CN103326863A - Signing method of electronic signing tool - Google Patents
Signing method of electronic signing tool Download PDFInfo
- Publication number
- CN103326863A CN103326863A CN2013102514132A CN201310251413A CN103326863A CN 103326863 A CN103326863 A CN 103326863A CN 2013102514132 A CN2013102514132 A CN 2013102514132A CN 201310251413 A CN201310251413 A CN 201310251413A CN 103326863 A CN103326863 A CN 103326863A
- Authority
- CN
- China
- Prior art keywords
- algorithm
- signature
- execution
- data
- hash
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 238000004364 calculation method Methods 0.000 claims abstract description 66
- 230000004044 response Effects 0.000 claims description 30
- 238000004458 analytical method Methods 0.000 claims description 17
- 101100217298 Mus musculus Aspm gene Proteins 0.000 claims description 15
- 239000003550 marker Substances 0.000 claims description 15
- 239000004973 liquid crystal related substance Substances 0.000 claims description 9
- 238000007689 inspection Methods 0.000 claims description 3
- 230000006870 function Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 230000004069 differentiation Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a signing method of an electronic signing tool and belongs to the field of information safety. The signing method of the electronic signing tool comprises the steps that electrified initialization is conducted on a device, when an order sent by an upper computer is received, order processing is executed, and when a key is detected, key processing is executed; the order processing comprises the execution of a first signing Hash order, the execution of a second signing Hash order, the setting of a signing mark, the calculation of the execution of the signing order, the direct calculation of a signature according to the set of the signing mark, or the pressing of keys of display or non-display, the acquisition of the execution of a singing result order and the return of a signing result to the upper computer. The key processing comprises that when an enter key is pressed, the signature is calculated and when a cancel key is pressed, the signature is cancelled. According to the signing method of the electronic signing tool, the operation of drive software updating in a client side of a user is omitted and when a product is updated, convenience is brought for the user.
Description
Technical field
The invention belongs to information security field, relate in particular to a kind of endorsement method of electric signing tools.
Background technology
At present, the application of electric signing tools is more and more extensive, and particularly in financial industry, for the fail safe that guarantees to conclude the business, the user of Web bank uses electric signing tools (such as USBKey) more and more, as the means of authentication and transaction authentication.
The raising that the product safety performance is required along with the progress of technology and user, the kind of electric signing tools is also more and more, as now widely used electric signing tools the USBKey that is not with liquid crystal display screen and button is arranged, with the differentiations such as USBKey of liquid crystal display screen and button.Because the Signature Schemes Design of dissimilar USBKey is different, so for the user, use dissimilar USBKey to install or upgrade drive software for this USBKey product in client.Update along with product, the troublesome operation of installation or renewal drive software has reduced user's experience, for this reason, how accomplishing the signature scheme that new generation product can compatible old product, is present urgent problem so that need to not upgrade drive software in client when the user uses new generation product.
Summary of the invention
In order to solve the problems of the technologies described above, the present invention proposes a kind of endorsement method of electric signing tools.
The technical solution used in the present invention is as follows:
A kind of endorsement method of electric signing tools comprises:
Step S1: device power initialization;
Step S2: described equipment is waited for receiving under the host computer and is sent instructions, and carries out button and detect;
Execution in step S3 when described equipment receives the instruction that host computer issues, execution in step S17 when described equipment Inspection is pressed to button; Otherwise continue execution in step S2;
Step S3: judge the type of the described instruction receive, if the first signature Hash instruction execution in step S4 then; If the second signature Hash instruction is execution in step S6 then; If the compute signature instruction is execution in step S9 then, if obtain then execution in step S15 of signature result command; If other instructions are then carried out other command adapted thereto operations and returned other respective response data to host computer, then return step S2;
Step S4: judge whether the data length that comprises in described the first signature Hash instruction and the length of the first signature algorithm mate, then the data of data field in described the first signature Hash instruction to be saved in the first buffer area, the sign of will signing is set to the first preset value, execution in step S5; Otherwise direct execution in step S5;
Step S5: return the first response data to host computer, then return step S2;
Step S6: the data to data field in described the second signature Hash instruction are resolved, and judge whether successfully resolved, are then analysis result to be saved in the display buffer district, and the sign of will signing is set to the 3rd preset value, execution in step S7; Otherwise the sign of will signing is set to the second preset value, execution in step S7;
Step S7: according to the assignment algorithm of the second signature algorithm director data is carried out Hash calculation and obtain Hash result, described Hash result is saved in the second buffer area, then execution in step S8;
Step S8: return the second response data to host computer, then return step S2;
Step S9: judge the signature sign, if the first preset value execution in step S10 then, if the second preset value execution in step S12 then, if the 3rd preset value execution in step S13 then;
Step S10: the type of judging described the first signature algorithm, if the first kind is then according to the assignment algorithm of the first signature algorithm data stuffing to described the first buffer area, and with described the first buffer area of Data Update after filling, if execution in step S11 is Second Type direct execution in step S11 then;
Step S11: generate the signature result and be saved in signature result cache district, set signature effective marker, execution in step S14 with the data compute signature of described the first signature algorithm to described the first buffer area;
Step S12: set allows button sign, execution in step S14;
Step S13: set allows the button sign, shows the data in described display buffer district by liquid crystal display screen, execution in step S14;
Step S14: return the 3rd response data to host computer, then return step S2;
Step S15: judging the whether set of signature effective marker, is then to obtain the signature result from signature result cache district, empties signature result cache district, the initialization signature sign, and then execution in step S16 returns step S2 otherwise return mistake to host computer;
Step S16: return the signature result data to host computer, then return step S2;
Step S17: judge allowing the whether set of button sign, is execution in step S18 then, then returns step S2 otherwise return mistake to host computer;
Step S18: the type of judging described the second signature algorithm, if the first kind is then filled the Hash result of described the second buffer area according to the assignment algorithm of the second signature algorithm, and with Data Update the second buffer area after filling, if execution in step S19 is Second Type direct execution in step S19 then;
Step S19: judge push-button type, if acknowledgement key execution in step S20 then, if cancel key execution in step S21 then;
Step S20: generate the signature result and be saved in signature result cache district, set signature effective marker with the data compute signature of described the second signature algorithm to described the second buffer area;
Step S21: resetting allows button sign, then execution in step S22;
Step S22: return the key response data to host computer, then return step S2.
The described device power initialization of step S1 comprises: device power, and the initialization signature sign, initialization the first buffer area, the second buffer area, signature result cache district and display buffer district, signature effective marker and permission button sign reset.
The type of the described instruction that the described judgement of step S3 receives is specially the type of judging described instruction according to the value of front four bytes of described instruction.
When described other instructions are when the signature algorithm instruction is set, other command adapted theretos operations of described execution comprise: the first signature algorithm and assignment algorithm thereof are set, the second signature algorithm and assignment algorithm thereof are set, determine to specify key pair.
Above-mentioned steps S6-step S8 can be specially:
Step 1-1: judge the type of the second signature algorithm, if first kind execution in step 1-2 then, if Second Type execution in step 1-3 then;
Step 1-2: the data to data field in described the second signature Hash instruction are resolved, judge whether successfully resolved, then analysis result to be saved in the display buffer district, the sign of will signing is set to the 3rd preset value, the data of data field are carried out Hash calculation according to the first algorithm obtain Hash result, then execution in step 1-4; Otherwise the sign of will signing is set to the second preset value, the data of data field is carried out Hash calculation according to the second algorithm obtain Hash result, then execution in step 1-4;
Step 1-3: the data to data field in described the second signature Hash instruction are resolved, judge whether successfully resolved, then analysis result to be saved in the display buffer district, the sign of will signing is set to the 3rd preset value, read user ID 1 from internal memory, the data of user ID 1 and data field are carried out Hash calculation according to algorithm obtain Hash result, then execution in step 1-4; Otherwise the sign of will signing is set to the second preset value, reads user ID 2 from internal memory, the data of user ID 2 and data field is carried out Hash calculation according to algorithm obtain Hash result, then execution in step 1-4;
Step 1-4: Hash result is saved in the second buffer area, returns the second response data to host computer.
Above-mentioned steps S6-step S8 can also be specially:
Step 2-1: judge the type of the second signature algorithm, if first kind execution in step 2-2 then, if Second Type execution in step 2-3 then;
Step 2-2: the data to data field in described the second signature Hash instruction are resolved, judge whether successfully resolved, then analysis result to be saved in the display buffer district, the sign of will signing is set to the 3rd preset value, the data of data field are carried out Hash calculation according to the first algorithm obtain the first cryptographic Hash, described the second signature Hash instruction is carried out Hash calculation according to the first algorithm obtain the second cryptographic Hash, described the first cryptographic Hash and described the second cryptographic Hash are sequentially spliced as Hash result, then execution in step 2-4; Otherwise the sign of will signing is set to the second preset value, the data of data field is carried out Hash calculation according to the second algorithm obtain Hash result, then execution in step 2-4;
Step 2-3: the data to data field in described the second signature Hash instruction are resolved, judge whether successfully resolved, then analysis result to be saved in the display buffer district, the sign of will signing is set to the 3rd preset value, read user ID 1 from internal memory, the data of user ID 1 and data field are carried out Hash calculation according to algorithm obtain Hash result, then execution in step 2-4; Otherwise the sign of will signing is set to the second preset value, reads user ID 2 from internal memory, the data of user ID 2 and data field is carried out Hash calculation according to algorithm obtain Hash result, then execution in step 2-4;
Step 2-4: Hash result is saved in the second buffer area, returns the second response data to host computer.
The above-mentioned first kind refers to RSA Algorithm, and described Second Type refers to the SM2 algorithm, and described the first algorithm is the MD5 algorithm, and described the second algorithm is the SHA1 algorithm, and described algorithm is the SM3 algorithm.
Above-mentionedly read user ID 1 from internal memory, the data of user ID 1 and data field are carried out Hash calculation according to algorithm to be obtained Hash result and is specially: 1) read from internal memory and specify the right PKI of key, 2) calculate the initial value of described SM3 algorithm with described PKI and described user ID 1,3) known described initial value calculates a Hash Value as Hash result according to the SM3 algorithm to the data of data field;
Describedly read user ID 2 from internal memory, the data of user ID 2 and data field are carried out Hash calculation according to algorithm to be obtained Hash result and is specially: 1) read from internal memory and specify the right PKI of key, 2) calculate the initial value of described SM3 algorithm with described PKI and described user ID 2,3) known described initial value calculates a Hash Value as Hash result according to the SM3 algorithm to the data of data field.
The described assignment algorithm according to the first signature algorithm of step S10 is to the data stuffing of described the first buffer area, and be specially with described the first buffer area of Data Update after filling: the assignment algorithm with described the first signature algorithm calculates the data of described the first buffer area, obtain the first result of calculation, the first preset characters string, the second preset characters string and described the first result of calculation sequentially spliced obtain the second result of calculation, upgrade the data of described the first buffer area with described the second result of calculation.
The described assignment algorithm according to the second signature algorithm of step S18 is filled the Hash result of described the second buffer area, and be specially with Data Update the second buffer area after filling: the assignment algorithm with described the second signature algorithm calculates the Hash result of the second buffer area, obtain the 3rd result of calculation, the first preset characters string, the second preset characters string and the 3rd result of calculation sequentially spliced obtain the 4th result of calculation, upgrade the data of described the second buffer area with described the 4th result of calculation.
The described sign of will signing of step S6 is set to the second preset value, and execution in step S7 can replace with: the sign of will signing is set to the second preset value, returns mistake to host computer and then returns step S2.
Described step S19 also comprises: if up/down is turned over key, then show data by the page turning of liquid crystal display screen up/down, return the key response data to host computer and then return step S2.
The invention has the beneficial effects as follows: adopt the endorsement method of the electric signing tools of the present invention's proposition, can save the user upgrades drive software in client operation, the use for the user when model change provides convenient.
Description of drawings
Fig. 1 is the endorsement method flow chart of a kind of electric signing tools of providing of the embodiment of the invention 1;
Fig. 2 is to the refinement flow chart of the step 108-113 of Fig. 1 among the embodiment 1.
Fig. 3 is to the refinement flow chart of the step 108-113 of Fig. 1 among the embodiment 2.
Embodiment
The below describes embodiments of the invention in detail, and the example of described embodiment is shown in the drawings, and wherein same or similar label represents same or similar element or the element with identical or similar functions from start to finish.Be exemplary below by the embodiment that is described with reference to the drawings, only be used for explaining the present invention, and can not be interpreted as limitation of the present invention.In description of the invention, it will be appreciated that, term " first ", " second " etc. only are used for describing purpose, and can not be interpreted as indication or hint relative importance.And the scope of preferred implementation of the present invention comprises other realization, wherein can be not according to order shown or that discuss, comprise according to related function by the mode of basic while or by opposite order, carry out function, this should be understood by the embodiments of the invention person of ordinary skill in the field.
Embodiment 1
Be illustrated in figure 1 as the flow chart of the endorsement method of a kind of electric signing tools that the present invention proposes, wherein, the operating main body of described method is electric signing tools, below refers to this electric signing tools with equipment, and the method comprises:
Step 101: the device power initialization, wait for receiving under the host computer sending instructions;
Particularly, the device power initialization comprises: device power, and the initialization signature sign, initialization the first buffer area, the second buffer area, signature result cache district and display buffer district, signature effective marker and permission button sign reset.
Preferably, the initialization signature sign is that the initial value with signature sign is set to zero, and the signature effective marker that resets is that signature effective marker is set to zero, reset allow the button sign be permission button sign is set to zero.Preferred in the present embodiment, described equipment is according to the different endorsement method of the different employings of value of signature sign, for example, the endorsement method that signature adopts when being masked as the first preset value is that data to be signed that equipment interconnection is received are directly signed and generated the signature result, the endorsement method that signature adopts when being masked as the second preset value be through the user data to be signed are carried out button confirm after equipment sign and generate the signature result, the endorsement method that signature adopts when being masked as the 3rd preset value is that equipment is resolved data to be signed and by liquid crystal display screen demonstration analysis result, equipment is signed and generated the signature result through the user carries out the button affirmation to analysis result after.The effective marker of will signing when equipment generation that and if only if is signed as a result is set to 1.
Step 102: judging whether to receive instruction, is execution in step 103 then, otherwise execution in step 126;
Preferably, step 102 and 126 is that then this step can replace with: equipment is waited for receiving under the host computer and sent instructions, and carries out button and detect without execution sequence successively;
Execution in step 103 when described equipment receives the instruction that host computer issues, execution in step 127 when described equipment Inspection is pressed to button.
Step 103: decision instruction type; If the first signature Hash instruction is execution in step 104 then; If the second signature Hash instruction is execution in step 108 then; If the compute signature instruction is execution in step 114 then, if obtain then execution in step 123 of signature result command; If other instructions are execution in step 136 then;
Particularly, judge the type of the instruction of receiving according to the command header that comprises in the instruction in the present embodiment; Particularly, front four bytes of described instruction are command header.
Preferred in the present embodiment, be the first signature Hash instruction if front four bytes of the instruction of receiving are 90 81 described instructions of 00 2A; Be the second signature Hash instruction if front four bytes of the instruction of receiving are 90 80 described instructions of 00 2A; If front four bytes of the instruction of receiving are that 00 described instruction of 00 2A 9E is the compute signature instruction; If front four bytes of the instruction of receiving are that 00 38 00 00 described instructions are for obtaining signature result command; If front four bytes of the instruction of receiving for other values then described instruction be other instructions.
Described other instructions comprise the signature algorithm instruction are set, for example, if front four bytes of the instruction of receiving are that 90 78 described instructions of 00 2A are for arranging the signature algorithm instruction.
Step 104: judging whether the data length that comprises in the first signature Hash instruction and the length of the first signature algorithm mate, is execution in step 105 then, otherwise execution in step 107;
Particularly, described data length equals the value of the 5th byte of described instruction in the present embodiment.
Step 105: the data of data field in the first signature Hash instruction are saved in the first buffer area;
Particularly, the data after the 5th byte of described instruction are saved in the first buffer area in the present embodiment.
Preferably, before step 105, can also comprise: the length of judging the data in the data field whether with the described data length coupling of step 104, be execution in step 105 then, then return step 102 otherwise return mistake to host computer.
Step 106: the sign of will signing is set to the first preset value;
Step 107: return the first response data to host computer, then return step 102;
Particularly, the first response data of returning to host computer is that presentation directives runs succeeded or failed response data, for example, returns 9000 presentation directiveses to host computer and runs succeeded, and returns 0000 presentation directives to host computer and carries out unsuccessfully in the present embodiment.
Step 108: the data to data field in the second signature Hash instruction are resolved, and judge whether successfully resolved, are execution in step 109 then, otherwise execution in step 110;
Preferred in the present embodiment, can also comprise before this step: judging whether second the sign data format in Hash director data territory is correct, is correct format execution in step 108 then, otherwise format error execution in step 110.For example: whether the data of judging data field meet the XML message format, are correct formats then, otherwise format error.
Step 109: analysis result is saved in the display buffer district, and the sign of will signing is set to the 3rd preset value, execution in step 111;
Step 110: the sign of will signing is set to the second preset value, execution in step 111;
Further, this step can also for: will sign the sign be set to the second preset value, return mistake to host computer and then return step 102.
Step 111: the assignment algorithm according to the second signature algorithm carries out Hash calculation to the data of data field;
The second signature algorithm described in the present embodiment comprises RSA Algorithm and SM2 algorithm; Preferably, RSA Algorithm is divided into first kind algorithm, the SM2 algorithm is divided into the Second Type algorithm, wherein the assignment algorithm of RSA Algorithm is the first algorithm or the second algorithm, and the assignment algorithm of SM2 algorithm is algorithm.
Step 112: Hash result is saved in the second buffer area, and then execution in step 113;
Step 113: return the second response data to host computer, then return step 102;
Particularly, the second response data of returning to host computer is that presentation directives runs succeeded or failed response data, for example, returns 9000 presentation directiveses to host computer and runs succeeded, and returns 0000 presentation directives to host computer and carries out unsuccessfully in the present embodiment.
Above-mentioned steps 108-113 can be specially 1-1 to 1-13 shown in Figure 2, and is as follows:
Step 1-1: judge the second signature algorithm type, if first kind execution in step 1-2 then, if Second Type execution in step 1-7 then;
Step 1-2: the data to data field in the second signature Hash instruction are resolved, and judge whether successfully resolved, are execution in step 1-3 then, otherwise execution in step 1-5;
Step 1-3: analysis result is saved in the display buffer district, and the sign of will signing is set to the 3rd preset value;
Step 1-4: the data to data field are carried out Hash calculation according to the first algorithm, then execution in step 1-12;
Preferred in the present embodiment, the first algorithm adopts the MD5 algorithm.
Step 1-5: the sign of will signing is set to the second preset value;
Step 1-6: the data to data field are carried out Hash calculation according to the second algorithm, then execution in step 1-12;
Preferred in the present embodiment, the second algorithm adopts the SHA1 algorithm.
Step 1-7: the data to data field in the second signature Hash instruction are resolved, and judge whether successfully resolved, are execution in step 1-8 then, otherwise execution in step 1-10;
Step 1-8: analysis result is saved in the display buffer district, and the sign of will signing is set to the 3rd preset value;
Step 1-9: read user ID 1 from internal memory, the data of user ID 1 and data field are carried out Hash calculation according to algorithm, then execution in step 1-12;
Concrete in the present embodiment, algorithm adopts the SM3 algorithm, the data of user ID 1 and data field are carried out Hash calculation according to algorithm to be specially: 1) read from internal memory and specify the right PKI of key, 2) calculate the initial value of SM3 algorithm with PKI and ID1; 3) known initial value calculates a Hash Value as Hash result according to the SM3 algorithm to the data of data field.
For example: read and specify the right PKI of key to be: length is the string of binary characters of 65 bytes, and wherein first byte is 04;
The user ID 1 that reads is: length is the string of binary characters of 16 bytes;
The initial value of the SM3 algorithm that calculates with PKI and ID1 is that length is the string of binary characters of 32 bytes;
The data of data field are:
According to the SM3 algorithm to the above-mentioned message data Hash Value that to calculate a length be 32 bytes as Hash result.
Step 1-10: the sign of will signing is set to the second preset value;
Step 1-11: read user ID 2 from internal memory, the data of user ID 2 and data field are carried out Hash calculation according to algorithm, then execution in step 1-12;
Concrete in the present embodiment, algorithm adopts the SM3 algorithm, the data of user ID 2 and data field are carried out Hash calculation according to algorithm to be specially: 1) read from internal memory and specify the right PKI of key, 2) calculate the initial value of SM3 algorithm with PKI and ID2; 3) known initial value calculates a Hash Value as Hash result according to the SM3 algorithm to the data of data field.
Step 1-12: Hash result is saved in the second buffer area;
Step 1-13: return the second response data to host computer.
Step 114: judge the signature sign, if the first preset value execution in step 115 then, if the second preset value execution in step 119 then, if the 3rd preset value execution in step 120 then;
Step 115: judge the type of the first signature algorithm, if first kind execution in step 116 then, if Second Type execution in step 117 then;
The first signature algorithm described in the present embodiment comprises RSA Algorithm and SM2 algorithm; Preferably, RSA Algorithm is divided into first kind algorithm, the SM2 algorithm is divided into the Second Type algorithm, wherein the assignment algorithm of RSA Algorithm is the first algorithm or the second algorithm, and the assignment algorithm of SM2 algorithm is algorithm.Preferred the first algorithm is the MD5 algorithm, and the second algorithm is the SHA1 algorithm, and algorithm is the SM3 algorithm.
Step 116: according to the assignment algorithm of the first signature algorithm data stuffing to the first buffer area, and with the data of Data Update the first buffer area after filling;
Particularly, if the assignment algorithm of the first signature algorithm is the SHA1 algorithm, then this step is specially in the present embodiment:
Step 116-1: with the SHA1 algorithm data of the first buffer area are calculated, obtained the first result of calculation;
Step 116-2: with the first preset characters string 00 01 FF ... FF 00, the second preset characters string 30 21 30 09 06 05 2b 0e 03 02 1a 05 00 04 14, the first result of calculation are sequentially spliced and are obtained the second result of calculation, upgrade the data of the first buffer area with the second result of calculation.
Wherein the number of FF equals SHA1 algorithm length and deducts 18 and deduct the first result of calculation length again in the first preset characters string, and wherein 18 is that number according to non-FF in the first preset characters string adds the second preset characters string length and obtains.
For example, SHA1 algorithm length is 128 bytes, and then the number of FF equals 128-18-20=90 in the first preset characters string.
When the assignment algorithm of the first signature algorithm was the MD5 algorithm, the detailed process principle of this step was identical, and only above-mentioned the first preset characters string and the second character string can be different.
Step 117: generate the signature result and be saved in signature result cache district with the data signature of the first signature algorithm to the first buffer area;
Preferred in the present embodiment, this step adopts RSA Algorithm that the data signature of the first buffer area is generated the signature result and is saved in signature result cache district.
Step 118: set signature effective marker, execution in step 122;
Step 119: set allows button sign, execution in step 122;
Step 120: set allows button sign, execution in step 121;
Step 121: the data communication device in display buffer district is crossed liquid crystal display screen show;
Step 122: return the 3rd response data to host computer, then return step 102;
Particularly, the 3rd response data of returning to host computer is that presentation directives runs succeeded or failed response data, for example, returns 9000 presentation directiveses to host computer and runs succeeded, and returns 0000 presentation directives to host computer and carries out unsuccessfully in the present embodiment.
Step 123: judge the whether set of signature effective marker, be execution in step 124 then, otherwise return mistake and return step 102 to host computer;
Step 124: the district obtains the signature result from the signature result cache, empties signature result cache district, the initialization signature sign;
Step 125: return the signature result data to host computer, then return step 102;
Step 126: judge whether to have detected button and press, be execution in step 127 then, otherwise return execution in step 102;
Further can also comprise in step 126: judge whether in Preset Time, to have detected button and press, be execution in step 127 then, otherwise return the button time-out information and return execution in step 102 to host computer; Described Preset Time is preferably 20 seconds.
Step 127: judge to allow the whether set of button sign, be execution in step 128 then, otherwise return mistake and return step 102 to host computer;
Step 128: judge the second signature algorithm type, if first kind execution in step 129, if Second Type execution in step 130;
Step 129: according to the assignment algorithm of the second signature algorithm the Hash result of the second buffer area is filled, and with Data Update the second buffer area after the filling;
Particularly, the assignment algorithm of described the second signature algorithm is SHA1 algorithm or MD5 algorithm in the present embodiment, and for example: when assignment algorithm was the SHA1 algorithm, this step was specially:
Step 129-1: with the SHA1 algorithm Hash result of the second buffer area is calculated, obtained the 3rd result of calculation;
Step 129-2: with the first preset characters string 00 01 FF ... FF 00, the second preset characters string 30 21 30 09 06 05 2b 0e 03 02 1a 05 00 04 14, the 3rd result of calculation are sequentially spliced and are obtained the 4th result of calculation, upgrade the data of the second buffer area with the 4th result of calculation.
Wherein the number of FF equals SHA1 algorithm length and deducts 18 and deduct the first result of calculation length again in the first preset characters string, and wherein 18 is that number according to non-FF in the first preset characters string adds the second preset characters string length and obtains.
For example, SHA1 algorithm length is 128 bytes, and then the number of FF equals 128-18-20=90 in the first preset characters string.
When the assignment algorithm of the second signature algorithm was the MD5 algorithm, the detailed process principle of this step was identical, and only above-mentioned the first preset characters string and the second character string can be different.
Step 130: judge push-button type, if acknowledgement key execution in step 131 then, if cancel key execution in step 133 then, if up/down is turned over then execution in step 134 of key;
Further, can not comprise also that according to the equipment of user's particular demands design up/down turns over key, only contain acknowledgement key and cancel key and just can realize the basic function demand.
Further, if it is that the signature sign is that the signature of the second preset value or the sign of signing are the signatures of the 3rd preset value that acknowledgement key can also be distinguished by the control LCDs, for example, when push-button type is that acknowledgement key and signature sign can increase the complete bright prompting of LCDs when being the 3rd preset value, can strengthen user's experience like this.
Step 131: generate the signature result and be saved in signature result cache district with the data signature of the second signature algorithm to the second buffer area;
Step 132: set signature effective marker;
Step 133: resetting allows the button sign, and then execution in step 135;
Step 134: show data by the page turning of liquid crystal display screen up/down;
Further, this step also comprises: whether the data of judging the display buffer district all show finishes, and is execution in step 135 then, otherwise continues to show data by the up/down page turning.
Step 135: return the key response data to host computer, return step 102.
Particularly, described key response data comprise signature result and conditional code.
Step 136: carry out other command adapted thereto operations;
Concrete in the present embodiment, when other instructions are when the signature algorithm instruction is set, the operation of the command adapted thereto of execution comprises: the first or second signature algorithm and assignment algorithm thereof is set, determines to specify key pair according to instruction; Concrete, RSA Algorithm that the second signature algorithm is the first kind or the SM2 algorithm of Second Type are set, the assignment algorithm of determining RSA Algorithm is SHA1 algorithm or MD5 algorithm, the assignment algorithm of determining the SM2 algorithm is the SM3 algorithm.
Step 137: return other respective response data to host computer, return step 102.
Embodiment 2
The present embodiment is based on the endorsement method of a kind of electric signing tools that proposes on the basis of embodiment 1, the difference part of the method that proposes with embodiment 1 is: the step 108-113 when equipment receives instruction that host computer issues and is the second signature Hash instruction among the embodiment 1 replaces with as shown in Figure 3 step 2-1 to 2-13 in the present embodiment, and other steps are with embodiment 1 identical repeating no more.
The endorsement method of a kind of electric signing tools that the present embodiment proposes is carried out following steps when equipment receives the second signature Hash instruction that host computer issues, specifically as shown in Figure 3:
Step 2-1: judge the second signature algorithm type, if first kind execution in step 2-2 then, if Second Type execution in step 2-7 then;
Concrete in the present embodiment, the second signature algorithm comprises RSA Algorithm and SM2 algorithm; Preferably, RSA Algorithm is divided into first kind algorithm, the SM2 algorithm is divided into the Second Type algorithm, wherein the assignment algorithm of RSA Algorithm is the first algorithm or the second algorithm, and the assignment algorithm of SM2 algorithm is algorithm.
Step 2-2: the data to data field in the second signature Hash instruction are resolved, and judge whether successfully resolved, are execution in step 2-3 then, otherwise execution in step 2-5;
Step 2-3: analysis result is saved in the display buffer district, and the sign of will signing is set to the 3rd preset value;
Step 2-4: the data of data field are carried out Hash calculation according to the first algorithm obtain the first cryptographic Hash, instruction is carried out Hash calculation according to the first algorithm obtain the second cryptographic Hash, the first cryptographic Hash and the second cryptographic Hash are sequentially spliced as Hash result, then execution in step 2-12;
Concrete, the first algorithm is the MD5 algorithm.
Step 2-5: the sign of will signing is set to the second preset value;
Step 2-6: the data to data field are carried out Hash calculation according to the second algorithm, then execution in step 2-12;
Concrete, the second algorithm is the SHA1 algorithm.
Step 2-7: the data to data field in the second signature Hash instruction are resolved, and judge whether successfully resolved, are execution in step 2-8 then, otherwise execution in step 2-10;
Step 2-8: analysis result is saved in the display buffer district, and the sign of will signing is set to the 3rd preset value;
Step 2-9: read user ID 1 from internal memory, the data of user ID 1 and data field are carried out Hash calculation according to algorithm, then execution in step 2-12;
Concrete in the present embodiment, algorithm adopts the SM3 algorithm, the data of user ID 1 and data field are carried out Hash calculation according to algorithm to be specially: 1) read from internal memory and specify the right PKI of key, 2) calculate the initial value of SM3 algorithm with PKI and ID1; 3) known initial value calculates a Hash Value as Hash result according to the SM3 algorithm to the data of data field.
For example: read and specify the right PKI of key to be: length is the string of binary characters of 65 bytes, and wherein first byte is 04;
The user ID 1 that reads is: length is the string of binary characters of 16 bytes;
The initial value of the SM3 algorithm that calculates with PKI and ID1 is that length is the string of binary characters of 32 bytes;
The data of data field are:
According to the SM3 algorithm to the above-mentioned message data Hash Value that to calculate a length be 32 bytes as Hash result.
Step 2-10: the sign of will signing is set to the second preset value;
Step 2-11: read user ID 2 from internal memory, the data of user ID 2 and data field are carried out Hash calculation according to algorithm, then execution in step 2-12;
Concrete in the present embodiment, algorithm adopts the SM3 algorithm, the data of user ID 2 and data field are carried out Hash calculation according to algorithm to be specially: 1) read from internal memory and specify the right PKI of key, 2) calculate the initial value of SM3 algorithm with PKI and ID2; 3) known initial value calculates a Hash Value as Hash result according to the SM3 algorithm to the data of data field.
Step 2-12: Hash result is saved in the second buffer area;
Step 2-13: return the second response data to host computer.
The above; be the specific embodiment of the present invention only, but protection scope of the present invention is not limited to this, anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; can expect easily changing or replacing, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion by described protection range with claim.
Claims (12)
1. the endorsement method of an electric signing tools is characterized in that described method comprises:
Step S1: device power initialization;
Step S2: described equipment is waited for receiving under the host computer and is sent instructions, and carries out button and detect;
Execution in step S3 when described equipment receives the instruction that host computer issues, execution in step S17 when described equipment Inspection is pressed to button; Otherwise continue execution in step S2;
Step S3: judge the type of the described instruction receive, if the first signature Hash instruction execution in step S4 then; If the second signature Hash instruction is execution in step S6 then; If the compute signature instruction is execution in step S9 then, if obtain then execution in step S15 of signature result command; If other instructions are then carried out other command adapted thereto operations and returned other respective response data to host computer, then return step S2;
Step S4: judge whether the data length that comprises in described the first signature Hash instruction and the length of the first signature algorithm mate, then the data of data field in described the first signature Hash instruction to be saved in the first buffer area, the sign of will signing is set to the first preset value, execution in step S5; Otherwise direct execution in step S5;
Step S5: return the first response data to host computer, then return step S2;
Step S6: the data to data field in described the second signature Hash instruction are resolved, and judge whether successfully resolved, are then analysis result to be saved in the display buffer district, and the sign of will signing is set to the 3rd preset value, execution in step S7; Otherwise the sign of will signing is set to the second preset value, execution in step S7;
Step S7: according to the assignment algorithm of the second signature algorithm director data is carried out Hash calculation and obtain Hash result, described Hash result is saved in the second buffer area, then execution in step S8;
Step S8: return the second response data to host computer, then return step S2;
Step S9: judge the signature sign, if the first preset value execution in step S10 then, if the second preset value execution in step S12 then, if the 3rd preset value execution in step S13 then;
Step S10: the type of judging described the first signature algorithm, if the first kind is then according to the assignment algorithm of the first signature algorithm data stuffing to described the first buffer area, and with described the first buffer area of Data Update after filling, if execution in step S11 is Second Type direct execution in step S11 then;
Step S11: generate the signature result and be saved in signature result cache district, set signature effective marker, execution in step S14 with the data compute signature of described the first signature algorithm to described the first buffer area;
Step S12: set allows button sign, execution in step S14;
Step S13: set allows the button sign, shows the data in described display buffer district by liquid crystal display screen, execution in step S14;
Step S14: return the 3rd response data to host computer, then return step S2;
Step S15: judging the whether set of signature effective marker, is then to obtain the signature result from signature result cache district, empties signature result cache district, the initialization signature sign, and then execution in step S16 returns step S2 otherwise return mistake to host computer;
Step S16: return the signature result data to host computer, then return step S2;
Step S17: judge allowing the whether set of button sign, is execution in step S18 then, then returns step S2 otherwise return mistake to host computer;
Step S18: the type of judging described the second signature algorithm, if the first kind is then filled the Hash result of described the second buffer area according to the assignment algorithm of the second signature algorithm, and with Data Update the second buffer area after filling, if execution in step S19 is Second Type direct execution in step S19 then;
Step S19: judge push-button type, if acknowledgement key execution in step S20 then, if cancel key execution in step S21 then;
Step S20: generate the signature result and be saved in signature result cache district, set signature effective marker with the data compute signature of described the second signature algorithm to described the second buffer area;
Step S21: resetting allows button sign, then execution in step S22;
Step S22: return the key response data to host computer, then return step S2.
2. endorsement method according to claim 1, it is characterized in that: the described device power initialization of step S1 comprises: device power, the initialization signature sign, initialization the first buffer area, the second buffer area, signature result cache district and display buffer district, signature effective marker and permission button sign reset.
3. endorsement method according to claim 1, it is characterized in that: the type of the described instruction that the described judgement of step S3 receives is specially the type of judging described instruction according to the value of front four bytes of described instruction.
4. endorsement method according to claim 1, it is characterized in that: when described other instructions are when the signature algorithm instruction is set, the operation of other command adapted theretos of described execution comprises: the first signature algorithm and assignment algorithm thereof are set, the second signature algorithm and assignment algorithm thereof are set, determine to specify key pair.
5. endorsement method according to claim 1, it is characterized in that: described step S6-step S8 is specially:
Step 1-1: judge the type of the second signature algorithm, if first kind execution in step 1-2 then, if Second Type execution in step 1-3 then;
Step 1-2: the data to data field in described the second signature Hash instruction are resolved, judge whether successfully resolved, then analysis result to be saved in the display buffer district, the sign of will signing is set to the 3rd preset value, the data of data field are carried out Hash calculation according to the first algorithm obtain Hash result, then execution in step 1-4; Otherwise the sign of will signing is set to the second preset value, the data of data field is carried out Hash calculation according to the second algorithm obtain Hash result, then execution in step 1-4;
Step 1-3: the data to data field in described the second signature Hash instruction are resolved, judge whether successfully resolved, then analysis result to be saved in the display buffer district, the sign of will signing is set to the 3rd preset value, read user ID 1 from internal memory, the data of user ID 1 and data field are carried out Hash calculation according to algorithm obtain Hash result, then execution in step 1-4; Otherwise the sign of will signing is set to the second preset value, reads user ID 2 from internal memory, the data of user ID 2 and data field is carried out Hash calculation according to algorithm obtain Hash result, then execution in step 1-4;
Step 1-4: Hash result is saved in the second buffer area, returns the second response data to host computer.
6. endorsement method according to claim 1, it is characterized in that: described step S6-step S8 is specially:
Step 2-1: judge the type of the second signature algorithm, if first kind execution in step 2-2 then, if Second Type execution in step 2-3 then;
Step 2-2: the data to data field in described the second signature Hash instruction are resolved, judge whether successfully resolved, then analysis result to be saved in the display buffer district, the sign of will signing is set to the 3rd preset value, the data of data field are carried out Hash calculation according to the first algorithm obtain the first cryptographic Hash, described the second signature Hash instruction is carried out Hash calculation according to the first algorithm obtain the second cryptographic Hash, described the first cryptographic Hash and described the second cryptographic Hash are sequentially spliced as Hash result, then execution in step 2-4; Otherwise the sign of will signing is set to the second preset value, the data of data field is carried out Hash calculation according to the second algorithm obtain Hash result, then execution in step 2-4;
Step 2-3: the data to data field in described the second signature Hash instruction are resolved, judge whether successfully resolved, then analysis result to be saved in the display buffer district, the sign of will signing is set to the 3rd preset value, read user ID 1 from internal memory, the data of user ID 1 and data field are carried out Hash calculation according to algorithm obtain Hash result, then execution in step 2-4; Otherwise the sign of will signing is set to the second preset value, reads user ID 2 from internal memory, the data of user ID 2 and data field is carried out Hash calculation according to algorithm obtain Hash result, then execution in step 2-4;
Step 2-4: Hash result is saved in the second buffer area, returns the second response data to host computer.
7. according to claim 5 or 6 described endorsement methods, it is characterized in that: the described first kind refers to RSA Algorithm, and described Second Type refers to the SM2 algorithm, and described the first algorithm is the MD5 algorithm, and described the second algorithm is the SHA1 algorithm, and described algorithm is the SM3 algorithm.
8. endorsement method according to claim 7, it is characterized in that: describedly read user ID 1 from internal memory, the data of user ID 1 and data field are carried out Hash calculation according to algorithm to be obtained Hash result and is specially: 1) read from internal memory and specify the right PKI of key, 2) calculate the initial value of described SM3 algorithm with described PKI and described user ID 1,3) known described initial value calculates a Hash Value as Hash result according to the SM3 algorithm to the data of data field;
Describedly read user ID 2 from internal memory, the data of user ID 2 and data field are carried out Hash calculation according to algorithm to be obtained Hash result and is specially: 1) read from internal memory and specify the right PKI of key, 2) calculate the initial value of described SM3 algorithm with described PKI and described user ID 2,3) known described initial value calculates a Hash Value as Hash result according to the SM3 algorithm to the data of data field.
9. endorsement method according to claim 1, it is characterized in that: the described assignment algorithm according to the first signature algorithm of step S10 is to the data stuffing of described the first buffer area, and be specially with described the first buffer area of Data Update after filling: the assignment algorithm with described the first signature algorithm calculates the data of described the first buffer area, obtain the first result of calculation, the first preset characters string, the second preset characters string and described the first result of calculation sequentially spliced obtain the second result of calculation, upgrade the data of described the first buffer area with described the second result of calculation.
10. endorsement method according to claim 1, it is characterized in that: the described assignment algorithm according to the second signature algorithm of step S18 is filled the Hash result of described the second buffer area, and be specially with Data Update the second buffer area after filling: the assignment algorithm with described the second signature algorithm calculates the Hash result of described the second buffer area, obtain the 3rd result of calculation, the first preset characters string, the second preset characters string and the 3rd result of calculation sequentially spliced obtain the 4th result of calculation, upgrade the data of described the second buffer area with described the 4th result of calculation.
11. endorsement method according to claim 1 is characterized in that: the described sign of will signing of step S6 is set to the second preset value, and execution in step S7 can replace with: the sign of will signing is set to the second preset value, returns mistake to host computer and then returns step S2.
12. endorsement method according to claim 1 is characterized in that: described step S19 also comprises: if up/down is turned over key, then show data by the page turning of liquid crystal display screen up/down, return the key response data to host computer and then return step S2.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310251413.2A CN103326863B (en) | 2013-06-24 | 2013-06-24 | A kind of endorsement method of electric signing tools |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310251413.2A CN103326863B (en) | 2013-06-24 | 2013-06-24 | A kind of endorsement method of electric signing tools |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103326863A true CN103326863A (en) | 2013-09-25 |
| CN103326863B CN103326863B (en) | 2015-12-02 |
Family
ID=49195409
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310251413.2A Expired - Fee Related CN103326863B (en) | 2013-06-24 | 2013-06-24 | A kind of endorsement method of electric signing tools |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103326863B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104301119A (en) * | 2014-11-05 | 2015-01-21 | 中国建设银行股份有限公司 | Data signature method, signature verification method, data signature equipment and verification server |
| CN104993932A (en) * | 2015-06-19 | 2015-10-21 | 飞天诚信科技股份有限公司 | Method for improving signature safety |
| CN105450269A (en) * | 2015-12-21 | 2016-03-30 | 飞天诚信科技股份有限公司 | Method and device for realizing safe interaction and pairing authentication between Bluetooth devices |
| CN105812134A (en) * | 2014-12-30 | 2016-07-27 | 北京握奇智能科技有限公司 | Digital signature method, digital signature verification method, security authentication device and security authentication apparatus |
| CN109445705A (en) * | 2018-10-29 | 2019-03-08 | 湖南国科微电子股份有限公司 | Firmware authentication method and solid state hard disk |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1988444A (en) * | 2005-12-23 | 2007-06-27 | 北京握奇数据系统有限公司 | Digital signature device for confirming needed signature data and its method for confirming data |
| CN101763477A (en) * | 2009-12-30 | 2010-06-30 | 北京飞天诚信科技有限公司 | Signature method of intelligent secret key device |
| WO2011030069A1 (en) * | 2009-09-11 | 2011-03-17 | France Telecom | Method for generating a digital certificate |
| CN103067175A (en) * | 2012-12-27 | 2013-04-24 | 飞天诚信科技股份有限公司 | Method for screening display information |
-
2013
- 2013-06-24 CN CN201310251413.2A patent/CN103326863B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1988444A (en) * | 2005-12-23 | 2007-06-27 | 北京握奇数据系统有限公司 | Digital signature device for confirming needed signature data and its method for confirming data |
| WO2011030069A1 (en) * | 2009-09-11 | 2011-03-17 | France Telecom | Method for generating a digital certificate |
| CN101763477A (en) * | 2009-12-30 | 2010-06-30 | 北京飞天诚信科技有限公司 | Signature method of intelligent secret key device |
| CN103067175A (en) * | 2012-12-27 | 2013-04-24 | 飞天诚信科技股份有限公司 | Method for screening display information |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104301119A (en) * | 2014-11-05 | 2015-01-21 | 中国建设银行股份有限公司 | Data signature method, signature verification method, data signature equipment and verification server |
| CN104301119B (en) * | 2014-11-05 | 2018-10-19 | 中国建设银行股份有限公司 | Data signature method, signature verification method, data signature equipment and authentication server |
| CN105812134A (en) * | 2014-12-30 | 2016-07-27 | 北京握奇智能科技有限公司 | Digital signature method, digital signature verification method, security authentication device and security authentication apparatus |
| CN104993932A (en) * | 2015-06-19 | 2015-10-21 | 飞天诚信科技股份有限公司 | Method for improving signature safety |
| CN104993932B (en) * | 2015-06-19 | 2018-04-27 | 飞天诚信科技股份有限公司 | A kind of method for improving signature safety |
| CN105450269A (en) * | 2015-12-21 | 2016-03-30 | 飞天诚信科技股份有限公司 | Method and device for realizing safe interaction and pairing authentication between Bluetooth devices |
| CN105450269B (en) * | 2015-12-21 | 2017-09-22 | 飞天诚信科技股份有限公司 | It is a kind of to realize the method and device that secure interactive between bluetooth equipment matches certification |
| CN109445705A (en) * | 2018-10-29 | 2019-03-08 | 湖南国科微电子股份有限公司 | Firmware authentication method and solid state hard disk |
| CN109445705B (en) * | 2018-10-29 | 2022-03-22 | 湖南国科微电子股份有限公司 | Firmware authentication method and solid state disk |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103326863B (en) | 2015-12-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103326863A (en) | Signing method of electronic signing tool | |
| CN107194242B (en) | Firmware upgrade method and device | |
| JP6787932B2 (en) | Information interaction methods, devices and systems | |
| CN102804160B (en) | For the method that operates data and storage component part | |
| JPWO2009044533A1 (en) | Secure boot terminal, secure boot method, secure boot program, recording medium, and integrated circuit | |
| CN105391717A (en) | APK signature authentication method and APK signature authentication system | |
| CN103257872A (en) | Embedded control system for computers and updating method of embedded control system | |
| CN111162911B (en) | PLC firmware upgrading system and method | |
| CN101395442A (en) | Method for providing special information | |
| CN102523095B (en) | User digital certificate remote update method with intelligent card protection function | |
| CN103138937B (en) | Method and device for signature | |
| WO2009157133A1 (en) | Information processing device, information processing method, and computer program and integrated circuit for the realization thereof | |
| CN110084043A (en) | For providing the device and method of credible platform module service | |
| CN207867484U (en) | Smart lock upgrade-system | |
| CN111932245B (en) | Data processing method, device, equipment and medium | |
| CN105320900A (en) | PDF digital signature method and system and PDF digital signature verification method and system | |
| CN102594843A (en) | Identity authentication system and method | |
| CN101599836A (en) | A kind of endorsement method, signature device and system | |
| CN110457908A (en) | A kind of firmware upgrade method of smart machine, device, equipment and storage medium | |
| KR20150084221A (en) | Apparatus and Method for Resigning of Application Package and Terminal Apparatus for Running of the Application Package | |
| CN103154965A (en) | Method, secure device, system and computer program product for securely managing user access to a file system | |
| CN103490894A (en) | Implementation method and device for determining lifecycle of intelligent key device | |
| CN101763477B (en) | Signature method of intelligent secret key device | |
| CN102065088A (en) | Methods for automatically loading internet bank security assembly and authenticating internet bank security | |
| CN102916805B (en) | Security application downloading method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20151202 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |