a396130e6d9bff5c1094fc0780a68a54c1937fd5a26a9beb2ba76e06087c63ff177df96106a64e5e3495c65917249121cb72fb6d41cdee9a1965266a7ff76f2e05f9c9f64b3ac108d879d1127884fc3b551d223b1d9ad110e74acb0dd53f433ec3a4bdb9fa345890e0c0ee8649a4fa776a0f76a0189878d3a4fc710615e6e0c4f4398591abc317f111448064b is signature2 valid? false are signature1 and signature2 equal? false -------------- signature3: 194027d696054bf673c409493e3098b515a77f49e6f20d8eea35ed1f3ed4cf2409fa1e185eb5499c9394dacd0bb4422f89d620d67d66c081a759a16a43cda1d269db34ec8877c1d614ac1bd7dc15491e1f50dca9bca370225feeb5bb02fc9d6fc697b5b4f24b48421505a526f99c5d29909f89d75967055dfe2fa57d3330d5b723c827c67abc224b739a03cf1bfeac28c28541ab9dd63e799372295eae143939777c7017c6e46678f39dc9d675945667ec42d8bf91a4f0274de3a302af65fc6720182b63b615cf9cff57af436c5d54ec072e1debd0ac43308ca02b80ff757c7f589c0fad806aeb982663c23efd5f08dbc03324301b30942739a76e336c4a254e is signature3 valid? true are signature1 and signature3 equal? true我们可以看到此时 signature3 已经可以被成功验签了,并且它和 signature1 (也就是使用 JDK 生成的)是完全一致的。
那么你可以要问了,除了 SHA256 之外,还有其他的哈希算法呀,它们分别对应哪些固定前缀呢?这里列出来一些常见的算法与它们的固定前缀:
For the six hash functions mentioned in Appdix B.1, the DER encoding T of the DigestInfo value is equal to the following: MD2: (0x)30 20 30 0c 06 08 2a 86 48 86 f7 0d 02 02 05 00 04 10 || H. MD5: (0x)30 20 30 0c 06 08 2a 86 48 86 f7 0d 02 05 05 00 04 10 || H. SHA-1: (0x)30 21 30 09 06 05 2b 0e 03 02 1a 05 00 04 14 || H. SHA-256: (0x)30 31 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20 || H. SHA-384: (0x)30 41 30 0d 06 09 60 86 48 01 65 03 04 02 02 05 00 04 30 || H. SHA-512: (0x)30 51 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 00 04 40 || H.补充拓展:什么是数字签名
以电子形式存在于数据信息之中的,或作为其附件的或逻辑上与之有联系的数据,可用于辨别数据签署人的身份,并表明签署人对数据信息中包含的信息的认可。其主要作用是保证信息传输的完整性、发送者的身份认证、防止交易中的抵赖发生。数字签名的应用过程是,数据源发送方使用自己的私钥对数据校验和或其他与数据内容有关的变量进行加密处理,完成对数据的合法“签名”,数据接收方则利用对方的公钥来解读收到的“数字签名”,并将解读结果用于对数据完整性的检验,以确认签名的合法性。数字签名技术是在网络系统虚拟环境中确认身份的重要技术,完全可以代替现实过程中的“亲笔签字”,在技术和法律上有保证。在数字签名应用中,发送者的公钥可以很方便地得到,但他的私钥则需要严格保密。 (推荐答案!)签名信息电子化,可扫描,可保存,可转发,就是数字签名
签名信息数字化保存后的再应用。
什么是数字签名?区块链共识指的是啥?用物理学理解共识机制
行业热门话题:
【什么是数字签名?其有什么作用?】【什么是数字签名技术】【什么是数字签名和认证技术】【什么是数字签名?数字签名应满足的要求有哪些】【数字签名】【什么是数字签名?它和数字证书的区别是什么?】【什么是数字签名?其作用是什么?】【什么是数字签名算法】【什么是数字签名简述】【什么是数字签名并简述数字签名与数字签名验证有何区别】什么是数字签名完!