CN106161037A - Digital signature method and device - Google Patents
Digital signature method and device Download PDFInfo
- Publication number
- CN106161037A CN106161037A CN201610694577.6A CN201610694577A CN106161037A CN 106161037 A CN106161037 A CN 106161037A CN 201610694577 A CN201610694577 A CN 201610694577A CN 106161037 A CN106161037 A CN 106161037A
- Authority
- CN
- China
- Prior art keywords
- file
- signature
- signed
- destiny account
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Abstract
The disclosure is directed to a kind of digital signature method and device, belong to networking technology area.Described method includes: by the first destiny account, adds file to be signed in task queue, and described first destiny account possesses copied files authority;By the second destiny account, obtaining described file to be signed from described task queue, described second destiny account has digital signature authority;Read key by described second destiny account, described file to be signed is signed, obtains signature file.The disclosure is by separating signature process with compilation process, compilation process is not carried out on signature server, and signature process is carried out by second destiny account on signature server with access key authority, thus reduce the probability that private key is revealed, it is ensured that the safety of key.
Description
Technical field
The disclosure is directed to networking technology area, specifically about a kind of digital signature method and device.
Background technology
In the epoch that nowadays network technology is flourishing, between server and terminal, interaction data is frequent.For avoiding the of malice
Tripartite revises data or pretends to be the server data falsification of sender, creates digital signature technology.
Such as, in Android system as a example by the scene of application upgrade, there is the account of compiling authority can carry out at server
Compiling, to obtain upgrade file, then reads key so that server is signed according to this double secret key upgrade file, is risen
DBMS bag.If certain terminal needs to upgrade, this upgrading data packet can be obtained, and by the key authentication of server
Signature, confirms that this upgrading data packet, from this server, and is upgraded based on this upgrading data packet.
Summary of the invention
In order to solve problem present in correlation technique, present disclose provides a kind of digital signature method and device.Described
Technical scheme is as follows:
First aspect according to disclosure embodiment, it is provided that a kind of digital signature method, described method includes:
By the first destiny account, adding file to be signed in task queue, described first destiny account possesses copy
File permission;
By the second destiny account, from described task queue, obtain described file to be signed, described second destiny account
There is digital signature authority;
Read key by described second destiny account, described file to be signed is signed, obtains signature file.
In a kind of possible implementation, described pass through the first destiny account, task queue is added file to be signed
Before, described method also includes:
Key authentication is carried out by described first destiny account and compiler server;
When described key authentication passes through, set up and be connected with the access between described compiler server;
By described access connection listen to described compiler server compiled time, by described first destiny account from
Described compiler server copies described file to be signed.
In a kind of possible implementation, described pass through the second destiny account, obtain from described task queue described in treat
Signature file includes:
Described task queue is monitored by described second destiny account;
When listening to add described file to be signed in described task queue, obtain described from described task queue
File to be signed.
In a kind of possible implementation, described file to be signed carries file identification, described specifies by described second
Account reads key, signs described file to be signed, obtains after signature file, and described method also includes:
Specify region preserve described in signature file, described signature file carries described file identification, makes compiling take
Business device according to described file identification, obtain from described appointment region described in signature file.
In a kind of possible implementation, on described signature server, described first destiny account and described second specifies account
The network access authority at family is the authority accessing described compiler server, and the accessed authority of described signature server is intended for
Described compiler server.
Second aspect according to disclosure embodiment, it is provided that a kind of digital signature device, described device includes:
Adding module, for by the first destiny account, add file to be signed in task queue, described first specifies
Account possesses copied files authority;
Acquisition module, for by the second destiny account, obtains described file to be signed from described task queue, described
Second destiny account has digital signature authority;
Signature blocks, for reading key by described second destiny account, signs to described file to be signed,
To signature file.
In a kind of possible implementation, described device also includes:
Authentication module, for carrying out key authentication by described first destiny account and compiler server;
Set up module, for when described key authentication passes through, set up and be connected with the access between described compiler server;
Copy module, for by described access connection listen to described compiler server compiled time, by described
First destiny account copies described file to be signed from described compiler server.
In a kind of possible implementation, described acquisition module includes: monitors submodule and obtains submodule;
Described monitoring submodule, for monitoring described task queue by described second destiny account;
Described acquisition submodule, for when listening to add described file to be signed in described task queue, from institute
State and task queue obtains described file to be signed.
In a kind of possible implementation, described device also includes:
Preserve module, for specify region preserve described in signature file, described signature file carries described file
Mark, make compiler server according to described file identification, obtain from described appointment region described in signature file.
In a kind of possible implementation, on described signature server, described first destiny account and described second specifies account
The network access authority at family is the authority accessing described compiler server, and the accessed authority of described signature server is intended for
Described compiler server.
The third aspect according to disclosure embodiment, it is provided that a kind of digital signature device, described device includes: process
Device;For storing the memorizer of the executable instruction of processor;Wherein, described processor is configured to:
By the first destiny account, adding file to be signed in task queue, described first destiny account possesses copy
File permission;
By the second destiny account, from described task queue, obtain described file to be signed, described second destiny account
There is digital signature authority;
Read key by described second destiny account, described file to be signed is signed, obtains signature file.
Embodiment of the disclosure that the technical scheme of offer can include following beneficial effect:
The method and apparatus that the present embodiment provides, by signature process being separated with compilation process, compilation process is not being signed
Carry out on name server, and signature process is carried out by second destiny account on signature server with access key authority, from
And reduce the probability that private key is revealed, it is ensured that the safety of key.
In a kind of possible implementation, between compiler server and signature server, carry out key authentication, it is to avoid
Tripartite's forged identity, gains the key of signature server by cheating, improves the safety of key.
In a kind of possible implementation, on signature server, the network legal power of account is limited to access compiler server, and
The access rights of signature server are intended for compiler server, it is to avoid third party steals key or amendment literary composition by network means
Part, improves the internet security of signature server.
It should be appreciated that it is exemplary that above general description and details hereinafter describe, these public affairs can not be limited
Open.
Accompanying drawing explanation
Accompanying drawing herein is merged in description and constitutes the part of this specification, it is shown that meet the enforcement of the disclosure
Example, and for explaining the principle of the disclosure together with description.
Fig. 1 is the flow chart according to a kind of digital signature method shown in an exemplary embodiment;
Fig. 2 is the flow chart according to a kind of digital signature method shown in an exemplary embodiment;
Fig. 3 is the block diagram according to a kind of digital signature device shown in an exemplary embodiment;
Fig. 4 is the block diagram according to a kind of digital signature device shown in an exemplary embodiment;
Fig. 5 is the block diagram according to a kind of digital signature device shown in an exemplary embodiment;
Fig. 6 is the block diagram according to a kind of digital signature device shown in an exemplary embodiment;
Fig. 7 is the block diagram according to a kind of digital signature device 700 shown in an exemplary embodiment.
Detailed description of the invention
For making the purpose of the disclosure, technical scheme and advantage clearer, below in conjunction with embodiment and accompanying drawing, right
The disclosure is described in further details.Here, the exemplary embodiment of the disclosure and explanation thereof are used for explaining the disclosure, but also
Not as restriction of this disclosure.
Fig. 1 is the flow chart according to a kind of digital signature method shown in an exemplary embodiment, as it is shown in figure 1, digital
Endorsement method, in signature server, comprises the following steps:
In a step 101, by the first destiny account, task queue is added file to be signed, the first destiny account
Possesses copied files authority.
In a step 102, by the second destiny account, from task queue, obtain file to be signed, the second destiny account
There is digital signature authority.
In step 103, read key by the second destiny account, treat signature file and sign, signed
File.
In correlation technique, all accounts with compiling authority have the authority accessing key, if arbitrary account is revealed simultaneously
Key, all may cause third party to obtain key, and key safety is poor, and the third party of malice all may be caused to obtain based on illegal
Key forge a signature, thus send some to other-end and forge document, and terminal is when receiving this and forging document, if
Signature verification is passed through, and also will be considered that it is legitimate files, causes the safety of terminal also cannot ensure.
In disclosure embodiment, by signature process being separated with compilation process, compilation process is not on signature server
Carry out, and signature process is carried out by second destiny account on signature server with access key authority, thus reduce private
The probability that key is revealed, it is ensured that the safety of key.
In a kind of possible implementation, method also includes: carry out key by the first destiny account and compiler server
Certification;When key authentication passes through, set up and be connected with the access between compiler server;Compiling clothes are listened to by accessing connection
When business device has compiled, from compiler server, copy file to be signed by the first destiny account.
In a kind of possible implementation, method includes: monitor task queue by the second destiny account;When listening to
When file to be signed is added in task queue, from task queue, obtain file to be signed.
In a kind of possible implementation, method also includes: take specifying region to preserve signature file, signature file
Tape file identifies, and makes compiler server according to file identification, obtains signature file from specifying region.
In a kind of possible implementation, on signature server, the network of the first destiny account and the second destiny account accesses
Authority is the authority accessing compiler server, and the accessed authority of signature server is intended for compiler server.
Above-mentioned all optional technical schemes, can use and arbitrarily combine the alternative embodiment forming the disclosure, at this no longer
Repeat one by one.
Fig. 2 is the flow chart according to a kind of digital signature method shown in an exemplary embodiment, as in figure 2 it is shown, these public affairs
Open the interaction that embodiment relates between signature server and compiler server, comprise the following steps:
In step 200, signature server carries out key authentication by the first destiny account and compiler server.
It was recognized by the inventor that in correlation technique, compile and all carry out on same server with the process signed, compile authority
Associate with signature authority, cause the account on this server with compiling authority can also obtain key, the poor stability of key,
Therefore, in the disclosed embodiments, compile and the process signed is realizing respectively on two servers, one of them server
Can be compiler server, be used for being compiled, another server can be signature server, is used for signing, with every
From compiling authority and signature authority.
In disclosure embodiment, key authentication is for mutual by key algorithm between compiler server and signature server
Authenticating identity.Such as, key authentication can use RSA key algorithm (Ron Rivest, Adi Shamir, Leonard
Adleman), signature server deposits PKI in the first destiny account, and compiler server is deposited private key, compiler server sent out
Send connection request, after signature server uses authentication public key, set up access with compiler server and be connected.
Wherein, the first destiny account is a kind of account on signature server, on signature server allow exist one or
Multiple this kind of accounts, and the first destiny account only has from compiler server copied files authority.Disclosure embodiment is to first
Destiny account does not do restriction further.Such as, the first destiny account can be the work account in Linux server.
In a kind of possible implementation, in order to improve the safety of file to be signed, except allowing the first destiny account tool
Have from compiler server copied files authority, forbid other operating rights of the first destiny account, thus avoid literary composition to be signed
Part is revised by the first destiny account.
In step 201, when key authentication passes through, signature server sets up the access between compiler server even
Connect.
Connect it should be noted that set up to access based on key authentication, it is ensured that compiler server and signature server
Identity true, it is to avoid third party pretends to be in the two a wherein side, gains the data of the opposing party in the two by cheating.
In disclosure embodiment, step 200 is optional step with the key authentication of step 201, it is ensured that compilation process
With signature process when being connected safer, it is true that disclosure embodiment can also directly carry out step 202 below step,
To solve the problem of key safety difference in correlation technique.
In step 202., compiler server is compiled process.
In the disclosed embodiments, file to be signed, therefore, signature need to be obtained from compiler server due to signature server
Server can be monitored by accessing connection, with the instant compiling progress obtaining compiler server.
In step 203, signature server by access connection listen to compiler server compiled time, by first
Destiny account copies file to be signed from this compiler server, and this file to be signed carries file identification.
Owing to, in disclosure embodiment, compiling separates with signature process, signature server, for obtaining file to be signed, needs
Monitor the compiling progress of compiler server, when compiling completes, copied from compiler server by the first destiny account and wait to sign
Name file.Wherein, file identification can uniquely identify each file to be signed, therefore, at compiler server and signature server
In interaction, file identification is used for distinguishing each file to be signed.Such as, file identification can be by a kind of naming rule
The file name to be signed obtained, this is not limited by disclosure embodiment.
In step 204, signature server passes through the first destiny account, adds file to be signed in task queue.
It should be noted that task queue is the memory area that signature server preserves file to be signed, signature server
By the first destiny account, add the file to be signed of copy to this memory area.This memory area can use different
Storage mode, it is for instance possible to use the storage mode of queue, this storage can be to carry out according to preservation order.The disclosure is implemented
The storage mode of task queue is not limited by example.
In step 205, wait to sign when signature server listens to the addition of in task queue by the second destiny account
During name file, obtaining file to be signed from task queue, this second destiny account has digital signature authority.
For avoiding same account to have many authorities, cause signature process safety low, in disclosure embodiment, will sign
The authority related in journey separates further, and the operation obtaining file to be signed from compiler server is distributed to the first destiny account
Complete, the second destiny account is distributed in the operation obtaining file to be signed from task queue and completes.
Due between the first destiny account and the second destiny account without direct correlation, signature server need to be specified by second
Monitor task queue, i.e. preserve the memory area of file to be signed, to know whether file to be signed adds this memory area to.
Such as, this memory area can follow the principle of FIFO, when there being multiple file to be signed to be sequentially stored in memory area,
Signature server passes through the second destiny account, obtains the file to be signed being first stored in from this appointment region according to preservation order.
The order obtaining file to be signed is not limited by disclosure embodiment.
In a kind of possible implementation, illustrating as a example by signature server is as Linux server, second specifies account
Family can be unique root account in Linux server, has the highest weight limit of signature server, weighs including digital signature
Limit.On other platforms, this second destiny account can also is that other types account, and disclosure embodiment is to the second destiny account
Do not limit.
In step 206, signature server reads key by the second destiny account, treats signature file and signs,
Obtain signature file.
It should be noted that be the safety improving key, key is saved in signature server, by carrying out key
Accessing and limit, the disclosure is that embodiment does not limits accessing the mode limited.Such as, the authority accessing key only refers to second
Determine account open, make signature server only could read key by the second destiny account, treat signature file and sign.
Wherein, Key Tpe is symmetric key or unsymmetrical key.A pair symmetric key refers to two identical keys, one
Unsymmetrical key includes a PKI and a private key, and PKI can be different from private key.Compare symmetric key, unsymmetrical key
Using two kinds of different keys, safety is higher.Therefore, in disclosure embodiment, say as a example by a pair unsymmetrical key
Bright, the private key in unsymmetrical key is saved in signature server by this, and for signing file, this is to unsymmetrical key
PKI be saved in send target terminal, be used for verifying signature.Key Tpe is not limited by disclosure embodiment.
In step 207, signature server is specifying region to preserve signature file, and this signature file carries files-designated
Know.
For avoiding compiler server and the second destiny account direct correlation, after the second destiny account completes signature, signature
Signature file is saved in appointment region by server.In a kind of possible implementation, it is intended that region can be Digital signature service
One piece of local storage region that device is arranged, this local storage region is properly termed as web region, and disclosure embodiment is to specifying region
Storage mode do not limit.Such as, this memory area uses the storage mode of queue, and this storage can be according to preservation order
Carry out.
In a step 208, compiler server, according to file identification, obtains signature file from specifying region.
In disclosure embodiment, for ensureing the safety of key, on signature server, the first destiny account and second is specified
The network access authority of account is the authority accessing compiler server, makes the first destiny account and the second destiny account all can not lead to
Cross signature server and can not send signature file to other network equipments, and the accessed authority of signature server is intended for compiling
Translate server so that compiler server has from specifying region to obtain signature file authority.Disclosure embodiment is to signature clothes
Network access authority between business device and compiler server does not do restriction further.
In view of the account on signature server may be more than the first destiny account and the second destiny account, in order to sign
The safety of file, in a kind of possible implementation, on signature server the network access authority of arbitrary account be only oriented in
This compiler server so that all accounts on signature server all can not send signature file to other network equipments.
In order to improve the safety of signature file further, in alternatively possible implementation, signature server
Accessed authority is only oriented in compiler server so that only has compiler server and has from specifying region to obtain signature file power
Limit, and other network equipments are without this authority.
Above-mentioned access rights and the restriction of accessed authority, it is possible to realize accessing on network level controlling, it is ensured that only
Compiler server mutually could access with signature server.
It should be noted that the file identification that signature file has carried is identical with the mark that file to be signed carries, make volume
Translate server according to file identification, in specifying region, obtain signature file, that is to say, obtain in local storage region
Signature file.Such as, this memory area can follow the principle of FIFO, is sequentially stored in when there being multiple signature file
During storage area territory, compiler server obtains the signature file being first stored in from this appointment region according to preservation order.
In disclosure embodiment, compiler server at least two kinds of modes obtaining signature file:
In first kind of way, compiler server is connected by access, monitors and specifies region, signs when being known by monitoring
Name file is the most saved to when specifying region, according to file identification, obtains the signature file that file to be signed is corresponding.
In the second way, signature server is connected by access, sends signature file to compiler server and is referring to
Determining the preservation address in region and file identification, compiler server passes through this preservation address and file identification, obtains this and signs
File.
In correlation technique, all accounts with compiling authority have the authority accessing key, if arbitrary account is revealed simultaneously
Key, all may cause third party to obtain key, and key safety is poor, and the third party of malice may be caused based on illegal acquisition
Key forges a signature, thus sends some to other-end and forge document, and terminal is when receiving this and forging document, if signed
Name is verified, and also will be considered that it is legitimate files, causes the safety of terminal to ensure.
In disclosure embodiment, by signature process being separated with compilation process, compilation process is not on signature server
Carry out, and signature process is carried out by second destiny account on signature server with access key authority, thus reduce private
The probability that key is revealed, it is ensured that the safety of key.
It addition, in disclosure embodiment, carry out key authentication between compiler server and signature server, it is to avoid the 3rd
Side's forged identity, gains the key of signature server by cheating, improves the safety of key.
It addition, in disclosure embodiment, on signature server, the network legal power of account is limited to access compiler server, and signs
The access rights of name server are intended for compiler server, it is achieved that the access at network level controls, it is to avoid third party passes through
Network means steal key or amendment file, thus improve the internet security of signature server.
Fig. 3 is the block diagram according to a kind of digital signature device shown in an exemplary embodiment.See Fig. 3, this device bag
Include interpolation module 301, acquisition module 302 and signature blocks 303.
This interpolation module 301 is configured to the first destiny account, adds file to be signed in task queue, and first
Destiny account possesses copied files authority.
This acquisition module 302 is configured to the second destiny account, obtains described interpolation module 301 from task queue
The file to be signed added, the second destiny account has digital signature authority.
This signature blocks 303 is configured to the second destiny account and reads key, to acquired in described acquisition module 302
To file to be signed sign, obtain signature file.
In a kind of possible implementation, device based on Fig. 3 forms, and sees Fig. 4, and device also includes authentication module 304,
Set up module 305 and copy module 306.
This authentication module 304 is configured to the first destiny account and carries out key authentication with compiler server.
This is set up module 305 and is configured as key authentication when passing through, and sets up and is connected with the access between compiler server.
This copy module 306 is configured to access connection and listens to compiler server when having compiled, by first
Destiny account copies file to be signed from compiler server.
In a kind of possible implementation, device based on Fig. 3 forms, and sees Fig. 5, and the acquisition module 302 of this device wraps
Include monitoring submodule 3021 and obtain submodule 3022.
This acquisition submodule 3021 is configured to the second destiny account and monitors task queue.
When this acquisition submodule 3022 is configured as listening to add file to be signed in task queue, from task team
Row obtain file to be signed.
In a kind of possible implementation, device based on Fig. 3 forms, and sees Fig. 6, and device also includes preserving module 307.
This preservation module 307 is configured to preserve signature file, signature file in appointment region and carries file identification,
Make compiler server according to file identification, obtain signature file from specifying region.
In a kind of possible implementation, on signature server, the network of the first destiny account and the second destiny account accesses
Authority is limited to access compiler server, and the accessed authority of signature server is intended for compiler server.
Above-mentioned all optional technical schemes, can use and arbitrarily combine the alternative embodiment forming the disclosure, at this no longer
Repeat one by one.
In disclosure embodiment, by signature process being separated with compilation process, compilation process is not on signature server
Carry out, and signature process is carried out by second destiny account on signature server with access key authority, thus reduce private
The probability that key is revealed, it is ensured that the safety of key.
It addition, in disclosure embodiment, carry out key authentication between compiler server and signature server, it is to avoid the 3rd
Side's forged identity, gains the key of signature server by cheating, improves the safety of key.
It addition, in disclosure embodiment, on signature server, the network legal power of account is limited to access compiler server, and signs
The access rights of name server are intended for compiler server, it is achieved that the access at network level controls, it is to avoid third party passes through
Network means steal key or amendment file, thus improve the internet security of signature server.
About the device in above-described embodiment, wherein modules performs the concrete mode of operation in relevant the method
Embodiment in be described in detail, explanation will be not set forth in detail herein.
It should be understood that the digital signature device that above-described embodiment provides is when digital signature, only with above-mentioned each function
The division of module is illustrated, and in actual application, can distribute above-mentioned functions by different function moulds as desired
Block completes, and the internal structure of device will be divided into different functional modules, to complete all or part of merit described above
Energy.It addition, the digital signature device that above-described embodiment provides belongs to same design with digital signature method embodiment, it is specifically real
Existing process refers to embodiment of the method, repeats no more here.
Fig. 7 is the block diagram according to a kind of digital signature device 700 shown in an exemplary embodiment.Such as, device 700 can
To be provided as a server.With reference to Fig. 7, device 700 includes processing assembly 722, and it farther includes one or more process
Device, and by the memory resource representated by memorizer 732, can be by the instruction of the execution processing assembly 722 for storage, such as
Application program.In memorizer 732 application program of storage can include one or more each refer to corresponding to one group
The module of order.It is configured to perform instruction, to perform above-mentioned digital signature method additionally, process assembly 722.
Device 700 can also include that a power supply module 726 is configured to perform the power management of device 700, and one has
Line or radio network interface 750 are configured to be connected to device 700 network, and input and output (I/O) interface 758.Dress
Put 700 and can operate based on the operating system being stored in memorizer 732, such as Windows ServerTM, Mac OS XTM,
UnixTM,LinuxTM, FreeBSDTMOr it is similar.
Those skilled in the art, after considering description and putting into practice invention disclosed herein, will readily occur to its of the disclosure
Its embodiment.The application is intended to any modification, purposes or the adaptations of the disclosure, these modification, purposes or
Person's adaptations is followed the general principle of the disclosure and includes the undocumented common knowledge in the art of the disclosure
Or conventional techniques means.Description and embodiments is considered only as exemplary, and the true scope of the disclosure and spirit are by following
Claim is pointed out.
It should be appreciated that the disclosure is not limited to precision architecture described above and illustrated in the accompanying drawings, and
And various modifications and changes can carried out without departing from the scope.The scope of the present disclosure is only limited by appended claim.
Claims (11)
1. a digital signature method, it is characterised in that be applied to signature server, described method includes:
By the first destiny account, adding file to be signed in task queue, described first destiny account possesses copied files
Authority;
By the second destiny account, obtaining described file to be signed from described task queue, described second destiny account has
Digital signature authority;
Read key by described second destiny account, described file to be signed is signed, obtains signature file.
Method the most according to claim 1, it is characterised in that described pass through the first destiny account, adds in task queue
Before adding file to be signed, described method also includes:
Key authentication is carried out by described first destiny account and compiler server;
When described key authentication passes through, set up and be connected with the access between described compiler server;
By described access connection listen to described compiler server compiled time, by described first destiny account from described
Compiler server copies described file to be signed.
Method the most according to claim 1, it is characterised in that described pass through the second destiny account, from described task queue
The described file to be signed of middle acquisition includes:
Described task queue is monitored by described second destiny account;
When listening to add described file to be signed in described task queue, wait to sign described in acquisition from described task queue
Name file.
Method the most according to claim 1, it is characterised in that described file to be signed carries file identification, described in pass through
Described second destiny account reads key, signs described file to be signed, obtains after signature file, described method
Also include:
Specify region preserve described in signature file, described signature file carries described file identification.
5. according to the method described in any one of Claims 1-4, it is characterised in that on described signature server, described first refers to
The network access authority determining account and described second destiny account is the authority accessing compiler server, and described signature server
Accessed authority be intended for described compiler server.
6. a digital signature device, it is characterised in that be applied to signature server, described device includes:
Add module, for by the first destiny account, task queue is added file to be signed, described first destiny account
Possesses copied files authority;
Acquisition module, for by the second destiny account, obtains described file to be signed from described task queue, and described second
Destiny account has digital signature authority;
Signature blocks, for reading key by described second destiny account, signs to described file to be signed, obtains
Signature file.
Device the most according to claim 6, it is characterised in that described device also includes:
Authentication module, for carrying out key authentication by described first destiny account and compiler server;
Set up module, for when described key authentication passes through, set up and be connected with the access between described compiler server;
Copy module, for by described access connection listen to described compiler server compiled time, by described first
Destiny account copies described file to be signed from described compiler server.
Device the most according to claim 6, it is characterised in that described acquisition module includes:
Monitor submodule, for monitoring described task queue by described second destiny account;
Obtain submodule, for when listening to add described file to be signed in described task queue, from described task team
Row obtain described file to be signed.
Device the most according to claim 6, it is characterised in that described device also includes:
Preserve module, for specify region preserve described in signature file, described signature file carries described file identification,
Make compiler server according to described file identification, obtain from described appointment region described in signature file.
10. according to the device described in any one of claim 6 to 9, it is characterised in that on described signature server, described first refers to
The network access authority determining account and described second destiny account is the authority accessing compiler server, and described signature server
Accessed authority be intended for described compiler server.
11. 1 kinds of digital signature devices, it is characterised in that including:
Processor;
For storing the memorizer of the executable instruction of processor;
Wherein, described processor is configured to:
By the first destiny account, adding file to be signed in task queue, described first destiny account possesses copied files
Authority;
By the second destiny account, obtaining described file to be signed from described task queue, described second destiny account has
Digital signature authority;
Read key by described second destiny account, described file to be signed is signed, obtains signature file.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610694577.6A CN106161037B (en) | 2016-08-19 | 2016-08-19 | Digital signature method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610694577.6A CN106161037B (en) | 2016-08-19 | 2016-08-19 | Digital signature method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106161037A true CN106161037A (en) | 2016-11-23 |
CN106161037B CN106161037B (en) | 2019-05-10 |
Family
ID=57341660
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610694577.6A Active CN106161037B (en) | 2016-08-19 | 2016-08-19 | Digital signature method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106161037B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107769927A (en) * | 2017-09-30 | 2018-03-06 | 飞天诚信科技股份有限公司 | A kind of method and device that intelligent cipher key equipment is operated in MacOSX systems |
CN110826092A (en) * | 2018-08-14 | 2020-02-21 | 珠海金山办公软件有限公司 | File signature processing system |
CN112506793A (en) * | 2020-12-18 | 2021-03-16 | 航天信息股份有限公司 | Embedded software unit testing method, system, readable medium and electronic equipment |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1722656A (en) * | 2004-04-08 | 2006-01-18 | 梁庆生 | A digital signature method and digital signature tool |
CN101477659A (en) * | 2009-02-10 | 2009-07-08 | 百富计算机技术(深圳)有限公司 | Method and apparatus for file automatic signature |
US20090208000A1 (en) * | 2008-02-19 | 2009-08-20 | Fujitsu Limited | Signature management method and signature management device |
CN102148687A (en) * | 2011-05-09 | 2011-08-10 | 北京数码大方科技有限公司 | Signature method and device in information management system |
CN102868688A (en) * | 2012-09-05 | 2013-01-09 | 天地融科技股份有限公司 | Certification system and method and electronic signature tool |
CN104618120A (en) * | 2015-03-04 | 2015-05-13 | 青岛微智慧信息有限公司 | Digital signature method for escrowing private key of mobile terminal |
-
2016
- 2016-08-19 CN CN201610694577.6A patent/CN106161037B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1722656A (en) * | 2004-04-08 | 2006-01-18 | 梁庆生 | A digital signature method and digital signature tool |
US20090208000A1 (en) * | 2008-02-19 | 2009-08-20 | Fujitsu Limited | Signature management method and signature management device |
CN101477659A (en) * | 2009-02-10 | 2009-07-08 | 百富计算机技术(深圳)有限公司 | Method and apparatus for file automatic signature |
CN102148687A (en) * | 2011-05-09 | 2011-08-10 | 北京数码大方科技有限公司 | Signature method and device in information management system |
CN102868688A (en) * | 2012-09-05 | 2013-01-09 | 天地融科技股份有限公司 | Certification system and method and electronic signature tool |
CN104618120A (en) * | 2015-03-04 | 2015-05-13 | 青岛微智慧信息有限公司 | Digital signature method for escrowing private key of mobile terminal |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107769927A (en) * | 2017-09-30 | 2018-03-06 | 飞天诚信科技股份有限公司 | A kind of method and device that intelligent cipher key equipment is operated in MacOSX systems |
CN110826092A (en) * | 2018-08-14 | 2020-02-21 | 珠海金山办公软件有限公司 | File signature processing system |
CN112506793A (en) * | 2020-12-18 | 2021-03-16 | 航天信息股份有限公司 | Embedded software unit testing method, system, readable medium and electronic equipment |
Also Published As
Publication number | Publication date |
---|---|
CN106161037B (en) | 2019-05-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110377239B (en) | Data signature method, device, server, system and storage medium | |
CN111090876B (en) | Contract calling method and device | |
CN111090888B (en) | Contract verification method and device | |
CN112887160B (en) | Block chain all-in-one machine, multi-node deployment method and device thereof, and storage medium | |
CN102271042B (en) | Certificate authorization method, system, universal serial bus (USB) Key equipment and server | |
CN110381075B (en) | Block chain-based equipment identity authentication method and device | |
CN110677240A (en) | Method and device for providing high-availability computing service through certificate issuing | |
KR20080030359A (en) | Method for integrity attestation of a computing platform hiding its configuration information | |
US9906518B2 (en) | Managing exchanges of sensitive data | |
Tate et al. | Multi-user dynamic proofs of data possession using trusted hardware | |
CN108777675B (en) | Electronic device, block chain-based identity authentication method, and computer storage medium | |
CN112734431B (en) | Method and device for querying Fabric Block Link book data | |
CN111314172A (en) | Data processing method, device and equipment based on block chain and storage medium | |
CN106161037A (en) | Digital signature method and device | |
CN111880919A (en) | Data scheduling method, system and computer equipment | |
CN115459928A (en) | Data sharing method, device, equipment and medium | |
CN112311779A (en) | Data access control method and device applied to block chain system | |
CN111414640A (en) | Key access control method and device | |
CN113326535B (en) | Information verification method and device | |
CN112446050B (en) | Business data processing method and device applied to block chain system | |
CN109981650B (en) | Transfer method and system for general certificates in block chain | |
CN106326723A (en) | Method and device for certifying APK (Android Package) signature | |
CN111294315B (en) | Block chain-based security authentication method, block chain-based security authentication device, block chain-based security authentication equipment and storage medium | |
CN105471579B (en) | A kind of trust login method and device | |
CN111898153B (en) | Method and device for calling contract |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |