CN116684104A - RSA2 signature rechecking method and device of API (application program interface), electronic equipment and medium - Google Patents
RSA2 signature rechecking method and device of API (application program interface), electronic equipment and medium Download PDFInfo
- Publication number
- CN116684104A CN116684104A CN202310735563.4A CN202310735563A CN116684104A CN 116684104 A CN116684104 A CN 116684104A CN 202310735563 A CN202310735563 A CN 202310735563A CN 116684104 A CN116684104 A CN 116684104A
- Authority
- CN
- China
- Prior art keywords
- message
- abstract
- digital signature
- sequence
- field
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 55
- 101100255205 Caenorhabditis elegans rsa-2 gene Proteins 0.000 title claims abstract description 43
- 238000012552 review Methods 0.000 claims abstract description 23
- 238000012545 processing Methods 0.000 claims description 28
- 238000004590 computer program Methods 0.000 claims description 24
- 238000004806 packaging method and process Methods 0.000 claims description 7
- 230000004044 response Effects 0.000 claims description 5
- 238000004321 preservation Methods 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 12
- 230000006870 function Effects 0.000 description 11
- 230000015654 memory Effects 0.000 description 10
- 238000012795 verification Methods 0.000 description 10
- 239000003999 initiator Substances 0.000 description 8
- 230000008569 process Effects 0.000 description 8
- 238000004891 communication Methods 0.000 description 7
- 230000005540 biological transmission Effects 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 3
- 230000014509 gene expression Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 125000004122 cyclic group Chemical group 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000000758 substrate Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3249—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Abstract
The disclosure provides an RSA2 signature review method and device of an API (application program interface), electronic equipment and medium, and the RSA2 signature review method and device can be used in the financial field or other fields. The method comprises the following steps: responding to the message to be signed transmitted by the calling API interface party, generating a corresponding public key and private key based on an RSA algorithm, and releasing the public key to a message receiver; generating a sequence IP field, fixedly uploading the sequence IP field to a message receiver, and attaching the sequence IP field to a private key to obtain a new private key; generating a first abstract of the message to be signed by using a preset abstract algorithm, and signing the first abstract by using a new private key to generate a digital signature; transmitting the digital signature and the message to be signed to a message receiver; the message receiver uses a digest algorithm to generate a second digest of the message to be signed, and uses a public key to check the digital signature to obtain a plaintext digest; comparing the plaintext abstract with the second abstract to verify the correctness of the digital signature; the source uniqueness of the digital signature is verified from the sequence IP field.
Description
Technical Field
The present disclosure relates to the field of message signature verification technology, and may be used in the financial field or other fields, and more particularly to an RSA2 signature rechecking method, apparatus, electronic device, medium, and program product for an API interface.
Background
In order to prevent interception or tampering of data during transmission when making a data request, signature authentication may be used, while RSA2 may be adequate for this task. The principle of RSA2 is that the data transmitting end encrypts the data according to the transmitted data by using RSA2, then transmits the encrypted character string to the receiving end, and the receiving end decrypts and verifies the encrypted character string.
The RSA2 signature for the commercial bank to the partner output API (Application Programming Interface ) interface and provided to the partner SDK (Software Development Kit ) cannot guarantee if it is partner or initiator initiation due to the potential for leakage of the private key of the partner or initiator.
Therefore, how to ensure the uniqueness of the partner or the initiator through RSA2 signature is a technical problem which still needs to be solved at present.
Disclosure of Invention
In view of the above, the present disclosure provides an RSA2 signature review method, apparatus, electronic device, medium, and program product for an API interface, which ensure that a partner or an initiator of a digital signature is unique by optimizing an RSA2 signature manner.
According to a first aspect of the present disclosure, there is provided an RSA2 signature review method of an API interface, including: in response to a message to be signed transmitted by the calling API side, calling the API side: based on RSA algorithm, generating corresponding public key and private key, and releasing the public key to message receiver; generating a sequence IP field, fixedly uploading the sequence IP field to a message receiver, and attaching the sequence IP field to a private key to obtain a new private key; generating a first abstract of the message to be signed by using a preset abstract algorithm, and signing the first abstract by using a new private key to generate a digital signature; transmitting the digital signature and the message to be signed to a message receiver; the message receiver uses a digest algorithm to generate a second digest of the message to be signed, and uses a public key to check the digital signature to obtain a plaintext digest; comparing the plaintext abstract with the second abstract to verify the correctness of the digital signature; the source uniqueness of the digital signature is verified from the sequence IP field.
According to an embodiment of the present disclosure, the calling API interface side generates a corresponding public key and private key based on an RSA algorithm, including: arbitrarily selecting two unequal prime numbers p and q, calculating the product n of p and q, and Euler function of nn=pq,Randomly selecting an integer e, satisfying +.>And e and->Mutual quality; determining the integer d such that ed is +.>The remainder of the division of (2) is 1; p, q and->And (3) secret preservation, namely packaging the product ne of n and e into a public key of the calling API interface party, and packaging the integer d into a private key of the calling API interface party.
According to an embodiment of the present disclosure, a calling API interface side generates a sequence IP field, including: calling an API interface side to acquire a local IP address; and carrying out decimal serialization processing on the local IP address to obtain a serial IP field.
According to an embodiment of the disclosure, a message receiver compares a plaintext digest with a second digest, and verifies the correctness of a digital signature, including: in the case that the plaintext digest is determined to be identical to the second digest, the digital signature is determined to be correct.
According to an embodiment of the present disclosure, a message receiver verifies source uniqueness of a digital signature according to a sequence IP field, including: under the condition that the digital signature is determined to be correct, the message receiver respectively performs deserialization processing on the sequence IP fields to obtain a new IP address; generating a third digest of the sequence IP field using a digest algorithm; in the case where the new IP address is determined to be the same as the local IP address and the third digest is determined to be the same as the plaintext digest, the source of the digital signature is determined to be unique.
According to an embodiment of the present disclosure, the digest algorithm comprises an MD5 message digest algorithm.
A second aspect of the present disclosure provides an RSA2 signature review device of an API interface, including: calling an API interface side processing module for responding to the transmitted message to be issued: based on RSA algorithm, generating corresponding public key and private key, and releasing the public key to message receiver; generating a sequence IP field, fixedly uploading the sequence IP field to a message receiver, and attaching the sequence IP field to a private key to obtain a new private key; generating a first abstract of the message to be signed by using a preset abstract algorithm, and signing the first abstract by using a new private key to generate a digital signature; transmitting the digital signature and the message to be signed to a message receiver; the message receiving party processing module is used for generating a second abstract of the message to be signed by using an abstract algorithm, and checking the digital signature by using the public key to obtain a plaintext abstract; comparing the plaintext abstract with the second abstract to verify the correctness of the digital signature; the source uniqueness of the digital signature is verified from the sequence IP field.
A third aspect of the present disclosure provides an electronic device, comprising: one or more processors; and a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the RSA2 signature review method of the API interface described above.
A fourth aspect of the present disclosure also provides a computer-readable storage medium having stored thereon executable instructions that, when executed by a processor, cause the processor to perform the RSA2 signature review method of the API interface described above.
A fifth aspect of the present disclosure also provides a computer program product comprising a computer program which, when executed by a processor, implements the RSA2 signature review method of the API interface described above.
According to the RSA2 signature rechecking method, the RSA2 signature rechecking device, the electronic equipment, the medium and the program product of the API interface provided by the embodiment of the disclosure, the calling API interface side mainly executes a signature process, and the sequence IP field is added to the private key to improve the private key, so that the signed digital signature carries the information of the local IP address. The message receiver mainly executes the signature verification process, combines the comparison result of the plaintext abstract and the second abstract generated based on the message to be signed, and calls the sequence IP field which is firstly and fixedly sent by the API interface party, and respectively verifies the correctness and the source uniqueness of the digital signature. In this way, the present disclosure ensures that the partner or initiator of the digital signature is unique by optimizing the RSA2 signature scheme.
Drawings
The foregoing and other objects, features and advantages of the disclosure will be more apparent from the following description of embodiments of the disclosure with reference to the accompanying drawings, in which:
fig. 1 schematically illustrates an application scenario of an RSA2 signature review method and apparatus suitable for an API interface according to an embodiment of the present disclosure;
fig. 2 schematically illustrates a flowchart of an RSA2 signature review method of an API interface according to an embodiment of the present disclosure;
FIG. 3 schematically illustrates a flow chart of generating a sequence IP field according to an embodiment of the present disclosure;
FIG. 4 schematically illustrates a flow chart of a signature verification process according to an embodiment of the present disclosure;
fig. 5 schematically illustrates a block diagram of an RSA2 signature review device of an API interface in accordance with an embodiment of the present disclosure;
fig. 6 schematically illustrates a block diagram of an electronic device adapted to implement an RSA2 signature review method of an API interface according to an embodiment of the present disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is only exemplary and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the present disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. In addition, in the following description, descriptions of well-known structures and techniques are omitted so as not to unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and/or the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It should be noted that the terms used herein should be construed to have meanings consistent with the context of the present specification and should not be construed in an idealized or overly formal manner.
Where expressions like at least one of "A, B and C, etc. are used, the expressions should generally be interpreted in accordance with the meaning as commonly understood by those skilled in the art (e.g.," a system having at least one of A, B and C "shall include, but not be limited to, a system having a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
Some of the block diagrams and/or flowchart illustrations are shown in the figures. It will be understood that some blocks of the block diagrams and/or flowchart illustrations, or combinations of blocks in the block diagrams and/or flowchart illustrations, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the instructions, when executed by the processor, create means for implementing the functions/acts specified in the block diagrams and/or flowchart. The techniques of this disclosure may be implemented in hardware and/or software (including firmware, microcode, etc.). Additionally, the techniques of this disclosure may take the form of a computer program product on a computer-readable storage medium having instructions stored thereon, the computer program product being for use by or in connection with an instruction execution system.
In the technical scheme of the disclosure, the related processes of collecting, storing, using, processing, transmitting, providing, disclosing, applying and the like of the personal information of the user all conform to the regulations of related laws and regulations, necessary security measures are adopted, and the public order harmony is not violated.
In the technical scheme of the disclosure, the authorization or consent of the user is obtained before the personal information of the user is obtained or acquired.
Before describing in detail specific embodiments of the present disclosure, technical terms are first explained in order to facilitate a better understanding of the present disclosure.
Public key: the externally disclosed part of the RSA2 key system is generally used for data encryption and digital signature verification.
Private key: the non-public part of the RSA2 key system is commonly used for data decryption and data signing.
Digital signature: it is a digital string that can only be generated by the sender of the information, and cannot be forged by others, and it is also a proof of the authenticity of the information sent by the sender. In order to ensure the reliability of the message to be sent and prevent man-in-the-middle attacks, the common practice is to add a check word (i.e. digital signature) to the message and define a correlation algorithm.
Based on this, embodiments of the present disclosure provide an RSA2 signature review method, apparatus, electronic device, storage medium, and program product for an API interface, which may be used in the financial field or other fields. The method comprises the following steps: in response to a message to be signed transmitted by the calling API side, calling the API side: based on RSA algorithm, generating corresponding public key and private key, and releasing the public key to message receiver; generating a sequence IP field, fixedly uploading the sequence IP field to a message receiver, and attaching the sequence IP field to a private key to obtain a new private key; generating a first abstract of the message to be signed by using a preset abstract algorithm, and signing the first abstract by using a new private key to generate a digital signature; transmitting the digital signature and the message to be signed to a message receiver; the message receiver uses a digest algorithm to generate a second digest of the message to be signed, and uses a public key to check the digital signature to obtain a plaintext digest; comparing the plaintext abstract with the second abstract to verify the correctness of the digital signature; the source uniqueness of the digital signature is verified from the sequence IP field.
Fig. 1 schematically illustrates an application scenario of an RSA2 signature review method and apparatus suitable for an API interface according to an embodiment of the present disclosure. It should be noted that fig. 1 illustrates only an example of an application scenario in which the embodiments of the present disclosure may be applied to help those skilled in the art understand the technical content of the present disclosure, but it does not mean that the embodiments of the present disclosure may not be applied to other devices, systems, environments, or scenarios.
As shown in fig. 1, an application scenario 100 according to this embodiment may include a calling API interface side 101 and a message receiver 102. The network is used to provide a medium for a communication link between the calling API interface side 101 and the message receiver 102. The network may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
For example, calling API interface side 101 responds to a transmitted message to be signed: based on RSA algorithm, generating corresponding public key and private key, and releasing the public key to message receiver; generating a sequence IP field, fixedly uploading the sequence IP field to a message receiver, and attaching the sequence IP field to a private key to obtain a new private key; generating a first abstract of the message to be signed by using a preset abstract algorithm, and signing the first abstract by using a new private key to generate a digital signature; and sending the digital signature and the message to be signed to a message receiver.
For example, the message receiver 102 uses a digest algorithm to generate a second digest of the message to be signed, and uses the public key to verify the digital signature to obtain a plaintext digest; comparing the plaintext abstract with the second abstract to verify the correctness of the digital signature; the source uniqueness of the digital signature is verified from the sequence IP field.
It should be noted that, the API interface adopts RSA2 digital signature, that is, the calling API interface side signs the transmission message through a one-way function, so as to generate a section of tamper-proof character string. The character string is used to authenticate the source of the message and to verify whether the message has been tampered with. The calling API interface side encrypts the data by using the holding private key and transmits the encrypted data to the message receiver, and the message receiver determines the source of the message by using the holding public key verification.
The method optimizes the original RSA2 digital signature algorithm by utilizing a serialization mode and a digest algorithm, and can ensure that a partner or an initiator is unique.
It should be understood that the number of calling API interfaces and message recipients in fig. 1 is merely illustrative. There may be any number of calling API interface parties and message recipients, as desired for implementation.
The RSA2 signature review method of the API interface according to the embodiments of the present disclosure will be described in detail below with reference to fig. 2 to 4 based on the application scenario described in fig. 1.
Fig. 2 schematically illustrates a flowchart of an RSA2 signature review method of an API interface according to an embodiment of the present disclosure.
As shown in fig. 2, the RSA2 signature review method of the API interface of this embodiment may include operations S210 to S220.
In operation S210, in response to the message to be issued transmitted by the calling API interface side, the calling API interface side:
based on RSA algorithm, generating corresponding public key and private key, and releasing the public key to message receiver;
generating a sequence IP field, fixedly uploading the sequence IP field to a message receiver, and attaching the sequence IP field to a private key to obtain a new private key;
generating a first abstract of the message to be signed by using a preset abstract algorithm, and signing the first abstract by using a new private key to generate a digital signature;
and sending the digital signature and the message to be signed to a message receiver. In operation S220, the message receiving party:
generating a second abstract of the message to be signed by using an abstract algorithm, and checking the digital signature by using the public key to obtain a plaintext abstract;
comparing the plaintext abstract with the second abstract to verify the correctness of the digital signature;
the source uniqueness of the digital signature is verified from the sequence IP field.
For example, the message to be signed is a message m to be sent, firstly, the calling API side generates a corresponding public key and private key based on RSA algorithm, and the public key is issued to the outside. And calling the API interface side to generate a sequence IP field and fixedly uploading the sequence IP field, and meanwhile, attaching the sequence IP field to the private key to obtain a new private key. And then signing the first abstract generated based on the message to be signed by using the new private key, generating a digital signature, and sending the digital signature and the message to be signed to a message receiver.
And aiming at the message receiver, after receiving the signature, utilizing a public key which is externally published by calling an API interface party to check the digital signature to obtain a plaintext abstract, comparing the plaintext abstract with a second abstract generated based on a message to be signed, and respectively verifying the correctness and the source uniqueness of the digital signature based on the comparison result and a sequence IP field.
Through the above embodiment, the calling API interface side mainly executes the signing process, and appends the sequence IP field to the private key, so as to improve the private key, so that the issued digital signature carries the information of the local IP address. The message receiver mainly executes the signature verification process, combines the comparison result of the plaintext abstract and the second abstract generated based on the message to be signed, and calls the sequence IP field which is firstly and fixedly sent by the API interface party, and respectively verifies the correctness and the source uniqueness of the digital signature. In this way, the present disclosure ensures that the partner or initiator of the digital signature is unique by optimizing the RSA2 signature scheme.
In the disclosed embodiment, the digest algorithm comprises an MD5 message digest algorithm. In other embodiments, the digest algorithm may further include a SHA message digest algorithm, a CRC (Cyclic Redundancy Check ) algorithm, or a MAC message digest algorithm, and the disclosure is not limited in particular.
It can be appreciated that the principle of the digest algorithm is: any message is subject to a message digest algorithm that produces a unique hash value (i.e., a "data fingerprint") and the same message is subject to the same message digest algorithm for whatever number of times it is encrypted, resulting in the same result. Thus, if the message is modified during transmission, the calculated data fingerprint is also different from the original message, and if not modified, the data fingerprint is the same. Thus, using a preset digest algorithm, it can be determined whether the message has been tampered with.
In the embodiment of the present disclosure, the calling API interface side in the above operation S210 generates the corresponding public key and private key based on the RSA algorithm, and may further include the following operations 1) to 4).
1) Selecting two unequal prime numbers p and q, calculating the product n of p and q, and Euler function of nn=pq,/>
2) Randomly select an integer e to satisfyAnd e and->Mutually good quality. That is to say,
3) Determining an integer d such that ed isThe remainder of the division of (2) is 1. I.e. ->
4) P, q andand (3) secret preservation, namely packaging the product ne of n and e into a public key of the calling API interface party, and packaging the integer d into a private key of the calling API interface party.
Through the embodiment, the corresponding public key ne and private key d can be determined, so that the message to be signed can be signed or checked later.
In the embodiment of the disclosure, the calling API side firstly fixedly uploads the sequence IP field to the message receiver before transmitting the message to be issued.
Fig. 3 schematically illustrates a flowchart of generating a sequence IP field according to an embodiment of the present disclosure.
As shown in fig. 3, in the embodiment of the present disclosure, the generating the sequence IP field by the calling API interface in operation S210 may further include operations S311 to S312.
In operation S311, the calling API interface side acquires a local IP address.
For example, calling the API interface may write a fixed method of the local IP address in the SDK packet, inetaddress. To obtain a local IP address.
In operation S312, decimal serialization processing is performed on the local IP address to obtain a sequence IP field.
For example, the local IP address is serialized into decimal numbers in the following way, forming a serial IP field. Since each IP address has 4 sets of 8-bit binary components, bit 1 of the 8-bit binary from the left is 7 th power of 2 = 128; bit 2 is the 6 th power of 2 = 64; bit 3 is the 5 th power of 2 = 32; bit 4 is the 4 th power of 2 = 16; bit 5 is the 3 rd power of 2 = 8; bit 6 is 2 to the power of 2 = 4; bit 7 is the 1 st power of 2 = 2; bit 8 is the 0 th power of 2=1, whereby conversion can result in decimal numbers of the local IP address, forming the sequence IP field.
Then, the sequence IP field is appended to the determined private key d to obtain a new private key.
In the embodiment of the disclosure, an API calling party generates a first digest of a message m to be issued (m is smaller than the product n) by using a preset digest algorithm, and signs the first digest by using a new private key to generate a digital signature. For example, calling API interface side calculates s=m d mod n, the digital signature is denoted (m, s). The method comprises the steps of signing a first abstract by using a new private key, namely, signing the first abstract through a one-way function, wherein the generated digital signature is a section of tamper-proof character string which is used for authenticating the source of a message and verifying whether the message is tampered. Because of the potential for tampering during data transmission, digital signature techniques are used to verify the identity of the sender of the message.
Fig. 4 schematically illustrates a flow chart of a signature verification process according to an embodiment of the present disclosure.
As shown in fig. 4, in the embodiment of the present disclosure, the comparing, by the message receiving party in operation S220, the plaintext digest with the second digest to verify the correctness of the digital signature may further include operation S421.
In operation S421, in the case where it is determined that the plaintext digest is identical to the second digest, it is determined that the digital signature is correct.
For example, after receiving the digital signature (m, s), the message receiver calculates by using the public key issued by the calling API interface partyCheck->If so, determining that the digital signature is correct, otherwise, determining that the digital signature is incorrect.
With continued reference to fig. 4, in the embodiment of the present disclosure, the verifying the source uniqueness of the digital signature by the message receiving party in the operation S220 according to the sequence IP field may further include operations S422 to S424.
In operation S422, the message receiving party performs deserialization processing on the sequence IP fields to obtain a new IP address, respectively, when determining that the digital signature is correct.
In operation S423, a third digest of the sequence IP field is generated using a digest algorithm.
In operation S424, in the case where it is determined that the new IP address is identical to the local IP address and the third digest is identical to the plaintext digest, it is determined that the source of the digital signature is unique.
Through the embodiment, the method and the device for verifying the digital signature of the mobile terminal have the advantages that on the basis of determining that the digital signature is correct, the anti-serialization processing and the digest md5 verification are carried out on the sequence IP field which is fixedly sent by the calling API interface side first, and under the condition that the new IP address is identical to the local IP address and the third digest is identical to the plaintext digest, the source of the digital signature is unique, and finally the signature verification is successful, so that the uniqueness of a partner or an initiator of the digital signature is ensured.
The invention further provides an RSA2 signature rechecking device of the API based on the RSA2 signature rechecking method of the API. The device will be described in detail below in connection with fig. 5.
Fig. 5 schematically illustrates a block diagram of an RSA2 signature review device of an API interface according to an embodiment of the present disclosure.
As shown in fig. 5, the RSA2 signature review device 500 of the API interface of this embodiment includes a calling API interface side processing module 510 and a message receiver processing module 520.
Calling an API interface side processing module 510 for, in response to a transmitted message to be signed: based on RSA algorithm, generating corresponding public key and private key, and releasing the public key to message receiver; generating a sequence IP field, fixedly uploading the sequence IP field to a message receiver, and attaching the sequence IP field to a private key to obtain a new private key; generating a first abstract of the message to be signed by using a preset abstract algorithm, and signing the first abstract by using a new private key to generate a digital signature; and sending the digital signature and the message to be signed to a message receiver. In an embodiment, the processing module 510 of calling API interface may be configured to perform the operation S210 described above, which is not described herein.
The message receiver processing module 520 is configured to generate a second digest of the message to be signed by using a digest algorithm, and perform signature verification on the digital signature by using the public key to obtain a plaintext digest; comparing the plaintext abstract with the second abstract to verify the correctness of the digital signature; the source uniqueness of the digital signature is verified from the sequence IP field. In an embodiment, the message receiving party processing module 520 may be configured to perform the operation S220 described above, which is not described herein.
Any of the multiple modules in calling API interface side processing module 510 and message receiving side processing module 520 may be combined in one module to be implemented, or any of the modules may be split into multiple modules, according to embodiments of the present disclosure. Alternatively, at least some of the functionality of one or more of the modules may be combined with at least some of the functionality of other modules and implemented in one module. According to embodiments of the present disclosure, at least one of the calling API interface side processing module 510 and the message receiving side processing module 520 may be implemented at least in part as hardware circuitry, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in hardware or firmware in any other reasonable way of integrating or packaging the circuitry, or in any one of or a suitable combination of any of the three. Alternatively, at least one of the calling API interface side processing module 510 and the message receiving side processing module 520 may be at least partially implemented as a computer program module, which when executed, may perform the corresponding functions.
Fig. 6 schematically illustrates a block diagram of an electronic device adapted to implement an RSA2 signature review method of an API interface according to an embodiment of the present disclosure.
As shown in fig. 6, an electronic device 600 according to an embodiment of the present disclosure includes a processor 601 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 602 or a program loaded from a storage section 608 into a Random Access Memory (RAM) 603. The processor 601 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or an associated chipset and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), or the like. Processor 601 may also include on-board memory for caching purposes. The processor 601 may comprise a single processing unit or a plurality of processing units for performing different actions of the method flows according to embodiments of the disclosure.
In the RAM 603, various programs and data necessary for the operation of the electronic apparatus 600 are stored. The processor 601, the ROM 602, and the RAM 603 are connected to each other through a bus 604. The processor 601 performs various operations of the method flow according to the embodiments of the present disclosure by executing programs in the ROM 602 and/or the RAM 603. Note that the program may be stored in one or more memories other than the ROM 602 and the RAM 603. The processor 601 may also perform various operations of the method flow according to embodiments of the present disclosure by executing programs stored in the one or more memories.
According to an embodiment of the present disclosure, the electronic device 600 may also include an input/output (I/O) interface 605, the input/output (I/O) interface 605 also being connected to the bus 604. The electronic device 600 may also include one or more of the following components connected to the I/O interface 605: an input portion 606 including a keyboard, mouse, etc.; an output portion 607 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, a speaker, and the like; a storage section 608 including a hard disk and the like; and a communication section 609 including a network interface card such as a LAN card, a modem, or the like. The communication section 609 performs communication processing via a network such as the internet. The drive 610 is also connected to the I/O interface 605 as needed. Removable media 611 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is installed as needed on drive 610 so that a computer program read therefrom is installed as needed into storage section 608.
The present disclosure also provides a computer-readable storage medium that may be embodied in the apparatus/device/system described in the above embodiments; or may exist alone without being assembled into the apparatus/device/system. The computer-readable storage medium carries one or more programs that, when executed, implement an RSA2 signature review method of an API interface according to an embodiment of the present disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example, but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this disclosure, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, the computer-readable storage medium may include ROM 602 and/or RAM 603 and/or one or more memories other than ROM 602 and RAM 603 described above.
Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the methods shown in the flowcharts. When the computer program product runs in a computer system, the program code is used for enabling the computer system to realize the RSA2 signature review method of the API interface provided by the embodiment of the disclosure.
The above-described functions defined in the system/apparatus of the embodiments of the present disclosure are performed when the computer program is executed by the processor 601. The systems, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.
In one embodiment, the computer program may be based on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted, distributed in the form of signals over a network medium, and downloaded and installed via the communication section 609, and/or installed from the removable medium 611. The computer program may include program code that may be transmitted using any appropriate network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
In such an embodiment, the computer program may be downloaded and installed from a network through the communication portion 609, and/or installed from the removable medium 611. The above-described functions defined in the system of the embodiments of the present disclosure are performed when the computer program is executed by the processor 601. The systems, devices, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.
According to embodiments of the present disclosure, program code for performing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, such computer programs may be implemented in high-level procedural and/or object-oriented programming languages, and/or assembly/machine languages. Programming languages include, but are not limited to, such as Java, c++, python, "C" or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that the features recited in the various embodiments of the disclosure and/or in the claims may be provided in a variety of combinations and/or combinations, even if such combinations or combinations are not explicitly recited in the disclosure. In particular, the features recited in the various embodiments of the present disclosure and/or the claims may be variously combined and/or combined without departing from the spirit and teachings of the present disclosure. All such combinations and/or combinations fall within the scope of the present disclosure.
The embodiments of the present disclosure are described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described above separately, this does not mean that the measures in the embodiments cannot be used advantageously in combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be made by those skilled in the art without departing from the scope of the disclosure, and such alternatives and modifications are intended to fall within the scope of the disclosure.
Claims (10)
1. An RSA2 signature rechecking method of an API interface comprises the following steps:
in response to a message to be signed transmitted by an calling API interface party, the calling API interface party:
based on RSA algorithm, generating corresponding public key and private key, and releasing the public key to message receiver;
generating a sequence IP field, fixedly uploading the sequence IP field to a message receiver, and attaching the sequence IP field to the private key to obtain a new private key;
generating a first abstract of the message to be signed by using a preset abstract algorithm, and signing the first abstract by using the new private key to generate a digital signature;
the digital signature and the message to be signed are sent to a message receiver;
the message receiver:
generating a second abstract of the message to be signed by using the abstract algorithm, and checking the digital signature by using the public key to obtain a plaintext abstract;
comparing the plaintext abstract with the second abstract to verify the correctness of the digital signature;
and verifying the source uniqueness of the digital signature according to the sequence IP field.
2. The method of claim 1, wherein the calling API interface party generates the corresponding public and private keys based on an RSA algorithm, comprising:
arbitrarily selecting two unequal prime numbers p and q, calculating the product n of p and q, and Euler function of n
Randomly select an integer e to satisfyAnd e and->Mutual quality;
determining an integer d such that ed isThe remainder of the division of (2) is 1;
p, q andand secret preservation, namely packaging the product ne of n and e into a public key of the calling API interface party, and packaging the integer d into a private key of the calling API interface party.
3. The method of claim 1, wherein the calling API interface side generates a sequence IP field comprising:
the calling API side obtains a local IP address;
and carrying out decimal serialization processing on the local IP address to obtain a sequence IP field.
4. The method of claim 3, wherein the message receiver comparing the plaintext digest with the second digest, verifying the correctness of the digital signature, comprises:
and determining that the digital signature is correct when the plaintext digest is determined to be identical to the second digest.
5. The method of claim 4, wherein the message receiver verifies the source uniqueness of the digital signature based on the sequence IP field, comprising:
the message receiver respectively performs deserialization processing on the sequence IP fields under the condition that the digital signature is determined to be correct, so as to obtain a new IP address;
generating a third digest of the sequence IP field using the digest algorithm;
in the event that the new IP address is determined to be the same as the local IP address and the third digest is determined to be the same as the plaintext digest, the source of the digital signature is determined to be unique.
6. The method of claim 1, wherein the digest algorithm comprises an MD5 message digest algorithm.
7. An RSA2 signature review device of an API interface, comprising:
calling an API interface side processing module for responding to the transmitted message to be issued: based on RSA algorithm, generating corresponding public key and private key, and releasing the public key to message receiver; generating a sequence IP field, fixedly uploading the sequence IP field to a message receiver, and attaching the sequence IP field to the private key to obtain a new private key; generating a first abstract of the message to be signed by using a preset abstract algorithm, and signing the first abstract by using the new private key to generate a digital signature; the digital signature and the message to be signed are sent to a message receiver;
the message receiving side processing module is used for: generating a second abstract of the message to be signed by using the abstract algorithm, and checking the digital signature by using the public key to obtain a plaintext abstract; comparing the plaintext abstract with the second abstract to verify the correctness of the digital signature; and verifying the source uniqueness of the digital signature according to the sequence IP field.
8. An electronic device, comprising:
one or more processors;
storage means for storing one or more programs,
wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method of any of claims 1-6.
9. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the method according to any of claims 1-6.
10. A computer program product comprising a computer program which, when executed by a processor, implements the method according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310735563.4A CN116684104A (en) | 2023-06-20 | 2023-06-20 | RSA2 signature rechecking method and device of API (application program interface), electronic equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310735563.4A CN116684104A (en) | 2023-06-20 | 2023-06-20 | RSA2 signature rechecking method and device of API (application program interface), electronic equipment and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116684104A true CN116684104A (en) | 2023-09-01 |
Family
ID=87783615
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310735563.4A Pending CN116684104A (en) | 2023-06-20 | 2023-06-20 | RSA2 signature rechecking method and device of API (application program interface), electronic equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116684104A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117240477A (en) * | 2023-11-13 | 2023-12-15 | 泉州信息工程学院 | Digital signature method, system and storage medium based on RSA algorithm |
-
2023
- 2023-06-20 CN CN202310735563.4A patent/CN116684104A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117240477A (en) * | 2023-11-13 | 2023-12-15 | 泉州信息工程学院 | Digital signature method, system and storage medium based on RSA algorithm |
| CN117240477B (en) * | 2023-11-13 | 2024-02-23 | 泉州信息工程学院 | Digital signature method, system and storage medium based on RSA algorithm |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112801663B (en) | Blockchain certification method, device, system, equipment and medium | |
| CN111835774B (en) | Data processing method, device, equipment and storage medium | |
| CN112055019B (en) | Method for establishing communication channel and user terminal | |
| CN110096894B (en) | Data anonymous sharing system and method based on block chain | |
| CN113742709B (en) | Information processing method and device, readable medium and electronic equipment | |
| CN112910660B (en) | Certificate issuing method, adding method and transaction processing method of blockchain system | |
| CN111931209B (en) | Contract information verification method and device based on zero knowledge proof | |
| CN109951276B (en) | Embedded equipment remote identity authentication method based on TPM | |
| US20060034462A1 (en) | Method of generating key for device authentication and apparatus using the method, and device authentication method and device authentication apparatus | |
| CN111639325A (en) | Merchant authentication method, device, equipment and storage medium based on open platform | |
| CN113422679B (en) | Key generation method, device and system, encryption method, electronic device and computer readable storage medium | |
| CN116684104A (en) | RSA2 signature rechecking method and device of API (application program interface), electronic equipment and medium | |
| KR102103179B1 (en) | System and Method of Zero-Knowledge Proof for Privacy Preserving Oracle on Blockchain | |
| CN110798433B (en) | Verification code verification method and device | |
| CN112667743B (en) | Data uplink method, system, equipment and storage medium applied to transmission terminal | |
| CN116506134B (en) | Digital certificate management method, device, equipment, system and readable storage medium | |
| CN116707983A (en) | Authorization authentication method and device, access authentication method and device, equipment and medium | |
| US20210243021A1 (en) | Method for generating on-board a cryptographic key using a physically unclonable function | |
| CN114172923B (en) | Data transmission method, communication system and communication device | |
| CN114884714B (en) | Task processing method, device, equipment and storage medium | |
| CN115879074A (en) | Identity authentication method, device and system based on block chain | |
| CN115883212A (en) | Information processing method, device, electronic equipment and storage medium | |
| CN116318698A (en) | Data processing method, device and system | |
| CN111355584B (en) | Method and apparatus for generating blockchain multi-signatures | |
| CN112734423A (en) | Transaction method based on block chain and terminal equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |