CN107911222A - Digital signature generation, verification method and its equipment and storage medium - Google Patents

Digital signature generation, verification method and its equipment and storage medium Download PDF

Info

Publication number
CN107911222A
CN107911222A CN201711178114.5A CN201711178114A CN107911222A CN 107911222 A CN107911222 A CN 107911222A CN 201711178114 A CN201711178114 A CN 201711178114A CN 107911222 A CN107911222 A CN 107911222A
Authority
CN
China
Prior art keywords
digital
digital signature
digital certificate
path
signature
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201711178114.5A
Other languages
Chinese (zh)
Other versions
CN107911222B (en
Inventor
苏志辉
欧阳涛
唐占国
王高华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Vorthong Electronic Certification Services Co Ltd
Original Assignee
Vorthong Electronic Certification Services Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Vorthong Electronic Certification Services Co Ltd filed Critical Vorthong Electronic Certification Services Co Ltd
Priority to CN201711178114.5A priority Critical patent/CN107911222B/en
Priority to PCT/CN2017/120026 priority patent/WO2019100531A1/en
Publication of CN107911222A publication Critical patent/CN107911222A/en
Application granted granted Critical
Publication of CN107911222B publication Critical patent/CN107911222B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3249Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of digital signature generation method and its equipment, digital signature authentication method and its equipment and computer-readable recording medium.Wherein, which includes:Obtain the path of first object data and its corresponding digital certificate, calculate the first summary info of first object data, according to the first summary info and the coordinates measurement message digest of digital certificate, message digest is digitally signed by private key corresponding with the public key in digital certificate.Technical scheme makes digital signature be verified after can obtaining digital certificate by the path of addition in verification, making can be without directly adding reduction of the digital certificate so as to fulfill digital signature data amount in digital signature, so as to accelerate digital signature authentication and transmission speed, reduce digital signature applications when occupied space and power consumption.

Description

Digital signature generation, verification method and its equipment and storage medium
Technical field
The present invention relates to digital signature technology field, more particularly to digital signature generation method and its equipment, digital signature Verification method and its equipment and computer-readable recording medium..
Background technology
Digital signature is exactly to be signed using digital certificate to data or file, can be used for proving data or file Integrality, it was demonstrated that the identity of data signature person.
Verification digital signature needs to verify the public key certificate of signer, and the application of digital signature standard is to sign at present The certificate chain of middle embedded signing certificate, this causes signed data up to 6K bytes, this is not asked for the file signature in PC epoch Topic, but be then a bigger data burden in the mobile Internet epoch.Digital signature will be widely used in mobile interchange Various applications are netted, traditional digital signature authentication method based on the PC epoch not only wastes the flow of mobile subscriber, but also can account for With user mobile phone CPU and memory space resource, the increase of mobile phone power consumption amount will be also caused, reduces stand-by time.
The above is only used to facilitate the understanding of the technical scheme, and is not represented and is recognized that the above is existing skill Art.
The content of the invention
It is a primary object of the present invention to provide a kind of digital signature generation method, it is intended to reduce the data of digital signature Amount, thus accelerate digital signature authentication and transmission speed, reduce digital signature applications when occupied space and power consumption.
To achieve the above object, the present invention provides a kind of digital signature generation method, the digital signature generation method, institute Digital signature generation method is stated to comprise the following steps:
Obtain the path of first object data and its corresponding digital certificate;
Calculate the first summary info of the first object data;
According to first summary info and the coordinates measurement message digest of the digital certificate;
The message digest is digitally signed by private key corresponding with the public key in the digital certificate.
Preferably, it is described according to the step of the coordinates measurement message digest of first summary info and the digital certificate Including:
Summary attribute is generated according to first summary info, according to the coordinates measurement path attribute of the digital certificate;
According to the summary attribute and path attribute construction signature attribute collection;
The message digest is generated according to the signature attribute collection.
Preferably, before the step of path of the acquisition first object data and its corresponding digital certificate, further include:
Obtain the digital certificate and generate the path of the digital certificate;
The digital certificate is stored into the path of the digital certificate.
Preferably, the step of path of the generation digital certificate includes:
Extract the identification information of the digital certificate;
The path of the digital certificate is generated according to the identification information.
In addition, to achieve the above object, the present invention also provides a kind of digital signature to generate equipment, it is characterised in that described Digital signature generation equipment includes memory, processor and is stored on the memory and can run on the processor Computer program, is realized when the computer program is performed by the processor as any one of them digital signature generates above The step of method.
In addition, to achieve the above object, the present invention also provides a kind of computer-readable recording medium, it is characterised in that institute State and digital signature generation program is stored with computer-readable recording medium, the digital signature generation program is executed by processor Shi Shixian is such as the step of any one of them digital signature generation method above.
In addition, to achieve the above object, the present invention also provides a kind of digital signature authentication method, based on such as any one of above The digital signature of the digital signature generation method generation, the digital signature authentication method comprise the following steps:
Obtain the digital signature;
Parse the path of the digital certificate in the digital signature;
Corresponding digital certificate is obtained according to the path of the digital certificate;
With digital signature described in the digital certificate authentication.
Preferably, the step of path of the digital certificate in the parsing digital signature includes:
Parse the signature attribute collection of the digital signature;
Parse the feature field in the path of digital certificate described in the data structure of the signature attribute collection;
The path of the digital certificate is extracted from the feature field.
Preferably, before described the step of using digital signature described in the digital certificate authentication, further include:
Obtain and associated second target data of the digital signature;
The second summary info of second target data is calculated, first for parsing and extracting the signature attribute concentration is plucked Want information;
Judge whether second summary info and first summary info are consistent;
If so, then perform described the step of using digital signature described in the digital certificate authentication;
If it is not, the result that then output verification does not pass through.
Preferably, described the step of obtaining corresponding digital certificate according to the path of the digital certificate, includes:
Judge that the home server whether there is the digital certificate according to the path of the digital certificate;
If in the presence of from the home server acquisition digital certificate;
If being not present, the digital certificate is obtained from remote server according to the path of the digital certificate.
In addition, to achieve the above object, the present invention also provides a kind of digital signature authentication equipment, it is characterised in that described Digital signature authentication equipment includes memory, processor and is stored on the memory and can run on the processor Computer program, realizes such as any one of them digital signature authentication above when the computer program is performed by the processor The step of method.
In addition, to achieve the above object, the present invention also provides a kind of computer-readable recording medium, it is characterised in that institute State and digital signature authentication program is stored with computer-readable recording medium, the digital signature generation program is executed by processor Shi Shixian is such as the step of any one of them digital signature authentication method above.
A kind of digital signature generation method that the embodiment of the present invention proposes, by adding digital certificate in digital signature Path, makes digital signature be verified that making can in digital signature after can obtaining digital certificate by the path of addition in verification Without directly adding reduction of the digital certificate so as to fulfill digital signature data amount, so as to accelerate digital signature authentication and transmission Speed, reduce digital signature applications when occupied space and power consumption.
Brief description of the drawings
Fig. 1 is the device structure signal for the hardware running environment that digital signature generation method scheme of the embodiment of the present invention is related to Figure;
Fig. 2 is the device structure signal for the hardware running environment that digital signature authentication method scheme of the embodiment of the present invention is related to Figure;
Fig. 3 is the first pass schematic diagram of digital signature generation method of the embodiment of the present invention;
Fig. 4 is the second procedure schematic diagram of digital signature generation method of the embodiment of the present invention;
Fig. 5 is the 3rd flow diagram of digital signature generation method of the embodiment of the present invention;
Fig. 6 is the first pass schematic diagram of digital signature authentication method of the embodiment of the present invention;
Fig. 7 is the second procedure schematic diagram of digital signature authentication method of the embodiment of the present invention;
Fig. 8 is the 3rd flow diagram of digital signature authentication method of the embodiment of the present invention;
Fig. 9 is the 4th flow diagram of digital signature authentication method of the embodiment of the present invention.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
The primary solutions of the embodiment of the present invention are:Obtain the road of first object data and its corresponding digital certificate Footpath, calculates the first summary info of the first object data, according to the road of first summary info and the digital certificate Footpath generates message digest, and digital label are carried out to the message digest by private key corresponding with the public key in the digital certificate Name.
Due to the certificate chain of the prior art embedded signing certificate in signature, this make it that signed data amount is big, and numeral is signed The transmission and application of name cause larger data to bear.
The present invention provides a solution, by adding the path of digital certificate in digital signature, makes digital signature Verified after can obtaining digital certificate by the path of addition in verification, making can be without directly addition numeral in digital signature Certificate, so as to accelerate the speed of digital signature authentication and transmission, reduces numeral label so as to fulfill the reduction of digital signature data amount Occupied space and power consumption during name application.
As depicted in figs. 1 and 2, Fig. 1 is the hardware operation ring that the embodiment of the present invention digital signature generation method is related to The device structure schematic diagram in border, Fig. 2 are the hardware running environments that the embodiment of the present invention digital signature authentication method is related to Device structure schematic diagram.
Digital signature generation method and digital signature verification method in the embodiment of the present invention are suitable for all digital signature The scene of service, while support PC applications, mobile application and Internet of Things application, as RFC3161 time-stamping services, code signature are answered Applied with, document signature, equipment communication signature application etc..
The equipment of operation digital signature of embodiment of the present invention generation method or digital signature authentication method can include:Processing Device 1001, such as CPU, network interface 1002, memory 1003, communication bus 1004.Wherein, communication bus 1004 is used for realization Connection communication between these components.Network interface 1002 can optionally include standard wireline interface and wireless interface (such as WI-FI interfaces).Memory 1003 can be high-speed RAM memory or the memory (non-volatile of stabilization ), such as magnetic disk storage memory.Memory 1003 can be the built-in storage apparatus of equipment, can also be independently of equipment and The storage device being connected with equipment.Network interface 1002 is mainly used for connecting network, by network and other servers into line number According to communication.
It will be understood by those skilled in the art that Fig. 1 and device structure shown in Figure 2 do not form the restriction to equipment, It can include than illustrating more or fewer components, either combine some components or different components arrangement.
As shown in Figure 1, when equipment is used as digital signature generation, the memory 1003 as a kind of computer-readable storage medium In can include operating system, network communication module and digital signature generation program.Processor 1001 can be used for calling and deposit The digital signature generation program stored in reservoir 1003, and perform the behaviour of each step of digital signature generation method in following embodiments Make.Specifically, the computer-readable recording medium can be the movable storage devices such as USB flash disk, mobile storage hard disk, or interior The memory being placed in each digital signature generation equipment.
As shown in Fig. 2, when equipment is used as digital signature authentication, the memory 1003 as a kind of computer-readable storage medium In can include operating system, network communication module and digital signature authentication program.Processor 1001 can be used for calling and deposit The digital signature authentication program stored in reservoir 1003, and perform the behaviour of each step of digital signature authentication method in following embodiments Make.Specifically, the computer-readable recording medium can be the movable storage devices such as USB flash disk, mobile storage hard disk, or interior The memory being placed in each digital signature generation equipment.
In actual use, user can according to the actual requirements equipment computer-readable storage medium or be placed outside equipment and Digital signature generation program or digital signature authentication program are stored in the computer-readable storage medium being connected with equipment, equipment is held The step of line number word signature generating method or digital signature authentication method.In addition, the computer-readable storage medium of same equipment can There are generation and the proving program of digital signature at the same time, make equipment to be provided simultaneously with performing digital signature generation method or numeral label The function of the step of name verification method.Specifically, digital signature generation equipment or digital signature authentication equipment can be specially mobile phone, Computer, tablet computer, payment terminal (such as automatic teller machine etc.) etc. are all need to be digitally signed generation or digital signature authentication Equipment.
With reference to Fig. 3, the embodiment of the present invention provides a kind of digital signature generation method, the digital signature generation method bag Include:
Step S10, obtains the path of first object data and its corresponding digital certificate;
Before generation is digitally signed, it can first create and the path of digital certificate, a path correspond to unique One digital certificate for being used for digital signature, which includes corresponding with the private key for first object data signature Public key, corresponding digital certificate can be got according to the path of data certificate from network.Path can individually store, and also serve as numeral One attribute information of certificate is stored in digital certificate.Path, which may be based on user, to be needed based on access under different agreements Location, specific is preferably the URL addresses based on hypertext transfer protocol, such as:
http://aia.wotrus.com/ts/77167C0042400E66C9937539CC2CV806.cer, easy to institute The digital signature service application for having networking can get digital certificate, make the acquisition of digital certificate have broad applicability.
When being digitally signed generation, the first object data for needing to be digitally signed and and first object are obtained The path of the corresponding digital certificate of data.When an equipment is digitally signed generation for the data of a certain specific user, prestore When having the path of unique digital certificate, the path of the corresponding digital certificate of first object data can be directly acquired.Due to possible Have same equipment for a variety of first object data carry out data signature, as different user with same computer to its file into During row signature, different first object data can need different digital certificates sign, and equipment corresponding can prestore more The path of a digital certificate, therefore when the path of first object data and digital certificate is not to uniquely determine and can not directly acquire When, can be after first object data be obtained, according to the path of the corresponding digital certificate of first object data selection acquisition, easy to set It is standby to be digitally signed for different first object data.
When the attribute information that path is digital certificate, the acquisition in the path of digital certificate can be by obtaining digital certificate Afterwards, the attribute information of digital certificate is parsed to obtain the path of digital certificate.Also digital card can got according to path After book, the path of digital certificate is locally being preserved to the attribute information of digital certificate, the differentiation of digital certificate can be easy to after Continuous application.
Step S20, calculates the first summary info of the first object data;
The first object data (such as picture, file, message) for needing digital signature are calculated with message digest algorithm The first summary info, such as MD5 or SHA algorithms are obtained, the first obtained summary info is embodied in DER codings.This first Summary info characterizes the main contents of first object data.
Step S30, according to first summary info and the coordinates measurement message digest of the digital certificate;
According to the coordinates measurement DER coding results of the summary of first object data and digital certificate.Specifically, except first Outside the summary of target data and the path of digital certificate, above-mentioned DER coding results may also be combined with related to first object data Attribute information generation, such as signature the time.DER coding results comprising digital certificate path are calculated by hash algorithm To the message digest of digital signature.Message digest refers to that the incoming message of random length is computed by one-way Hash function algorithm Go out the output of fixed bit, for checking that whether correct first object data are complete.
Step S40, the message digest is carried out digital label by private key corresponding with the public key in the digital certificate Name.
After message digest generation comprising digital certificate path, the public key using digital certificate in the path with addition is corresponding Private key sign to message digest, to ensure the confidence level in path, specifically can use short key volume ECC or SM2 encryption calculate Method.
In the embodiment of the present invention, a kind of digital signature generation method of proposition, by according to first object data The coordinates measurement message digest of first summary info and digital certificate, makes digital signature can be by parsing digital signature in verification The path remote of middle digital certificate is verified that making can be without directly adding digital certificate in digital signature after obtaining digital certificate So as to fulfill the reduction of digital signature data amount, so as to accelerate the speed of digital signature authentication and transmission, reducing digital signature should The occupied space and power consumption of used time.
Specifically, with reference to Fig. 4, according to the coordinates measurement message digest of first summary info and the digital certificate The step of one summary info, includes:
Step S31, generates summary attribute, according to the coordinates measurement road of the digital certificate according to first summary info Footpath attribute;
Step S32, signature attribute collection is constructed according to the summary attribute and the path attribute;
Step S33, the message digest is generated according to the signature attribute collection.
When the path of digital certificate and signature time need not be added when the attribute information of digital signature, digital signature Message digest can be directly calculated by the first summary info.And in order to further meet user demand, given birth in digital signature During, except the main contents of first object data also need the digital signature such as path, the signature time of addition digital certificate Attribute information to generate digital signature when, can by first constructing signature attribute collection, signature attribute integrate the path as digital signature, The set of the property value of the various characterization digital signature such as time, type, content, concretely the parameter preset in system, also may be used For the user setting parameter of acquisition., can be using the first summary info being calculated as label in signature attribute collection construction process Summary attribute in name property set, additionally can basis by the coordinates measurement Path extension attribute of the digital certificate of required addition The association attributes of other attribute informations generation first object data of actual use demand acquisition digital signature, the attribute that will make a summary, Path extension attribute and the association attributes all properties of first object data are integrated together to form signature in the form of DER is encoded Property set, and message digest is generated according to signature attribute collection, message digest is digitally signed and can be achieved to be used to verify The path of the digital certificate of digital signature is added in digital signature.
Specifically, in order to meet communication industry standard, digital signature generation method of the present invention and digital signature authentication are improved The general applicability of method, the data structure of signature attribute collection include the crucial category such as contentType, messageDigest Property value and other non-key extended attributes for adding of needs, and each property value has each customized ASN data.Wherein MessageDigest values are the extension for the generation that the related data structures that are defined according to standard and first object data are calculated Field, contentType be the related data structures that are defined according to standard and with the relevant information of first object data type The extended field (such as timestamp, Microsoft codes) of generation;Non-key extended attribute can then be added according to the actual requirements Add, specific path attribute is preferably AIA extended attributes as non-key extended attribute.AIA expands to Communication in China industry In standard, on a non-key extension in certificate extensions, the method that other CA information are obtained for formulation.
Specifically, can be specially according to the step of coordinates measurement Path extension attribute of the digital certificate:Numeral is demonstrate,proved The path of book is (such as:
http://aia.wotrus.com/ts/77167C0042400E66C9937539CC2CV806.cer)
It is added in the ASN.1 structures for the AIA extensions that communication industry standard defines and generates the AIA for including digital certificate path Extended field, such as:
Access Method=signers certificate access (1.3.6.1.4.1.50570.2.8)
Alternative Name:
URL=http://aia.wotrus.com/ts/77167C0042400E66C9937539CC2CV806.cer
After AIA extended fields of the generation comprising digital certificate path, AIA extended fields are added to signature attribute collection first In the ASN data structures of summary info.
Specifically, with reference to Fig. 5, it is described obtain first object data and its corresponding digital certificate path the step of before, Further include:
Step S01, obtains the digital certificate and generates the path of the digital certificate;
Step S02, the digital certificate is stored into the path of the digital certificate.
Before being digitally signed to first object data, the numeral for first object data digital signature can be first obtained Certificate and the path for generating digital certificate, digital certificate is saved in corresponding path.Specifically, digital certificate can be uploaded Into server, server generation may have access to the path of digital certificate, and digital certificate is saved among the path of generation.Path Can be had according to actual conditions a variety of, need to only ensure that path corresponds to a certificate.
Specifically, the step of generating the path of the digital certificate includes
Step S001, extracts the identification information of the digital certificate;
Step S002, the path of the digital certificate is generated according to the identification information.
After obtaining digital certificate, digital certificate can be parsed to obtain its identification information, identification information is the difference number The characteristic information of word certificate and other digital certificates, the numbering of such as certificate.In the generation in digital certificate path, mark is believed Breath is added in path, can be as the mark of digital certificate.Such as path http://aia.wotrus.com/ts/ " 77167C0042400E66C9937539CC2CV806 " 77167C0042400E66C9937539CC2CV806.cer in is The numbering of digital certificate.
The embodiment of the present invention also proposes a kind of digital signature authentication method, based on the digital signature life in such as above-described embodiment Into the digital signature of method generation, as shown in fig. 6, the digital signature authentication method comprises the following steps:
Step S100, obtains the digital signature;
Step S200, parses the path of the digital certificate in the digital signature;
Step S300, corresponding digital certificate is obtained according to the path of the digital certificate;
Step S400, with digital signature described in the digital certificate authentication.
When needing to be verified using the secure file of digital signature, extraction is digitally signed to this document, is extracted Message digest in digital signature, parses message digest to obtain the various signature attributes of signature attribute concentration, is being signed Identification obtains the path of digital certificate in the data structure of property set, such as:http://aia.wotrus.com/ts/ 77167C0042400E66C9937539CC2CV806.cer.Obtained from home server or remote server in path according to obtaining Take corresponding digital certificate.After digital certificate is got, digital signature is verified using the public key in digital certificate, when Signature value in digital certificate is consistent with the signature value in the signature attribute collection data structure in digital signature, is verified, if It is inconsistent, verify and do not pass through.
Specifically, as shown in fig. 7, the step of path of digital certificate in the parsing digital signature include:
Step S210, parses the signature attribute collection of the digital signature;
Step S220, parses the feature field in the path of digital certificate described in the data structure of the signature attribute collection;
Step S230, extracts the path of the digital certificate from the feature field.
Digital certificate path obtains:The message digest of digital signature is parsed to obtain signature attribute collection ASN data structures, identify the feature field in the path of digital certificate from data structure according to preset protocol, and preset protocol is number Word signature generation side and the communication protocol of digital signature authentication side's agreement, when both sides follow communications industry agreement, this feature Field is preferably AIA extended fields.Feature field is identified and the path of digital certificate among extracting.
Reused for the ease of user, the digital signature authentication method further includes:
Step S500, in the digital signature authentication by rear, the digital certificate is preserved in home server.
Since digital certificate is from remote server acquisition, digital signature is tested using the digital certificate got by address After card passes through, number can be directly used in the digital certificate that home server preservation is got, the wherein filename of digital certificate The path of word certificate is named;Also the identification information that can parse to obtain digital certificate according to path is named;Also can be to obtaining The attribute information parsing for the digital certificate got, using the attribute information for being different from other certificates of the digital certificate as preservation Filename, easy to be distinguished when same device memory has multiple digital certificates.Further, due to being set there may be same Whether the standby situation that same digital certificate is used for multiple times, when preserving digital certificate, can first judge existing in home server The digital certificate, the mode of the identification information locating file name of specific usable certificate, if in the presence of being not required to demonstrate,prove Contemporary Digital Book is preserved, and Contemporary Digital certificate is preserved if there is no if.
In the embodiment of the present invention, a kind of digital signature authentication method of proposition, in digital signature authentication, according to reality The path for practising the digital certificate being resolved in signature obtains corresponding digital certificate, and uses the digital certificate authentication got, Make the data volume of the digital signature accessed by digital signature authentication equipment few, accelerate the speed of digital signature authentication, reduce number The power consumption that word is signed in the occupied space in equipment and verification.
Specifically, in the safety applications of digital signature, using digital signature to signing after, digital signature and first Target data collectively forms secure file.In Implementation of File Transfer, if can cause to pacify to the data modification in the secure file First object data when whole file generates and the second target data in verification are inconsistent.Thus, it is complete for guarantee data The demand of whole property, when being verified to secure file, the verification of digital signature is associated with the verification of the second target data, therefore, With reference to Fig. 9, before described the step of obtaining corresponding digital certificate according to the path of the digital certificate, further include:
Step S600, obtains and associated second target data of the digital signature;
The second target data is extracted from the file using digital signature, which is to make in secure file The data signed with above-mentioned digital signature, the second target data are associated with digital signature.It should be noted that actually holding During row, step S600 and step S100 does not have clear and definite precedence, can be carried out at the same time.
Step S700, calculates the second summary info of second target data, parses and extract the signature attribute collection In the first summary info;
Using with digital signature generate when calculate the first summary info as algorithm the second target data is calculated, The second summary info is obtained, and after the signature attribute collection during parsing obtains digital signature, signature attribute collection is parsed And extract first obtained during digital signature generation and pluck information.It should be noted that parsing and the digital certificate of the first summary The parsing of the feature field in path does not have clear and definite precedence.
Step S800, judges whether second summary info and first summary info are consistent;If so, then perform step Rapid S400, if it is not, then performing step S900;
Step S900, the result that output verification does not pass through.
Compare the first summary info and whether the second summary info is consistent, when the first summary info and the second summary info one During cause, it can determine that the second target data is consistent with the first object data for generating the digital signature, ensure that the one of target data After cause property, the numeral that further using the method referred in above-described embodiment the path by digital certificate can be used to get is demonstrate,proved Book verifies digital signature, when the first summary info and inconsistent the second summary info, it is believed that the second target data Inconsistent with the first object data that generate the digital signature, the second target data is data after revising, then can be direct In digital signature authentication equipment output verification do not pass through as a result, need not reuse that digital certificate is digitally signed tests Card, to meet security requirement when signing using digital signature to data.It should be noted that according to digital certificate Path obtains the step of corresponding digital certificate before the second summary info is verified or by rear progress, and there is no clear and definite Precedence.
By the above-mentioned means, digital signature authentication is set when can ensure to carry out target data using digital signature signature application The integrality of the standby target data got.
Further, it is therefore, described according to institute with reference to Fig. 8 based on can be preserved in home server to digital certificate The step of path acquisition corresponding digital certificate for stating digital certificate, includes:
Step S310, judges that the home server is demonstrate,proved with the presence or absence of the numeral according to the path of the digital certificate Book;
If in the presence of, step S320 is performed, if being not present, performs step S330,
Step S320, then obtain the digital certificate from the home server;
Step S330, then obtain the digital certificate according to the path of the digital certificate from remote server.
In the acquisition of digital certificate, can first judge first in home server with the presence or absence of the path pair with digital certificate The digital certificate answered, is such as searched using the identification information in the path or path of digital certificate, in the presence of, then can directly from Home server obtains the verification that certificate is used for digital signature, there is no when, then according to the path of digital certificate from remote service Device obtains digital certificate.
Specifically, the path according to the digital certificate judges that the home server is demonstrate,proved with the presence or absence of the numeral The step of book, includes:
Step S311, parses the identification information of the digital certificate in the path of the digital certificate;
Step S312, searches the home server according to the identification information and whether there is the digital certificate.
Behind the path for obtaining digital certificate, the path of digital certificate is parsed, obtains the mark of digital certificate in path Know information, searched according to identification information with the presence or absence of the file with identification information match in home server, the file matched The digital certificate of as required acquisition.
It should be noted that digital certificate distinguishes the feature letter of the digital certificate when home server is preserved for identifying Breath and the feature for being used to judge behind the path of acquisition digital certificate to whether there is corresponding digital certificate in home server are believed Breath is corresponding.
It should be noted that herein, term " comprising ", "comprising" or its any other variant are intended to non-row His property includes, so that process, method, article or system including a series of elements not only include those key elements, and And other elements that are not explicitly listed are further included, or further include as this process, method, article or system institute inherently Key element.In the absence of more restrictions, the key element limited by sentence "including a ...", it is not excluded that including this Also there are other identical element in the process of key element, method, article or system.
The embodiments of the present invention are for illustration only, do not represent the quality of embodiment.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side Method can add the mode of required general hardware platform to realize by software, naturally it is also possible to by hardware, but in many cases The former is more preferably embodiment.Based on such understanding, technical scheme substantially in other words does the prior art Going out the part of contribution can be embodied in the form of software product, which is stored in one as described above In storage medium (such as ROM/RAM, magnetic disc, CD), including some instructions use so that a station terminal equipment (can be mobile phone, Computer, server, air conditioner, or network equipment etc.) perform method described in each embodiment of the present invention.
It these are only the preferred embodiment of the present invention, be not intended to limit the scope of the invention, it is every to utilize this hair The equivalent structure or equivalent flow shift that bright specification and accompanying drawing content are made, is directly or indirectly used in other relevant skills Art field, is included within the scope of the present invention.

Claims (12)

1. a kind of digital signature generation method, it is characterised in that the digital signature generation method comprises the following steps:
Obtain the path of first object data and its corresponding digital certificate;
Calculate the first summary info of the first object data;
According to first summary info and the coordinates measurement message digest of the digital certificate;
The message digest is digitally signed by private key corresponding with the public key in the digital certificate.
2. digital signature generation method as claimed in claim 1, it is characterised in that it is described according to first summary info and The step of coordinates measurement message digest of the digital certificate, includes:
Summary attribute is generated according to first summary info, according to the coordinates measurement path attribute of the digital certificate;
According to the summary attribute and path attribute construction signature attribute collection;
The message digest is generated according to the signature attribute collection.
3. digital signature generation method as claimed in claim 2, it is characterised in that the acquisition first object data and its right Before the step of path for the digital certificate answered, further include:
Obtain the digital certificate and generate the path of the digital certificate;
The digital certificate is stored into the path of the digital certificate.
4. digital signature generation method as claimed in claim 3, it is characterised in that the path of the generation digital certificate The step of include:
Extract the identification information of the digital certificate;
The path of the digital certificate is generated according to the identification information.
5. a kind of digital signature generates equipment, it is characterised in that the digital signature generation equipment include memory, processor and The computer program that can be run on the memory and on the processor is stored in, the computer program is by the processing The step of digital signature generation method according to any one of claims 1 to 4 is realized when device performs.
6. a kind of computer-readable recording medium, it is characterised in that digital label are stored with the computer-readable recording medium Name generation program, the digital signature generation program are realized according to any one of claims 1 to 4 when being executed by processor The step of digital signature generation method.
7. a kind of digital signature authentication method, the numeral based on the digital signature generation method generation as described in Claims 1-4 Signature, it is characterised in that the digital signature authentication method comprises the following steps:
Obtain the digital signature;
Parse the path of the digital certificate in the digital signature;
Corresponding digital certificate is obtained according to the path of the digital certificate;
With digital signature described in the digital certificate authentication.
8. digital signature authentication method as claimed in claim 7, it is characterised in that the number in the parsing digital signature The step of path of word certificate, includes:
Parse the signature attribute collection of the digital signature;
Parse the feature field in the path of digital certificate described in the data structure of the signature attribute collection;
The path of the digital certificate is extracted from the feature field.
9. digital signature authentication method as claimed in claim 8, it is characterised in that described to use the digital certificate authentication institute Before the step of stating digital signature, further include:
Obtain and associated second target data of the digital signature;
The second summary info of second target data is calculated, parses and extract the first summary letter that the signature attribute is concentrated Breath;
Judge whether second summary info and first summary info are consistent;
If so, then perform described the step of using digital signature described in the digital certificate authentication;
If it is not, the result that then output verification does not pass through.
10. digital signature authentication method as claimed in claim 9, it is characterised in that the road according to the digital certificate The step of footpath acquisition corresponding digital certificate, includes:
Judge that the home server whether there is the digital certificate according to the path of the digital certificate;
If in the presence of from the home server acquisition digital certificate;
If being not present, the digital certificate is obtained from remote server according to the path of the digital certificate.
11. a kind of digital signature authentication equipment, it is characterised in that the digital signature authentication equipment includes memory, processor And the computer program that can be run on the memory and on the processor is stored in, the computer program is by the place Manage the step of realizing the digital signature authentication method as any one of claim 7 to 10 when device performs.
12. a kind of computer-readable recording medium, it is characterised in that digital label are stored with the computer-readable recording medium Name proving program, the digital signature generation program are realized as any one of claim 7 to 10 when being executed by processor Digital signature authentication method the step of.
CN201711178114.5A 2017-11-21 2017-11-21 Digital signature generating method, digital signature verifying method, digital signature generating apparatus, digital signature verifying apparatus, and storage medium storing digital signature verifying program Active CN107911222B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201711178114.5A CN107911222B (en) 2017-11-21 2017-11-21 Digital signature generating method, digital signature verifying method, digital signature generating apparatus, digital signature verifying apparatus, and storage medium storing digital signature verifying program
PCT/CN2017/120026 WO2019100531A1 (en) 2017-11-21 2017-12-29 Digital signature generation method and device thereof, verification method and device thereof, and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711178114.5A CN107911222B (en) 2017-11-21 2017-11-21 Digital signature generating method, digital signature verifying method, digital signature generating apparatus, digital signature verifying apparatus, and storage medium storing digital signature verifying program

Publications (2)

Publication Number Publication Date
CN107911222A true CN107911222A (en) 2018-04-13
CN107911222B CN107911222B (en) 2020-08-28

Family

ID=61847180

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711178114.5A Active CN107911222B (en) 2017-11-21 2017-11-21 Digital signature generating method, digital signature verifying method, digital signature generating apparatus, digital signature verifying apparatus, and storage medium storing digital signature verifying program

Country Status (2)

Country Link
CN (1) CN107911222B (en)
WO (1) WO2019100531A1 (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108683507A (en) * 2018-05-03 2018-10-19 湖南东方华龙信息科技有限公司 The method for verifying high in the clouds certificate integrality by the way that chained list can be traced
CN108764869A (en) * 2018-05-28 2018-11-06 北京比特大陆科技有限公司 A kind of encrypted method and apparatus of realization Transaction Information
CN108764921A (en) * 2018-05-24 2018-11-06 北京比特大陆科技有限公司 A kind of method and apparatus for realizing Transaction Information verification
CN108764867A (en) * 2018-05-24 2018-11-06 北京比特大陆科技有限公司 A kind of method and apparatus for realizing Transaction Information verification
CN108846650A (en) * 2018-05-24 2018-11-20 北京比特大陆科技有限公司 A kind of method and apparatus for realizing Transaction Information verifying
CN109889325A (en) * 2019-01-21 2019-06-14 Oppo广东移动通信有限公司 Method of calibration, device, electronic equipment and medium
CN110009342A (en) * 2019-02-22 2019-07-12 阿里巴巴集团控股有限公司 Data sending, receiving method, device and electronic equipment
CN110753257A (en) * 2019-10-14 2020-02-04 深圳创维-Rgb电子有限公司 Data display method, display terminal, server, display system, and storage medium
CN110825918A (en) * 2018-07-23 2020-02-21 中国移动通信有限公司研究院 Method and device for acquiring and storing digital certificate

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040255114A1 (en) * 2003-05-07 2004-12-16 Samsung Electronics Co., Ltd. Method of authenticating content provider and assuring content integrity
CN101488169A (en) * 2008-01-18 2009-07-22 富士施乐株式会社 Information processing apparatus, information processing system, information processing method, computer-readable medium and computer data signal
CN104683306A (en) * 2013-12-03 2015-06-03 中国人民公安大学 Safe and controllable internet real-name certification mechanism
CN104901931A (en) * 2014-03-05 2015-09-09 财团法人工业技术研究院 certificate management method and device
CN106888094A (en) * 2017-02-16 2017-06-23 中国移动通信集团公司 A kind of endorsement method and server

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070277037A1 (en) * 2001-09-06 2007-11-29 Randy Langer Software component authentication via encrypted embedded self-signatures
CN104410635B (en) * 2014-11-27 2017-10-31 中国科学院计算机网络信息中心 A kind of NDN safety certifying methods based on DANE
CN106685641A (en) * 2016-12-23 2017-05-17 光锐恒宇(北京)科技有限公司 Installation package signature method and device
CN106789091B (en) * 2017-02-24 2020-02-21 中金金融认证中心有限公司 Method and device for realizing Open XML document digital signature and signature verification

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040255114A1 (en) * 2003-05-07 2004-12-16 Samsung Electronics Co., Ltd. Method of authenticating content provider and assuring content integrity
CN101488169A (en) * 2008-01-18 2009-07-22 富士施乐株式会社 Information processing apparatus, information processing system, information processing method, computer-readable medium and computer data signal
CN104683306A (en) * 2013-12-03 2015-06-03 中国人民公安大学 Safe and controllable internet real-name certification mechanism
CN104901931A (en) * 2014-03-05 2015-09-09 财团法人工业技术研究院 certificate management method and device
CN106888094A (en) * 2017-02-16 2017-06-23 中国移动通信集团公司 A kind of endorsement method and server

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108683507A (en) * 2018-05-03 2018-10-19 湖南东方华龙信息科技有限公司 The method for verifying high in the clouds certificate integrality by the way that chained list can be traced
CN108683507B (en) * 2018-05-03 2021-06-29 湖南东方华龙信息科技有限公司 Method for verifying integrity of cloud certificate through traceable linked list
CN108764921A (en) * 2018-05-24 2018-11-06 北京比特大陆科技有限公司 A kind of method and apparatus for realizing Transaction Information verification
CN108764867A (en) * 2018-05-24 2018-11-06 北京比特大陆科技有限公司 A kind of method and apparatus for realizing Transaction Information verification
CN108846650A (en) * 2018-05-24 2018-11-20 北京比特大陆科技有限公司 A kind of method and apparatus for realizing Transaction Information verifying
CN108764869A (en) * 2018-05-28 2018-11-06 北京比特大陆科技有限公司 A kind of encrypted method and apparatus of realization Transaction Information
CN110825918A (en) * 2018-07-23 2020-02-21 中国移动通信有限公司研究院 Method and device for acquiring and storing digital certificate
CN110825918B (en) * 2018-07-23 2023-01-13 中国移动通信有限公司研究院 Method and device for acquiring and storing digital certificate
CN109889325A (en) * 2019-01-21 2019-06-14 Oppo广东移动通信有限公司 Method of calibration, device, electronic equipment and medium
CN110009342A (en) * 2019-02-22 2019-07-12 阿里巴巴集团控股有限公司 Data sending, receiving method, device and electronic equipment
CN110753257A (en) * 2019-10-14 2020-02-04 深圳创维-Rgb电子有限公司 Data display method, display terminal, server, display system, and storage medium

Also Published As

Publication number Publication date
CN107911222B (en) 2020-08-28
WO2019100531A1 (en) 2019-05-31

Similar Documents

Publication Publication Date Title
CN107911222A (en) Digital signature generation, verification method and its equipment and storage medium
CN104468531B (en) The authorization method of sensitive data, device and system
TWI659300B (en) Method and device for providing equipment identification
CN104980278B (en) The method and apparatus for verifying the availability of biometric image
CN103067156B (en) The URL encryption of mobile Internet user resources access, verification method and device
CN107347054B (en) Identity verification method and device
CN107392618A (en) It is implanted into the method and apparatus of intelligent contract
CN107086979B (en) User terminal verification login method and device
CN107800678A (en) The method and device that detection terminal is registered extremely
CN111428269B (en) Data access method, device and terminal equipment
CN111711655A (en) Block chain-based electronic data evidence storing method, system, storage medium and terminal
CN108156601A (en) A kind of method and device of locking SIM card
CN107508822A (en) Access control method and device
CN106790166A (en) A kind of method of safety certification, apparatus and system
CN105681176A (en) E-card obtaining method, cloud server and user terminal
CN108174360A (en) A kind of note transmission method and device, short-message verification method and device
CN105516395A (en) Network address assignment method and device
CN106209793A (en) A kind of auth method and checking system
CN105072616B (en) The verification method of brush machine ROM and the verifying device of brush machine ROM
CN107819723A (en) Login authentication and login password modification authentication method, terminal and server
CN107818252B (en) Face recognition information synchronization method and related product
CN111209577B (en) Method and device for adding watermark data, storage medium and electronic equipment
CN112925711A (en) Local joint debugging test method and related device
CN107919963A (en) A kind of authenticator and its implementation
CN109327475B (en) Multi-layer identity authentication method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant