CN106161037A - Digital signature method and device - Google Patents

Digital signature method and device Download PDF

Info

Publication number
CN106161037A
CN106161037A CN201610694577.6A CN201610694577A CN106161037A CN 106161037 A CN106161037 A CN 106161037A CN 201610694577 A CN201610694577 A CN 201610694577A CN 106161037 A CN106161037 A CN 106161037A
Authority
CN
China
Prior art keywords
file
signature
signed
destiny account
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610694577.6A
Other languages
Chinese (zh)
Other versions
CN106161037B (en
Inventor
梁博
赵枝阳
赵亚帆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Xiaomi Mobile Software Co Ltd
Original Assignee
Beijing Xiaomi Mobile Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Xiaomi Mobile Software Co Ltd filed Critical Beijing Xiaomi Mobile Software Co Ltd
Priority to CN201610694577.6A priority Critical patent/CN106161037B/en
Publication of CN106161037A publication Critical patent/CN106161037A/en
Application granted granted Critical
Publication of CN106161037B publication Critical patent/CN106161037B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Abstract

The disclosure is directed to a kind of digital signature method and device, belong to networking technology area.Described method includes: by the first destiny account, adds file to be signed in task queue, and described first destiny account possesses copied files authority;By the second destiny account, obtaining described file to be signed from described task queue, described second destiny account has digital signature authority;Read key by described second destiny account, described file to be signed is signed, obtains signature file.The disclosure is by separating signature process with compilation process, compilation process is not carried out on signature server, and signature process is carried out by second destiny account on signature server with access key authority, thus reduce the probability that private key is revealed, it is ensured that the safety of key.

Description

Digital signature method and device
Technical field
The disclosure is directed to networking technology area, specifically about a kind of digital signature method and device.
Background technology
In the epoch that nowadays network technology is flourishing, between server and terminal, interaction data is frequent.For avoiding the of malice Tripartite revises data or pretends to be the server data falsification of sender, creates digital signature technology.
Such as, in Android system as a example by the scene of application upgrade, there is the account of compiling authority can carry out at server Compiling, to obtain upgrade file, then reads key so that server is signed according to this double secret key upgrade file, is risen DBMS bag.If certain terminal needs to upgrade, this upgrading data packet can be obtained, and by the key authentication of server Signature, confirms that this upgrading data packet, from this server, and is upgraded based on this upgrading data packet.
Summary of the invention
In order to solve problem present in correlation technique, present disclose provides a kind of digital signature method and device.Described Technical scheme is as follows:
First aspect according to disclosure embodiment, it is provided that a kind of digital signature method, described method includes:
By the first destiny account, adding file to be signed in task queue, described first destiny account possesses copy File permission;
By the second destiny account, from described task queue, obtain described file to be signed, described second destiny account There is digital signature authority;
Read key by described second destiny account, described file to be signed is signed, obtains signature file.
In a kind of possible implementation, described pass through the first destiny account, task queue is added file to be signed Before, described method also includes:
Key authentication is carried out by described first destiny account and compiler server;
When described key authentication passes through, set up and be connected with the access between described compiler server;
By described access connection listen to described compiler server compiled time, by described first destiny account from Described compiler server copies described file to be signed.
In a kind of possible implementation, described pass through the second destiny account, obtain from described task queue described in treat Signature file includes:
Described task queue is monitored by described second destiny account;
When listening to add described file to be signed in described task queue, obtain described from described task queue File to be signed.
In a kind of possible implementation, described file to be signed carries file identification, described specifies by described second Account reads key, signs described file to be signed, obtains after signature file, and described method also includes:
Specify region preserve described in signature file, described signature file carries described file identification, makes compiling take Business device according to described file identification, obtain from described appointment region described in signature file.
In a kind of possible implementation, on described signature server, described first destiny account and described second specifies account The network access authority at family is the authority accessing described compiler server, and the accessed authority of described signature server is intended for Described compiler server.
Second aspect according to disclosure embodiment, it is provided that a kind of digital signature device, described device includes:
Adding module, for by the first destiny account, add file to be signed in task queue, described first specifies Account possesses copied files authority;
Acquisition module, for by the second destiny account, obtains described file to be signed from described task queue, described Second destiny account has digital signature authority;
Signature blocks, for reading key by described second destiny account, signs to described file to be signed, To signature file.
In a kind of possible implementation, described device also includes:
Authentication module, for carrying out key authentication by described first destiny account and compiler server;
Set up module, for when described key authentication passes through, set up and be connected with the access between described compiler server;
Copy module, for by described access connection listen to described compiler server compiled time, by described First destiny account copies described file to be signed from described compiler server.
In a kind of possible implementation, described acquisition module includes: monitors submodule and obtains submodule;
Described monitoring submodule, for monitoring described task queue by described second destiny account;
Described acquisition submodule, for when listening to add described file to be signed in described task queue, from institute State and task queue obtains described file to be signed.
In a kind of possible implementation, described device also includes:
Preserve module, for specify region preserve described in signature file, described signature file carries described file Mark, make compiler server according to described file identification, obtain from described appointment region described in signature file.
In a kind of possible implementation, on described signature server, described first destiny account and described second specifies account The network access authority at family is the authority accessing described compiler server, and the accessed authority of described signature server is intended for Described compiler server.
The third aspect according to disclosure embodiment, it is provided that a kind of digital signature device, described device includes: process Device;For storing the memorizer of the executable instruction of processor;Wherein, described processor is configured to:
By the first destiny account, adding file to be signed in task queue, described first destiny account possesses copy File permission;
By the second destiny account, from described task queue, obtain described file to be signed, described second destiny account There is digital signature authority;
Read key by described second destiny account, described file to be signed is signed, obtains signature file.
Embodiment of the disclosure that the technical scheme of offer can include following beneficial effect:
The method and apparatus that the present embodiment provides, by signature process being separated with compilation process, compilation process is not being signed Carry out on name server, and signature process is carried out by second destiny account on signature server with access key authority, from And reduce the probability that private key is revealed, it is ensured that the safety of key.
In a kind of possible implementation, between compiler server and signature server, carry out key authentication, it is to avoid Tripartite's forged identity, gains the key of signature server by cheating, improves the safety of key.
In a kind of possible implementation, on signature server, the network legal power of account is limited to access compiler server, and The access rights of signature server are intended for compiler server, it is to avoid third party steals key or amendment literary composition by network means Part, improves the internet security of signature server.
It should be appreciated that it is exemplary that above general description and details hereinafter describe, these public affairs can not be limited Open.
Accompanying drawing explanation
Accompanying drawing herein is merged in description and constitutes the part of this specification, it is shown that meet the enforcement of the disclosure Example, and for explaining the principle of the disclosure together with description.
Fig. 1 is the flow chart according to a kind of digital signature method shown in an exemplary embodiment;
Fig. 2 is the flow chart according to a kind of digital signature method shown in an exemplary embodiment;
Fig. 3 is the block diagram according to a kind of digital signature device shown in an exemplary embodiment;
Fig. 4 is the block diagram according to a kind of digital signature device shown in an exemplary embodiment;
Fig. 5 is the block diagram according to a kind of digital signature device shown in an exemplary embodiment;
Fig. 6 is the block diagram according to a kind of digital signature device shown in an exemplary embodiment;
Fig. 7 is the block diagram according to a kind of digital signature device 700 shown in an exemplary embodiment.
Detailed description of the invention
For making the purpose of the disclosure, technical scheme and advantage clearer, below in conjunction with embodiment and accompanying drawing, right The disclosure is described in further details.Here, the exemplary embodiment of the disclosure and explanation thereof are used for explaining the disclosure, but also Not as restriction of this disclosure.
Fig. 1 is the flow chart according to a kind of digital signature method shown in an exemplary embodiment, as it is shown in figure 1, digital Endorsement method, in signature server, comprises the following steps:
In a step 101, by the first destiny account, task queue is added file to be signed, the first destiny account Possesses copied files authority.
In a step 102, by the second destiny account, from task queue, obtain file to be signed, the second destiny account There is digital signature authority.
In step 103, read key by the second destiny account, treat signature file and sign, signed File.
In correlation technique, all accounts with compiling authority have the authority accessing key, if arbitrary account is revealed simultaneously Key, all may cause third party to obtain key, and key safety is poor, and the third party of malice all may be caused to obtain based on illegal Key forge a signature, thus send some to other-end and forge document, and terminal is when receiving this and forging document, if Signature verification is passed through, and also will be considered that it is legitimate files, causes the safety of terminal also cannot ensure.
In disclosure embodiment, by signature process being separated with compilation process, compilation process is not on signature server Carry out, and signature process is carried out by second destiny account on signature server with access key authority, thus reduce private The probability that key is revealed, it is ensured that the safety of key.
In a kind of possible implementation, method also includes: carry out key by the first destiny account and compiler server Certification;When key authentication passes through, set up and be connected with the access between compiler server;Compiling clothes are listened to by accessing connection When business device has compiled, from compiler server, copy file to be signed by the first destiny account.
In a kind of possible implementation, method includes: monitor task queue by the second destiny account;When listening to When file to be signed is added in task queue, from task queue, obtain file to be signed.
In a kind of possible implementation, method also includes: take specifying region to preserve signature file, signature file Tape file identifies, and makes compiler server according to file identification, obtains signature file from specifying region.
In a kind of possible implementation, on signature server, the network of the first destiny account and the second destiny account accesses Authority is the authority accessing compiler server, and the accessed authority of signature server is intended for compiler server.
Above-mentioned all optional technical schemes, can use and arbitrarily combine the alternative embodiment forming the disclosure, at this no longer Repeat one by one.
Fig. 2 is the flow chart according to a kind of digital signature method shown in an exemplary embodiment, as in figure 2 it is shown, these public affairs Open the interaction that embodiment relates between signature server and compiler server, comprise the following steps:
In step 200, signature server carries out key authentication by the first destiny account and compiler server.
It was recognized by the inventor that in correlation technique, compile and all carry out on same server with the process signed, compile authority Associate with signature authority, cause the account on this server with compiling authority can also obtain key, the poor stability of key, Therefore, in the disclosed embodiments, compile and the process signed is realizing respectively on two servers, one of them server Can be compiler server, be used for being compiled, another server can be signature server, is used for signing, with every From compiling authority and signature authority.
In disclosure embodiment, key authentication is for mutual by key algorithm between compiler server and signature server Authenticating identity.Such as, key authentication can use RSA key algorithm (Ron Rivest, Adi Shamir, Leonard Adleman), signature server deposits PKI in the first destiny account, and compiler server is deposited private key, compiler server sent out Send connection request, after signature server uses authentication public key, set up access with compiler server and be connected.
Wherein, the first destiny account is a kind of account on signature server, on signature server allow exist one or Multiple this kind of accounts, and the first destiny account only has from compiler server copied files authority.Disclosure embodiment is to first Destiny account does not do restriction further.Such as, the first destiny account can be the work account in Linux server.
In a kind of possible implementation, in order to improve the safety of file to be signed, except allowing the first destiny account tool Have from compiler server copied files authority, forbid other operating rights of the first destiny account, thus avoid literary composition to be signed Part is revised by the first destiny account.
In step 201, when key authentication passes through, signature server sets up the access between compiler server even Connect.
Connect it should be noted that set up to access based on key authentication, it is ensured that compiler server and signature server Identity true, it is to avoid third party pretends to be in the two a wherein side, gains the data of the opposing party in the two by cheating.
In disclosure embodiment, step 200 is optional step with the key authentication of step 201, it is ensured that compilation process With signature process when being connected safer, it is true that disclosure embodiment can also directly carry out step 202 below step, To solve the problem of key safety difference in correlation technique.
In step 202., compiler server is compiled process.
In the disclosed embodiments, file to be signed, therefore, signature need to be obtained from compiler server due to signature server Server can be monitored by accessing connection, with the instant compiling progress obtaining compiler server.
In step 203, signature server by access connection listen to compiler server compiled time, by first Destiny account copies file to be signed from this compiler server, and this file to be signed carries file identification.
Owing to, in disclosure embodiment, compiling separates with signature process, signature server, for obtaining file to be signed, needs Monitor the compiling progress of compiler server, when compiling completes, copied from compiler server by the first destiny account and wait to sign Name file.Wherein, file identification can uniquely identify each file to be signed, therefore, at compiler server and signature server In interaction, file identification is used for distinguishing each file to be signed.Such as, file identification can be by a kind of naming rule The file name to be signed obtained, this is not limited by disclosure embodiment.
In step 204, signature server passes through the first destiny account, adds file to be signed in task queue.
It should be noted that task queue is the memory area that signature server preserves file to be signed, signature server By the first destiny account, add the file to be signed of copy to this memory area.This memory area can use different Storage mode, it is for instance possible to use the storage mode of queue, this storage can be to carry out according to preservation order.The disclosure is implemented The storage mode of task queue is not limited by example.
In step 205, wait to sign when signature server listens to the addition of in task queue by the second destiny account During name file, obtaining file to be signed from task queue, this second destiny account has digital signature authority.
For avoiding same account to have many authorities, cause signature process safety low, in disclosure embodiment, will sign The authority related in journey separates further, and the operation obtaining file to be signed from compiler server is distributed to the first destiny account Complete, the second destiny account is distributed in the operation obtaining file to be signed from task queue and completes.
Due between the first destiny account and the second destiny account without direct correlation, signature server need to be specified by second Monitor task queue, i.e. preserve the memory area of file to be signed, to know whether file to be signed adds this memory area to. Such as, this memory area can follow the principle of FIFO, when there being multiple file to be signed to be sequentially stored in memory area, Signature server passes through the second destiny account, obtains the file to be signed being first stored in from this appointment region according to preservation order. The order obtaining file to be signed is not limited by disclosure embodiment.
In a kind of possible implementation, illustrating as a example by signature server is as Linux server, second specifies account Family can be unique root account in Linux server, has the highest weight limit of signature server, weighs including digital signature Limit.On other platforms, this second destiny account can also is that other types account, and disclosure embodiment is to the second destiny account Do not limit.
In step 206, signature server reads key by the second destiny account, treats signature file and signs, Obtain signature file.
It should be noted that be the safety improving key, key is saved in signature server, by carrying out key Accessing and limit, the disclosure is that embodiment does not limits accessing the mode limited.Such as, the authority accessing key only refers to second Determine account open, make signature server only could read key by the second destiny account, treat signature file and sign.
Wherein, Key Tpe is symmetric key or unsymmetrical key.A pair symmetric key refers to two identical keys, one Unsymmetrical key includes a PKI and a private key, and PKI can be different from private key.Compare symmetric key, unsymmetrical key Using two kinds of different keys, safety is higher.Therefore, in disclosure embodiment, say as a example by a pair unsymmetrical key Bright, the private key in unsymmetrical key is saved in signature server by this, and for signing file, this is to unsymmetrical key PKI be saved in send target terminal, be used for verifying signature.Key Tpe is not limited by disclosure embodiment.
In step 207, signature server is specifying region to preserve signature file, and this signature file carries files-designated Know.
For avoiding compiler server and the second destiny account direct correlation, after the second destiny account completes signature, signature Signature file is saved in appointment region by server.In a kind of possible implementation, it is intended that region can be Digital signature service One piece of local storage region that device is arranged, this local storage region is properly termed as web region, and disclosure embodiment is to specifying region Storage mode do not limit.Such as, this memory area uses the storage mode of queue, and this storage can be according to preservation order Carry out.
In a step 208, compiler server, according to file identification, obtains signature file from specifying region.
In disclosure embodiment, for ensureing the safety of key, on signature server, the first destiny account and second is specified The network access authority of account is the authority accessing compiler server, makes the first destiny account and the second destiny account all can not lead to Cross signature server and can not send signature file to other network equipments, and the accessed authority of signature server is intended for compiling Translate server so that compiler server has from specifying region to obtain signature file authority.Disclosure embodiment is to signature clothes Network access authority between business device and compiler server does not do restriction further.
In view of the account on signature server may be more than the first destiny account and the second destiny account, in order to sign The safety of file, in a kind of possible implementation, on signature server the network access authority of arbitrary account be only oriented in This compiler server so that all accounts on signature server all can not send signature file to other network equipments.
In order to improve the safety of signature file further, in alternatively possible implementation, signature server Accessed authority is only oriented in compiler server so that only has compiler server and has from specifying region to obtain signature file power Limit, and other network equipments are without this authority.
Above-mentioned access rights and the restriction of accessed authority, it is possible to realize accessing on network level controlling, it is ensured that only Compiler server mutually could access with signature server.
It should be noted that the file identification that signature file has carried is identical with the mark that file to be signed carries, make volume Translate server according to file identification, in specifying region, obtain signature file, that is to say, obtain in local storage region Signature file.Such as, this memory area can follow the principle of FIFO, is sequentially stored in when there being multiple signature file During storage area territory, compiler server obtains the signature file being first stored in from this appointment region according to preservation order.
In disclosure embodiment, compiler server at least two kinds of modes obtaining signature file:
In first kind of way, compiler server is connected by access, monitors and specifies region, signs when being known by monitoring Name file is the most saved to when specifying region, according to file identification, obtains the signature file that file to be signed is corresponding.
In the second way, signature server is connected by access, sends signature file to compiler server and is referring to Determining the preservation address in region and file identification, compiler server passes through this preservation address and file identification, obtains this and signs File.
In correlation technique, all accounts with compiling authority have the authority accessing key, if arbitrary account is revealed simultaneously Key, all may cause third party to obtain key, and key safety is poor, and the third party of malice may be caused based on illegal acquisition Key forges a signature, thus sends some to other-end and forge document, and terminal is when receiving this and forging document, if signed Name is verified, and also will be considered that it is legitimate files, causes the safety of terminal to ensure.
In disclosure embodiment, by signature process being separated with compilation process, compilation process is not on signature server Carry out, and signature process is carried out by second destiny account on signature server with access key authority, thus reduce private The probability that key is revealed, it is ensured that the safety of key.
It addition, in disclosure embodiment, carry out key authentication between compiler server and signature server, it is to avoid the 3rd Side's forged identity, gains the key of signature server by cheating, improves the safety of key.
It addition, in disclosure embodiment, on signature server, the network legal power of account is limited to access compiler server, and signs The access rights of name server are intended for compiler server, it is achieved that the access at network level controls, it is to avoid third party passes through Network means steal key or amendment file, thus improve the internet security of signature server.
Fig. 3 is the block diagram according to a kind of digital signature device shown in an exemplary embodiment.See Fig. 3, this device bag Include interpolation module 301, acquisition module 302 and signature blocks 303.
This interpolation module 301 is configured to the first destiny account, adds file to be signed in task queue, and first Destiny account possesses copied files authority.
This acquisition module 302 is configured to the second destiny account, obtains described interpolation module 301 from task queue The file to be signed added, the second destiny account has digital signature authority.
This signature blocks 303 is configured to the second destiny account and reads key, to acquired in described acquisition module 302 To file to be signed sign, obtain signature file.
In a kind of possible implementation, device based on Fig. 3 forms, and sees Fig. 4, and device also includes authentication module 304, Set up module 305 and copy module 306.
This authentication module 304 is configured to the first destiny account and carries out key authentication with compiler server.
This is set up module 305 and is configured as key authentication when passing through, and sets up and is connected with the access between compiler server.
This copy module 306 is configured to access connection and listens to compiler server when having compiled, by first Destiny account copies file to be signed from compiler server.
In a kind of possible implementation, device based on Fig. 3 forms, and sees Fig. 5, and the acquisition module 302 of this device wraps Include monitoring submodule 3021 and obtain submodule 3022.
This acquisition submodule 3021 is configured to the second destiny account and monitors task queue.
When this acquisition submodule 3022 is configured as listening to add file to be signed in task queue, from task team Row obtain file to be signed.
In a kind of possible implementation, device based on Fig. 3 forms, and sees Fig. 6, and device also includes preserving module 307.
This preservation module 307 is configured to preserve signature file, signature file in appointment region and carries file identification, Make compiler server according to file identification, obtain signature file from specifying region.
In a kind of possible implementation, on signature server, the network of the first destiny account and the second destiny account accesses Authority is limited to access compiler server, and the accessed authority of signature server is intended for compiler server.
Above-mentioned all optional technical schemes, can use and arbitrarily combine the alternative embodiment forming the disclosure, at this no longer Repeat one by one.
In disclosure embodiment, by signature process being separated with compilation process, compilation process is not on signature server Carry out, and signature process is carried out by second destiny account on signature server with access key authority, thus reduce private The probability that key is revealed, it is ensured that the safety of key.
It addition, in disclosure embodiment, carry out key authentication between compiler server and signature server, it is to avoid the 3rd Side's forged identity, gains the key of signature server by cheating, improves the safety of key.
It addition, in disclosure embodiment, on signature server, the network legal power of account is limited to access compiler server, and signs The access rights of name server are intended for compiler server, it is achieved that the access at network level controls, it is to avoid third party passes through Network means steal key or amendment file, thus improve the internet security of signature server.
About the device in above-described embodiment, wherein modules performs the concrete mode of operation in relevant the method Embodiment in be described in detail, explanation will be not set forth in detail herein.
It should be understood that the digital signature device that above-described embodiment provides is when digital signature, only with above-mentioned each function The division of module is illustrated, and in actual application, can distribute above-mentioned functions by different function moulds as desired Block completes, and the internal structure of device will be divided into different functional modules, to complete all or part of merit described above Energy.It addition, the digital signature device that above-described embodiment provides belongs to same design with digital signature method embodiment, it is specifically real Existing process refers to embodiment of the method, repeats no more here.
Fig. 7 is the block diagram according to a kind of digital signature device 700 shown in an exemplary embodiment.Such as, device 700 can To be provided as a server.With reference to Fig. 7, device 700 includes processing assembly 722, and it farther includes one or more process Device, and by the memory resource representated by memorizer 732, can be by the instruction of the execution processing assembly 722 for storage, such as Application program.In memorizer 732 application program of storage can include one or more each refer to corresponding to one group The module of order.It is configured to perform instruction, to perform above-mentioned digital signature method additionally, process assembly 722.
Device 700 can also include that a power supply module 726 is configured to perform the power management of device 700, and one has Line or radio network interface 750 are configured to be connected to device 700 network, and input and output (I/O) interface 758.Dress Put 700 and can operate based on the operating system being stored in memorizer 732, such as Windows ServerTM, Mac OS XTM, UnixTM,LinuxTM, FreeBSDTMOr it is similar.
Those skilled in the art, after considering description and putting into practice invention disclosed herein, will readily occur to its of the disclosure Its embodiment.The application is intended to any modification, purposes or the adaptations of the disclosure, these modification, purposes or Person's adaptations is followed the general principle of the disclosure and includes the undocumented common knowledge in the art of the disclosure Or conventional techniques means.Description and embodiments is considered only as exemplary, and the true scope of the disclosure and spirit are by following Claim is pointed out.
It should be appreciated that the disclosure is not limited to precision architecture described above and illustrated in the accompanying drawings, and And various modifications and changes can carried out without departing from the scope.The scope of the present disclosure is only limited by appended claim.

Claims (11)

1. a digital signature method, it is characterised in that be applied to signature server, described method includes:
By the first destiny account, adding file to be signed in task queue, described first destiny account possesses copied files Authority;
By the second destiny account, obtaining described file to be signed from described task queue, described second destiny account has Digital signature authority;
Read key by described second destiny account, described file to be signed is signed, obtains signature file.
Method the most according to claim 1, it is characterised in that described pass through the first destiny account, adds in task queue Before adding file to be signed, described method also includes:
Key authentication is carried out by described first destiny account and compiler server;
When described key authentication passes through, set up and be connected with the access between described compiler server;
By described access connection listen to described compiler server compiled time, by described first destiny account from described Compiler server copies described file to be signed.
Method the most according to claim 1, it is characterised in that described pass through the second destiny account, from described task queue The described file to be signed of middle acquisition includes:
Described task queue is monitored by described second destiny account;
When listening to add described file to be signed in described task queue, wait to sign described in acquisition from described task queue Name file.
Method the most according to claim 1, it is characterised in that described file to be signed carries file identification, described in pass through Described second destiny account reads key, signs described file to be signed, obtains after signature file, described method Also include:
Specify region preserve described in signature file, described signature file carries described file identification.
5. according to the method described in any one of Claims 1-4, it is characterised in that on described signature server, described first refers to The network access authority determining account and described second destiny account is the authority accessing compiler server, and described signature server Accessed authority be intended for described compiler server.
6. a digital signature device, it is characterised in that be applied to signature server, described device includes:
Add module, for by the first destiny account, task queue is added file to be signed, described first destiny account Possesses copied files authority;
Acquisition module, for by the second destiny account, obtains described file to be signed from described task queue, and described second Destiny account has digital signature authority;
Signature blocks, for reading key by described second destiny account, signs to described file to be signed, obtains Signature file.
Device the most according to claim 6, it is characterised in that described device also includes:
Authentication module, for carrying out key authentication by described first destiny account and compiler server;
Set up module, for when described key authentication passes through, set up and be connected with the access between described compiler server;
Copy module, for by described access connection listen to described compiler server compiled time, by described first Destiny account copies described file to be signed from described compiler server.
Device the most according to claim 6, it is characterised in that described acquisition module includes:
Monitor submodule, for monitoring described task queue by described second destiny account;
Obtain submodule, for when listening to add described file to be signed in described task queue, from described task team Row obtain described file to be signed.
Device the most according to claim 6, it is characterised in that described device also includes:
Preserve module, for specify region preserve described in signature file, described signature file carries described file identification, Make compiler server according to described file identification, obtain from described appointment region described in signature file.
10. according to the device described in any one of claim 6 to 9, it is characterised in that on described signature server, described first refers to The network access authority determining account and described second destiny account is the authority accessing compiler server, and described signature server Accessed authority be intended for described compiler server.
11. 1 kinds of digital signature devices, it is characterised in that including:
Processor;
For storing the memorizer of the executable instruction of processor;
Wherein, described processor is configured to:
By the first destiny account, adding file to be signed in task queue, described first destiny account possesses copied files Authority;
By the second destiny account, obtaining described file to be signed from described task queue, described second destiny account has Digital signature authority;
Read key by described second destiny account, described file to be signed is signed, obtains signature file.
CN201610694577.6A 2016-08-19 2016-08-19 Digital signature method and device Active CN106161037B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610694577.6A CN106161037B (en) 2016-08-19 2016-08-19 Digital signature method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610694577.6A CN106161037B (en) 2016-08-19 2016-08-19 Digital signature method and device

Publications (2)

Publication Number Publication Date
CN106161037A true CN106161037A (en) 2016-11-23
CN106161037B CN106161037B (en) 2019-05-10

Family

ID=57341660

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610694577.6A Active CN106161037B (en) 2016-08-19 2016-08-19 Digital signature method and device

Country Status (1)

Country Link
CN (1) CN106161037B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107769927A (en) * 2017-09-30 2018-03-06 飞天诚信科技股份有限公司 A kind of method and device that intelligent cipher key equipment is operated in MacOSX systems
CN110826092A (en) * 2018-08-14 2020-02-21 珠海金山办公软件有限公司 File signature processing system
CN112506793A (en) * 2020-12-18 2021-03-16 航天信息股份有限公司 Embedded software unit testing method, system, readable medium and electronic equipment

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1722656A (en) * 2004-04-08 2006-01-18 梁庆生 A digital signature method and digital signature tool
CN101477659A (en) * 2009-02-10 2009-07-08 百富计算机技术(深圳)有限公司 Method and apparatus for file automatic signature
US20090208000A1 (en) * 2008-02-19 2009-08-20 Fujitsu Limited Signature management method and signature management device
CN102148687A (en) * 2011-05-09 2011-08-10 北京数码大方科技有限公司 Signature method and device in information management system
CN102868688A (en) * 2012-09-05 2013-01-09 天地融科技股份有限公司 Certification system and method and electronic signature tool
CN104618120A (en) * 2015-03-04 2015-05-13 青岛微智慧信息有限公司 Digital signature method for escrowing private key of mobile terminal

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1722656A (en) * 2004-04-08 2006-01-18 梁庆生 A digital signature method and digital signature tool
US20090208000A1 (en) * 2008-02-19 2009-08-20 Fujitsu Limited Signature management method and signature management device
CN101477659A (en) * 2009-02-10 2009-07-08 百富计算机技术(深圳)有限公司 Method and apparatus for file automatic signature
CN102148687A (en) * 2011-05-09 2011-08-10 北京数码大方科技有限公司 Signature method and device in information management system
CN102868688A (en) * 2012-09-05 2013-01-09 天地融科技股份有限公司 Certification system and method and electronic signature tool
CN104618120A (en) * 2015-03-04 2015-05-13 青岛微智慧信息有限公司 Digital signature method for escrowing private key of mobile terminal

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107769927A (en) * 2017-09-30 2018-03-06 飞天诚信科技股份有限公司 A kind of method and device that intelligent cipher key equipment is operated in MacOSX systems
CN110826092A (en) * 2018-08-14 2020-02-21 珠海金山办公软件有限公司 File signature processing system
CN112506793A (en) * 2020-12-18 2021-03-16 航天信息股份有限公司 Embedded software unit testing method, system, readable medium and electronic equipment

Also Published As

Publication number Publication date
CN106161037B (en) 2019-05-10

Similar Documents

Publication Publication Date Title
CN110377239B (en) Data signature method, device, server, system and storage medium
CN111090876B (en) Contract calling method and device
CN111090888B (en) Contract verification method and device
CN112887160B (en) Block chain all-in-one machine, multi-node deployment method and device thereof, and storage medium
CN102271042B (en) Certificate authorization method, system, universal serial bus (USB) Key equipment and server
CN110381075B (en) Block chain-based equipment identity authentication method and device
CN110677240A (en) Method and device for providing high-availability computing service through certificate issuing
KR20080030359A (en) Method for integrity attestation of a computing platform hiding its configuration information
US9906518B2 (en) Managing exchanges of sensitive data
Tate et al. Multi-user dynamic proofs of data possession using trusted hardware
CN108777675B (en) Electronic device, block chain-based identity authentication method, and computer storage medium
CN112734431B (en) Method and device for querying Fabric Block Link book data
CN111314172A (en) Data processing method, device and equipment based on block chain and storage medium
CN106161037A (en) Digital signature method and device
CN111880919A (en) Data scheduling method, system and computer equipment
CN115459928A (en) Data sharing method, device, equipment and medium
CN112311779A (en) Data access control method and device applied to block chain system
CN111414640A (en) Key access control method and device
CN113326535B (en) Information verification method and device
CN112446050B (en) Business data processing method and device applied to block chain system
CN109981650B (en) Transfer method and system for general certificates in block chain
CN106326723A (en) Method and device for certifying APK (Android Package) signature
CN111294315B (en) Block chain-based security authentication method, block chain-based security authentication device, block chain-based security authentication equipment and storage medium
CN105471579B (en) A kind of trust login method and device
CN111898153B (en) Method and device for calling contract

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant