CN101980471B - Digital signature method, and method, device and system for verifying digital signature - Google Patents
Digital signature method, and method, device and system for verifying digital signature Download PDFInfo
- Publication number
- CN101980471B CN101980471B CN201010505308A CN201010505308A CN101980471B CN 101980471 B CN101980471 B CN 101980471B CN 201010505308 A CN201010505308 A CN 201010505308A CN 201010505308 A CN201010505308 A CN 201010505308A CN 101980471 B CN101980471 B CN 101980471B
- Authority
- CN
- China
- Prior art keywords
- message
- digital signature
- digest value
- message digest
- fragment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 41
- 239000012634 fragment Substances 0.000 claims abstract description 118
- 238000012545 processing Methods 0.000 claims abstract description 20
- 230000005540 biological transmission Effects 0.000 claims description 10
- 238000012795 verification Methods 0.000 claims description 9
- 230000000052 comparative effect Effects 0.000 claims description 7
- 230000002123 temporal effect Effects 0.000 claims description 5
- 238000010586 diagram Methods 0.000 description 12
- 238000005516 engineering process Methods 0.000 description 8
- 241000196324 Embryophyta Species 0.000 description 7
- 230000008878 coupling Effects 0.000 description 4
- 238000010168 coupling process Methods 0.000 description 4
- 238000005859 coupling reaction Methods 0.000 description 4
- 230000002950 deficient Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000012163 sequencing technique Methods 0.000 description 2
- 244000188472 Ilex paraguariensis Species 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000000295 complement effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Abstract
The invention relates to a digital signature method and a method, a device and a system for verifying a digital signature. The digital signature method comprises the following steps of: processing a message to be transmitted to obtain a first message summary value; selecting at least one message fragment from the message; processing the message fragments respectively to obtain at least one corresponding second message summary value; and encrypting the first message summary value and at least one second message summary value by using a digital signature algorithm to obtain a final digital signature. By selecting at least one message fragment from the message and calculating the message summary values of the message and the message fragment respectively, an attacker is forced to find at least two internally related matched messages respectively directing the message summary value of the message and the message summary value of at least one message fragment, so that the difficulty of degraded attack is increased, and further the security of digital signature is improved.
Description
Technical field
The present invention relates to a kind of network information encryption technology, relate in particular to a kind of digital signature method, the verification method of digital signature, Apparatus and system that can effectively prevent downgrade attacks.
Background technology
Along with rapid development of network technology, network security problem becomes more and more important, and information encryption then is the core technology in the network security technology.Digital signature (Digital Signatures) is to use technology comparatively widely in numerous information encryptions; It is the confidentiality of guarantee information transmission, the integrality of exchanges data, the non-repudiation that sends information, deterministic a kind of effective solution of dealer's identity, is the pith of e-commerce security property.
In the prior art, digital signature scheme has multiple, for example RSA (Ron Rivest, Adi Shamir&Leonard Adleman) signature, based on the digital signature of digital envelope, based on the digital signature scheme of eap-message digest etc.Wherein, the digital signature scheme based on eap-message digest comprises: adopt the algorithm of eap-message digest to form message digest value for needing encrypted messages earlier, with the RSA compiling method this message digest value is calculated and formed digital signature.This method has guaranteed the integrality of message data through message digest value, has guaranteed the confidentiality of message data through the RSA compiling method, simultaneously because message digest value length, has reduced the workload of RSA coding greatly much smaller than message data length.
Above-mentioned based on (the Message Digest of the eap-message digest in the digital signature scheme of eap-message digest; Abbreviate MD as) be a kind of coding method; The message of the random length that its employing one-way hash function (Hash) function will be encrypted forms the message digest value of a string regular length; And the message digest value result that different message forms is different, and the message digest value that same message forms must be consistent.An important attribute of eap-message digest is exactly irreversibility (irreversibility), a promptly given message digest value, and it should be extremely difficult wanting to calculate its pairing message.Another important attribute of eap-message digest is exactly that to want to produce two message M and M ' with identical message digest value be difficult, and this attribute is known as anti-collision property (collision resistance).In fact, any intensity of resisting the eap-message digest that conflict takes place has only the half the of message digest value, and therefore one 128 the message digest value intensity avoiding clashing has only 64, and that is to say needs about 2
64Inferior operation just can produce once conflict, promptly produces to have another message of identical message digest value, thereby has guaranteed the integrality of message.
The message digest value length that algorithms of different draws is different, and security intensity is different.As: the message digest value length that MD5 draws is 128, and the message digest value length that SHA-1 draws is 160, therefore, needs 2
64Inferior operation just can be found the once conflict of MD5, then is 2 for SHA-1
80Inferior operation.
The defective that prior art exists is: through existing digital signature scheme institute information encrypted based on eap-message digest; When transmission through network, suffer downgrade attacks easily, the assailant reaches the purpose of attack through using other Message Digest 5 replacement level message digest algorithm of low level security.
The schematic diagram that Figure 11 suffers downgrade attacks for the message that adopts existing digital signature technology.Shown in figure 11, transmitting terminal upgrades to the SHA-1 algorithm for improving safety of data transmission with original Message Digest 5 MD5 algorithm that adopts.When carrying out transfer of data, transmitting terminal at first obtains message digest value h=SHA-1 (A) with message A to be sent through the SHA-1 algorithm computation, calculates digital signature RSA (h) again, and with form be then: the data of message A+ digital signature RSA (h) send to the recipient.
The assailant has obtained message A1 and the digital signature RSA (h1) through checking before transmitting terminal upgrading message digest algorithm; H1 wherein calculates with the preceding rudimentary Message Digest 5 MD5 of upgrading for message A1; Be h1=MD5 (A1); The assailant collides computing according to this message digest value, obtains the message B of a forgery, makes MD5 (B)=MD5 (A1).
The assailant intercepts and captures the data that transmitting terminal sends; Digital signature RSA in these data (h) is replaced with RSA (h1); Again its message A is replaced with message B, the data format after distorting is: message B+ digital signature RSA (h1), the assailant sends to receiving terminal with these data then.
Receiving terminal receives through after the data of distorting; Earlier RSA (h1) is deciphered and obtain message digest value h1, again message B is calculated with the MD5 algorithm that it carries, obtain MD5 (B); Because MD5 (B)=MD5 (A1)=h1, so receiving terminal can't judge that message is distorted.Therefore, adopt existing digital signature method institute information encrypted, suffer downgrade attacks easily based on eap-message digest.
Summary of the invention
To the defective of prior art, the present invention provides verification method, the Apparatus and system of a kind of digital signature method, digital signature, can effectively prevent downgrade attacks.
The invention provides a kind of digital signature method, comprising:
Message waiting for transmission is handled, obtained first message digest value;
From said message, choose at least one message fragment;
Said message fragment is handled respectively, obtained at least one corresponding second message digest value;
Adopt Digital Signature Algorithm that said first message digest value and said at least one second message digest value are encrypted, obtain final digital signature.
The present invention provides a kind of verification method of digital signature again, comprising:
According to the message that receives being chosen at least one message fragment with the mode of message transmitting party agreement;
According to the final digital signature that receives being deciphered with the manner of decryption and the Digital Signature Algorithm of message transmitting party agreement; Obtain first message digest value and at least one second message digest value; Said first message digest value is corresponding with the said message that receives, and said at least one second message digest value is corresponding with said at least one message fragment;
The said message that receives is handled, obtained the 3rd message digest value;
Said message fragment is handled respectively, obtained at least one corresponding the 4th message digest value;
Said first message digest value and said the 3rd message digest value are compared;
Said at least one second message digest value and said at least one the 4th message digest value are compared;
Equate with said the 3rd message digest value in said first message digest value, and under said at least one second message digest value and the situation that said at least one the 4th message digest value all equates, judge that the said message that receives does not receive downgrade attacks;
Otherwise, judge that the said message that receives receives downgrade attacks;
Wherein, Said at least one second message digest value all equates to comprise with said at least one the 4th message digest value: when second message digest value and the 4th message digest value are respectively a plurality of; By the order of choosing the message fragment; To compare with each second message digest value successively corresponding to each the 4th message digest value of message fragment, all comparative results are equal.
The present invention also provides a kind of digital signature device, comprising:
The first eap-message digest processing module is used for message waiting for transmission is handled, and obtains first message digest value;
Fragment is chosen module, is used for choosing at least one message fragment from said message;
The second eap-message digest processing module is used for said message fragment is handled, and obtains at least one corresponding second message digest value;
The digital signature module is used to adopt Digital Signature Algorithm that said first message digest value and said at least one second message digest value are encrypted, and obtains final digital signature.
The present invention provides a kind of demo plant of digital signature again, comprising:
The fragment acquisition module is used for basis and with the mode of message transmitting party agreement the message that receives is chosen at least one message fragment;
Deciphering module; Being used for basis deciphers the final digital signature that receives with the manner of decryption and the Digital Signature Algorithm of message transmitting party agreement; Obtain first message digest value and at least one second message digest value; Said first message digest value is corresponding with the said message that receives, and said at least one second message digest value is corresponding with said at least one message fragment;
The 3rd eap-message digest processing module is used for the said message that receives is handled, and obtains the 3rd message digest value;
The 4th eap-message digest processing module is used for said message fragment is handled respectively, obtains at least one corresponding the 4th message digest value;
First comparison module is used for said first message digest value and said the 3rd message digest value are compared;
Second comparison module is used for said at least one second message digest value and said at least one the 4th message digest value are compared;
Determination module; Be used for equating with said the 3rd message digest value in said first message digest value; And under said at least one second message digest value and the situation that said at least one the 4th message digest value all equates, judge that the said message that receives does not receive downgrade attacks; Otherwise, judge that the said message that receives receives downgrade attacks;
Wherein, Said at least one second message digest value all equates to comprise with said at least one the 4th message digest value: when second message digest value and the 4th message digest value are respectively a plurality of; By the order of choosing the message fragment; To compare with each second message digest value successively corresponding to each the 4th message digest value of message fragment, all comparative results are equal.
The present invention also provides a kind of digital signature system, comprising: the demo plant of above-mentioned digital signature device and above-mentioned digital signature.
Can know by technique scheme; The present invention is through choosing at least one message fragment from message; And calculate the message digest value of message and message fragment respectively; Make the assailant must find at least two coupling message to point to the message digest value of message and the message digest value of at least one message fragment respectively simultaneously, thereby increased the difficulty of downgrade attacks with inner link, and then the fail safe that has improved digital signature.
Through accompanying drawing and embodiment, technical scheme of the present invention is done further detailed description below.
Description of drawings
The flow chart of the digital signature method that Fig. 1 provides for one embodiment of the invention;
The message format sketch map that Fig. 2 provides for one embodiment of the invention;
The sketch map of the final digital signature form that Fig. 3 provides for one embodiment of the invention;
The flow chart of the verification method of the digital signature that Fig. 4 provides for one embodiment of the invention;
The sketch map of the final digital signature form that Fig. 5 provides for another embodiment of the present invention;
The block diagram of the digital signature device that Fig. 6 provides for one embodiment of the invention;
The block diagram of the demo plant of the digital signature that Fig. 7 provides for one embodiment of the invention;
The block diagram of the digital signature system that Fig. 8 provides for one embodiment of the invention;
The block diagram of the digital signature module that Fig. 9 provides for one embodiment of the invention;
The block diagram of the digital signature module that Figure 10 provides for another embodiment of the present invention;
The schematic diagram that Figure 11 suffers downgrade attacks for the message that adopts existing digital signature technology.
Embodiment
The flow chart of the digital signature method that Fig. 1 provides for one embodiment of the invention.
As shown in Figure 1, digital signature method comprises:
Step 101: message waiting for transmission is handled, obtained first message digest value;
Particularly, message transmitting party at first need calculate first message digest value according to this message algorithm to message integral body according to demand for security specify message digest algorithm.
Step 102: from message, choose at least one message fragment;
Particularly, can from message, choose a message fragment or a plurality of message fragment, each message fragment can be message transmitting party and good certain field or a few position of message recipient as offered.
The message fragment of choosing should reduce conflict as far as possible, makes when the assailant carries out downgrade attacks to message, is not easy to find the Message-text that matees former message fragment and obtains identical message digest value.
The message fragment can be chosen the field of expression message temporal information; Form digital signature; This digital signature that comprises the message temporal information is called Digital Time-stamp (digitaltime-stamp); It is formed by the Digital Time-stamp service that mechanism provided special on the network (digital time-stamp service abbreviates DTS as).The assailant will find the Message-text that is complementary with Digital Time-stamp and obtain identical eap-message digest is very difficult, need satisfy time format characteristic and scope (possibly be merely one minute) simultaneously, and the probability that satisfies like this is very low.
When choosing a plurality of message fragment, each message fragment can comprise same field or identical bits, and promptly each message fragment has overlapped part, also can be that certain the several message fragment in a plurality of message fragments have overlapped part.
Need to prove; The message fragment is not limited to the field of described certain field of present embodiment or a few position or expression message temporal information; Overlapped mode between a plurality of message fragments also is not limited to aforesaid way, and the mode of choosing of the message fragment that any those skilled in the art knew all can be used for realizing the present invention.
Step 103: the message fragment is handled respectively, obtained at least one corresponding second message digest value;
Particularly, when having chosen a message fragment, transmit leg calculates one second message digest value to selected message fragment; When having chosen a plurality of message fragment, transmit leg then calculates respectively each message fragment, obtains corresponding a plurality of second message digest value.
The algorithm that message digest value adopted that calculates each message fragment can be the same or different, and when adopting identical algorithms that all message fragments are calculated, and the algorithm that this algorithm is adopted in the time of also can be with the message digest value of calculating message is different.
The information of the algorithm that adopts was inserted in the message before message sends when prior art will be calculated each eap-message digest usually, therefore, when the recipient receives message and digital signature, had also received the pairing Message Digest 5 of each message digest value.
Step 104: adopt Digital Signature Algorithm that said first message digest value and said at least one second message digest value are encrypted, obtain final digital signature.
Concrete; This Digital Signature Algorithm is the algorithm of transmit leg and the common agreement of recipient; When adopting this algorithm that first message digest value and at least one second message digest value are encrypted, can encrypt respectively, obtain corresponding first digital signature and at least one second digital signature first message digest value and at least one second message digest value; With first digital signature and at least one second digital signature combination, obtain final digital signature again.Wherein, at least one second digital signature is connected the back of first digital signature, and the sequence consensus of the message fragment that puts in order and choose of at least one second digital signature.
When adopting this algorithm that first message digest value and at least one second message digest value are encrypted; Also can first message digest value and at least one second message digest value be made up earlier; Again first message digest value and at least one the second message digest value integral body of this combination are encrypted, obtain final digital signature.Wherein, at least one second message digest value is connected the back of first message digest value, and the sequence consensus of the message fragment that puts in order and choose of at least one second message digest value.
Need to prove; The mode that first message digest value and at least one second message digest value are encrypted is not limited to above-mentioned dual mode; Can also be with the bulk encryption of part message digest value and other message digest value is encrypted respectively; Each digital signature combination that will obtain then is to obtain final digital signature.Except that aforesaid way, any mode that first message digest value and at least one second message digest value are encrypted all can be used for realizing the present invention.
In the digital signature method of present embodiment; Not only message integral body has been carried out message digest computation; Obtained first message digest value; Also a certain or some fragment in the message has been carried out message digest computation, obtained at least one second message digest value, made the assailant must find at least two coupling message to point to first message digest value and at least one second message digest value respectively simultaneously with inner link.Because the part of the ad-hoc location in the corresponding message of second message digest value; Make the coupling message that the assailant found also will meet this point; Just can attack, increase assailant's attack difficulty, reduce the danger that message is attacked; Effectively stop downgrade attacks, satisfied the demand of the greater security of message and digital signature.
In addition, in the digital signature method of present embodiment, the mode that message digest value is encrypted has multiple, and transmit leg and recipient can arrange a kind of mode, the fail safe that has further improved digital signature as required.
The sketch map of the message format that Fig. 2 provides for one embodiment of the invention.The sketch map of the final digital signature form that Fig. 3 provides for one embodiment of the invention; Final digital signature as shown in Figure 3 is under the situation of choosing a message fragment, to obtain, and first digital signature that wherein comprises corresponding to message reaches one second digital signature corresponding to the message fragment.As shown in Figure 2, message 201 constitutes complete data with final digital signature 202.
The flow chart of the verification method of the digital signature that Fig. 4 provides for one embodiment of the invention.Referring to Fig. 4, the verification method of digital signature comprises:
Step 401: according to the message that receives being chosen at least one message fragment with the mode of message transmitting party agreement.
Particularly, reciever to the message that receives according to transmit leg and recipient jointly the agreement method choose one or more message fragments.
Step 402:, obtain to reach at least one second message digest value corresponding to the message fragment corresponding to first message digest value of message according to the final digital signature that receives being deciphered with the manner of decryption and the Digital Signature Algorithm of message transmitting party agreement.
Particularly; Reciever is deciphered through Digital Signature Algorithm with the manner of decryption of message transmitting party agreement the final digital signature basis that receives; This Digital Signature Algorithm is arranged by transmit leg and recipient jointly; This manner of decryption is corresponding with the cipher mode among the aforementioned digital signature method embodiment, and promptly transmit leg adopts a kind of cipher mode, and then the recipient then adopts this mode that the final digital signature that receives is deciphered.When the message fragment of choosing in the step 401 is one, deciphers the back and obtain to reach one second message digest value corresponding to the message fragment corresponding to one first message digest value of message; When the message fragment of choosing in the step 401 when being a plurality of, decipher the back and obtain corresponding to one first message digest value of message and corresponding to a plurality of second message digest value of a plurality of message fragments.
Step 403: message is handled, obtained the 3rd message digest value, and at least one message fragment is handled respectively, obtain at least one the 4th message digest value.
Particularly, message is calculated, obtain the 3rd message digest value, and the message fragment of choosing is calculated, when choosing a message fragment, calculate the back and obtain one the 4th message digest value; When choosing a plurality of message fragment, calculate the back and obtain a plurality of the 4th message digest value.
When calculating the message digest value of message or a certain message fragment, will by deciphering in the step 402 obtain to should message or the Message Digest 5 of this message fragment take out, with this algorithm this message or this message fragment are calculated.
Step 404: compare first message digest value and the 3rd message digest value.
Particularly, first message digest value and the 3rd message digest value are compared.As relatively result when be unequal, explain that the message that receives is the message of being distorted, then forward step 407 to, the judgement message is attacked.When relatively result when equating then execution in step 405.
Step 405: compare second message digest value and the 4th message digest value.
When choosing a message fragment; Second message digest value and the 4th message digest value are respectively one; Second message digest value and the 4th message digest value are compared,, explain that the message that receives is the message of being distorted as relatively result when being unequal; Then forward step 407 to, judge that message is attacked.When comparative result when equating, explain to have received correct message that then forward step 406 to, the judgement message is not under fire.
When choosing a plurality of message fragment, second message digest value and the 4th message digest value are respectively a plurality of, by the order of choosing the message fragment, will compare with each second message digest value successively corresponding to each the 4th message digest value of message fragment.Have one when unequal when second message digest value and the 4th message digest value occurring, explain that the message that receives is the message of being distorted, then stop follow-up comparison, forward step 407 to, the judgement message is attacked.When comparative result is whole equating, explain to have received correct message, then forward step 406 to, judge message not under fire.
Can make through above-mentioned verification method the recipient is correct to judge whether the message that receives suffers downgrade attacks, thereby guarantee to receive the integrality and the reliability of data.
Need to prove; Do not limit the order of carrying out between above-mentioned steps 404 and the step 405; Promptly compare first message digest value and the 3rd message digest value earlier, perhaps relatively second message digest value and the 4th message digest value all can suitably be selected according to actual needs earlier.
The block diagram of the digital signature device that Fig. 6 provides for one embodiment of the invention.Referring to Fig. 6, digital signature device 601 comprises: the first eap-message digest processing module 603, fragment are chosen module 602, the second eap-message digest processing module 604, digital signature module 605.
Wherein, the first eap-message digest processing module 603 is used for message waiting for transmission is calculated, and obtains first message digest value.Fragment is chosen module 602 and is used for choosing at least one message fragment from message waiting for transmission.The second eap-message digest processing module 604 is used at least one message fragment is calculated, and obtains at least one second message digest value.Digital signature module 605 is used to adopt Digital Signature Algorithm that first message digest value and at least one second message digest value are encrypted, and obtains final digital signature.Choosing method to the message fragment sees the explanation in the foregoing description for details, in this no longer repeat specification.
The block diagram of the digital signature module that Fig. 9 provides for one embodiment of the invention, as shown in Figure 9, digital signature module 605 comprises the first digital signature unit 6051, the second digital signature unit 6052 and first assembled unit 6053.Wherein, the first digital signature unit 6051 is used for adopting Digital Signature Algorithm to encrypt to first message digest value, obtains first digital signature; The second digital signature unit 6052 is used for adopting Digital Signature Algorithm to encrypt respectively at least one second message digest value, obtains at least one second digital signature; First assembled unit 6053 is used for first digital signature and at least one second digital signature are made up, and obtains final digital signature.At least one second digital signature is connected in the back of first digital signature, and the sequence consensus of the message fragment that puts in order and choose of at least one second digital signature.
When the message fragment of choosing was n, the form of final digital signature was as shown in Figure 5.Wherein, first digital signature represent to dock the message overall calculation received and encrypt after the digital signature that obtains; Second digital signature 1 is represented the 1st the message fragment computations of choosing and the digital signature that obtains after encrypting; Second digital signature 2 is represented the 2nd the message fragment computations of choosing and the digital signature that obtains after encrypting, and by that analogy, the second digital signature n representes n the message fragment computations of choosing and the digital signature that obtains after encrypting.Second digital signature 1, second digital signature 2 ..., the second digital signature n is connected to the back of first digital signature in turn by the sequencing correspondence of message fragment, constitutes final digital signature.For example, if the sequencing of the n that chooses a message fragment be: the 1st message fragment, the 2nd message fragment ... n message fragment, then final digital signature is as shown in Figure 5.
Through a plurality of message fragments of choosing are calculated the generation message digest value respectively; Make the assailant must find a plurality of coupling message to point to corresponding message digest value respectively simultaneously; Further increased the difficulty of downgrade attacks; And the number of the message fragment of choosing is many more, and message possibility under attack is just low more, thus the fail safe that has further improved digital signature method.
The block diagram of the digital signature module that Figure 10 provides for another embodiment of the present invention.Shown in figure 10, digital signature module 605 comprises second assembled unit 6054 and the 3rd digital signature unit 6055.Wherein, second assembled unit 6054 is used for first message digest value and at least one second message digest value are made up; The 3rd digital signature unit 6055 is used to adopt Digital Signature Algorithm that first message digest value and at least one the second message digest value integral body of combination are encrypted, and obtains said final digital signature.At least one second message digest value is connected in the back of first message digest value, and the sequence consensus of the message fragment that puts in order and choose of at least one second message digest value.
The block diagram of the demo plant of the digital signature that Fig. 7 provides for one embodiment of the invention.Referring to Fig. 7, the demo plant 701 of digital signature comprises: fragment acquisition module 702, deciphering module 703, the 3rd eap-message digest processing module 704, the 4th eap-message digest processing module 705, first comparison module 706, second comparison module 707 and determination module 708.
Wherein, fragment acquisition module 702 bases are chosen at least one message fragment with the mode of message transmitting party agreement to the message that receives; Deciphering module 703 bases adopt Digital Signature Algorithm that the final digital signature that receives is deciphered with the manner of decryption of message transmitting party agreement; Obtain first message digest value and at least one second message digest value; This Digital Signature Algorithm is the algorithm of arranging with message transmitting party; First message digest value is corresponding with the message that receives, and at least one second message digest value is corresponding with at least one message fragment.This manner of decryption is corresponding with the cipher mode that transmit leg is adopted.
704 pairs of messages that receive of the 3rd eap-message digest processing module calculate, and obtain the 3rd message digest value; The 4th eap-message digest processing module 705 is calculated respectively at least one message fragment, obtains at least one the 4th message digest value.
The 3rd eap-message digest processing module 704 is when calculating the message digest value of message; Perhaps the 4th eap-message digest processing module 705 is when calculating the message digest value of a certain message fragment; Earlier will by deciphering in the deciphering module 703 obtain to should message or the Message Digest 5 of this message fragment take out, with this algorithm this message or this message fragment are calculated.
706 pairs first message digest value of first comparison module and the 3rd message digest value compare; Second comparison module 707 compares at least one second message digest value and at least one the 4th message digest value; Determination module 708 judges according to the comparative result of first comparison module 706 and second comparison module 707 whether the message that receives receives downgrade attacks.
In the present embodiment; Determination module 708 specifically is used for equating with the 3rd message digest value in first message digest value; And under at least one second message digest value and the situation that at least one the 4th message digest value all equates, judge that the message that receives does not receive downgrade attacks; Otherwise, judge that the message that receives receives downgrade attacks.
The block diagram of the digital signature system that Fig. 8 provides for one embodiment of the invention.Referring to Fig. 8, digital signature system 801 comprises the demo plant 803 of digital signature device 802 and digital signature.Wherein, digital signature device 802 is described in detail with the demo plant 803 of digital signature in the above-described embodiments, no longer is repeated in this description at this.
Need to prove that the Message Digest 5 of above-mentioned each embodiment and Digital Signature Algorithm are not limited to algorithm cited among the embodiment, Message Digest 5 that any those skilled in the art knew and Digital Signature Algorithm all can be used for realizing the present invention.
One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can be accomplished through the relevant hardware of program command; Aforesaid program can be stored in the computer read/write memory medium; This program the step that comprises said method embodiment when carrying out; And aforesaid storage medium comprises: various media that can be program code stored such as ROM, RAM, magnetic disc or CD.
What should explain at last is: above embodiment is only in order to technical scheme of the present invention to be described but not limit it; Although the present invention has been carried out detailed explanation with reference to preferred embodiment; Those of ordinary skill in the art is to be understood that: it still can make amendment or be equal to replacement technical scheme of the present invention, also can not make amended technical scheme break away from the spirit and the scope of technical scheme of the present invention and these are revised or be equal to replacement.
Claims (15)
1. a digital signature method is characterized in that, comprising:
Message waiting for transmission is handled, obtained first message digest value;
From said message, choose at least one message fragment;
Said message fragment is handled respectively, obtained at least one corresponding second message digest value;
Adopt Digital Signature Algorithm that said first message digest value and said at least one second message digest value are encrypted, obtain final digital signature.
2. digital signature method according to claim 1 is characterized in that, adopts Digital Signature Algorithm that said first message digest value and said at least one second message digest value are encrypted, and obtains final digital signature and comprises:
Adopt said Digital Signature Algorithm that said first message digest value is encrypted, obtain first digital signature;
Adopt said Digital Signature Algorithm that said at least one second message digest value is encrypted respectively, obtain at least one second digital signature;
Said first digital signature and said at least one second digital signature are made up.
3. digital signature method according to claim 1 is characterized in that, adopts Digital Signature Algorithm that said first message digest value and said at least one second message digest value are encrypted, and obtains final digital signature and comprises:
Said first message digest value and said at least one second message digest value are made up;
Adopt said Digital Signature Algorithm that said first message digest value and said at least one second message digest value integral body of combination are encrypted, obtain said final digital signature.
4. according to each described digital signature method of claim 1-3, it is characterized in that, from said message, choose at least one message fragment and comprise:
From said message, choose at least one field or at least one position.
5. according to each described digital signature method of claim 1-3, it is characterized in that, from said message, choose at least one message fragment and comprise:
From said message, choose a plurality of message fragments that comprise same field or identical bits.
6. digital signature method according to claim 4 is characterized in that, from said message, chooses at least one field and comprises:
From said message, choose the field that at least one is used to represent the temporal information of said message.
7. the verification method of a digital signature is characterized in that, comprising:
According to the message that receives being chosen at least one message fragment with the mode of message transmitting party agreement;
According to the final digital signature that receives being deciphered with the manner of decryption and the Digital Signature Algorithm of message transmitting party agreement; Obtain first message digest value and at least one second message digest value; Said first message digest value is corresponding with the said message that receives, and said at least one second message digest value is corresponding with said at least one message fragment;
The said message that receives is handled, obtained the 3rd message digest value;
Said message fragment is handled respectively, obtained at least one corresponding the 4th message digest value;
Said first message digest value and said the 3rd message digest value are compared;
Said at least one second message digest value and said at least one the 4th message digest value are compared;
Equate with said the 3rd message digest value in said first message digest value, and under said at least one second message digest value and the situation that said at least one the 4th message digest value all equates, judge that the said message that receives does not receive downgrade attacks;
Otherwise, judge that the said message that receives receives downgrade attacks;
Wherein, Said at least one second message digest value all equates to comprise with said at least one the 4th message digest value: when second message digest value and the 4th message digest value are respectively a plurality of; By the order of choosing the message fragment; To compare with each second message digest value successively corresponding to each the 4th message digest value of message fragment, all comparative results are equal.
8. a digital signature device is characterized in that, comprising:
The first eap-message digest processing module is used for message waiting for transmission is handled, and obtains first message digest value;
Fragment is chosen module, is used for choosing at least one message fragment from said message;
The second eap-message digest processing module is used for said message fragment is handled, and obtains at least one corresponding second message digest value;
The digital signature module is used to adopt Digital Signature Algorithm that said first message digest value and said at least one second message digest value are encrypted, and obtains final digital signature.
9. digital signature device according to claim 8 is characterized in that, said digital signature module comprises:
The first digital signature unit is used for adopting said Digital Signature Algorithm to encrypt to said first message digest value, obtains first digital signature;
The second digital signature unit is used for adopting said Digital Signature Algorithm to encrypt respectively to said at least one second message digest value, obtains at least one second digital signature;
First assembled unit is used for said first digital signature and said at least one second digital signature are made up, and obtains final digital signature.
10. digital signature device according to claim 8 is characterized in that, said digital signature module comprises:
Second assembled unit is used for said first message digest value and said at least one second message digest value are made up;
The 3rd digital signature unit is used to adopt said Digital Signature Algorithm that said first message digest value and said at least one second message digest value integral body of combination are encrypted, and obtains said final digital signature.
11. each described digital signature device is characterized in that according to Claim 8-10, said fragment is chosen module and is used for choosing at least one field or at least one position from said message.
12. each described digital signature device is characterized in that according to Claim 8-10, said fragment is chosen module and is used for choosing a plurality of message fragments that comprise same field or identical bits from said message.
13. each described digital signature device is characterized in that according to Claim 8-10, said fragment is chosen module and is used for choosing the field that at least one is used to represent the temporal information of said message from said message.
14. the demo plant of a digital signature is characterized in that, comprising:
The fragment acquisition module is used for basis and with the mode of message transmitting party agreement the message that receives is chosen at least one message fragment;
Deciphering module; Being used for basis deciphers the final digital signature that receives with the manner of decryption and the Digital Signature Algorithm of message transmitting party agreement; Obtain first message digest value and at least one second message digest value; Said first message digest value is corresponding with the said message that receives, and said at least one second message digest value is corresponding with said at least one message fragment;
The 3rd eap-message digest processing module is used for the said message that receives is handled, and obtains the 3rd message digest value;
The 4th eap-message digest processing module is used for said message fragment is handled respectively, obtains at least one corresponding the 4th message digest value;
First comparison module is used for said first message digest value and said the 3rd message digest value are compared;
Second comparison module is used for said at least one second message digest value and said at least one the 4th message digest value are compared;
Determination module; Be used for equating with said the 3rd message digest value in said first message digest value; And under said at least one second message digest value and the situation that said at least one the 4th message digest value all equates, judge that the said message that receives does not receive downgrade attacks; Otherwise, judge that the said message that receives receives downgrade attacks;
Wherein, Said at least one second message digest value all equates to comprise with said at least one the 4th message digest value: when second message digest value and the 4th message digest value are respectively a plurality of; By the order of choosing the message fragment; To compare with each second message digest value successively corresponding to each the 4th message digest value of message fragment, all comparative results are equal.
15. a digital signature system is characterized in that, comprising: aforesaid right requires each described digital signature device of 8-13 and aforesaid right to require the demo plant of 14 described digital signature.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010505308A CN101980471B (en) | 2010-10-08 | 2010-10-08 | Digital signature method, and method, device and system for verifying digital signature |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010505308A CN101980471B (en) | 2010-10-08 | 2010-10-08 | Digital signature method, and method, device and system for verifying digital signature |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101980471A CN101980471A (en) | 2011-02-23 |
| CN101980471B true CN101980471B (en) | 2012-08-29 |
Family
ID=43600955
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010505308A Active CN101980471B (en) | 2010-10-08 | 2010-10-08 | Digital signature method, and method, device and system for verifying digital signature |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101980471B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8458796B2 (en) | 2011-03-08 | 2013-06-04 | Hewlett-Packard Development Company, L.P. | Methods and systems for full pattern matching in hardware |
| CN104243161B (en) * | 2014-07-24 | 2018-09-21 | 无锡天公瑞丰科技有限公司 | Power distribution automation dual safety communication means based on TG-Inwicos and device |
| CN104519054A (en) * | 2014-12-12 | 2015-04-15 | 中金金融认证中心有限公司 | Digital signature method, device and system |
| CN106936594B (en) * | 2017-05-17 | 2020-03-17 | 浪潮天元通信信息系统有限公司 | Chain type self-authentication security interaction method |
| CN110311784B (en) * | 2019-06-10 | 2022-10-21 | 北京信安世纪科技股份有限公司 | JSON message signature method, signature verification method and device |
| CN113297633B (en) * | 2021-07-26 | 2021-11-02 | 南京大学 | Quantum digital signature method |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101631022A (en) * | 2009-08-04 | 2010-01-20 | 北京飞天诚信科技有限公司 | Signing method and system thereof |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6289455B1 (en) * | 1999-09-02 | 2001-09-11 | Crypotography Research, Inc. | Method and apparatus for preventing piracy of digital content |
| GB0229894D0 (en) * | 2002-12-21 | 2003-01-29 | Ibm | Methods, apparatus and computer programs for generating and/or using conditional electronic signatures and/or for reporting status changes |
| CN1794631A (en) * | 2005-12-26 | 2006-06-28 | 李代甫 | Sign device and method of digital sign |
| CN101203025B (en) * | 2006-12-15 | 2010-11-10 | 上海晨兴电子科技有限公司 | Method for transmitting and receiving safe mobile message |
-
2010
- 2010-10-08 CN CN201010505308A patent/CN101980471B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101631022A (en) * | 2009-08-04 | 2010-01-20 | 北京飞天诚信科技有限公司 | Signing method and system thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101980471A (en) | 2011-02-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109194466B (en) | Block chain-based cloud data integrity detection method and system | |
| US7127067B1 (en) | Secure patch system | |
| CN101980471B (en) | Digital signature method, and method, device and system for verifying digital signature | |
| US9166793B2 (en) | Efficient authentication for mobile and pervasive computing | |
| US10057071B2 (en) | Component for connecting to a data bus, and methods for implementing a cryptographic functionality in such a component | |
| CN111555872B (en) | Communication data processing method, device, computer system and storage medium | |
| US20130195266A1 (en) | Apparatus and Method for Producing a Message Authentication Code | |
| US20170063853A1 (en) | Data cipher and decipher based on device and data authentication | |
| US11914754B2 (en) | Cryptographic method for verifying data | |
| EP0644676A2 (en) | Secure message authentication for binary additive stream cipher systems | |
| JP6190404B2 (en) | Receiving node, message receiving method and computer program | |
| CN111970114B (en) | File encryption method, system, server and storage medium | |
| US20200351100A1 (en) | Cryptographic method for verifying data | |
| CN107566360A (en) | A kind of generation method of data authentication code | |
| CN105468935A (en) | Method, sending end, tool end and burning end for guaranteeing safe burning of KEY | |
| US10862675B2 (en) | Method for exchanging messages between security-relevant devices | |
| US11341217B1 (en) | Enhancing obfuscation of digital content through use of linear error correction codes | |
| CN102781005A (en) | Transponder, reader and methods for operating the same | |
| CN108242997B (en) | Method and apparatus for secure communication | |
| CN106203579A (en) | A kind of safe RFID label tag random number automatic update method | |
| CN113517982A (en) | Password generation method, password execution method and terminal | |
| CN104247326A (en) | Field bus data transmission | |
| CN112953968A (en) | Power distribution terminal operation and maintenance communication method and device based on security authentication | |
| CN116455892B (en) | File transmission method, file transmission device and terminal equipment | |
| CN111478948B (en) | Block chain access method, internet of things equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Free format text: FORMER OWNER: KNET CO., LTD. |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| C53 | Correction of patent for invention or patent application | ||
| CB03 | Change of inventor or designer information |
Inventor after: Mao Wei Inventor after: Li Xiaodong Inventor after: Shen Shuo Inventor after: Wang Yan Inventor after: Liu Jin Inventor before: Mao Wei Inventor before: Li Xiaodong Inventor before: Shen Shuo Inventor before: Wang Yan Inventor before: Liu Jin Inventor before: Lu Wenzhe |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: INVENTOR; FROM: MAO WEI LI XIAODONG SHEN SHUO WANG YAN LIU JIN LU WENZHE TO: MAO WEI LI XIAODONG SHEN SHUO WANG YAN LIU JIN |
|
| TA01 | Transfer of patent application right |
Effective date of registration: 20110419 Address after: 100190 Beijing, Zhongguancun, South Street, No. four, No. four, No. Applicant after: Computer Network Information Center, Chinese Academy of Sciences Address before: 100190 Beijing, Zhongguancun, South Street, No. four, No. four, No. Applicant before: Computer Network Information Center, Chinese Academy of Sciences Co-applicant before: Beilong Knet (Beijing) Technology Co., Ltd. |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210210 Address after: 100190 room 506, building 2, courtyard 4, South 4th Street, Zhongguancun, Haidian District, Beijing Patentee after: CHINA INTERNET NETWORK INFORMATION CENTER Address before: 100190 No. four, four South Street, Haidian District, Beijing, Zhongguancun Patentee before: Computer Network Information Center, Chinese Academy of Sciences |