JPH11346210A - Encryption method and device, decoding method and device, record medium recording encryption program, record medium recording decoding program, method for electronic signature and method for authenticating electronic signature - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide the encryption method and device and the decoding method and device by which a group encryption for a public key system is realized while keeping a form of one privacy key possessed by one person and one public key open to a certificate agency(CA) so as to attain secure and simple key delivery and to simply generate an optional group, and to provide the record medium recording an encryption program and the record medium recording a decoding program. SOLUTION: The encryption method that is used when a file sender distributes files to one or plural recipients includes at least a step where the sender encrypts the files by using a symmetric key, a step where the sender encrypts the symmetric key by using a private key of the sender and a public key of the recipients, and a step where the sender sends the encrypted files and the encrypted symmetric key.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention records an encryption method and device, a decryption method and device, and an encryption program for a file sender to secretly distribute the file to one or more recipients. The present invention relates to a recording medium, a recording medium on which a decryption program is recorded, an electronic signature method, and an electronic signature verification method.

[0002]

2. Description of the Related Art Today, documents such as documents are being digitized by OA. Along with this, important electronic information has been increasing, and it has become necessary to protect against fraud by third parties (seeing, falsification, spoofing).

[0003] In order to satisfy the above demand, file encryption software has emerged that applies encryption and electronic signature processing to files to protect them from the above threats. Initially, file encryption software was primarily considered to protect personal files, but as information becomes more advanced and each company constructs an intranet or other network, shared files are shared on a file server. The necessity of a group cipher has emerged such that only a specified group of people can see it, because it is used in a specific way.

In order to realize file sharing among groups, the following methods are currently used. (1) A password method in which a password required for decryption is shared by a group.

That is, the sender creates an encrypted file using the password and notifies the password to the recipients of the group. The recipient of the group uses the password to decrypt the encrypted file sent from the sender.
Recipients other than the group cannot decrypt the encrypted file transmitted from the sender because the recipient does not have the password.

(2) A group key sharing method in which a group key necessary for decryption is shared by a group. That is, the sender creates an encrypted file using the group key, and notifies the group key to the recipient of the group. The recipient of the group uses the group key to decrypt the encrypted file transmitted from the sender. Recipients other than the group cannot decrypt the encrypted file transmitted from the sender because there is no group key.

[0007]

The password system has the following disadvantages. (1) The password must be secretly delivered to a third party every time an encrypted file is created for all members of the group.

(2) Since the number of passwords increases for each encrypted file (group), management is very difficult. (3) It is not clear which password belongs to which encrypted file.

(4) Forget the password. Further, the group key sharing scheme has the following disadvantages. (1) When the group configuration differs for each encrypted file, the group key must be secretly delivered to a third party to all the groups every time the group is configured.

(2) Since the group key increases each time a group is formed, management is very difficult. (3) It is not known which group key belongs to which group.

(4) Forget the group key. The present invention has been made in view of the above circumstances, and one private key possessed by an individual is disclosed to a certification authority (CA).
By implementing a public key group cipher in the form of one public key, key distribution is safe and simple, and an encryption method and apparatus capable of easily creating an arbitrary group, and decryption It is an object to provide a method and apparatus, a recording medium on which an encryption program is recorded, a recording medium on which a decryption program is recorded, an electronic signature method, and an electronic signature verification method.

[0012]

According to the present invention, there is provided an encryption method for a file sender to distribute the file to one or more receivers, the method comprising: Encrypting the symmetric key with the sender's private key and the recipient's public key, and transmitting the encrypted file and the encrypted symmetric key. And at least steps.

The present invention is also an encryption method for a file sender to distribute the file to one or more recipients, wherein the step of encrypting the file using a symmetric key, Encrypting a symmetric key using a sender's private key and a recipient's public key; andrecording the encrypted file and the encrypted symmetric key on a recording medium and passing the encrypted file to the recipient. An encryption method characterized by having.

Further, the present invention is characterized in that it has a step of encrypting the information on the file using a symmetric key. Further, the present invention is characterized in that electronic signature information is added to the file and information about the file.

Further, the present invention is characterized in that at least the public key is obtained from an authentication server via a communication network or from an authentication organization. Further, the present invention is a decryption method for decrypting an encrypted file or information about the file and a symmetric key, wherein the encrypted symmetric key transmitted from the sender is a public key of the sender. The method includes at least a step of decrypting using the recipient's private key, and a step of decrypting the encrypted file or information about the file using the decrypted symmetric key.

[0016] The present invention is characterized in that the receiver has a step of designating a file to be decrypted on the basis of the information on the decrypted file. Further, the present invention is characterized in that at least the public key is obtained from an authentication server via a communication network or from an authentication organization.

[0017]

DESCRIPTION OF THE PREFERRED EMBODIMENTS Embodiments of the present invention will be described below in detail with reference to the drawings. First, the symbols described in the embodiment of the present invention will be described. "Public key encryption key notation" (1) First two characters PK: Public key SK: Private key (2) Next one character d: Key used for key distribution s: Key used for electronic signature (3) 4th character or later Name of device holding key (4) Example PKdA = public key (PK) for key distribution (d) of device A (5) Key used in the present invention Key of encryption device A The public key of the key distribution key of PKdA A The secret key of the key distribution key of SKdA A The public key of the electronic signature key of PKsA A The secret key of the electronic signature key of SKsA A ・ The key of decryption device B PKdB B The public key of the key distribution key The secret key of the key distribution key of SKdB B The public key of the electronic signature key of PKsB B The secret key of the electronic signature key of SKsB B “Notation of Function” Cert (): Certificate ( Example) Cert (PKdA) = PKdA certificate h (): hash function ( Example) h (M): Hash digest of plaintext M "Generation of digital signature" (Example) SKsA (h (M)): Electronic signature of A for plaintext M Hash digest of plaintext M is used as signature private key SKsA
The one encrypted with.

Usually, it is attached to plaintext M, and M @ SKsA (h
(M)). "Verification of digital signature" (Example) When the decryption device determines that the plaintext M @ SKs with the digital signature of A
When A (h (M)) is received, (1) M → h (M): use a hash function (2) SKsA (h (M)) → h (M): decryption of a digital signature (3) Comparing (1) and (2) corresponds to verification. If they match, it is OK, and if they do not match, it is NG.

‖: Concatenated DEK: Session key (Data Encrypti)
on Key), which is a symmetric key of a symmetric key system for encrypting plaintext. It is randomly generated and disposable for each communication.

Key (M): encryption. Write “key name (encryption target)” []: Array…: Omitted (Example) B [i] (i = 1,..., N): n devices having similar functions (Example) M [j ] (J = 1,..., T): t plaintexts M (Example) PKdB [1] (DEK) ‖ ... ‖PKdB
[N] (DEK): n pieces of data concatenated and encrypted “Public key method” “Public keys are roughly divided into the following two types.” (1) Normal public key method encryption such as RSA Device X and decoding device Y.

A method for securely transmitting the DEK from the encryption device X to the decryption device Y is as follows. The encryption device X encrypts the DEK with the public key PKdY,
Y (DEK). On the other hand, the decryption device Y uses PKdY
(DEK) is decrypted with the secret key SKdY to obtain DEK.

(2) Public Key Method Using Shared Keys such as DH and Ellipse DH An encryption device X and a decryption device Y are assumed. The method for securely transmitting the DEK from the encryption device X to the decryption device Y is as follows.

The encryption device X uses the secret key S of the encryption device X.
From KdX and public key PKdY of decryption device Y, shared key SX
Generate Y. DEK is encrypted with SXY, and SXY (D
EK).

On the other hand, the decryption device Y generates a shared key SYX from the public key PKdX of the encryption device X and the secret key SKdY of the decryption device Y.
A secret key and a public key are created so as to be SXY.

Therefore, SYX (= SXY) is generated,
Decrypt SXY (DEK) to obtain DEK. (3) Details of DH It is assumed that a and p are disclosed. a is a natural number, and p is a prime number.

At this time, the secret key SKdX and the public key PKdX of the encryption device X have the following relationship. PKdX = a ^SKdX mod p where mod is a remainder operation.

Similarly, for the secret key SKdY and the public key PKdY of the decryption device Y, PKdY = a ^SKdY mod p, therefore, SXY = PKdY ^SKdX mod p = (a ^SKdY mod p) ^SKdX mod p = a ^{(SKdY *) SKdX)} mod p SYX = PKdX ^SKdY mod p = (a ^SKdX mod p) ^SKdY mod p = a ^{(SKdX * SKdY)} mod p = a ^{(SKdY * SKdX)} mod p = SXY

Therefore, the encryption device X and the decryption device Y can generate the same shared key SXY only by exchanging the public key. “Notation when Encrypting Using Public Key” As described above, the public key is: (1) a normal public key method such as RSA, and (2) a public key using a shared key such as DH and elliptic DH. There are two types of key systems, and the encryption system is different.

The keys of these methods are used for the same purpose (encryption / decryption of DEK), although the methods are different. To handle these keys the same way, the key used to encrypt the _DEK, Enc _- X - a key used for decoding the Y DEK, Dec _- X _- is defined as Y. -First three characters: Key type Enc: Key used for encryption Dec: Key used for decryption-Fourth character is " _- "-From fifth character to " _- ": Encryption device name-Next From " _- " to the end: decryption device name As an example, a key between the encryption device X and the decryption device Y will be described.

In (1), EncXY = PKdY DecXY = SKdY, which is a key that does not exist in the encryption device X.

In (2), the key generated from EncXY = SKdX and PKdY DecXY = PKdX and the key generated from SKdY are different, but EncXY = DecXY.

In the present invention, two public key schemes are assumed. However, the present invention is not limited to this, and other public key schemes are possible. Similarly,
The symmetric key method may be another symmetric key method (common key method, secret key method).

Next, an embodiment of the present invention will be described. FIG. 1 is a configuration explanatory view showing an embodiment of the present invention. In the figure, reference numeral 101 denotes a sender's encryption device A, which encrypts a file. Reference numeral 102 denotes a receiver's decryption device B [1], which decrypts the encrypted file. 103 is a receiver's decryption device B [2], which decrypts the encrypted file. Reference numeral 104 denotes a decryption device B [3] of the recipient, which decrypts the encrypted file. 105 is a certification authority CA, which is an encryption device A, a decryption device B [1], a decryption device B [2], and a decryption device B
Provide the public key to [3].

FIG. 2 is an operation flow diagram between the respective devices when passing through the certification authority CA of FIG. 1, and FIG. 3 is an operation flow diagram between the respective devices when not passing through the certification authority CA of FIG.
That is, as shown in FIG.
In the encryption device A, the public key PKdA of the key distribution key of the encryption device A and the secret key S of the key distribution key of the encryption device A
KdA, public key PKsA of the electronic signature key of the encryption device A
Then, a secret key SKsA of the digital signature key of the encryption device A is generated, and the public key PKdA and the public key PKsA are registered with the certification authority CA. In step 2, the certification authority CA registers the certificate of the certification authority CA. In step 3, the decryption device B [i] (i = 1,..., N) transmits the public key PKdB [i] of the key distribution key of the decryption device B [i] and the electronic key of the decryption device B [i]. Public key PKsB of signature key
[I] is generated and registered with the certification authority CA. Step 4
In, before performing group encryption, the encryption device A requests a public key PKdB [i] from the certification authority CA. In step 5, the certification authority CA distributes the certificate of the certification authority CA. In step 6, the certificate authority CA sends the encryption device A a certificate Cert (P) of the public key PKdB [i].
KdB [i]) is distributed to the encryption device A. Step 7
, A multi-person encryption described later is performed. In step 8, the encryption device A converts the ciphertext C to the decryption device B [i].
Distribute to In step 9, the decoding device B [i]
Before the device obtains and decrypts the ciphertext C, the decryption device B
[I] requests the public key PKdA and the public key PKsA from the certification authority CA. In step 10, the certification authority CA
Distributes the certificate of the certification authority CA. In step 11, the certificate authority CA issues the certificate Cert of the public key PKdA.
(PKdA) and the public key PKsA certificate Cert (P
KsA) is distributed to the decryption device B [i]. Step 1
In 2, the multi-person decoding described below is performed.

In the case of FIG. 3, before performing group encryption in step 4, the encryption device A requests the decryption device B [i] for the public key PKdB [i] as necessary. In step 6, the encryption device A obtains the public key PKdB [i] from the decryption device B [i]. In step 7, a multi-person encryption described later is performed. In step 8, the encryption device A transmits the ciphertext C to the decryption device B
Distribute to [i]. In step 9, the decryption device B
Before [i] obtains / decrypts the ciphertext C, the decryption device B [i] sends the public key PKdA and the public key PK as necessary.
sA is requested from the encryption device A. In step 11, the decryption device B [i] sends the public key PKdA and the public key P
KsA is obtained from the encryption device A. In step 12, the multi-person decoding described later is performed.

FIG. 4 is a structural explanatory view showing an example of the encryption device A corresponding to step 7 in FIG. Each part of FIG. 4 will be described. (1) File information separator 601 input: t files F [j] to be encrypted (j = 1,
..., t) Output: file information M [0], file content M [j]
(J = 1,..., T) Each file is divided into file information (file name, file size, date, directory structure information, etc.) and file contents (file contents from which file information is extracted), and t , M [t] (corresponding to the file contents F [1],..., F [t]).

(2) Group information converter 602, group information DB (database) 603 Input: encryption device user name A or decryption device use group name G (decryption device B [i] (i = 1,..., n)) Output: device name (1 or more) A and B [i] (i = 1,...,
n) The group information DB 603 stores the correspondence between use group names (user names) and device names. Using the information in the group information DB 603, conversion is performed in the order of use group name → user name → device name.

(3) Key searcher 604, key DB 605 Input: device names A and B [i] (i = 1,..., N), request source (information of key request source; multi-person encryptor or digital signature) Output: information on the public key method. A signature private key SKsA, the encryption key _{Enc - A - B [i]} (i = 1, ..., n) in the key DB 605, the device name and the public key is stored. Based on the input, the secret key and the public key are extracted from the key DB 605, an encryption key is generated, and the request source (the multi-encryptor 6)
09 and an electronic signature generation / connection unit 606). In the present invention, an example of DH will be described. (In DH, an encryption key is generated using a secret key of an encryption device and a public key of a decryption device.
When the encryption key is generated using a public key method such as SA, the public key of the decryption device is used as the encryption key.

The single j appearing thereafter is any one of 0 ≦ j ≦ t, and each unit performs processing t + 1 times. (4) Random number generator 607 Output: Symmetric key DEK (random generation) (5) Electronic signature generation / concatenation unit 606 Input: M [0] or M [j], signature private key SKs of A
A output: M [j] ‖SKsA (h (M [j])) (j =
0,..., T) Generation of hash digest h (M [j]) Generation of digital signature SKsA (h (M [j])) M [j] ‖SKsA (h (M [j])): input and electronic Concatenation of signatures (6) Encryptor 608 Input: Body M [j] @SKsA (h (M
[J])), symmetric key DEK output: encrypted data DEK (M [j] @SKsA (h
(M [j]))) (j = 0,..., T) (7) Multi-encryptor 609 Input: symmetric key DEK, plural encryption keys Enc _- A _- B
[I] (i = 1, ..., n) Output: encrypted data _{Enc - A - B [i]} (DEK) (i
= 1,..., N) Encrypt a plurality of decryption devices.

(8) Encrypted data coupler 610 Input: All encrypted data DEK (M [j] @SKsA (h
(M [j]))) (j = 0, ..., t) and Enc _- A _- B
[I] (DEK) (i = 1,..., N) Output: ciphertext C All the encrypted data are concatenated into one.

FIG. 5 is an explanatory view showing an example of creating a group encrypted file by the encryption device A corresponding to step 7 in FIG. 2. FIGS. 6 and 7 are encryption devices corresponding to step 7 in FIG. It is a process flow figure of A.

That is, first, file encryption will be described. Before encryption, file F [j] (j = 1,
.., T) are input to the file information separator 601. The file information separator 601 receives the input file F
[J] is defined as file information M [0] and file content M [j].
(J = 1,..., T) and the digital signature generation / concatenation unit 6
06 is output. On the other hand, the encryption device user name A determined before encryption is input to the group information converter 602, and the group information converter 602
To convert the encryption device user name A, obtain the encryption device name A, and output it to the key searcher 604. The key searcher 604 searches for and obtains the signature private key SKsA of the encryption device name A by referring to the key DB 605 according to the information of the electronic signature generation / connection unit 606 of the request source, and generates the electronic signature generation / connection unit 606. This digital signature generation / connection unit 606
Is file information and file contents M [j] (j = 0,...,
M [j] ‖SKsA generated by adding a digital signature to t)
(H (M [j])) (j = 0,..., T) is
8 is output. The encryptor 608 includes a random number generator 607
, A symmetric key DEK randomly generated is input, and M [j] ‖ input from the digital signature generation / concatenation unit 606.
SKsA (h (M [j])) (j = 0,..., T) encrypted data DEK of a file obtained by encrypting with a symmetric key DEK
(M [j] ‖SKsA (h (M [j]))) (j =
0,..., T) to the encrypted data coupler 610.

Next, encryption of a symmetric key will be described.
The decryption device use group name G that has been selected before encryption is input to the group information converter 602, and the group information converter 602 refers to the group information DB 603 to change the decryption device use group name G to each decryption device. Name B [i] (i =
1,..., N) and output to the key searcher 604. The key searcher 604 refers to the key DB 605 according to the information of the requester's multi-user encryptor 609, and performs encryption between the encryption device A and the decryption device B [i] (i = 1,..., N). Key Enc
_{- A -} B [i] All the search-acquired by multiple people encryptor 609
Output to The multi-person encryptor 609 includes a random number generator 6
07, a symmetric key DEK randomly generated is input,
This symmetric key DEK is encrypted with an encryption key Enc _- A _- B [i] and the symmetric key is encrypted data Enc _- A _- B [i] (DE
K) is output to the encrypted data coupler 610.

The cipher data coupler 610 is connected to the cipher 60.
8 encrypted data DEK (M
[J] ‖SKsA (h (M [j]))) (j = 0,
..., t) and a plurality of persons encrypted data Enc symmetric key input from the encryptor _{609 - A - B [i]} (DEK) connecting the whole, to generate a ciphertext C.

As shown in FIG. 5, the file information M
[0] and the file contents M [j] (j = 1,..., T) are digitally signed with the signature private key SKsA of the encryption device A of the sender. Further, the file information with the electronic signature and the contents of the file with the electronic signature are encrypted with the symmetric key DEK. Further, the symmetric key DEK is a secret key SKdA of the sender's encryption device A and a public key PKdB [i] (i = 1,...) Of the receiver's decryption device B [i] (i = 1,..., N). , N).

It is optional whether or not the encryption device A is included in the decryption target. Even when the encryption device A is included in the decryption target, the encryption can be performed similarly. B [1] = A. FIG. 8 shows a decoding apparatus B corresponding to step 12 of FIG.
FIG. 4 is an explanatory diagram illustrating an example of a file information decoding portion of [i] (i = 1,..., N). Each part of FIG. 8 will be described.

(1) Encrypted data separator 701 Input: Ciphertext C Output: All encrypted data DEK (M [j] @SKsA (h
(M [j]))) (j = 0, ..., t) and Enc _- A _- B
[I] (DEK) (i = 1,..., N) Separate the ciphertext C into encrypted data (for each ‖ outside the parentheses).

(2) Key searcher 702, key DB 703 input: device name, request source (information of key request source. Encrypting device name A from multi-person decryptor 704 or electronic signature separating / verifying device 706) request information) output: decryption key Dec key of a public key system (to multiple persons decoders 704 _{- a -} B [i] or electronic signature separation and verifier 706
Public key PKsA) key DB 70 for signing the encryption device name A
3 stores a device name and its public key. Extract the secret key / public key from the key DB 703 based on the input,
A decryption key is generated if necessary, and is passed to the request source (multiple-person decryption device 704 or electronic signature separation / verification device 706).

[0049] (3) a plurality of persons decoders 704 Input: encrypted data _{Enc - A - B [i]} (DEK) (i
= 1,..., N) or decryption key Dec _- A _- B [i] Output: symmetric key DEK Encrypted data Enc _- A _- B [i] (DEK) (i = 1,
..., from n), the decoding apparatus B [i] for the encrypted data Enc _- A _- B [i] picked out (DEK), decryption key D
ec _{- A} - decoded by the B [i], it acquires the symmetric key DEK.

(4) Decryptor 705 Input: Encrypted data DEK (M [0] @SKsA (h
(M [0]))) and symmetric key DEK output: digitally signed body M [0] @SKsA (h (M
[0])) (5) Digital Signature Separation / Verifier 706 Input: Text M with Digital Signature M [0] @SKsA (h (M
[0])), public key PKsA for signature of encryption device name A Output: file information M [0] M [0]. SKsA (h (M [0])): Separation of input and electronic signature Generation of hash digest h1 = h (M [0]) h2 = h (M [0]) = PKsA (SKsA (h (M (M
[0]))): Decryption of digital signature SKsA (h (M [0])) Verification of signature (whether h1 = h2 or not) h1 = h2 → OK. Acquire M [0] h1 ≠ h2 → NG. Processing is interrupted (6) Display device 708 Input: File information M [0] Output: File information M [0] To select file contents M [j] to be decrypted (reflected in the input in FIG. 9), file information M [0] is displayed.

(7) Temporary storage device 707 Input: file information M [0], symmetric key DEK, encrypted data DEK (M [j] @SKsA (h (M [j])))
(J = 1,..., T) Data necessary for decoding the selected file content M [j] is stored.

FIG. 9 is an explanatory diagram showing an example of a file content decoding portion of the decoding device B [i] (i = 1,..., N) corresponding to step 12 of FIG. Each part in FIG. 9 will be described.

(1) Input device 801 Input: Index j [1],..., J [u] (Number of file selected as a decoding target from display information) Output: Index j [1],. [U] Based on the information on the display device 708 (see FIG. 8), the result of the user selecting the file is obtained and used in the subsequent processing.

(2) Temporary storage device 802 (same as temporary storage device 707 in FIG. 8) Input: Index j [1],..., J [u] Output: File information M [0], symmetric key DEK, Encrypted data DEK (M [j] ‖SKsA (h (M [j])) corresponding to the file number selected by the input device 801
(J = j [1],..., J [u]) Data necessary for decoding the selected M [j] is transferred to another device.

(3) Decryptor 803 Input: Encrypted data DEK (M [j] @SKsA (h
(M [j]))) (j = j [1],..., J [u]) and symmetric key DEK Output: Body M [j] @SKsA (h (M
[J])) (j = j [1],..., J [u]) (4) Key searcher 805, key DB 806 Input: device name (entered in FIG. 8), request source (key request source Information: Information from the electronic signature separator / verifier 804) Output: Public key key. The signature public key PKsA key DB 806 of the encryption device name A stores the device name and its public key. Based on the input, the secret key / public key is extracted from the key DB 806, a decryption key is generated as necessary, and the decryption key is passed to the request source (digital signature separating / verifying device 804).

The single j appearing thereafter is j [1],.
[U], and possible values are 1 ≦ j ≦ t. Each vessel performs u processes.

(5) Electronic signature separation / verification unit 804 Input: M [j] ‖SKsA (h (M [j])) (j = j
[1],..., J [u]), public key PKsA for signing of encryption device name A Output: file contents M [j] (j = j [1],.
[U]) M [j], SKsA (h (M [j])): Separation of input and digital signature Generation of hash digest h1 = h (M [j]) h2 = h (M [j]) = PKsA (SKsA (h (M
[J]))): Decryption of digital signature SKsA (h (M [j])) Verification of signature (whether h1 = h2 or not) h1 = h2 → OK. Acquire M [j] h1 ≠ h2 → NG. Interrupt or skip the process (process the next encrypted data) (6) File information coupler 807 input: file information M [0] and file content M [j
[1]],... M [j [u]] Output: File F [j [1]],..., F [j [u]] Only the selected file is reconstructed from file information and file contents. I do.

FIG. 10 is an explanatory view showing an example of decryption of the group encrypted file by the decryption device B [i] (i = 1,..., N) corresponding to step 12 in FIG.
1 and 12 are processing flowcharts of the decoding device B [i] (i = 1,..., N) corresponding to step 12 in FIG.

That is, decoding of file information will be described first. As shown in FIG. 8, FIG. 10, and FIG. 11, the encrypted data separator 701 separates the input ciphertext C into encrypted portions and outputs the entire encrypted data DEK (M
[J] ‖SKsA (h (M [j]))) (j = 0,...,
t) and Enc _- A _- B [i] (DEK) (i = 1,...,
n) to obtain the encrypted data DEK (M [j] @SKs
A (h (M [j] ))) (j = 1, ..., t) is stored in the temporary storage device 707, the encrypted data Enc _- A _- B
[I] (DEK) (i = 1,..., N) is a multi-person decoder 7
04 and the encrypted data DEK (M [0] @SKs
A (h (M [0]))) is output to the decoder 705. A plurality of persons decoder 704 key retriever 702, decryption key Dec between requesting the key DB703 encryption apparatus A and the decoding apparatus B [i] _{- A -} searching B [i], obtained, encryption Data E
_{nc - A - B [i]} (DEK) decryption key Dec the _- A _- B
Decryption is performed in [i] to obtain a symmetric key DEK, and the symmetric key DEK is stored in the temporary storage device 707 and output to the decryptor 705. This decryptor 705 outputs the encrypted data D
EK (M [0] ‖SKsA (h (M [0]))) is decrypted with a symmetric key DEK, and M [0] ‖SKsA (h (M (M
[0])) (Electronic signature of M [0] and A) is obtained and output to the electronic signature separation / verification unit 706. The electronic signature separation / verification unit 706 requests the key search unit 702 and the key DB 703 to search and obtain the signature public key PKsA of the encryption device A. The electronic signature separation / verification unit 706 transmits the SKsA (h (M
[0])) (Electronic signature of A) is verified, and if the electronic signature is incorrect (NG), error processing is performed and the processing is interrupted.
On the other hand, if the electronic signature is correct (OK), the file information M
[0] is acquired, and the file information M [0] is stored in the temporary storage device 707 and output to the display device 708. The display device 708 displays and outputs the file information M [0].

Next, the decoding of the file contents will be described. As shown in FIGS. 9, 10 and 12, the input device 801 has an index j [1] which is a file number based on the file information M [0] displayed on the display device 708 (see FIG. 8). , J [u] are selected and input, and the indexes j [1],..., J [u] are output to the temporary storage device 802. This temporary storage device 802 stores the file information M [0] and the encrypted data DEK (M as in the case of the temporary storage device 707 (see FIG. 8).
[J] ‖SKsA (h (M [j]))) (j = 1,...,
t) and the symmetric key DEK are stored, and the file information M [0] is read out and stored in the file information coupler 80.
7 and the encrypted data DEK (M [j] @S
KsA (h (M [j]))) (j = 1,..., T) and the symmetric key DEK are read and input to the decryptor 803. This decryptor 803 outputs the encrypted data DEK (M [j]
‖SKsA (h (M [j]))) (j = 1,..., T) is decrypted with a symmetric key DEK, and M [j] ‖SKsA (h (M
[J])) (Electronic signature of M [j] and A) is obtained and output to the electronic signature separating / verifying device 804. The electronic signature separation / verification unit 804 requests the key search unit 805 and the key DB 806 to search and obtain the signature public key PKsA of the encryption device A. The electronic signature separation / verification unit 804 outputs the SKsA (h
(M [j])) (Electronic signature of A) is verified, and if the electronic signature is incorrect (NG), error processing is performed, and processing is interrupted or skipped and processing for the next M [j] is performed.
On the other hand, if the electronic signature is correct (OK), the file content M
[J] (j = j [1],..., J [u]) are obtained and output to the file information coupler 807. The file information coupler 807 is used to store the file information M [0] and the file content M
From [j] (j = j [1],..., J [u]) to the file F
[J] (j = j [1],..., J [u]) is generated and output.

As shown in FIG. 10, the encrypted symmetric key DEK is the public key (ellipse DH) P of the encryptor A of the sender.
KdA and the recipient's decryption device B [i] (i = 1,...,
n) using the secret key SKdB [i] (i = 1,..., n). The encrypted file information with the electronic signature and the file contents are decrypted with the symmetric key DEK.
Further, the electronic signature is separated and verified from the file information with the electronic signature and the contents of the file with the electronic signature by using the signature public key PKsA of the encryption device A of the sender.

The file encrypted by the sender and the encrypted symmetric key may be recorded on a recording medium and passed to the receiver. Also, at least the public key may be obtained from the authentication server via the communication network or from the authentication organization.

The embodiments of the present invention include the following inventions. (1) An encryption method for distributing a file to one or more recipients by a sender of the file, wherein the step of encrypting the file using a symmetric key; An encryption method using at least the secret key and the recipient's public key, and transmitting the encrypted file and the encrypted symmetric key.

(2) An encryption method for distributing a file to one or more recipients by a sender of the file, wherein the step of encrypting the file using a symmetric key; At least using a sender's private key and a recipient's public key, and recording the encrypted file and the encrypted symmetric key on a recording medium and passing it to the recipient. An encryption method characterized by the following.

(3) The encryption method according to the above (1) or (2), further comprising a step of encrypting the information on the file using a symmetric key. (4) The encryption method according to (3), wherein electronic signature information is added to the file contents and information about the file.

(5) The encryption according to (1), (2), (3) or (42), wherein at least the public key is obtained from an authentication server via a communication network or from an authentication organization. Method.

(6) A decryption method for decrypting an encrypted file and a symmetric key, wherein the encrypted symmetric key transmitted from the sender is combined with the public key of the sender and the recipient. A decryption method using at least a secret key, and a step of decrypting the encrypted file using the decrypted symmetric key.

(7) A decryption method for decrypting an encrypted file and a symmetric key, wherein the encrypted symmetric key transmitted from the sender is combined with the public key of the sender and the recipient. Decrypting the encrypted file using the secret key, decrypting the encrypted file using the decrypted symmetric key, and performing decryption on the receiver side based on information about the decrypted file. A decoding method comprising the step of specifying a file to be processed.

(8) The decryption method according to (6) or (7), wherein at least the public key is obtained from an authentication server via a communication network or from an authentication organization.

(9) Symmetric key generation means for generating a symmetric key, file encryption means for encrypting a file with the symmetric key generated by the symmetric key generation means, and symmetric key generated by the symmetric key generation means Symmetric key encrypting means for encrypting with a private key of a sender and a public key of a receiver, connecting means for linking a symmetric key encrypted by the symmetric key encrypting means and a file encrypted by the file encrypting means An encryption device comprising:

(10) Symmetric key generation means for generating a symmetric key, file encryption means for encrypting a file with the symmetric key generated by the symmetric key generation means, and symmetric key generated by the symmetric key generation means File information encryption means for encrypting information about a file, symmetric key encryption means for encrypting a symmetric key generated by the symmetric key generation means with a sender's private key and a receiver's public key, and the symmetric key An encryption system comprising: a symmetric key encrypted by encryption means; a file encrypted by the file encryption means; and coupling means for coupling information on the file encrypted by the file information encryption means. apparatus.

(11) The encryption according to the above (9) or (10), further comprising an electronic signature means for adding electronic signature information to the file contents and information related to the file with a signature private key of the sender. apparatus.

(12) Encrypted data separating means for separating the encrypted symmetric key and the encrypted file from the encrypted data, and the encrypted symmetric key separated by the encrypted data separating means as the public key of the sender. Symmetric key decryption means for decrypting using the recipient's private key, and using the symmetric key decrypted by the symmetric key decryption means to decrypt the encrypted file separated by the encrypted data separating means. A decoding device comprising: a file decoding unit.

(13) Encrypted data separating means for separating the encrypted symmetric key and the encrypted file with an electronic signature from the encrypted data, and the encrypted symmetric key separated by the encrypted data separating means is transmitted to the sender. Symmetric key decryption means for decrypting using a public key and a recipient's private key, and an encrypted electronic signature separated by the encrypted data separating means using the symmetric key decrypted by the symmetric key decryption means File decryption means for decrypting an attached file, and an electronic signature separation / verification for separating and verifying the electronic signature file decrypted by the file decryption means by using a signature public key of a sender. And a decoding device.

(14) Encrypted data separating means for separating the encrypted symmetric key and information about the encrypted file from the encrypted data and the encrypted file contents, and the encrypted data separated by the encrypted data separating means. A symmetric key decryption means for decrypting the symmetric key using the sender's public key and the recipient's secret key, and separation by the cipher data separation means using the symmetric key decrypted by the symmetric key decryption means File information decryption means for decrypting the encrypted file information,
A decryption apparatus comprising: a file decryption unit that decrypts an encrypted file separated by the encrypted data separation unit using a symmetric key decrypted by the symmetric key decryption unit.

(15) An encrypted data separating means for separating the encrypted symmetric key from the encrypted data, the information on the encrypted file with the electronic signature, and the encrypted file with the electronic signature, and the encrypted data separating means. Symmetric key decryption means for decrypting the separated encrypted symmetric key using the sender's public key and receiver's private key, and the symmetric key decryption using the symmetric key decrypted by the symmetric key decryption means. Information decrypting means relating to a file for decrypting the encrypted electronic signature-attached file information separated by the data separating means, and the encrypted data separated by the encrypted data separating means using the symmetric key decrypted by the symmetric key decrypting means. File decrypting means for decrypting the encrypted electronic signature file, the electronic signature file decrypted by the file decrypting means, and the file information decrypted by the file information decrypting means. A digital signature separating / verifying means for separating and verifying the electronic signature-attached file information by using a sender's signature public key.

(16) The decoding device according to the above (14) or (15), further comprising file selection means for selecting a predetermined file based on the decrypted file information and decrypting the selected file.

(17) A recording medium storing an encryption program for distributing a file to one or more recipients by a sender of the file, wherein the file is encrypted using a symmetric key. Recording an encryption program for executing the procedure of encrypting the symmetric key using the private key of the sender and the public key of the receiver, and the procedure of transmitting the encrypted file and the encrypted symmetric key. Recording medium.

(18) A recording medium storing the encryption program according to (17), wherein a program for executing a procedure for encrypting the information on the file using a symmetric key is recorded.

(19) A recording medium recording the encryption program according to the above (18), wherein a program for adding electronic signature information to the file and the information related to the file is recorded.

(20) The program described in (17), (18) or (19), wherein a program for acquiring at least the public key from an authentication server via a communication network or from an authentication organization is recorded. Recording medium on which the encryption program of the above is recorded.

(21) A recording medium on which is stored a program for decrypting an encrypted file content or information about a file and a symmetric key, wherein the encrypted symmetric key transmitted from the sender is stored in the storage medium. Decrypting using the sender's public key and the recipient's private key, and decrypting the encrypted file content or information related to the file using the decrypted symmetric key. Recording medium on which a decryption program for recording is recorded.

(22) The decoding according to (21), wherein a program for causing a receiver to execute a procedure for designating a file to be decrypted on the basis of the information on the decrypted file is recorded. A recording medium on which a program is recorded.

(23) A decryption program according to the above (21) or (22), characterized by recording a program for obtaining at least the public key from an authentication server via a communication network or from a certification organization. The recording medium on which it was recorded.

(24) A method in which an owner of a file encrypts the file to a plurality of viewers (including the owner), the step of encrypting the file using a symmetric key, Generating an encrypted symmetric key for the number of the plurality of viewers using the owner's private key and the viewer's public key; and all of the encrypted files and the encrypted symmetric keys. At least the step of combining

(25) A method in which the owner of a file encrypts the contents of the file and information about the file to a plurality of viewers (including the owner). Separating the file content and information about the file using a symmetric key; and browsing the symmetric key using the private key of the owner and the public key of the viewer. Generating an encrypted symmetric key for a number of parties,
An encryption method comprising at least a step of combining the encrypted file content, information about the encrypted file, and all the encrypted symmetric keys.

(26) A method in which a file owner encrypts the file to a plurality of viewers (including the owner), wherein the owner manages the information of the viewers by dividing the information into arbitrary groups. Extracting, from the group, information of the viewers belonging to the group, extracting the public key of the viewer from the information of the viewer, and encrypting the file using a symmetric key. Encrypting the symmetric key using the secret key of the owner and the public key of the viewer for the number of the plurality of viewers, and generating the encrypted file. And combining at least all the encrypted symmetric keys.

(27) A method in which a file owner encrypts file contents and information about the file to a plurality of viewers (including the owner), wherein the owner transmits the information of the viewer to an arbitrary Managing the files in groups; extracting information on the viewers belonging to the group from the groups; extracting the public key of the viewers from the information on the viewers; Separating the file content and information about the file using a symmetric key, and separating the file content and the information about the file using a symmetric key, the secret key of the owner and the public key of the viewer Generating an encrypted symmetric key for the number of the plurality of viewers by using the information of the encrypted file contents and the encrypted file. Combining at least all of the encrypted symmetric keys.

(28) A method of decrypting a combination of an encrypted file and all encrypted symmetric keys,
Separating the encrypted file and all of the encrypted symmetric keys from the combination of the encrypted file and all of the encrypted symmetric keys; and using the owner's public key and the viewer's private key. A decryption method comprising at least a step of decrypting the encrypted symmetric key and a step of decrypting the encrypted file using the decrypted symmetric key.

(29) A method for decrypting a combination of an encrypted file content, information on the encrypted file, and all encrypted symmetric keys, wherein the encrypted file content and the encrypted file are decrypted. Separating the encrypted file content, the information about the encrypted file, and all the encrypted symmetric keys from the combined information of the encrypted file and the encrypted symmetric key, and the public key of the owner and the viewer. Decrypting the encrypted symmetric key using the secret key of, and decrypting the encrypted file content and information about the encrypted file using the decrypted symmetric key, Combining at least the decrypted file content and information about the decrypted file to reconstruct the file. Decryption method.

(30) A step of designating a file to be decrypted on the viewer side based on the information on the decrypted file, and a step of designating the decrypted file designated by the decrypted symmetric key. Decrypting a file to be decrypted.

(31) An electronic signature method, comprising: generating an electronic signature of the file using a private key of an owner; and combining the electronic signature with the file.

(32) An electronic signature method, comprising the steps of: generating an electronic signature of the file content using a private key of an owner; and combining the electronic signature with the file content.

(33) generating an electronic signature of the information on the file using the owner's private key;
Combining the electronic signature with the information on the file.

(34) An electronic signature verification method, comprising the steps of: separating an electronic signature from a file; and verifying the electronic signature using a public key of an owner.

(35) An electronic signature verification method, comprising the steps of: separating an electronic signature from file contents; and verifying the electronic signature using a public key of an owner.

(36) An electronic signature verification method, comprising the steps of: separating an electronic signature from information related to a file; and verifying the electronic signature using a public key of an owner.

[0098]

As described above, according to the present invention, a group encryption based on the public key method is performed in the form of one private key held by an individual and one public key released to a certification authority (CA). By realizing, key distribution is safe and simple, and an arbitrary group can be easily created. An encryption method and apparatus, a decryption method and apparatus, a recording medium on which an encryption program is recorded, and decryption A recording medium on which a program is recorded, an electronic signature method, and an electronic signature verification method can be provided.

[Brief description of the drawings]

FIG. 1 is a schematic configuration explanatory view showing an embodiment of the present invention.

FIG. 2 is a flow chart between respective devices when passing through a certification authority according to an embodiment of the present invention.

FIG. 3 is a flow chart between respective devices in the case where no certification authority is used according to an embodiment of the present invention.

FIG. 4 is an explanatory diagram illustrating a configuration of an encryption device according to an embodiment of the present invention.

FIG. 5 is an explanatory diagram showing creation of a group encryption file of the encryption device according to the embodiment of the present invention;

FIG. 6 is a flowchart showing creation of an encrypted file by the encryption device according to the embodiment of the present invention.

FIG. 7 is a flowchart showing the creation of an encrypted symmetric key by the encryption device according to an embodiment of the present invention.

FIG. 8 is a configuration explanatory diagram showing a file information decoding part of the decoding device according to the embodiment of the present invention.

FIG. 9 is a configuration explanatory diagram showing a file content decoding part of the decoding device according to the embodiment of the present invention.

FIG. 10 is an explanatory diagram showing creation of a group decryption file of the decryption device according to the embodiment of the present invention.

FIG. 11 is a flowchart showing a file information decoding part of the decoding device according to the embodiment of the present invention.

FIG. 12 is a flowchart showing a file content decryption part of the decryption device according to one embodiment of the present invention.

[Explanation of symbols]

 101 Sender's encryption device A 102 Recipient's decryption device B [1] 103 Recipient's decryption device B [2] 104 Recipient's decryption device B [3] 105 Certificate authority CA 601 File information separator 602 Group information converter 603 Group information DB 604 Key searcher 605 Key DB 606 Electronic signature generation / concatenation unit 607 Random number generator 608 Encryptor 609 Multi-person encryption unit 610 Encryption data connection unit 701 Encryption data separation unit 702 Key search unit 703 Key DB 704 Multi-Person Decoder 705 Decoder 706 Electronic Signature Separator / Verifier 707 Temporary Storage 708 Display 801 Input Device 802 Temporary Storage 803 Decoder 804 Electronic Signature Separator / Verifier 805 Key Searcher 806 Key DB 807 File Information Linker

Claims (36)

[Claims] An encryption method for a sender of a file to distribute the file to one or more recipients, comprising encrypting the file using a symmetric key; An encryption method comprising: at least encrypting using a private key of a sender and a public key of a receiver; and transmitting the encrypted file and the encrypted symmetric key. 2. An encryption method for distributing a file to one or more recipients by a sender of the file, comprising: encrypting the file using a symmetric key; Encrypting using a sender's private key and a recipient's public key, and at least a step of recording the encrypted file and the encrypted symmetric key on a recording medium and passing it to the recipient. Characteristic encryption method. 3. The encryption method according to claim 1, further comprising a step of encrypting the information on the file using a symmetric key. 4. The encryption method according to claim 3, wherein electronic signature information is added to the file contents and the information on the file. 5. The encryption method according to claim 1, wherein at least the public key is obtained from an authentication server via a communication network or from an authentication organization. 6. A decryption method for decrypting an encrypted file and a symmetric key, comprising: transmitting the encrypted symmetric key transmitted from the sender to a public key of the sender; A decryption method comprising at least a step of decrypting using a secret key, and a step of decrypting the encrypted file using the decrypted symmetric key. 7. A decryption method for decrypting an encrypted file and a symmetric key, comprising: transmitting the encrypted symmetric key transmitted from the sender to a public key of the sender; Decrypting using the secret key; decrypting the encrypted file using the decrypted symmetric key; and decrypting on the receiver side based on information about the decrypted file. A decoding method comprising the step of specifying a file. 8. The decryption method according to claim 6, wherein at least the public key is obtained from an authentication server via a communication network or from an authentication organization. 9. A symmetric key generating means for generating a symmetric key, a file encrypting means for encrypting a file with the symmetric key generated by the symmetric key generating means, and transmitting the symmetric key generated by the symmetric key generating means. Symmetric key encryption means for encrypting with the recipient's private key and the recipient's public key, and coupling means for coupling the symmetric key encrypted by the symmetric key encryption means and the file encrypted by the file encryption means. An encryption device comprising: 10. A symmetric key generation means for generating a symmetric key, a file encryption means for encrypting a file with the symmetric key generated by the symmetric key generation means, and a file generated by the symmetric key generated by the symmetric key generation means. File information encrypting means for encrypting information relating to the symmetric key, symmetric key encrypting means for encrypting the symmetric key generated by the symmetric key generating means with a sender's private key and a receiver's public key, A symmetric key encrypted by encrypting means, a file encrypted by the file encrypting means, and linking means for linking information on the file encrypted by the file information encrypting means. . 11. An electronic signature means for adding electronic signature information to a file content and information related to the file with a signature private key of a sender.
0. The encryption device according to 0. 12. An encrypted data separating means for separating an encrypted symmetric key and an encrypted file from the encrypted data, and receiving the encrypted symmetric key separated by the encrypted data separating means as a public key of a sender. Symmetric key decryption means for decrypting using the private key of the third party, and a file for decrypting the encrypted file separated by the encrypted data separating means using the symmetric key decrypted by the symmetric key decryption means A decoding device, comprising: decoding means. 13. An encrypted data separating means for separating an encrypted symmetric key and an encrypted file with an electronic signature from encrypted data, and a sender publishing the encrypted symmetric key separated by the encrypted data separating means. Symmetric key decryption means for decrypting using the key and the recipient's secret key; and an encrypted electronic signature separated by the encrypted data separating means using the symmetric key decrypted by the symmetric key decryption means. File decryption means for decrypting a file, and electronic signature separation / verification means for separating and verifying the electronic signature file decrypted by the file decryption means using the signature public key of the sender A decoding device comprising: 14. An encrypted data separating means for separating an encrypted symmetric key, information on an encrypted file and encrypted file contents from encrypted data, and an encryption symmetrical data separated by the encrypted data separating means. A symmetric key decrypting means for decrypting the key using the sender's public key and the recipient's secret key; and a symmetric key decrypted by the symmetric key decrypting means using the symmetric key decrypted by the symmetric key decrypting means. File information decrypting means for decrypting encrypted file information, and file decryption for decrypting the encrypted file separated by the encrypted data separating means using the symmetric key decrypted by the symmetric key decrypting means. And a decoding unit. 15. An encrypted data separating unit that separates an encrypted symmetric key from encrypted data, information on an encrypted file with an electronic signature, and an encrypted file with an electronic signature, and the encrypted data separating unit. Symmetric key decryption means for decrypting the encrypted symmetric key using the public key of the sender and the private key of the receiver; and the cipher data using the symmetric key decrypted by the symmetric key decryption means. An information decryption unit for decrypting the information on the file with the encrypted electronic signature separated by the separation unit; and a symmetric key decrypted by the symmetric key decryption unit. File decryption means for decrypting the encrypted electronic signature file, and the electronic signature file decrypted by the file decryption means and the file information decryption means. Decoding apparatus characterized by comprising an electronic signature separation and verification means for verifying by separating the electronic signature using the sender's signature public key of the electronic signature attached file information. 16. The decoding apparatus according to claim 14, further comprising a file selection unit that selects a predetermined file based on the decoded file information and decodes the selected file. 17. A recording medium on which an encryption program for distributing a file to one or more receivers by a sender of the file is recorded, wherein the file is encrypted using a symmetric key, A procedure for encrypting the symmetric key using a sender's private key and a recipient's public key, and recording an encrypted program for executing the procedure for transmitting the encrypted file and the encrypted symmetric key. recoding media. 18. The recording medium according to claim 17, wherein a program for executing a procedure for encrypting the information on the file using a symmetric key is recorded. 19. The recording medium according to claim 18, wherein a program for adding electronic signature information to the file and information related to the file is recorded. 20. A program for obtaining at least the public key from an authentication server via a communication network or from a certification authority.
A recording medium on which the encryption program according to 7, 18 or 19 is recorded. 21. A recording medium recording an encrypted file content or a file-related information and a program for decrypting a symmetric key, wherein the encrypted symmetric key transmitted from the sender is stored in the storage medium. Decrypting using the sender's public key and the recipient's private key, and using the decrypted symmetric key to decrypt the encrypted file contents or information about the file. Recording medium on which the decryption program of the above is recorded. 22. The decoding program according to claim 21, wherein a program for executing a procedure for designating a file to be decrypted on the receiver side based on the information on the decrypted file is recorded. The recording medium on which it was recorded. 23. A program for recording at least the public key from an authentication server via a communication network or from a certification authority.
23. A recording medium on which the decryption program according to 1 or 22 is recorded. 24. A method wherein the owner of a file encrypts the file to a plurality of viewers (including the owner), the method comprising: encrypting the file using a symmetric key; Generating an encrypted symmetric key for the number of the plurality of viewers using the private key of the owner and the public key of the viewer; And at least a combining step. 25. A method in which the owner of a file encrypts the contents of the file and information about the file to a plurality of viewers (including the owner), the method comprising: Separating, using a symmetric key, encrypting the file contents and information about the file; and using the symmetric key with the owner's private key and the viewer's public key to access the plurality of viewers. Generating an encrypted symmetric key for a number of times, and combining all of the encrypted symmetric key with information on the encrypted file content, information on the encrypted file, and the like. Encryption method. 26. A method in which an owner of a file encrypts the file to a plurality of viewers (including the owner), wherein the owner manages the information of the viewers in an arbitrary group. Extracting, from the group, information of viewers belonging to the group; extracting the public key of the viewer from the information of the viewer; encrypting the file using a symmetric key Generating the symmetric key using the secret key of the owner and the public key of the viewer to generate encrypted symmetric keys for the number of the plurality of viewers. Combining at least all the encrypted symmetric keys. 27. A method in which a file owner encrypts file contents and information about the file to a plurality of viewers (including the owner), wherein the owner transfers the information of the viewer to an arbitrary group. Managing the file; extracting information of a viewer belonging to the group from the group; extracting a public key of the viewer from the information of the viewer; and storing the file in the file. Separating the content and information about the file using a symmetric key; encrypting the file content and the information about the file using a symmetric key; Generating encrypted symmetric keys for the number of the plurality of viewers using the encrypted file content, information about the encrypted file, and information about the encrypted file. Encryption method characterized by having at least a step of binding a pre symmetric key all-coding. 28. A method for decrypting a combination of an encrypted file and all of the encrypted symmetric keys, the method comprising: combining the encrypted file and all of the encrypted symmetric keys with each other; Separating the encrypted symmetric key using the public key of the owner and the private key of the viewer, and separating the encrypted symmetric key from the file. Decrypting the encrypted file by using the method. 29. A method for decrypting a combination of an encrypted file content, information on an encrypted file, and all encrypted symmetric keys, wherein the encrypted file content and the encrypted file are decrypted. Separating the encrypted file content, the information about the encrypted file and all the encrypted symmetric keys from the combined information and all the encrypted symmetric keys; and Decrypting the encrypted symmetric key using a secret key; decrypting the encrypted file content and information about the encrypted file using the decrypted symmetric key; A decoding step of combining the decrypted file contents with information on the decrypted file to reconstruct the file. Method of. 30. A step of designating a file to be decrypted on the viewer side on the basis of information on the decrypted file; and Decoding a power file. 31. An electronic signature method, comprising: generating an electronic signature of the file using a private key of an owner; and combining the electronic signature with the file. 32. An electronic signature method, comprising: generating an electronic signature of the file content using a private key of an owner; and combining the electronic signature with the file content. 33. An electronic signature method, comprising: generating an electronic signature of information on the file using a private key of an owner; and combining the electronic signature with the information on the file. 34. A digital signature verification method, comprising: separating an electronic signature from a file; and verifying the electronic signature using a public key of an owner. 35. A method for verifying an electronic signature, comprising the steps of: separating an electronic signature from file contents; and verifying the electronic signature using a public key of an owner. 36. A method for verifying an electronic signature, comprising: separating an electronic signature from information about a file; and verifying the electronic signature using a public key of an owner.