CN106161037B - Digital signature method and device - Google Patents
Digital signature method and device Download PDFInfo
- Publication number
- CN106161037B CN106161037B CN201610694577.6A CN201610694577A CN106161037B CN 106161037 B CN106161037 B CN 106161037B CN 201610694577 A CN201610694577 A CN 201610694577A CN 106161037 B CN106161037 B CN 106161037B
- Authority
- CN
- China
- Prior art keywords
- file
- signature
- signed
- server
- destiny account
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Stored Programmes (AREA)
- Storage Device Security (AREA)
Abstract
The disclosure is directed to a kind of digital signature method and devices, belong to network technique field.The described method includes: adding file to be signed in task queue, first destiny account has copied files permission by the first destiny account;By the second destiny account, the file to be signed is obtained from the task queue, second destiny account has digital signature permission;Key is read by second destiny account, signs to the file to be signed, obtains signature file.The disclosure is by separating signature process with compilation process, compilation process carries out not on signature server, and signature process, to reduce a possibility that private key is revealed, ensure that the safety of key by having the second destiny account of access key permission to carry out on signature server.
Description
Technical field
The disclosure is directed to network technique fields, specifically about a kind of digital signature method and device.
Background technique
In the epoch of nowadays network technology prosperity, interaction data is frequent between server and terminal.For avoid malice
Tripartite modifies data or pretends to be the server data falsification of sender, produces digital signature technology.
For example, having the account of compiling permission that can carry out in server by taking the scene of application upgrade in Android system as an example
Compiling, to obtain upgrade file, then reads key, so that server is signed according to the key pair upgrade file, is risen
Grade data packet.If some terminal is upgraded, the available upgrading data packet, and the key authentication for passing through server
Signature confirms that the upgrading data packet is upgraded from the server, and based on the upgrading data packet.
Summary of the invention
In order to solve the problems, such as present in the relevant technologies, present disclose provides a kind of digital signature method and devices.It is described
Technical solution is as follows:
According to the first aspect of the embodiments of the present disclosure, a kind of digital signature method is provided, which comprises
By the first destiny account, file to be signed is added in task queue, first destiny account has copy
File permission;
By the second destiny account, the file to be signed, second destiny account are obtained from the task queue
With digital signature permission;
Key is read by second destiny account, signs to the file to be signed, obtains signature file.
It is described to pass through the first destiny account in a kind of possible implementation, file to be signed is added in task queue
Before, the method also includes:
Key authentication is carried out by first destiny account and compiler server;
When the key authentication passes through, the access established between the compiler server is connected;
When listening to compiler server compiling by access connection and completing, by first destiny account from
The file to be signed is copied in the compiler server.
It is described to pass through the second destiny account in a kind of possible implementation, obtained from the task queue it is described to
Signature file includes:
The task queue is monitored by second destiny account;
When listen to add the file to be signed in the task queue when, from the task queue obtain described in
File to be signed.
In a kind of possible implementation, the file to be signed carries file identification, described specified by described second
Account reads key, signs to the file to be signed, after obtaining signature file, the method also includes:
The signature file is saved in specified region, the signature file carries the file identification, takes compiling
Device be engaged according to the file identification, the signature file is obtained from the specified region.
In a kind of possible implementation, first destiny account and the second specified account on the signature server
The network access authority at family is to access the permission of the compiler server, and the accessed permission of the signature server is intended for
The compiler server.
According to the second aspect of an embodiment of the present disclosure, a kind of digital signature device is provided, described device includes:
Adding module, for adding file to be signed in task queue by the first destiny account, described first is specified
Account has copied files permission;
Module is obtained, it is described for obtaining the file to be signed from the task queue by the second destiny account
Second destiny account has digital signature permission;
Signature blocks are signed to the file to be signed, are obtained for reading key by second destiny account
To signature file.
In a kind of possible implementation, described device further include:
Authentication module, for carrying out key authentication by first destiny account and compiler server;
Module is established, the access for when the key authentication passes through, establishing between the compiler server connects;
Module is copied, when completing for listening to the compiler server compiling by access connection, by described
First destiny account copies the file to be signed from the compiler server.
In a kind of possible implementation, the acquisition module includes: to monitor submodule and acquisition submodule;
The monitoring submodule, for monitoring the task queue by second destiny account;
The acquisition submodule, for when listen to add the file to be signed in the task queue when, from institute
It states and obtains the file to be signed in task queue.
In a kind of possible implementation, described device further include:
Preserving module, for saving the signature file in specified region, the signature file carries the file
Mark makes compiler server according to the file identification, and the signature file is obtained from the specified region.
In a kind of possible implementation, first destiny account and the second specified account on the signature server
The network access authority at family is to access the permission of the compiler server, and the accessed permission of the signature server is intended for
The compiler server.
According to the third aspect of an embodiment of the present disclosure, a kind of digital signature device is provided, described device includes: processing
Device;Memory for the instruction that storage processor can be performed;Wherein, the processor is configured to:
By the first destiny account, file to be signed is added in task queue, first destiny account has copy
File permission;
By the second destiny account, the file to be signed, second destiny account are obtained from the task queue
With digital signature permission;
Key is read by second destiny account, signs to the file to be signed, obtains signature file.
The technical scheme provided by this disclosed embodiment can include the following benefits:
Method and apparatus provided in this embodiment, by separating signature process with compilation process, compilation process is not being signed
It is carried out on name server, and signature process is carried out by the second destiny account with access key permission on signature server, from
And a possibility that reducing private key leakage, it ensure that the safety of key.
In a kind of possible implementation, key authentication is carried out between compiler server and signature server, avoids
Tripartite's forged identity gains the key of signature server by cheating, improves the safety of key.
In a kind of possible implementation, the network legal power of account is limited to access compiler server on signature server, and
The access authority of signature server is intended for compiler server, and third party is avoided to steal key or modification text by network means
Part improves the internet security of signature server.
It should be understood that above general description and following detailed description is exemplary, this public affairs can not be limited
It opens.
Detailed description of the invention
The drawings herein are incorporated into the specification and forms part of this specification, and shows the implementation for meeting the disclosure
Example, and together with specification for explaining the principles of this disclosure.
Fig. 1 is a kind of flow chart of digital signature method shown according to an exemplary embodiment;
Fig. 2 is a kind of flow chart of digital signature method shown according to an exemplary embodiment;
Fig. 3 is a kind of block diagram of digital signature device shown according to an exemplary embodiment;
Fig. 4 is a kind of block diagram of digital signature device shown according to an exemplary embodiment;
Fig. 5 is a kind of block diagram of digital signature device shown according to an exemplary embodiment;
Fig. 6 is a kind of block diagram of digital signature device shown according to an exemplary embodiment;
Fig. 7 is a kind of block diagram of digital signature device 700 shown according to an exemplary embodiment.
Specific embodiment
It is right below with reference to embodiment and attached drawing for the purposes, technical schemes and advantages of the disclosure are more clearly understood
The disclosure is described in further details.Here, the exemplary embodiment and its explanation of the disclosure be for explaining the disclosure, but simultaneously
Not as the restriction to the disclosure.
Fig. 1 is a kind of flow chart of digital signature method shown according to an exemplary embodiment, as shown in Figure 1, digital
Endorsement method is in signature server, comprising the following steps:
In a step 101, by the first destiny account, file to be signed, the first destiny account are added in task queue
Has copied files permission.
In a step 102, by the second destiny account, file to be signed, the second destiny account are obtained from task queue
With digital signature permission.
In step 103, key is read by the second destiny account, treats signature file and sign, has been signed
File.
In the related technology, all accounts with compiling permission have the permission of access key simultaneously, if any account is revealed
Key all may cause third party and obtain key, and key safety is poor, and the third party that may cause malice is based on illegal obtain
Key forge a signature, thus to other terminals send it is some forge document, and terminal is when receiving this and forging document, if
Signature verification passes through, and also will be considered that it is legitimate files, and the safety of terminal is caused also not can guarantee.
In the embodiment of the present disclosure, by separating signature process with compilation process, compilation process is not on signature server
It carries out, and signature process is carried out by the second destiny account with access key permission on signature server, to reduce private
A possibility that key is revealed, ensure that the safety of key.
In a kind of possible implementation, method further include: key is carried out by the first destiny account and compiler server
Certification;When key authentication passes through, the access established between compiler server is connected;Compiling clothes are listened to by accessing connection
When business device compiling is completed, file to be signed is copied from compiler server by the first destiny account.
In a kind of possible implementation, method includes: to monitor task queue by the second destiny account;When listening to
When adding file to be signed in task queue, file to be signed is obtained from task queue.
In a kind of possible implementation, method further include: save signature file in specified region, signature file is taken
Tape file mark, makes compiler server according to file identification, signature file is obtained from specified region.
In a kind of possible implementation, the network of the first destiny account and the second destiny account is accessed on signature server
Permission is to access the permission of compiler server, and the accessed permission of signature server is intended for compiler server.
All the above alternatives can form the alternative embodiment of the disclosure, herein no longer using any combination
It repeats one by one.
Fig. 2 is a kind of flow chart of digital signature method shown according to an exemplary embodiment, as shown in Fig. 2, this public affairs
Open the interactive process that embodiment is related between signature server and compiler server, comprising the following steps:
In step 200, signature server carries out key authentication by the first destiny account and compiler server.
It was recognized by the inventor that in the related technology, compiling and carrying out on the same server with the process of signature, permission is compiled
It being associated with signature permission, leads to that there is the account for compiling permission also available key on the server, the safety of key is poor,
Therefore, in the embodiments of the present disclosure, compile and realized on two servers respectively with the process of signature, one of server
Can be compiler server, for being compiled, another server can be signature server, for signing, with every
From compiling permission and signature permission.
In the embodiment of the present disclosure, key authentication is used for mutual by key algorithm between compiler server and signature server
Authenticating identity.For example, RSA key algorithm (Ron Rivest, Adi Shamir, Leonard can be used in key authentication
Adleman), signature server stores public key in the first destiny account, and compiler server is stored private key, sent out by compiler server
After sending connection request, signature server to use authentication public key, access connection is established with compiler server.
Wherein, the first destiny account is a kind of account on signature server, allow on signature server there are one or
Multiple this kind of accounts, and the first destiny account only has from compiler server copied files permission.The embodiment of the present disclosure is to first
Destiny account does not further limit.For example, the first destiny account can be the work account in Linux server.
In a kind of possible implementation, in order to improve the safety of file to be signed, except the first destiny account of permission has
Have outside compiler server copied files permission, forbid other operating rights of the first destiny account, to avoid text to be signed
Part is modified by the first destiny account.
In step 201, when key authentication passes through, the access that signature server is established between compiler server connects
It connects.
It should be noted that establishing access connection based on key authentication, it is ensured that compiler server and signature server
Identity it is true, avoid third party and pretend to be in the two a wherein side, gain the data of another party in the two by cheating.
In the embodiment of the present disclosure, the key authentication of step 200 and step 201 is optional step, it is ensured that compilation process
It is safer when being connected with signature process, in fact, the embodiment of the present disclosure can also directly carry out the step of step 202 or less,
To solve the problems, such as that key safety is poor in the related technology.
In step 202, compiler server is compiled process.
In the embodiments of the present disclosure, since signature server need to obtain file to be signed from compiler server, signature
Server can be monitored by accessing connection, to obtain the compiling progress of compiler server immediately.
In step 203, when signature server listens to compiler server compiling completion by accessing connection, pass through first
Destiny account copies file to be signed from the compiler server, which carries file identification.
Since in the embodiment of the present disclosure, compiling is separated with signature process, signature server is to obtain file to be signed, is needed
The compiling progress for monitoring compiler server is copied from compiler server wait sign when compiling completion by the first destiny account
Name file.Wherein, file identification can be with each file to be signed of unique identification, therefore, in compiler server and signature server
In interactive process, file identification is for distinguishing each file to be signed.For example, file identification can be through a kind of naming rule
Obtained file name to be signed, the embodiment of the present disclosure do not limit this.
In step 204, signature server adds file to be signed by the first destiny account in task queue.
It should be noted that task queue is the storage region that signature server saves file to be signed, signature server
By the first destiny account, the file to be signed of copy is added to the storage region.The storage region can use different
Storage mode, for example, the storage mode of queue can be used, which can be carries out according to preservation sequence.The disclosure is implemented
Example to the storage mode of task queue without limitation.
In step 205, it is added in task queue wait sign when signature server is listened to by the second destiny account
When name file, file to be signed is obtained from task queue, which has digital signature permission.
To avoid same account that there are more permissions, causes signature process safety low, in the embodiment of the present disclosure, will sign
Permission involved in journey further separates, and the first destiny account is distributed in the operation for obtaining file to be signed from compiler server
It completes, the second destiny account is distributed into the operation for obtaining file to be signed from task queue and is completed.
Since, without direct correlation, signature server need to be specified by second between the first destiny account and the second destiny account
Task queue is monitored, that is, the storage region of file to be signed is saved, to know whether file to be signed is added to the storage region.
For example, the storage region can follow the principle of first in, first out, when there is multiple files to be signed by sequence deposit storage region,
Signature server specifies the file to be signed for obtaining in region and being first stored according to preservation sequence by the second destiny account from this.
The embodiment of the present disclosure is to obtaining the sequence of file to be signed without limitation.
In a kind of possible implementation, it is illustrated so that signature server is Linux server as an example, the second specified account
Family can be unique root account in Linux server, the highest permission with signature server, including digital signature power
Limit.On other platforms, which can also be other types account, and the embodiment of the present disclosure is to the second destiny account
Without limitation.
In step 206, signature server reads key by the second destiny account, treats signature file and signs,
Obtain signature file.
It should be noted that key is stored in signature server, by carrying out to key to improve the safety of key
Access limitation, the disclosure are embodiments to the mode of access limitation without limitation.For example, the permission of access key only refers to second
It is open to determine account, key could be read by so that signature server is only passed through the second destiny account, treated signature file and signed.
Wherein, Key Tpe is symmetric key or unsymmetrical key.A pair of of symmetric key refers to two identical keys, one
Including a public key and a private key, public key to unsymmetrical key can be different from private key.Compared to symmetric key, unsymmetrical key
Using two different keys, safety is higher.Therefore, it in the embodiment of the present disclosure, is said by taking a pair of of unsymmetrical key as an example
Bright, this is stored in signature server the private key in unsymmetrical key, and for signing to file, this is to unsymmetrical key
Public key be stored in send target terminal, for verify signature.The embodiment of the present disclosure to Key Tpe without limitation.
In step 207, signature server saves signature file in specified region, and signature file carries files-designated for this
Know.
To avoid compiler server and the second destiny account from being directly linked, after the second destiny account completes signature, signature
Signature file is stored in specified region by server.In a kind of possible implementation, specified region can be Digital signature service
One piece of local storage region of device setting, the local storage region are properly termed as the region web, and the embodiment of the present disclosure is to specified region
Storage mode without limitation.For example, the storage region uses the storage mode of queue, which be can be according to preservation sequence
It carries out.
In a step 208, compiler server obtains signature file according to file identification from specified region.
In the embodiment of the present disclosure, for the safety for guaranteeing key, the first destiny account and second specified on signature server
The network access authority of account is to access the permission of compiler server, lead to the first destiny account and the second destiny account cannot
Signature file cannot be sent to other network equipments by crossing signature server, and the accessed permission of signature server is intended for compiling
Server is translated, so that compiler server, which has from specified region, obtains signature file permission.The embodiment of the present disclosure takes signature
Network access authority between business device and compiler server does not further limit.
It may be more than the first destiny account and the second destiny account in view of the account on signature server, in order to sign
The safety of file, in a kind of possible implementation, on signature server the network access authority of any account be only oriented in
The compiler server, so that all accounts on signature server cannot send signature file to other network equipments.
In order to further increase the safety of signature file, in alternatively possible implementation, signature server
Accessed permission is only oriented in compiler server, so that only compiler server is with from the acquisition of specified region, signature file is weighed
Limit, and other network equipments are without this permission.
The limitation of above-mentioned access authority and accessed permission can realize access control on network level, guarantee only have
Compiler server could mutually be accessed with signature server.
It should be noted that the file identification that signature file has carried is identical as the mark that file to be signed carries, make to compile
Server is translated according to file identification, signature file is obtained in specified region, that is to say, obtained in local storage region
Signature file.For example, the storage region can follow the principle of first in, first out, when there is multiple signature files to be deposited by sequence
When storage area domain, compiler server specifies the signature file for obtaining in region and being first stored according to preservation sequence from this.
In the embodiment of the present disclosure, at least there are two types of the modes for obtaining signature file for compiler server:
In the first way, compiler server is monitored specified region, has been signed when being known by monitoring by accessing connection
When name file has been saved to specified region, according to file identification, the corresponding signature file of file to be signed is obtained.
In the second way, signature server is sent signature file to compiler server and is being referred to by access connection
Determine preservation address and the file identification in region, compiler server is obtained this and signed by the preservation address and file identification
File.
In the related technology, all accounts with compiling permission have the permission of access key simultaneously, if any account is revealed
Key all may cause third party and obtain key, key safety is poor, may cause the third party of malice based on illegally obtaining
Key forges a signature, thus to other terminals send it is some forge document, and terminal is when receiving this and forging document, if label
Name is verified, and also will be considered that it is legitimate files, the safety of terminal is caused not can guarantee.
In the embodiment of the present disclosure, by separating signature process with compilation process, compilation process is not on signature server
It carries out, and signature process is carried out by the second destiny account with access key permission on signature server, to reduce private
A possibility that key is revealed, ensure that the safety of key.
In addition, carrying out key authentication between compiler server and signature server in the embodiment of the present disclosure, avoiding third
Square forged identity gains the key of signature server by cheating, improves the safety of key.
In addition, the network legal power of account is limited to access compiler server on signature server, and signs in the embodiment of the present disclosure
The access authority of name server is intended for compiler server, realizes the access control in network level, third party is avoided to pass through
Network means steal key or modification file, to improve the internet security of signature server.
Fig. 3 is a kind of block diagram of digital signature device shown according to an exemplary embodiment.Referring to Fig. 3, the device packet
Adding module 301 is included, module 302 and signature blocks 303 are obtained.
The adding module 301 is configured as through the first destiny account, adds file to be signed in task queue, and first
Destiny account has copied files permission.
The acquisition module 302 is configured as obtaining the adding module 301 from task queue by the second destiny account
Added file to be signed, the second destiny account have digital signature permission.
The signature blocks 303 are configured as reading key by the second destiny account, to acquired in the acquisition module 302
To file to be signed sign, obtain signature file.
In a kind of possible implementation, the device composition based on Fig. 3, referring to fig. 4, device further includes authentication module 304,
Establish module 305 and copy module 306.
The authentication module 304 is configured as carrying out key authentication by the first destiny account and compiler server.
This is established module 305 and is configured as when key authentication passes through, and the access established between compiler server connects.
When the copy module 306 is configured as listening to compiler server compiling completion by accessing connection, pass through first
Destiny account copies file to be signed from compiler server.
In a kind of possible implementation, the device composition based on Fig. 3, referring to Fig. 5, the acquisition module 302 of the device is wrapped
It includes and monitors submodule 3021 and acquisition submodule 3022.
The acquisition submodule 3021 is configured as monitoring task queue by the second destiny account.
The acquisition submodule 3022 be configured as when listen to add file to be signed in task queue when, from task team
File to be signed is obtained in column.
In a kind of possible implementation, the device composition based on Fig. 3, referring to Fig. 6, device further includes preserving module 307.
The preserving module 307 is configured as saving signature file in specified region, and signature file carries file identification,
Make compiler server according to file identification, signature file is obtained from specified region.
In a kind of possible implementation, the network of the first destiny account and the second destiny account is accessed on signature server
Permission is limited to access compiler server, and the accessed permission of signature server is intended for compiler server.
All the above alternatives can form the alternative embodiment of the disclosure, herein no longer using any combination
It repeats one by one.
In the embodiment of the present disclosure, by separating signature process with compilation process, compilation process is not on signature server
It carries out, and signature process is carried out by the second destiny account with access key permission on signature server, to reduce private
A possibility that key is revealed, ensure that the safety of key.
In addition, carrying out key authentication between compiler server and signature server in the embodiment of the present disclosure, avoiding third
Square forged identity gains the key of signature server by cheating, improves the safety of key.
In addition, the network legal power of account is limited to access compiler server on signature server, and signs in the embodiment of the present disclosure
The access authority of name server is intended for compiler server, realizes the access control in network level, third party is avoided to pass through
Network means steal key or modification file, to improve the internet security of signature server.
About the device in above-described embodiment, wherein modules execute the concrete mode of operation in related this method
Embodiment in be described in detail, no detailed explanation will be given here.
It should be understood that digital signature device provided by the above embodiment is in digital signature, only with above-mentioned each function
The division progress of module can according to need and for example, in practical application by above-mentioned function distribution by different function moulds
Block is completed, i.e., the internal structure of device is divided into different functional modules, to complete all or part of function described above
Energy.In addition, digital signature device provided by the above embodiment and digital signature method embodiment belong to same design, it is specific real
Existing process is detailed in embodiment of the method, and which is not described herein again.
Fig. 7 is a kind of block diagram of digital signature device 700 shown according to an exemplary embodiment.For example, device 700 can
To be provided as a server.Referring to Fig. 7, it further comprises one or more processing that device 700, which includes processing component 722,
Device, and the memory resource as representated by memory 732, for store can by the instruction of the execution of processing component 722, such as
Application program.The application program stored in memory 732 may include it is one or more each correspond to one group refer to
The module of order.In addition, processing component 722 is configured as executing instruction, to execute above-mentioned digital signature method.
Device 700 can also include the power management that a power supply module 726 is configured as executive device 700, and one has
Line or radio network interface 750 are configured as device 700 being connected to network and input and output (I/O) interface 758.Dress
Setting 700 can operate based on the operating system for being stored in memory 732, such as Windows ServerTM, Mac OS XTM,
UnixTM,LinuxTM, FreeBSDTMOr it is similar.
Those skilled in the art after considering the specification and implementing the invention disclosed here, will readily occur to its of the disclosure
Its embodiment.This application is intended to cover any variations, uses, or adaptations of the disclosure, these modifications, purposes or
Person's adaptive change follows the general principles of this disclosure and including the undocumented common knowledge in the art of the disclosure
Or conventional techniques.The description and examples are only to be considered as illustrative, and the true scope and spirit of the disclosure are by following
Claim is pointed out.
It should be understood that the present disclosure is not limited to the precise structures that have been described above and shown in the drawings, and
And various modifications and changes may be made without departing from the scope thereof.The scope of the present disclosure is only limited by the accompanying claims.
Claims (11)
1. a kind of digital signature method, which is characterized in that be applied to signature server, which comprises
By the first destiny account, file to be signed is added in task queue, first destiny account has copied files
Permission, compiling is completed in the file to be signed, and the process of the compiling does not carry out on the signature server;
By the second destiny account, the file to be signed is obtained from the task queue, second destiny account has
Digital signature permission;
Key is read by second destiny account, signs to the file to be signed, obtains signature file.
2. adding in task queue the method according to claim 1, wherein described pass through the first destiny account
Before adding file to be signed, the method also includes:
Key authentication is carried out by first destiny account and compiler server;
When the key authentication passes through, the access established between the compiler server is connected;
When listening to compiler server compiling by access connection and completing, by first destiny account from described
The file to be signed is copied in compiler server.
3. the method according to claim 1, wherein described pass through the second destiny account, from the task queue
It is middle to obtain the file to be signed and include:
The task queue is monitored by second destiny account;
When listen to add the file to be signed in the task queue when, obtained from the task queue described wait sign
Name file.
4. the method according to claim 1, wherein the file carrying file identification to be signed, described to pass through
Second destiny account reads key, signs to the file to be signed, after obtaining signature file, the method
Further include:
The signature file is saved in specified region, the signature file carries the file identification.
5. method according to any one of claims 1 to 4, which is characterized in that described first refers on the signature server
The network access authority for determining account and second destiny account is to access the permission of compiler server, and the signature server
Accessed permission be intended for the compiler server.
6. a kind of digital signature device, which is characterized in that be applied to signature server, described device includes:
Adding module, for adding file to be signed, first destiny account in task queue by the first destiny account
Has copied files permission, compiling is completed in the file to be signed, and the process of the compiling is not in the signature server
Upper progress;
Module is obtained, for by the second destiny account, obtaining the file to be signed from the task queue, described second
Destiny account has digital signature permission;
Signature blocks are signed to the file to be signed, are obtained for reading key by second destiny account
Signature file.
7. device according to claim 6, which is characterized in that described device further include:
Authentication module, for carrying out key authentication by first destiny account and compiler server;
Module is established, the access for when the key authentication passes through, establishing between the compiler server connects;
Module is copied, when completing for listening to the compiler server compiling by access connection, passes through described first
Destiny account copies the file to be signed from the compiler server.
8. device according to claim 6, which is characterized in that the acquisition module includes:
Submodule is monitored, for monitoring the task queue by second destiny account;
Acquisition submodule, for when listen to add the file to be signed in the task queue when, from the task team
The file to be signed is obtained in column.
9. device according to claim 6, which is characterized in that described device further include:
Preserving module, for saving the signature file in specified region, the signature file carries file identification, makes to compile
Server is translated according to the file identification, the signature file is obtained from the specified region.
10. according to the described in any item devices of claim 6 to 9, which is characterized in that described first refers on the signature server
The network access authority for determining account and second destiny account is to access the permission of compiler server, and the signature server
Accessed permission be intended for the compiler server.
11. a kind of digital signature device characterized by comprising
Processor;
Memory for the instruction that storage processor can be performed;
Wherein, the processor is configured to:
By the first destiny account, file to be signed is added in task queue, first destiny account has copied files
Permission, compiling is completed in the file to be signed, and the process of the compiling carries out not on signature server;
By the second destiny account, the file to be signed is obtained from the task queue, second destiny account has
Digital signature permission;
Key is read by second destiny account, signs to the file to be signed, obtains signature file.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610694577.6A CN106161037B (en) | 2016-08-19 | 2016-08-19 | Digital signature method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610694577.6A CN106161037B (en) | 2016-08-19 | 2016-08-19 | Digital signature method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106161037A CN106161037A (en) | 2016-11-23 |
CN106161037B true CN106161037B (en) | 2019-05-10 |
Family
ID=57341660
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610694577.6A Active CN106161037B (en) | 2016-08-19 | 2016-08-19 | Digital signature method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106161037B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107769927B (en) * | 2017-09-30 | 2021-11-26 | 飞天诚信科技股份有限公司 | Method and device for operating intelligent key equipment in MacOSX system |
CN110826092A (en) * | 2018-08-14 | 2020-02-21 | 珠海金山办公软件有限公司 | File signature processing system |
CN112506793B (en) * | 2020-12-18 | 2024-05-28 | 航天信息股份有限公司 | Method and system for testing embedded software unit, readable medium and electronic equipment |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1722656A (en) * | 2004-04-08 | 2006-01-18 | 梁庆生 | A digital signature method and digital signature tool |
CN101477659A (en) * | 2009-02-10 | 2009-07-08 | 百富计算机技术(深圳)有限公司 | Method and apparatus for file automatic signature |
CN102148687A (en) * | 2011-05-09 | 2011-08-10 | 北京数码大方科技有限公司 | Signature method and device in information management system |
CN102868688A (en) * | 2012-09-05 | 2013-01-09 | 天地融科技股份有限公司 | Certification system and method and electronic signature tool |
CN104618120A (en) * | 2015-03-04 | 2015-05-13 | 青岛微智慧信息有限公司 | Digital signature method for escrowing private key of mobile terminal |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2009200595A (en) * | 2008-02-19 | 2009-09-03 | Fujitsu Ltd | Signature management program, signature management method and signature management apparatus |
-
2016
- 2016-08-19 CN CN201610694577.6A patent/CN106161037B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1722656A (en) * | 2004-04-08 | 2006-01-18 | 梁庆生 | A digital signature method and digital signature tool |
CN101477659A (en) * | 2009-02-10 | 2009-07-08 | 百富计算机技术(深圳)有限公司 | Method and apparatus for file automatic signature |
CN102148687A (en) * | 2011-05-09 | 2011-08-10 | 北京数码大方科技有限公司 | Signature method and device in information management system |
CN102868688A (en) * | 2012-09-05 | 2013-01-09 | 天地融科技股份有限公司 | Certification system and method and electronic signature tool |
CN104618120A (en) * | 2015-03-04 | 2015-05-13 | 青岛微智慧信息有限公司 | Digital signature method for escrowing private key of mobile terminal |
Also Published As
Publication number | Publication date |
---|---|
CN106161037A (en) | 2016-11-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111898153B (en) | Method and device for calling contract | |
CN111090888B (en) | Contract verification method and device | |
CN112887160B (en) | Block chain all-in-one machine, multi-node deployment method and device thereof, and storage medium | |
CN111931154B (en) | Service processing method, device and equipment based on digital certificate | |
CN112686668A (en) | Alliance chain cross-chain system and method | |
CN109417545A (en) | For downloading the technology of network insertion profile | |
CN105306490A (en) | System, method and device for payment verification | |
Tate et al. | Multi-user dynamic proofs of data possession using trusted hardware | |
CN108647306A (en) | A kind of Quick Response Code barcode scanning exchange method and device | |
CN111880919B (en) | Data scheduling method, system and computer equipment | |
CN106161037B (en) | Digital signature method and device | |
CN113676334B (en) | Block chain-based distributed edge equipment identity authentication system and method | |
Yang et al. | DAA-TZ: an efficient DAA scheme for mobile devices using ARM TrustZone | |
CN112236770A (en) | Data processing | |
CN109981650B (en) | Transfer method and system for general certificates in block chain | |
CN115459928A (en) | Data sharing method, device, equipment and medium | |
CN105814834B (en) | Push-based trust model for public cloud applications | |
CN106326723A (en) | Method and device for certifying APK (Android Package) signature | |
CN115001714B (en) | Resource access method and device, electronic equipment and storage medium | |
CN110365492A (en) | A kind of method for authenticating, system, equipment and medium | |
CN114710362A (en) | Identity authentication method and device based on block chain and electronic equipment | |
CN109936522B (en) | Equipment authentication method and equipment authentication system | |
CN112866235A (en) | Data processing method, device and equipment | |
CN114978681B (en) | Service application authorization method and device based on block chain and processor | |
Tamrakar et al. | On rehoming the electronic id to TEEs |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |