CN105162594B - A kind of quick endorsement method and signature device - Google Patents

A kind of quick endorsement method and signature device Download PDF

Info

Publication number
CN105162594B
CN105162594B CN201510462903.6A CN201510462903A CN105162594B CN 105162594 B CN105162594 B CN 105162594B CN 201510462903 A CN201510462903 A CN 201510462903A CN 105162594 B CN105162594 B CN 105162594B
Authority
CN
China
Prior art keywords
signature
hash
instruction
display confirmation
middleware
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510462903.6A
Other languages
Chinese (zh)
Other versions
CN105162594A (en
Inventor
陆舟
于华章
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Feitian Technologies Co Ltd
Original Assignee
Feitian Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Feitian Technologies Co Ltd filed Critical Feitian Technologies Co Ltd
Priority to CN201510462903.6A priority Critical patent/CN105162594B/en
Publication of CN105162594A publication Critical patent/CN105162594A/en
Application granted granted Critical
Publication of CN105162594B publication Critical patent/CN105162594B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/30003Arrangements for executing specific machine instructions
    • G06F9/30007Arrangements for executing specific machine instructions to perform operations on data operands

Abstract

The invention discloses a kind of quick endorsement method and signature device, belong to information security field.Methods described includes Hash instruction and the signature command that signature device receives middle ware issues, when receiving Hash instruction, Hach result and display confirmation are obtained from Hash instruction, digest value to be signed is obtained according to the Hach result and display confirmation that get;When receiving Hash instruction, the confirmation operation of user is detected, and treats signature digest value when the confirmation for detecting user operates and is signed, signature result is returned into middleware.The beneficial effects of the present invention are reducing in signature process by the data volume and data transmission period of incoming signature device outside signature device, the overall execution efficiency of signature is improved, and the signature of big data quantity message can be supported.

Description

A kind of quick endorsement method and signature device
Technical field
The present invention relates to information security field, more particularly to a kind of quick endorsement method and signature device.
Background technology
In the prior art, in order to improve the logic complexity of signature, the length for the increase signature initial data that can try one's best, and I Know, common signature process includes signature device and carries out Hash operation to incoming signature initial data first obtaining Hash Value, then cryptographic Hash is signed to obtain signature value, therefore, in the prior art in the presence of following technical problem:When signature original number According to length it is longer when, transmission signature initial data, to signature initial data carry out Hash calculation during will expend compared with More times, the overall execution efficiency of signature is influenceed, especially when using communication modes such as bluetooth, audios, transmission signature is original The process of data will take considerable time.
The content of the invention
The purpose of the present invention is the defects of overcoming prior art, there is provided a kind of quick endorsement method and signature device.
The inventive method is achieved through the following technical solutions:
On the one hand, the present invention provides a kind of quick endorsement method, including:
Signature device receives the instruction of middle ware issues;
When the Hash for receiving middle ware issues instructs, the signature device obtains Hach knot from Hash instruction Fruit and display confirmation, according to the Hach result and display confirmation acquisition digest value to be signed got, and to The middleware returns to Hash repeat-back;
When receiving the signature command of middle ware issues, the confirmation operation of the signature device detection user, work as detection To user confirmation operation when treat signature digest value and signed, and return to signature result to the middleware;
After the signature device obtains Hach result and display confirmation from Hash instruction, the detection is used Before the confirmation operation at family, in addition to:Corresponding information is shown according to the display confirmation.
Further, methods described also includes:
The middleware receives the data comprising file path to be signed and display confirmation that Net silver client issues, File to be signed is obtained according to the file path to be signed, according to the file to be signed and the display confirmation tissue Midamble, Hach is carried out to the midamble, according to Hach result and the display confirmation tissue Data field message, Hash instruction is generated according to the data field message, and Hash instruction is sent to the signature device;
The middleware receives the Hash repeat-back that the signature device returns, and sending signature to the signature device refers to Order.
Further, explicit message is also included in the data that the Net silver client issues;
Before the middleware sends Hash instruction to the signature device, in addition to:The explicit message is parsed, is obtained Display data, output include the signature prompt message of the display data;
The middleware specifically includes according to the file to be signed and the display confirmation tissue midamble: The middleware is true by the explicit message, the filename of the file to be signed, the file to be signed and the display Recognize information and carry out tissue according to predetermined format, obtain midamble;
After the middleware obtains file to be signed according to the file path to be signed, in addition to:Wait to sign to described Name file is encoded, and obtains the coded data of the file to be signed;
The middleware specifically includes according to the file to be signed and the display confirmation tissue midamble: The middleware by the explicit message, the filename of the file to be signed, the file to be signed coded data and The display confirmation carries out tissue according to predetermined format, obtains midamble;
The middleware carries out Hach to the midamble, specifically includes:
Step A, described middleware carries out sequential packet to the midamble;If the length of the midamble is packet The integral multiple of length, then packet obtain packet message, if the length of the midamble is not the integral multiple of block length, divided Group obtains packet message and the packet remaining data of insufficient block length;
Step B, Hash sequentially is carried out to the packet message that packet obtains, obtains middle digest value;
The middleware is according to Hach result and the display confirmation tissue data field message, specific bag Include:The middleware by Hach result and it is described display confirmation according to:Middle digest value length, middle summary The format sequential splicing of value, packet remaining data length, packet remaining data, TLV forms message length, TLV form messages, is obtained To data field message;The TLV forms message is by default label, display confirmation length and display confirmation order group Into;
The middleware generates Hash instruction according to the data field message, is specially:The middleware is by the data Data field generation Hash instruction of the domain message as instruction;
Before the signature device obtains Hach result and display confirmation from Hash instruction, in addition to:Institute State signature device and judge whether the length of the data field of Hash instruction is legal, be then to perform in the instruction from Hash to obtain packet Hash result and display confirmation, otherwise return to error condition to the middleware, terminate;
Methods described also includes:The middleware sends signature context initialization instruction, the label to the signature device Name equipment receive signature context initialization instruction after initialization signature environment, select current key, specify hash algorithm, and to The middleware returns to signature context initialization repeat-back;
The signature device obtains Hach result and display confirmation from Hash instruction, according to point got Group Hash result and display confirmation obtain digest value to be signed, specifically include:
Step 1-1, described signature device judges whether include middle digest value in Hash instruction, is then to obtain Hash instruction In middle digest value, perform step 1-2, otherwise to the middleware return error condition, terminate;
Step 1-2, described signature device judges packet remaining data and display confirmation whether are included in Hash instruction, Using the middle digest value as initial parameter if comprising packet remaining data and display confirmation, the hash algorithm is used Hash operation is carried out to packet remaining data and display confirmation, obtains digest value to be signed;If only comprising display confirmation letter Breath carries out Hash operation then using the middle digest value as initial parameter, using the hash algorithm to display confirmation, obtains To digest value to be signed;Error condition is returned to the middleware if only comprising packet remaining data, is terminated;
The signature device judges whether specifically included in Hash instruction comprising middle digest value:The signature device judges Whether the middle digest value length in Hash instruction is equal to 0, is not include middle digest value in then Hash instruction, otherwise Hash refers to Middle digest value is included in order, the signature device obtains the middle summary in signature command according to the middle digest value length Value;
The signature device judges whether specifically included in Hash instruction comprising packet remaining data and display confirmation: The signature device judges whether the packet remaining data length in Hash instruction is equal to 0, is not include to divide in then Hash instruction Group remaining data, otherwise grown in Hash instruction comprising packet remaining data, the signature device according to the packet remaining data Degree obtains the packet remaining data in signature command;The signature device judges that the display confirmation length in Hash instruction is It is no to be equal to 0, it is not include display confirmation in then Hash instruction, it is described otherwise comprising display confirmation in Hash instruction Signature device obtains the display confirmation in signature command according to the display confirmation length;
When the signature device is judged in Hash instruction comprising display confirmation, in addition to:The signature device judges Whether the length of the display confirmation in Hash instruction is legal, if do not conform to rule returns to error condition, knot to the middleware Beam;Continue to judge whether the display confirmation in Hash instruction is complete, and the acquisition Hash is performed if complete if legal Display confirmation in instruction, error condition is returned to the middleware if imperfect, terminated;
When the signature device receives the Hash instruction of middle ware issues, in addition to:Whether judge the current key It is then to perform in the instruction from Hash to obtain Hach result and display confirmation, otherwise to described for preset-key Middleware returns to error condition, terminates.
Further, after the signature device receives the signature command of middle ware issues, in addition to:User is prompted to confirm Display information.
On the other hand, the present invention also provides a kind of signature device, including:
Receiving module, for receiving the instruction of middle ware issues;
Acquisition module, when the Hash for receiving middle ware issues when the receiving module instructs, obtain Hash instruction In Hach result and display confirmation, obtain according to the Hach result that gets and display confirmation and wait to sign Name digest value;
Display module, the display confirmation for being got according to the acquisition module show corresponding information;
Confirming signature blocks, the confirmation for when the receiving module receives signature command, detecting user operates, and The digest value to be signed of acquisition module acquisition is signed when detecting the confirmation operation of user, obtains signature knot Fruit;
Repeat-back module, for returning to Hash repeat-back and signature result to middleware.
The signature device also includes:Signature context initialization module, for receiving signature ring in the receiving module During the initialization directive of border, initialization signature environment, current key is selected, specify hash algorithm.
Further, the signature device also includes:Judge module, for judging the signature context initialization module choosing Whether the current key selected is preset-key;
The acquisition module, specifically for receiving Hash instruction when the receiving module, and the judge module judges When the current key of the signature context initialization module selection is preset-key, the Hach result in Hash instruction is obtained With display confirmation, the Hach result got according to the acquisition module and display confirmation obtain to be signed pluck It is worth.
The display module is additionally operable to prompt user to confirm display information.
The acquisition module specifically includes acquiring unit and hash units:
The acquiring unit is used to, when the receiving module receives the Hash instruction of middle ware issues, instruct from Hash Digest value, packet remaining data and display confirmation among middle acquisition;
The hash units are used to confirm when the acquiring unit gets middle digest value, packet remaining data and display During information, using the middle digest value as initial parameter, the packet remaining data and the display confirmation are breathed out Uncommon computing, obtains digest value to be signed;When the acquiring unit gets middle digest value and display confirmation, with described Middle digest value is initial parameter, carries out Hash operation to the display confirmation, obtains digest value to be signed.
The inventive method is reached by the way that the partial data in data to be signed is carried out into Hash operation outside signature device Reduce in signature process by the data volume of incoming signature device outside signature device, shorten data in signature process and set by signing The time of standby outside incoming signature device, the beneficial effect of the overall execution efficiency of signature is improved, further, the present invention can Support is signed to big data quantity message, is provided on the premise of the length of increase signature initial data as far as possible using the present invention Method, the logic complexity for not only having increased signature can be realized but also the effect of the overall execution efficiency of signature will not be reduced.
Brief description of the drawings
, below will be to embodiment or existing for the clearer explanation embodiment of the present invention or technical scheme of the prior art There is the required accompanying drawing used in technology description to be briefly described, it should be apparent that, drawings in the following description are only this Some embodiments of invention, for those of ordinary skill in the art, on the premise of not paying creative work, can be with Other accompanying drawings are obtained according to these accompanying drawings.
Fig. 1 is a kind of flow chart for quick endorsement method that the embodiment of the present invention two provides;
Fig. 2 is a kind of flow chart for quick endorsement method that the embodiment of the present invention three provides;
Fig. 3 is a kind of block diagram for signature device that the embodiment of the present invention four provides;
Fig. 4 is a kind of flow chart of work methods for signature device that the embodiment of the present invention four provides.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation describes, it is clear that described embodiment is only part of the embodiment of the present invention, rather than whole embodiments.It is based on Embodiment in the present invention, the every other implementation that those skilled in the art are obtained under the premise of creative work is not made Example, belongs to the scope of protection of the invention.
Embodiment one
The present embodiment provides a kind of quick endorsement method, and methods described includes:
Signature device receives the instruction of middle ware issues;
When the Hash for receiving middle ware issues instructs, the signature device obtains Hach knot from Hash instruction Fruit and display confirmation, according to the Hach result and display confirmation acquisition digest value to be signed got, and to The middleware returns to Hash repeat-back;
When receiving the signature command of middle ware issues, the confirmation operation of the signature device detection user, work as detection To user confirmation operation when treat signature digest value and signed, and return to signature result to the middleware;
After the signature device obtains Hach result and display confirmation from Hash instruction, detect user's Before confirming operation, in addition to:Corresponding information is shown according to the display confirmation.
The method that the present embodiment provides, comprising middleware in data to be signed in the Hash instruction that signature device receives Partial data carry out the obtained Hach result of Hach, be compared to and receive the complete of middle ware issues in the prior art Portion's data to be signed, reduce the data volume being passed to signature device, shorten the time expended to signature device incoming data, It can reach the effect for improving signature overall execution efficiency.
Embodiment two
The present embodiment provides a kind of quick endorsement method, as shown in figure 1, methods described includes:
Step S1, middleware receives the number comprising file path to be signed and display confirmation that Net silver client issues According to according to file path to be signed acquisition file to be signed, according to the filename of file to be signed, file to be signed and display Confirmation tissue midamble;
Step S2, middleware carries out Hach to midamble, according to Hach result and display confirmation group Organization data domain message, Hash instruction is generated according to data field message, Hash is sent and instructs to signature device;
Step S3, signature device receives Hash instruction, and Hash instruction is parsed, obtains Hach result and display Confirmation, digest value to be signed is obtained according to the Hach result and display confirmation that get, returned to middleware Hash repeat-back;
Step S4, middleware sends signature command to signature device;
Step S5, after signature device receives signature command, the confirmation operation of user is detected, when the confirmation for detecting user Signature digest value is treated during operation to be signed, and signature result is returned to middleware.
After signature device obtains Hach result and display confirmation from Hash instruction in the present embodiment, detection Before the confirmation operation of user, in addition to:Corresponding information is shown according to the display confirmation;Signature device receives signature After instruction, in addition to:User is prompted to confirm display information.
In the present embodiment, also include before step S1:Middleware sends signature context initialization instruction to signature device;Label Name equipment receives initialization signature environment after signature context initialization instruction, selects current key, returns and sign to middleware Context initialization repeat-back;
In step S1, after middleware gets file to be signed according to file path to be signed, it can also include treating label Name file is encoded, and obtains the coded data of file to be signed;Accordingly, middleware according to the filename of file to be signed, The coded data and display confirmation tissue midamble of file to be signed.
In the present embodiment, explicit message can also be included in the data that Net silver client issues, correspondingly:Middleware according to Explicit message, the filename of file to be signed, the coded data of file to be signed and display confirmation tissue midamble; Also include middleware in step S1 explicit message is parsed to obtain display data, signature of the output comprising display data is prompted Information.
Embodiment three
The present embodiment provides a kind of quick endorsement method, as shown in Fig. 2 methods described includes:
Step 101, middleware reception Net silver client issue true comprising explicit message, file path to be signed and display Recognize the data of information;
Step 102, middleware download file to be signed according to file path to be signed, and treat signature file and compiled Code, obtains the coded data of file to be signed;Explicit message is parsed to obtain display data, output includes display data Signature prompt message;
Preferably, middleware treats signature file and carries out base64 codings.
Step 103, middleware according to the coded data of explicit message, the filename of file to be signed, file to be signed with And display confirmation tissue midamble;
Specifically, middleware is according to filename, to be signed of the default form generation comprising explicit message, file to be signed The coded data of file and the midamble for showing confirmation;
For example, the midamble of middleware generation TLV forms, specific form can be:Tag1(0x11)+Len1(Len1 The total length of data afterwards)+Tag2 (0x21)+Len2 (explicit message length)+explicit message+Tag3 (0x23)+Len3 (treats The coded data of the length of the filename of signature file and file to be signed length and) filename of+file to be signed and Coded data+Tag4 (0x22)+Len4 (total lengths of the data after Len4)+Tag5 (0x22)+Len5 of file to be signed (display confirmation length)+display confirmation, Len1, Len2, Len3, Len4, Len5 length are 8 bytes.
Step 104, middleware carry out Hach computing to midamble, obtain Hach result;
In the present embodiment, when the length of midamble is the integral multiple of block length, Hach result includes centre Digest value, when the length of midamble is not the integral multiple of block length, Hach result includes middle digest value and divided Group remaining data.Preferably, when the curtailment block length of midamble, middleware prompting mistake.
Specifically, middleware is carried out according to SM3, MD5, SHA1, SHA256, SHA384 or SHA512 algorithm to midamble Hach computing;The present embodiment is so that middleware carries out Hach computing according to SM3 algorithms to midamble as an example, step 104 specifically include:
Step 104-1, middleware is grouped according to SM3 block lengths to midamble;
Specifically, if the length of midamble is the integral multiple of SM3 block lengths, packet obtains n length and is equal to SM3 The packet message of block length, if the length of midamble is not the integral multiple of SM3 block lengths, packet obtains n length Packet message equal to SM3 block lengths and the packet remaining data less than SM3 block lengths, n=| the length of midamble/ SM3 block lengths |;
For example, SM3 block lengths are specially 64 bytes, if the length of midamble is 56 bytes, middleware prompting is wrong By mistake;If the length of midamble is 130 bytes, midamble is grouped according to SM3 block lengths, obtains 2 length Equal to the packet message of 64 bytes and the packet remaining data of 32 bytes;If the length of midamble is 192 bytes, according to SM3 block lengths are grouped to midamble, are obtained the packet message that 3 length are equal to 64 bytes, are not grouped remainder According to.
Step 104-2, middleware carries out Hash operation to each packet message that packet obtains successively using SM3 algorithms, obtains To middle digest value.
Step 105, middleware are according to Hach result and display confirmation generation Hash instruction;
Preferably, middleware specifically includes according to Hach result and display confirmation generation Hash instruction:
Step 105-1, data field message of the middleware generation comprising Hach result and display confirmation;
Specifically, middleware is according to data field of the default form generation comprising Hach result and display confirmation Message;
For example, middleware is according to " Len6 (middle digest value length)+middle digest value+Len7 (grow by packet remaining data Degree)+packet remaining data+Len8 (length of the TLV after Len8)+Tag5 (0x22)+Len5 (display confirmation length)+ The form generation data field message of display confirmation ";When the length of midamble is the integral multiple of block length, Len7 etc. In 0;Len6 and Len8 length is 2 bytes, and Len7 length is 1 byte, and Len5 length is 8 bytes.
Step 105-2, data field generation Hash instruction of the middleware using data field message as instruction.
Step 106, middleware send Hash instruction to signature device;
Step 107, signature device obtain Hach result and display confirmation in Hash instruction;
Further, signature device receive Hash instruction after perform step 107 before, can also include:Judge Hash Whether the length of the data field of instruction is legal, is then to perform step 107, otherwise returns to error condition to middleware, terminates;
Preferably, Hash instruction includes instructing head, the length and data field of data field, and signature device judges Hash instruction Whether the length of data field is legal to specifically include:It is default that signature device judges whether the length of the data field in Hash instruction exceedes Length, the length if the data field that Hash instructs more than if is illegal, and the length if the data field that Hash instructs not less than if is closed Method;
For example, preset length is 1024 bytes, if the length of the data field in Hash instruction is more than 1024 bytes, Hash The length of the data field of instruction is illegal, if the length of the data field in Hash instruction is not less than 1024 bytes, Hash instruction Data field length it is legal.
Step 108, signature device obtain summary to be signed according to the Hach result and display confirmation that get Value;
Specifically, step 108 includes:
Signature device judges whether include middle digest value in Hash instruction;
If not including middle digest value, error condition is returned to middleware, is terminated;
If comprising middle digest value, the middle digest value in Hash instruction is obtained, and continues to judge that Hash is in instructing It is no comprising packet remaining data and display confirmation, if not only comprising packet remaining data again comprising show confirmation if in Between digest value be initial parameter, using with middleware identical hash algorithm to packet remaining data and display confirmation progress Hash operation, obtain digest value to be signed;If only comprising display confirmation if using middle digest value as initial parameter, using with Middleware identical hash algorithm carries out Hash operation to display confirmation, obtains digest value to be signed;Otherwise to middleware Error condition is returned, is terminated;
Preferably, can the preset Hash calculation for carrying out Hach computing use to midamble with middleware in signature device The corresponding hash algorithm engine of method, step 107 to step 108 can specifically include:
Step 1-1, signature device judges whether include middle digest value in Hash instruction, is then obtained in Hash instruction Middle digest value, the hash_init interfaces of hash algorithm engine are called, middle digest value is write into hash algorithm engine, performed Step 1-2, error condition otherwise is returned to middleware, terminated;
Specifically, signature device judges whether include in Hash instruction comprising middle digest value:Signature device judges Hash Whether the middle digest value length in instruction is equal to 0, if not including middle digest value in Hash instruction if being equal to 0, if not equal to 0 Then middle digest value is included in Hash instruction;
Step 1-2, whether signature device is judged comprising packet remaining data in Hash instruction, is then obtained in Hash instruction Packet remaining data, call hash algorithm engine hash_update interfaces by be grouped remaining data write-in hash algorithm draw Hold up, perform step 1-3, otherwise directly perform step 1-3;
Specifically, signature device judges whether include in Hash instruction comprising packet remaining data:Signature device judges to breathe out Whether the packet remaining data length in uncommon instruction is equal to 0, does not include packet remaining data in Hash if being equal to 0 instructs, if Packet remaining data is included in not equal to 0 Hash instruction;
Step 1-3, whether signature device is judged comprising display confirmation in Hash instruction, is then obtained in Hash instruction Display confirmation, call hash algorithm engine hash_update interfaces by show confirmation write-in hash algorithm draw Hold up, perform step 1-4, otherwise return to error condition to middleware, terminate;
Specifically, signature device judges whether include in Hash instruction comprising display confirmation:Signature device judges to breathe out Whether the display confirmation length in uncommon instruction is equal to 0, does not include display confirmation in Hash if being equal to 0 instructs, if Display confirmation is included in not equal to 0 Hash instruction;
Step 1-4, signature device calls the hash_final interfaces of hash algorithm engine, obtains digest value to be signed.
Further, in step 1-3, after signature device is judged in Hash instruction comprising display confirmation, also Including:Signature device judges whether the length of the display confirmation in Hash instruction is legal, is returned if not conforming to rule to middleware Error condition is returned, is terminated;Continue to judge whether the display confirmation in Hash instruction is complete, performs if complete if legal Step 1-4, error condition is returned to middleware if imperfect, terminated.
Step 109, signature device return to Hash to middleware and instruct the response that runs succeeded.
In the embodiment of the present invention, also include before step 101:Middleware sends signature context initialization to signature device and referred to Order;Signature device receives initialization signature environment, selection current key after signature context initialization instruction, specifies Hash to calculate Method, signature context initialization repeat-back is returned to middleware.
In the embodiment of the present invention, also include after step 109:Middleware sends signature command to signature device;Signature is set Standby prompting user's confirmation display information after receiving signature command, current key pair is used when the confirmation for detecting user operates Digest value to be signed is signed, and signature result is returned to middleware.Further, in the present embodiment, can also be set in signature I.e. prompting user confirms display information after standby output display confirmation.
Example IV
A kind of signature device and its method of work that the present embodiment provides, as shown in figure 3, signature device specifically includes:
Receiving module 11, for receiving the instruction of middle ware issues;
Acquisition module 12, when the Hash for receiving middle ware issues when receiving module 11 instructs, obtain Hash instruction In Hach result and display confirmation, obtain according to the Hach result that gets and display confirmation and wait to sign Name digest value;
Display module 13, the display confirmation for being got according to the acquisition module 12 show corresponding information;
Confirm signature blocks 14, the confirmation for when the receiving module 11 receives signature command, detecting user is grasped Make, and the digest value to be signed that acquisition module 12 is got is signed when detecting the confirmation operation of user, signed Name result;
Repeat-back module 15, for returning to Hash repeat-back and signature result to middleware.
In the present embodiment, signature device can also include signature context initialization module 16, for being connect in receiving module 11 When receiving signature context initialization instruction, initialization signature environment, current key is selected, specify hash algorithm;
Correspondingly, confirm that signature blocks 14 are specifically used for when the receiving module 11 receives signature command, detection is used The confirmation operation at family, and the current key of the signature selection of context initialization module 16 is used when detecting the confirmation operation of user The digest value to be signed that acquisition module 12 is got is signed, obtains result of signing;
Repeat-back module 15 is additionally operable to return to signature context initialization repeat-back to middleware.
Further, in the present embodiment, signature device can also include judge module 17, for judging that signature environment is initial Whether change current key that module 16 selects for preset-key;
Correspondingly, acquisition module 12, specifically for receiving Hash instruction when receiving module 11, and judge module 17 judges When the current key of the context initialization module 16 that goes out to sign selection is preset-key, the Hach result in Hash instruction is obtained With display confirmation, the Hach result got according to acquisition module 12 and display confirmation obtain summary to be signed Value.
In the present embodiment, display module 13 is additionally operable to prompt user to confirm display information.
In the present embodiment, acquisition module 12 specifically includes acquiring unit 121 and hash units 122:
The acquiring unit 121 is used to, when receiving module 11 receives the Hash instruction of middle ware issues, from Hash refer to Digest value, packet remaining data and display confirmation among being obtained in order;
The hash units 122 are used for when the acquiring unit 121 gets middle digest value, packet remaining data and shows When showing confirmation, using the middle digest value as initial parameter, to the packet remaining data and the display confirmation Hash operation is carried out, obtains digest value to be signed;When the acquiring unit 121 gets middle digest value and display confirmation When, using the middle digest value as initial parameter, Hash operation is carried out to the display confirmation, obtains Hash to be signed Value.
As shown in figure 4, the method for work of signature device performs following steps after including signature device power-up initializing, specifically Ground, signature device are provided with middleware and Net silver client by being connected electricity, host computer with host computer:
Step 201, wait middle ware issues instruction, when receiving the instruction of middle ware issues, perform step 202;
Step 202, the type of decision instruction, step 203 is then performed if signature context initialization instruction, is referred to if Hash Order then performs step 204, and step 212 is then performed if signature command, is otherwise operated and will grasped according to the instruction received Middleware, return to step 201 are returned to as result;
Step 203, initialization signature environment, current key is selected, specify hash algorithm, should to middleware return instruction Answer, return to step 201;
Specifically, in the present embodiment, signature device is specified according to signature context initialization instruction and is grouped with middleware Hash algorithm identical hash algorithm used in Hash.
Step 204, judge whether to have completed initialization signature environment, be then to perform step 205, otherwise perform step 211;
Preferably, preset signature status inside signature device, correspondingly:
It is original state that signature status is set in the present embodiment, when signature device is initialized;
In step 203, renewal signature status is preset state after signature device has performed initialization signature environment, such as in advance If state is MSE states;
In step 204, signature device is by checking whether signature status is that preset state judges whether to have completed to initialize Signature environment, if signature status is preset state, has completed initialization signature environment, otherwise judges not completing initialization signature Environment.
Step 205, judge whether current key is preset-key, be then to perform step 206, otherwise perform step 211;
In the present embodiment, key description of the equipment by checking device interior judges whether current key is preset-key, Specifically, equipment judges that the key purposes in key description judges whether current key is preset-key, such as:
What it is to progress is SM2 signatures, then judges whether the key purposes in key description is SM2, then current if SM2 Key is preset-key, if not then current key is not preset-key to SM2;
What it is to progress is RSA signature, then judges whether the key purposes in key description is RSA, then current if RSA Key is preset-key, if not then current key is not preset-key to RSA.
Step 206, judge whether the length for the data field that Hash instructs is legal, be then to perform step 207, otherwise perform step Rapid 211;
Middle digest value in step 207, acquisition Hash instruction, calls the hash_init interfaces of hash algorithm engine will The middle digest value write-in hash algorithm engine got;
Signature device also includes before performing step 207:Judge whether include middle digest value in Hash instruction, be to hold Row step 207, otherwise directly perform step 208 or return to error condition to middleware, terminate.
Step 208, obtain the packet remaining data in Hash instruction and show confirmation, call hash algorithm engine The packet remaining data got and display confirmation are sequentially written in hash algorithm engine by hash_update interfaces;
Before equipment performs step 208, in addition to judge whether true comprising packet remaining data and display in Hash instruction Recognize information, step 208 is performed if including;If only return to error condition, knot to middleware comprising packet remaining data Beam, or the packet remaining data in Hash instruction is obtained, calling the hash_update interfaces of hash algorithm engine will get Packet remaining data write-in hash algorithm engine, then perform step 209;If only obtain and breathe out comprising display confirmation Display confirmation in uncommon instruction, the display confirmation letter for calling the hash_update interfaces of hash algorithm engine to get Breath write-in hash algorithm engine, then performs step 209;
Also include when equipment is judged in Hash instruction comprising display confirmation:Judge that the display in Hash instruction is true Recognize information whether length legal and Hash instruction in display confirmation it is whether complete, if the length of display confirmation Legal and display confirmation completely then continues executing with subsequent operation, otherwise returns to error condition, return to step to host computer 201。
Step 209, the hash_final interfaces of hash algorithm engine are called to obtain digest value to be signed;
The display confirmation that step 210, basis are got shows corresponding information, returns to correct status to middleware, returns Return step 201;
Step 211, to middleware return error condition, return to step 201;
Step 212, signature digest value is treated according to current key signed, returned to signature result to middleware, return Step 201.
Embodiment described above is the present invention more preferably embodiment, and those skilled in the art is in this hair The usual variations and alternatives carried out in the range of bright technical scheme should all include within the scope of the present invention.

Claims (20)

  1. A kind of 1. quick endorsement method, it is characterised in that including:
    Signature device receives the instruction of middle ware issues;
    When receive middle ware issues Hash instruct when, the signature device from Hash instruction in obtain Hach result and Confirmation is shown, digest value to be signed is obtained according to the Hach result that gets and display confirmation, and to described Middleware returns to Hash repeat-back;
    When receiving the signature command of middle ware issues, the confirmation operation of signature device detection user, when detecting use Signature digest value is treated during the confirmation operation at family to be signed, and returns to signature result to the middleware;
    After the signature device obtains Hach result and display confirmation from Hash instruction, the detection user's Before confirming operation, in addition to:Corresponding information is shown according to the display confirmation.
  2. 2. the method as described in claim 1, it is characterised in that also include:
    The middleware receives the data comprising file path to be signed and display confirmation that Net silver client issues, according to The file path to be signed obtains file to be signed, among the file to be signed and the display confirmation tissue Message, Hach is carried out to the midamble, according to Hach result and the display confirmation tissue data Domain message, Hash instruction is generated according to the data field message, and Hash instruction is sent to the signature device;
    The middleware receives the Hash repeat-back that the signature device returns, and signature command is sent to the signature device.
  3. 3. method as claimed in claim 2, it is characterised in that also include display report in the data that the Net silver client issues Text;
    Before the middleware sends Hash instruction to the signature device, in addition to:The explicit message is parsed, is shown Data, output include the signature prompt message of the display data.
  4. 4. method as claimed in claim 3, it is characterised in that the middleware is according to the file to be signed and the display Confirmation tissue midamble, is specifically included:The middleware is by the explicit message, the file of the file to be signed Name, the file to be signed and the display confirmation carry out tissue according to predetermined format, obtain midamble.
  5. 5. method as claimed in claim 3, it is characterised in that the middleware is obtained according to the file path to be signed and treated After signature file, in addition to:The file to be signed is encoded, obtains the coded data of the file to be signed;
    The middleware specifically includes according to the file to be signed and the display confirmation tissue midamble:It is described Middleware is by the explicit message, the filename of the file to be signed, the coded data of the file to be signed and described Display confirmation carries out tissue according to predetermined format, obtains midamble.
  6. 6. method as claimed in claim 2, it is characterised in that the middleware carries out Hach to the midamble, Specifically include:
    Step A, described middleware carries out sequential packet to the midamble;If the length of the midamble is block length Integral multiple, then packet obtain packet message, if the length of the midamble is not the integral multiple of block length, be grouped To packet message and the packet remaining data of insufficient block length;
    Step B, Hash sequentially is carried out to the packet message that packet obtains, obtains middle digest value.
  7. 7. method as claimed in claim 6, it is characterised in that the middleware is according to Hach result and the display Confirmation tissue data field message, is specifically included:The middleware is by Hach result and the display confirmation According to:Middle digest value length, middle digest value, packet remaining data length, packet remaining data, TLV forms message length, The format sequential splicing of TLV form messages, obtains data field message;The TLV forms message is by default label, display confirmation letter Cease length and display confirmation order forms.
  8. 8. method as claimed in claim 7, it is characterised in that the middleware generates Hash according to the data field message and referred to Order, it is specially:Data field generation Hash instruction of the middleware using the data field message as instruction.
  9. 9. method as claimed in claim 8, it is characterised in that the signature device obtains Hach knot from Hash instruction Before fruit and display confirmation, in addition to:The signature device judges whether the length of the data field of Hash instruction is legal, is Then perform in the instruction from Hash and obtain Hach result and display confirmation, otherwise return to mistake to the middleware State, terminate.
  10. 10. method as claimed in claim 9, it is characterised in that methods described also includes:The middleware is set to the signature Preparation send signature context initialization instruction, and the signature device receives initialization signature ring after signature context initialization instruction Border, current key is selected, specify hash algorithm, and signature context initialization repeat-back is returned to the middleware.
  11. 11. method as claimed in claim 10, it is characterised in that the signature device obtains Hach from Hash instruction As a result with display confirmation, digest value to be signed, tool are obtained according to the Hach result and display confirmation that get Body includes:
    Step 1-1, described signature device judges whether include middle digest value in Hash instruction, is then obtained in Hash instruction Middle digest value, step 1-2 is performed, otherwise return to error condition to the middleware, terminated;
    Whether step 1-2, described signature device is judged comprising packet remaining data and display confirmation in Hash instruction, if bag The remaining data containing packet and display confirmation are then using the middle digest value as initial parameter, using the hash algorithm to dividing Group remaining data and display confirmation carry out Hash operation, obtain digest value to be signed;If only comprising display confirmation Using the middle digest value as initial parameter, Hash operation is carried out to display confirmation using the hash algorithm, treated Signature digest value;Error condition is returned to the middleware if only comprising packet remaining data, is terminated.
  12. 12. method as claimed in claim 11, it is characterised in that whether the signature device is judged in being included in Hash instruction Between digest value specifically include:Whether the signature device judges middle digest value length in Hash instruction equal to 0, is then Hash Do not include middle digest value in instruction, otherwise include middle digest value in Hash instruction, the signature device is according to the centre Digest value length obtains the middle digest value in signature command;
    The signature device judges whether specifically included in Hash instruction comprising packet remaining data and display confirmation:It is described Signature device judges whether the packet remaining data length in Hash instruction is equal to 0, is surplus not comprising packet in then Hash instruction Remainder evidence, otherwise obtained in Hash instruction comprising packet remaining data, the signature device according to the packet remaining data length Take the packet remaining data in signature command;The signature device judge Hash instruction in display confirmation length whether etc. In 0, it is not include display confirmation in then Hash instruction, otherwise includes display confirmation, the signature in Hash instruction Equipment obtains the display confirmation in signature command according to the display confirmation length.
  13. 13. method as claimed in claim 11, it is characterised in that the signature device judges true comprising display in Hash instruction When recognizing information, in addition to:The signature device judges whether the length of the display confirmation in Hash instruction is legal, if not conforming to Rule returns to error condition to the middleware, terminates;Continue to judge that the display confirmation in Hash instruction is if legal It is no complete, the display confirmation in the acquisition Hash instruction is performed if complete, is returned if imperfect to the middleware Error condition is returned, is terminated.
  14. 14. method as claimed in claim 10, it is characterised in that the Hash that the signature device receives middle ware issues refers to When making, in addition to:Judge whether the current key is preset-key, be then to perform to obtain to be grouped in the instruction from Hash to breathe out Uncommon result and display confirmation, otherwise return to error condition to the middleware, terminate.
  15. 15. the method as described in claim 1, it is characterised in that the signature that the signature device receives middle ware issues refers to After order, in addition to:User is prompted to confirm display information.
  16. A kind of 16. signature device, it is characterised in that including:
    Receiving module, for receiving the instruction of middle ware issues;
    Acquisition module, when the Hash for receiving middle ware issues when the receiving module instructs, obtain in Hash instruction Hach result and display confirmation, to be signed pluck is obtained according to the Hach result and display confirmation that get It is worth;
    Display module, the display confirmation for being got according to the acquisition module show corresponding information;
    Confirming signature blocks, the confirmation for when the receiving module receives signature command, detecting user operates, and when inspection The digest value to be signed obtained during the confirmation operation for measuring user to the acquisition module is signed, and obtains result of signing;
    Repeat-back module, for returning to Hash repeat-back and signature result to middleware.
  17. 17. signature device as claimed in claim 16, it is characterised in that the signature device also includes:Environment of signing is initial Change module, for when the receiving module receives signature context initialization instruction, initialization signature environment, selecting current close Key, specify hash algorithm.
  18. 18. signature device as claimed in claim 17, it is characterised in that the signature device also includes:Judge module, it is used for Judge the current key of the signature context initialization module selection whether for preset-key;
    The acquisition module, specifically for receiving Hash instruction when the receiving module, and described in judge module judgement When the current key of signature context initialization module selection is preset-key, obtains the Hach result in Hash instruction and show Show confirmation, the Hach result and display confirmation got according to the acquisition module obtains summary to be signed Value.
  19. 19. signature device as claimed in claim 16, it is characterised in that the display module is additionally operable to prompt user to confirm to show Show information.
  20. 20. signature device as claimed in claim 16, it is characterised in that the acquisition module specifically includes acquiring unit and Kazakhstan Uncommon unit:
    The acquiring unit is used to, when the receiving module receives the Hash instruction of middle ware issues, obtain from Hash instruction Take middle digest value, packet remaining data and display confirmation;
    The hash units are used for when the acquiring unit gets middle digest value, packet remaining data and display confirmation When, using the middle digest value as initial parameter, Hash fortune is carried out to the packet remaining data and the display confirmation Calculate, obtain digest value to be signed;When the acquiring unit gets middle digest value and display confirmation, with the centre Digest value is initial parameter, carries out Hash operation to the display confirmation, obtains digest value to be signed.
CN201510462903.6A 2015-07-31 2015-07-31 A kind of quick endorsement method and signature device Active CN105162594B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510462903.6A CN105162594B (en) 2015-07-31 2015-07-31 A kind of quick endorsement method and signature device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510462903.6A CN105162594B (en) 2015-07-31 2015-07-31 A kind of quick endorsement method and signature device

Publications (2)

Publication Number Publication Date
CN105162594A CN105162594A (en) 2015-12-16
CN105162594B true CN105162594B (en) 2018-03-30

Family

ID=54803359

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510462903.6A Active CN105162594B (en) 2015-07-31 2015-07-31 A kind of quick endorsement method and signature device

Country Status (1)

Country Link
CN (1) CN105162594B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106789087B (en) * 2017-01-26 2020-01-07 数安时代科技股份有限公司 Method and system for determining data digest of message and multi-party-based digital signature
CN111832081A (en) * 2020-07-21 2020-10-27 杭州天谷信息科技有限公司 OFD quick signing method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101631022A (en) * 2009-08-04 2010-01-20 北京飞天诚信科技有限公司 Signing method and system thereof
WO2010022767A1 (en) * 2008-08-26 2010-03-04 Telefonaktiebolaget Lm Ericsson (Publ) Packet forwarding in a network
CN103763103A (en) * 2013-12-31 2014-04-30 飞天诚信科技股份有限公司 Method for generating off-line authentication certifications through intelligent card
CN104639328A (en) * 2015-01-29 2015-05-20 华南理工大学 GOOSE message authentication method and GOOSE (Generic Object Oriented Substation Event) message authentication system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010022767A1 (en) * 2008-08-26 2010-03-04 Telefonaktiebolaget Lm Ericsson (Publ) Packet forwarding in a network
CN101631022A (en) * 2009-08-04 2010-01-20 北京飞天诚信科技有限公司 Signing method and system thereof
CN103763103A (en) * 2013-12-31 2014-04-30 飞天诚信科技股份有限公司 Method for generating off-line authentication certifications through intelligent card
CN104639328A (en) * 2015-01-29 2015-05-20 华南理工大学 GOOSE message authentication method and GOOSE (Generic Object Oriented Substation Event) message authentication system

Also Published As

Publication number Publication date
CN105162594A (en) 2015-12-16

Similar Documents

Publication Publication Date Title
CN104866418B (en) Automated testing method and system
CN106843957A (en) System firmware upgrade method and device
CN104811359B (en) A kind of serial port communication method and terminal
CN107018523A (en) WIFI module method of testing and device
CN105791246B (en) Verification method, the apparatus and system of verification information
CN103501391B (en) A kind of method and system managing user's brush machine behavior
CN105162594B (en) A kind of quick endorsement method and signature device
CN105072616B (en) The verification method of brush machine ROM and the verifying device of brush machine ROM
CN109428778B (en) Mainboard network connectivity test method and device
CN102904893A (en) Verifying device and verifying method
CN106952426A (en) Data processing method and device
CN110480633B (en) Method and device for controlling equipment and storage medium
CN105530309A (en) IoT control platform and implementation method thereof
US8793658B2 (en) Method for operating a household appliance and household appliance intended for use in such a method
CN110413328A (en) A kind of PXE function enabled method, device and the relevant device of network interface card port
CN104853447B (en) A kind of data information processing method and device
CN104899107B (en) A kind of information processing method and electronic equipment
CN105468486A (en) Method and device for testing serial ports of servers
CN111490965B (en) System and method for detecting weak password in Windows environment
WO2017092391A1 (en) Middle-tier database virtual control and testing method and system utilizing same
CN109088733A (en) A kind of implementation method and device of application of IC cards extension
CN115934513A (en) Demand analysis and test design adaptation method, device, equipment and medium
CN109981585A (en) Business handling method and apparatus
CN105389205B (en) A kind of information processing method and electronic equipment
CN110018854B (en) Firmware matching method, equipment and computer readable storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant