CN106161037B - Digital signature method and device - Google Patents

Digital signature method and device Download PDF

Info

Publication number
CN106161037B
CN106161037B CN201610694577.6A CN201610694577A CN106161037B CN 106161037 B CN106161037 B CN 106161037B CN 201610694577 A CN201610694577 A CN 201610694577A CN 106161037 B CN106161037 B CN 106161037B
Authority
CN
China
Prior art keywords
file
signature
signed
server
destiny account
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610694577.6A
Other languages
Chinese (zh)
Other versions
CN106161037A (en
Inventor
梁博
赵枝阳
赵亚帆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Xiaomi Mobile Software Co Ltd
Original Assignee
Beijing Xiaomi Mobile Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Xiaomi Mobile Software Co Ltd filed Critical Beijing Xiaomi Mobile Software Co Ltd
Priority to CN201610694577.6A priority Critical patent/CN106161037B/en
Publication of CN106161037A publication Critical patent/CN106161037A/en
Application granted granted Critical
Publication of CN106161037B publication Critical patent/CN106161037B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Stored Programmes (AREA)

Abstract

The disclosure is directed to a kind of digital signature method and devices, belong to network technique field.The described method includes: adding file to be signed in task queue, first destiny account has copied files permission by the first destiny account;By the second destiny account, the file to be signed is obtained from the task queue, second destiny account has digital signature permission;Key is read by second destiny account, signs to the file to be signed, obtains signature file.The disclosure is by separating signature process with compilation process, compilation process carries out not on signature server, and signature process, to reduce a possibility that private key is revealed, ensure that the safety of key by having the second destiny account of access key permission to carry out on signature server.

Description

Digital signature method and device
Technical field
The disclosure is directed to network technique fields, specifically about a kind of digital signature method and device.
Background technique
In the epoch of nowadays network technology prosperity, interaction data is frequent between server and terminal.For avoid malice Tripartite modifies data or pretends to be the server data falsification of sender, produces digital signature technology.
For example, having the account of compiling permission that can carry out in server by taking the scene of application upgrade in Android system as an example Compiling, to obtain upgrade file, then reads key, so that server is signed according to the key pair upgrade file, is risen Grade data packet.If some terminal is upgraded, the available upgrading data packet, and the key authentication for passing through server Signature confirms that the upgrading data packet is upgraded from the server, and based on the upgrading data packet.
Summary of the invention
In order to solve the problems, such as present in the relevant technologies, present disclose provides a kind of digital signature method and devices.It is described Technical solution is as follows:
According to the first aspect of the embodiments of the present disclosure, a kind of digital signature method is provided, which comprises
By the first destiny account, file to be signed is added in task queue, first destiny account has copy File permission;
By the second destiny account, the file to be signed, second destiny account are obtained from the task queue With digital signature permission;
Key is read by second destiny account, signs to the file to be signed, obtains signature file.
It is described to pass through the first destiny account in a kind of possible implementation, file to be signed is added in task queue Before, the method also includes:
Key authentication is carried out by first destiny account and compiler server;
When the key authentication passes through, the access established between the compiler server is connected;
When listening to compiler server compiling by access connection and completing, by first destiny account from The file to be signed is copied in the compiler server.
It is described to pass through the second destiny account in a kind of possible implementation, obtained from the task queue it is described to Signature file includes:
The task queue is monitored by second destiny account;
When listen to add the file to be signed in the task queue when, from the task queue obtain described in File to be signed.
In a kind of possible implementation, the file to be signed carries file identification, described specified by described second Account reads key, signs to the file to be signed, after obtaining signature file, the method also includes:
The signature file is saved in specified region, the signature file carries the file identification, takes compiling Device be engaged according to the file identification, the signature file is obtained from the specified region.
In a kind of possible implementation, first destiny account and the second specified account on the signature server The network access authority at family is to access the permission of the compiler server, and the accessed permission of the signature server is intended for The compiler server.
According to the second aspect of an embodiment of the present disclosure, a kind of digital signature device is provided, described device includes:
Adding module, for adding file to be signed in task queue by the first destiny account, described first is specified Account has copied files permission;
Module is obtained, it is described for obtaining the file to be signed from the task queue by the second destiny account Second destiny account has digital signature permission;
Signature blocks are signed to the file to be signed, are obtained for reading key by second destiny account To signature file.
In a kind of possible implementation, described device further include:
Authentication module, for carrying out key authentication by first destiny account and compiler server;
Module is established, the access for when the key authentication passes through, establishing between the compiler server connects;
Module is copied, when completing for listening to the compiler server compiling by access connection, by described First destiny account copies the file to be signed from the compiler server.
In a kind of possible implementation, the acquisition module includes: to monitor submodule and acquisition submodule;
The monitoring submodule, for monitoring the task queue by second destiny account;
The acquisition submodule, for when listen to add the file to be signed in the task queue when, from institute It states and obtains the file to be signed in task queue.
In a kind of possible implementation, described device further include:
Preserving module, for saving the signature file in specified region, the signature file carries the file Mark makes compiler server according to the file identification, and the signature file is obtained from the specified region.
In a kind of possible implementation, first destiny account and the second specified account on the signature server The network access authority at family is to access the permission of the compiler server, and the accessed permission of the signature server is intended for The compiler server.
According to the third aspect of an embodiment of the present disclosure, a kind of digital signature device is provided, described device includes: processing Device;Memory for the instruction that storage processor can be performed;Wherein, the processor is configured to:
By the first destiny account, file to be signed is added in task queue, first destiny account has copy File permission;
By the second destiny account, the file to be signed, second destiny account are obtained from the task queue With digital signature permission;
Key is read by second destiny account, signs to the file to be signed, obtains signature file.
The technical scheme provided by this disclosed embodiment can include the following benefits:
Method and apparatus provided in this embodiment, by separating signature process with compilation process, compilation process is not being signed It is carried out on name server, and signature process is carried out by the second destiny account with access key permission on signature server, from And a possibility that reducing private key leakage, it ensure that the safety of key.
In a kind of possible implementation, key authentication is carried out between compiler server and signature server, avoids Tripartite's forged identity gains the key of signature server by cheating, improves the safety of key.
In a kind of possible implementation, the network legal power of account is limited to access compiler server on signature server, and The access authority of signature server is intended for compiler server, and third party is avoided to steal key or modification text by network means Part improves the internet security of signature server.
It should be understood that above general description and following detailed description is exemplary, this public affairs can not be limited It opens.
Detailed description of the invention
The drawings herein are incorporated into the specification and forms part of this specification, and shows the implementation for meeting the disclosure Example, and together with specification for explaining the principles of this disclosure.
Fig. 1 is a kind of flow chart of digital signature method shown according to an exemplary embodiment;
Fig. 2 is a kind of flow chart of digital signature method shown according to an exemplary embodiment;
Fig. 3 is a kind of block diagram of digital signature device shown according to an exemplary embodiment;
Fig. 4 is a kind of block diagram of digital signature device shown according to an exemplary embodiment;
Fig. 5 is a kind of block diagram of digital signature device shown according to an exemplary embodiment;
Fig. 6 is a kind of block diagram of digital signature device shown according to an exemplary embodiment;
Fig. 7 is a kind of block diagram of digital signature device 700 shown according to an exemplary embodiment.
Specific embodiment
It is right below with reference to embodiment and attached drawing for the purposes, technical schemes and advantages of the disclosure are more clearly understood The disclosure is described in further details.Here, the exemplary embodiment and its explanation of the disclosure be for explaining the disclosure, but simultaneously Not as the restriction to the disclosure.
Fig. 1 is a kind of flow chart of digital signature method shown according to an exemplary embodiment, as shown in Figure 1, digital Endorsement method is in signature server, comprising the following steps:
In a step 101, by the first destiny account, file to be signed, the first destiny account are added in task queue Has copied files permission.
In a step 102, by the second destiny account, file to be signed, the second destiny account are obtained from task queue With digital signature permission.
In step 103, key is read by the second destiny account, treats signature file and sign, has been signed File.
In the related technology, all accounts with compiling permission have the permission of access key simultaneously, if any account is revealed Key all may cause third party and obtain key, and key safety is poor, and the third party that may cause malice is based on illegal obtain Key forge a signature, thus to other terminals send it is some forge document, and terminal is when receiving this and forging document, if Signature verification passes through, and also will be considered that it is legitimate files, and the safety of terminal is caused also not can guarantee.
In the embodiment of the present disclosure, by separating signature process with compilation process, compilation process is not on signature server It carries out, and signature process is carried out by the second destiny account with access key permission on signature server, to reduce private A possibility that key is revealed, ensure that the safety of key.
In a kind of possible implementation, method further include: key is carried out by the first destiny account and compiler server Certification;When key authentication passes through, the access established between compiler server is connected;Compiling clothes are listened to by accessing connection When business device compiling is completed, file to be signed is copied from compiler server by the first destiny account.
In a kind of possible implementation, method includes: to monitor task queue by the second destiny account;When listening to When adding file to be signed in task queue, file to be signed is obtained from task queue.
In a kind of possible implementation, method further include: save signature file in specified region, signature file is taken Tape file mark, makes compiler server according to file identification, signature file is obtained from specified region.
In a kind of possible implementation, the network of the first destiny account and the second destiny account is accessed on signature server Permission is to access the permission of compiler server, and the accessed permission of signature server is intended for compiler server.
All the above alternatives can form the alternative embodiment of the disclosure, herein no longer using any combination It repeats one by one.
Fig. 2 is a kind of flow chart of digital signature method shown according to an exemplary embodiment, as shown in Fig. 2, this public affairs Open the interactive process that embodiment is related between signature server and compiler server, comprising the following steps:
In step 200, signature server carries out key authentication by the first destiny account and compiler server.
It was recognized by the inventor that in the related technology, compiling and carrying out on the same server with the process of signature, permission is compiled It being associated with signature permission, leads to that there is the account for compiling permission also available key on the server, the safety of key is poor, Therefore, in the embodiments of the present disclosure, compile and realized on two servers respectively with the process of signature, one of server Can be compiler server, for being compiled, another server can be signature server, for signing, with every From compiling permission and signature permission.
In the embodiment of the present disclosure, key authentication is used for mutual by key algorithm between compiler server and signature server Authenticating identity.For example, RSA key algorithm (Ron Rivest, Adi Shamir, Leonard can be used in key authentication Adleman), signature server stores public key in the first destiny account, and compiler server is stored private key, sent out by compiler server After sending connection request, signature server to use authentication public key, access connection is established with compiler server.
Wherein, the first destiny account is a kind of account on signature server, allow on signature server there are one or Multiple this kind of accounts, and the first destiny account only has from compiler server copied files permission.The embodiment of the present disclosure is to first Destiny account does not further limit.For example, the first destiny account can be the work account in Linux server.
In a kind of possible implementation, in order to improve the safety of file to be signed, except the first destiny account of permission has Have outside compiler server copied files permission, forbid other operating rights of the first destiny account, to avoid text to be signed Part is modified by the first destiny account.
In step 201, when key authentication passes through, the access that signature server is established between compiler server connects It connects.
It should be noted that establishing access connection based on key authentication, it is ensured that compiler server and signature server Identity it is true, avoid third party and pretend to be in the two a wherein side, gain the data of another party in the two by cheating.
In the embodiment of the present disclosure, the key authentication of step 200 and step 201 is optional step, it is ensured that compilation process It is safer when being connected with signature process, in fact, the embodiment of the present disclosure can also directly carry out the step of step 202 or less, To solve the problems, such as that key safety is poor in the related technology.
In step 202, compiler server is compiled process.
In the embodiments of the present disclosure, since signature server need to obtain file to be signed from compiler server, signature Server can be monitored by accessing connection, to obtain the compiling progress of compiler server immediately.
In step 203, when signature server listens to compiler server compiling completion by accessing connection, pass through first Destiny account copies file to be signed from the compiler server, which carries file identification.
Since in the embodiment of the present disclosure, compiling is separated with signature process, signature server is to obtain file to be signed, is needed The compiling progress for monitoring compiler server is copied from compiler server wait sign when compiling completion by the first destiny account Name file.Wherein, file identification can be with each file to be signed of unique identification, therefore, in compiler server and signature server In interactive process, file identification is for distinguishing each file to be signed.For example, file identification can be through a kind of naming rule Obtained file name to be signed, the embodiment of the present disclosure do not limit this.
In step 204, signature server adds file to be signed by the first destiny account in task queue.
It should be noted that task queue is the storage region that signature server saves file to be signed, signature server By the first destiny account, the file to be signed of copy is added to the storage region.The storage region can use different Storage mode, for example, the storage mode of queue can be used, which can be carries out according to preservation sequence.The disclosure is implemented Example to the storage mode of task queue without limitation.
In step 205, it is added in task queue wait sign when signature server is listened to by the second destiny account When name file, file to be signed is obtained from task queue, which has digital signature permission.
To avoid same account that there are more permissions, causes signature process safety low, in the embodiment of the present disclosure, will sign Permission involved in journey further separates, and the first destiny account is distributed in the operation for obtaining file to be signed from compiler server It completes, the second destiny account is distributed into the operation for obtaining file to be signed from task queue and is completed.
Since, without direct correlation, signature server need to be specified by second between the first destiny account and the second destiny account Task queue is monitored, that is, the storage region of file to be signed is saved, to know whether file to be signed is added to the storage region. For example, the storage region can follow the principle of first in, first out, when there is multiple files to be signed by sequence deposit storage region, Signature server specifies the file to be signed for obtaining in region and being first stored according to preservation sequence by the second destiny account from this. The embodiment of the present disclosure is to obtaining the sequence of file to be signed without limitation.
In a kind of possible implementation, it is illustrated so that signature server is Linux server as an example, the second specified account Family can be unique root account in Linux server, the highest permission with signature server, including digital signature power Limit.On other platforms, which can also be other types account, and the embodiment of the present disclosure is to the second destiny account Without limitation.
In step 206, signature server reads key by the second destiny account, treats signature file and signs, Obtain signature file.
It should be noted that key is stored in signature server, by carrying out to key to improve the safety of key Access limitation, the disclosure are embodiments to the mode of access limitation without limitation.For example, the permission of access key only refers to second It is open to determine account, key could be read by so that signature server is only passed through the second destiny account, treated signature file and signed.
Wherein, Key Tpe is symmetric key or unsymmetrical key.A pair of of symmetric key refers to two identical keys, one Including a public key and a private key, public key to unsymmetrical key can be different from private key.Compared to symmetric key, unsymmetrical key Using two different keys, safety is higher.Therefore, it in the embodiment of the present disclosure, is said by taking a pair of of unsymmetrical key as an example Bright, this is stored in signature server the private key in unsymmetrical key, and for signing to file, this is to unsymmetrical key Public key be stored in send target terminal, for verify signature.The embodiment of the present disclosure to Key Tpe without limitation.
In step 207, signature server saves signature file in specified region, and signature file carries files-designated for this Know.
To avoid compiler server and the second destiny account from being directly linked, after the second destiny account completes signature, signature Signature file is stored in specified region by server.In a kind of possible implementation, specified region can be Digital signature service One piece of local storage region of device setting, the local storage region are properly termed as the region web, and the embodiment of the present disclosure is to specified region Storage mode without limitation.For example, the storage region uses the storage mode of queue, which be can be according to preservation sequence It carries out.
In a step 208, compiler server obtains signature file according to file identification from specified region.
In the embodiment of the present disclosure, for the safety for guaranteeing key, the first destiny account and second specified on signature server The network access authority of account is to access the permission of compiler server, lead to the first destiny account and the second destiny account cannot Signature file cannot be sent to other network equipments by crossing signature server, and the accessed permission of signature server is intended for compiling Server is translated, so that compiler server, which has from specified region, obtains signature file permission.The embodiment of the present disclosure takes signature Network access authority between business device and compiler server does not further limit.
It may be more than the first destiny account and the second destiny account in view of the account on signature server, in order to sign The safety of file, in a kind of possible implementation, on signature server the network access authority of any account be only oriented in The compiler server, so that all accounts on signature server cannot send signature file to other network equipments.
In order to further increase the safety of signature file, in alternatively possible implementation, signature server Accessed permission is only oriented in compiler server, so that only compiler server is with from the acquisition of specified region, signature file is weighed Limit, and other network equipments are without this permission.
The limitation of above-mentioned access authority and accessed permission can realize access control on network level, guarantee only have Compiler server could mutually be accessed with signature server.
It should be noted that the file identification that signature file has carried is identical as the mark that file to be signed carries, make to compile Server is translated according to file identification, signature file is obtained in specified region, that is to say, obtained in local storage region Signature file.For example, the storage region can follow the principle of first in, first out, when there is multiple signature files to be deposited by sequence When storage area domain, compiler server specifies the signature file for obtaining in region and being first stored according to preservation sequence from this.
In the embodiment of the present disclosure, at least there are two types of the modes for obtaining signature file for compiler server:
In the first way, compiler server is monitored specified region, has been signed when being known by monitoring by accessing connection When name file has been saved to specified region, according to file identification, the corresponding signature file of file to be signed is obtained.
In the second way, signature server is sent signature file to compiler server and is being referred to by access connection Determine preservation address and the file identification in region, compiler server is obtained this and signed by the preservation address and file identification File.
In the related technology, all accounts with compiling permission have the permission of access key simultaneously, if any account is revealed Key all may cause third party and obtain key, key safety is poor, may cause the third party of malice based on illegally obtaining Key forges a signature, thus to other terminals send it is some forge document, and terminal is when receiving this and forging document, if label Name is verified, and also will be considered that it is legitimate files, the safety of terminal is caused not can guarantee.
In the embodiment of the present disclosure, by separating signature process with compilation process, compilation process is not on signature server It carries out, and signature process is carried out by the second destiny account with access key permission on signature server, to reduce private A possibility that key is revealed, ensure that the safety of key.
In addition, carrying out key authentication between compiler server and signature server in the embodiment of the present disclosure, avoiding third Square forged identity gains the key of signature server by cheating, improves the safety of key.
In addition, the network legal power of account is limited to access compiler server on signature server, and signs in the embodiment of the present disclosure The access authority of name server is intended for compiler server, realizes the access control in network level, third party is avoided to pass through Network means steal key or modification file, to improve the internet security of signature server.
Fig. 3 is a kind of block diagram of digital signature device shown according to an exemplary embodiment.Referring to Fig. 3, the device packet Adding module 301 is included, module 302 and signature blocks 303 are obtained.
The adding module 301 is configured as through the first destiny account, adds file to be signed in task queue, and first Destiny account has copied files permission.
The acquisition module 302 is configured as obtaining the adding module 301 from task queue by the second destiny account Added file to be signed, the second destiny account have digital signature permission.
The signature blocks 303 are configured as reading key by the second destiny account, to acquired in the acquisition module 302 To file to be signed sign, obtain signature file.
In a kind of possible implementation, the device composition based on Fig. 3, referring to fig. 4, device further includes authentication module 304, Establish module 305 and copy module 306.
The authentication module 304 is configured as carrying out key authentication by the first destiny account and compiler server.
This is established module 305 and is configured as when key authentication passes through, and the access established between compiler server connects.
When the copy module 306 is configured as listening to compiler server compiling completion by accessing connection, pass through first Destiny account copies file to be signed from compiler server.
In a kind of possible implementation, the device composition based on Fig. 3, referring to Fig. 5, the acquisition module 302 of the device is wrapped It includes and monitors submodule 3021 and acquisition submodule 3022.
The acquisition submodule 3021 is configured as monitoring task queue by the second destiny account.
The acquisition submodule 3022 be configured as when listen to add file to be signed in task queue when, from task team File to be signed is obtained in column.
In a kind of possible implementation, the device composition based on Fig. 3, referring to Fig. 6, device further includes preserving module 307.
The preserving module 307 is configured as saving signature file in specified region, and signature file carries file identification, Make compiler server according to file identification, signature file is obtained from specified region.
In a kind of possible implementation, the network of the first destiny account and the second destiny account is accessed on signature server Permission is limited to access compiler server, and the accessed permission of signature server is intended for compiler server.
All the above alternatives can form the alternative embodiment of the disclosure, herein no longer using any combination It repeats one by one.
In the embodiment of the present disclosure, by separating signature process with compilation process, compilation process is not on signature server It carries out, and signature process is carried out by the second destiny account with access key permission on signature server, to reduce private A possibility that key is revealed, ensure that the safety of key.
In addition, carrying out key authentication between compiler server and signature server in the embodiment of the present disclosure, avoiding third Square forged identity gains the key of signature server by cheating, improves the safety of key.
In addition, the network legal power of account is limited to access compiler server on signature server, and signs in the embodiment of the present disclosure The access authority of name server is intended for compiler server, realizes the access control in network level, third party is avoided to pass through Network means steal key or modification file, to improve the internet security of signature server.
About the device in above-described embodiment, wherein modules execute the concrete mode of operation in related this method Embodiment in be described in detail, no detailed explanation will be given here.
It should be understood that digital signature device provided by the above embodiment is in digital signature, only with above-mentioned each function The division progress of module can according to need and for example, in practical application by above-mentioned function distribution by different function moulds Block is completed, i.e., the internal structure of device is divided into different functional modules, to complete all or part of function described above Energy.In addition, digital signature device provided by the above embodiment and digital signature method embodiment belong to same design, it is specific real Existing process is detailed in embodiment of the method, and which is not described herein again.
Fig. 7 is a kind of block diagram of digital signature device 700 shown according to an exemplary embodiment.For example, device 700 can To be provided as a server.Referring to Fig. 7, it further comprises one or more processing that device 700, which includes processing component 722, Device, and the memory resource as representated by memory 732, for store can by the instruction of the execution of processing component 722, such as Application program.The application program stored in memory 732 may include it is one or more each correspond to one group refer to The module of order.In addition, processing component 722 is configured as executing instruction, to execute above-mentioned digital signature method.
Device 700 can also include the power management that a power supply module 726 is configured as executive device 700, and one has Line or radio network interface 750 are configured as device 700 being connected to network and input and output (I/O) interface 758.Dress Setting 700 can operate based on the operating system for being stored in memory 732, such as Windows ServerTM, Mac OS XTM, UnixTM,LinuxTM, FreeBSDTMOr it is similar.
Those skilled in the art after considering the specification and implementing the invention disclosed here, will readily occur to its of the disclosure Its embodiment.This application is intended to cover any variations, uses, or adaptations of the disclosure, these modifications, purposes or Person's adaptive change follows the general principles of this disclosure and including the undocumented common knowledge in the art of the disclosure Or conventional techniques.The description and examples are only to be considered as illustrative, and the true scope and spirit of the disclosure are by following Claim is pointed out.
It should be understood that the present disclosure is not limited to the precise structures that have been described above and shown in the drawings, and And various modifications and changes may be made without departing from the scope thereof.The scope of the present disclosure is only limited by the accompanying claims.

Claims (11)

1. a kind of digital signature method, which is characterized in that be applied to signature server, which comprises
By the first destiny account, file to be signed is added in task queue, first destiny account has copied files Permission, compiling is completed in the file to be signed, and the process of the compiling does not carry out on the signature server;
By the second destiny account, the file to be signed is obtained from the task queue, second destiny account has Digital signature permission;
Key is read by second destiny account, signs to the file to be signed, obtains signature file.
2. adding in task queue the method according to claim 1, wherein described pass through the first destiny account Before adding file to be signed, the method also includes:
Key authentication is carried out by first destiny account and compiler server;
When the key authentication passes through, the access established between the compiler server is connected;
When listening to compiler server compiling by access connection and completing, by first destiny account from described The file to be signed is copied in compiler server.
3. the method according to claim 1, wherein described pass through the second destiny account, from the task queue It is middle to obtain the file to be signed and include:
The task queue is monitored by second destiny account;
When listen to add the file to be signed in the task queue when, obtained from the task queue described wait sign Name file.
4. the method according to claim 1, wherein the file carrying file identification to be signed, described to pass through Second destiny account reads key, signs to the file to be signed, after obtaining signature file, the method Further include:
The signature file is saved in specified region, the signature file carries the file identification.
5. method according to any one of claims 1 to 4, which is characterized in that described first refers on the signature server The network access authority for determining account and second destiny account is to access the permission of compiler server, and the signature server Accessed permission be intended for the compiler server.
6. a kind of digital signature device, which is characterized in that be applied to signature server, described device includes:
Adding module, for adding file to be signed, first destiny account in task queue by the first destiny account Has copied files permission, compiling is completed in the file to be signed, and the process of the compiling is not in the signature server Upper progress;
Module is obtained, for by the second destiny account, obtaining the file to be signed from the task queue, described second Destiny account has digital signature permission;
Signature blocks are signed to the file to be signed, are obtained for reading key by second destiny account Signature file.
7. device according to claim 6, which is characterized in that described device further include:
Authentication module, for carrying out key authentication by first destiny account and compiler server;
Module is established, the access for when the key authentication passes through, establishing between the compiler server connects;
Module is copied, when completing for listening to the compiler server compiling by access connection, passes through described first Destiny account copies the file to be signed from the compiler server.
8. device according to claim 6, which is characterized in that the acquisition module includes:
Submodule is monitored, for monitoring the task queue by second destiny account;
Acquisition submodule, for when listen to add the file to be signed in the task queue when, from the task team The file to be signed is obtained in column.
9. device according to claim 6, which is characterized in that described device further include:
Preserving module, for saving the signature file in specified region, the signature file carries file identification, makes to compile Server is translated according to the file identification, the signature file is obtained from the specified region.
10. according to the described in any item devices of claim 6 to 9, which is characterized in that described first refers on the signature server The network access authority for determining account and second destiny account is to access the permission of compiler server, and the signature server Accessed permission be intended for the compiler server.
11. a kind of digital signature device characterized by comprising
Processor;
Memory for the instruction that storage processor can be performed;
Wherein, the processor is configured to:
By the first destiny account, file to be signed is added in task queue, first destiny account has copied files Permission, compiling is completed in the file to be signed, and the process of the compiling carries out not on signature server;
By the second destiny account, the file to be signed is obtained from the task queue, second destiny account has Digital signature permission;
Key is read by second destiny account, signs to the file to be signed, obtains signature file.
CN201610694577.6A 2016-08-19 2016-08-19 Digital signature method and device Active CN106161037B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610694577.6A CN106161037B (en) 2016-08-19 2016-08-19 Digital signature method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610694577.6A CN106161037B (en) 2016-08-19 2016-08-19 Digital signature method and device

Publications (2)

Publication Number Publication Date
CN106161037A CN106161037A (en) 2016-11-23
CN106161037B true CN106161037B (en) 2019-05-10

Family

ID=57341660

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610694577.6A Active CN106161037B (en) 2016-08-19 2016-08-19 Digital signature method and device

Country Status (1)

Country Link
CN (1) CN106161037B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107769927B (en) * 2017-09-30 2021-11-26 飞天诚信科技股份有限公司 Method and device for operating intelligent key equipment in MacOSX system
CN110826092A (en) * 2018-08-14 2020-02-21 珠海金山办公软件有限公司 File signature processing system
CN112506793A (en) * 2020-12-18 2021-03-16 航天信息股份有限公司 Embedded software unit testing method, system, readable medium and electronic equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1722656A (en) * 2004-04-08 2006-01-18 梁庆生 A digital signature method and digital signature tool
CN101477659A (en) * 2009-02-10 2009-07-08 百富计算机技术(深圳)有限公司 Method and apparatus for file automatic signature
CN102148687A (en) * 2011-05-09 2011-08-10 北京数码大方科技有限公司 Signature method and device in information management system
CN102868688A (en) * 2012-09-05 2013-01-09 天地融科技股份有限公司 Certification system and method and electronic signature tool
CN104618120A (en) * 2015-03-04 2015-05-13 青岛微智慧信息有限公司 Digital signature method for escrowing private key of mobile terminal

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009200595A (en) * 2008-02-19 2009-09-03 Fujitsu Ltd Signature management program, signature management method and signature management apparatus

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1722656A (en) * 2004-04-08 2006-01-18 梁庆生 A digital signature method and digital signature tool
CN101477659A (en) * 2009-02-10 2009-07-08 百富计算机技术(深圳)有限公司 Method and apparatus for file automatic signature
CN102148687A (en) * 2011-05-09 2011-08-10 北京数码大方科技有限公司 Signature method and device in information management system
CN102868688A (en) * 2012-09-05 2013-01-09 天地融科技股份有限公司 Certification system and method and electronic signature tool
CN104618120A (en) * 2015-03-04 2015-05-13 青岛微智慧信息有限公司 Digital signature method for escrowing private key of mobile terminal

Also Published As

Publication number Publication date
CN106161037A (en) 2016-11-23

Similar Documents

Publication Publication Date Title
CN112887160B (en) Block chain all-in-one machine, multi-node deployment method and device thereof, and storage medium
CN111090876A (en) Contract calling method and device
CN111931154B (en) Service processing method, device and equipment based on digital certificate
CN110381075B (en) Block chain-based equipment identity authentication method and device
US9906518B2 (en) Managing exchanges of sensitive data
Tate et al. Multi-user dynamic proofs of data possession using trusted hardware
CN109417545A (en) For downloading the technology of network insertion profile
CN108647306A (en) A kind of Quick Response Code barcode scanning exchange method and device
CN111880919B (en) Data scheduling method, system and computer equipment
CN106161037B (en) Digital signature method and device
CN113676334B (en) Block chain-based distributed edge equipment identity authentication system and method
Yang et al. DAA-TZ: an efficient DAA scheme for mobile devices using ARM TrustZone
CN115459928A (en) Data sharing method, device, equipment and medium
Zhang et al. El passo: privacy-preserving, asynchronous single sign-on
US8601544B1 (en) Computer system employing dual-band authentication using file operations by trusted and untrusted mechanisms
CN112236770A (en) Data processing
CN109981650B (en) Transfer method and system for general certificates in block chain
CN106326723A (en) Method and device for certifying APK (Android Package) signature
CN110365492A (en) A kind of method for authenticating, system, equipment and medium
CN105814834A (en) Push-Based Trust Model For Public Cloud Applications
CN109802927A (en) A kind of security service providing method and device
CN109936522B (en) Equipment authentication method and equipment authentication system
CN111898153B (en) Method and device for calling contract
CN115694842B (en) Industrial Internet equipment mutual trust and data exchange method, device and storage medium
CN114978681B (en) Service application authorization method and device based on block chain and processor

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant