CN106685651A - Method for creating digital signatures by cooperation of client and server - Google Patents
Method for creating digital signatures by cooperation of client and server Download PDFInfo
- Publication number
- CN106685651A CN106685651A CN201611194899.0A CN201611194899A CN106685651A CN 106685651 A CN106685651 A CN 106685651A CN 201611194899 A CN201611194899 A CN 201611194899A CN 106685651 A CN106685651 A CN 106685651A
- Authority
- CN
- China
- Prior art keywords
- signature
- elliptic curve
- client
- private key
- point
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
- H04L9/3073—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
Abstract
The invention discloses a method for creating digital signatures by cooperation of a client and a server comprising that the client receives the requests of digital signatures from the external applications. The client sends signature original text m and personal identifying information identity of users to the server according to the requests of digital signatures from the external applications. The server tests whether a private key is revoked or not according to the personal identifying information identity of users. The server lookups corresponding second private key d2 according to the personal identifying information identity of users received if the private keys are revoked. First signature information S 1 is produced by utilizing the corresponding second private key d2 to make digital signatures through the signature original text m. And the first signature information S 1 is sent to the client. The method for creating the digital signatures by the cooperation of the client and the server has the advantages of achieving the high use complexity of users caused by the requirements that the users must carry hardware security devices to complete the digital signature operation in existing methods, and achieving the technical matters that users' signature operation cannot be terminated caused by the cancellation of the client key in time in the existing methods.
Description
Technical field
The invention belongs to information security field, generates numeral and signs more particularly, to a kind of client and service end cooperation
The method of name.
Background technology
At present, using PKIX (the Public Key based on digital certificate more than operation system
Infrastructure, abbreviation PKI) ensureing business datum safety, digital certificate is by certificate granting to system
What (Certificate Authority, abbreviation CA) or third party CA were signed and issued, the public key cryptography mechanism with digital certificate as core
The information of transmission over networks can be encrypted and decrypted, digital signature and checking, to guarantee to be transmitted on network the machine of message
The verity of close property, integrity and transaction entity, and the non-repudiation of signature, and then the safety of Logistics networks application
Property.
In the PKI system with digital certificate as core, digital signature is corresponding by client call customer digital certificate
Private key independently to calculate to complete.Conventional Digital Signature Algorithm includes RSA signature algorithm and the numeral based on elliptic curve cipher
Signature algorithm, wherein the Digital Signature Algorithm based on elliptic curve cipher includes most popular elliptic curve numeral in the world
Signature algorithm (Elliptic Curve Digital Signature Algorithm, abbreviation ECDSA) and China national password
The SM2 Digital Signature Algorithms of standard.
However, there is following technical problem in above-mentioned Digital Signature Algorithm:
First, the corresponding private key for user of digital certificate is generated by user, and is taken care of by user, is easily stolen by hacker,
In order to ensure the safety of private key for user, at present current way be use special security hardware (for example smart card, U-shield,
Intelligent cipher key equipment etc.) storing and protect private key for user, but this requires user to buy and carries with hardware peace
Full equipment can just complete digital signing operations, so as to both increased the cost that user uses, also increase the complexity that user uses
Degree.
Second, because private key for user is stored in client, and use in client, therefore user can at any time generate number
Word is signed;If user loses digital certificate, or needs calcellation digital certificate because user leaves office, service end can not in time by user
The client part of private key cancels, and terminates the signature operation of user.
The content of the invention
For the disadvantages described above or Improvement requirement of prior art, the invention provides a kind of client and service end cooperation life
Into the method for digital signature, it is intended that solving user present in existing method must carry with security hardware
Use complexity high to complete the user caused by digital signing operations, and client key can not be caused by cancelling in time
The technical problem that the signature operation of user can not be terminated.
For achieving the above object, according to one aspect of the present invention, there is provided a kind of client and service end cooperation are generated
Digital signature method, comprises the following steps:
(1) client receives the digital signature request from applications, and sends signature according to the digital signature request
, to service end, wherein individual subscriber identification information ID may include user name for original text m and individual subscriber identification information ID, and/or
The first public key P1 that client is obtained after being processed the first private key d1 that its own is generated using public key algorithm;
(2) service end according to individual subscriber identification information ID detect private key for user whether be revoked, if not by
Revocation then enters step (3), and else process terminates;
(3) service end searches corresponding second private key according to individual subscriber identification information ID for receiving in its own
D2, is digitally signed using the second private key d2 to the original text m that signs, and to generate the first signing messages S1, and first is signed
Information S1 is sent to client;
(4) combination of the client using the first private key d1 to sign original text m and the first signing messages S1 is digitally signed,
To generate full signature information S, and full signature information S is returned to into applications.
Preferably, the step of generating the first signing messages S1 is as follows:
(3-1) elliptic curve point P2 is obtained according to the second private key d2 and signature original text m and using below equation:
P2=H (d2, m) * G
Or obtain oval according to personal user's identification information ID, the second private key d2 and signature original text m and using below equation
Curve point P2:
P2=H (ID, d2, m) * G
Wherein H represents hash algorithm, and G is the basic point of the elliptic curve that Digital Signature Algorithm is adopted, and * represents elliptic curve
Point multiplication operation;
(3-2) the elliptic curve point P2 for calculating acquisition is assigned to into the first signing messages S1.
Preferably, the Digital Signature Algorithm used in step (4) is SM2 ellipse curve signature algorithms, and step (4) is concrete
Including following sub-step:
(4-1) random number k ∈ [1, n-1] is generated, and obtains the point k*G on elliptic curve, wherein n is the numeral label for using
The rank of elliptic curve in name algorithm;
(4-2) elliptic curve point is obtained according to the point k*G and the first signing messages on the elliptic curve of step (4-1) acquisition
P1=k*G+S1, wherein the point add operation of+expression elliptic curve;
(4-3) signature result is obtained according to the elliptic curve point P1 and individual subscriber identification information obtained in step (4-2)
First element r=(e+x1) mod n, wherein e=H (Z | | m), Z represents the digest value of individual subscriber identification information;X1 represents P1
The abscissa of point, y1 represents the vertical coordinate of P1 points;
(4-4) the signature result first element r obtained according to the first private key d1, random number k, step (4-3) obtains signature
As a result the second key element s=((1+d1)-1·(k-r·d1))mod n;
(4-5) the signature result the obtained in the signature result first element r for obtaining step (4-3) and step (4-4)
Two key elements s synthesize, to obtain full signature information S.
Preferably, the Digital Signature Algorithm used in step (4) is SM2 ellipse curve signature algorithms, and step (4) is concrete
Including following sub-step:
(4-1) random number k ∈ [1, n-1] is generated, and elliptic curve point is obtained according to the random number and the first signing messages
P1=k*S1, wherein n are the rank of elliptic curve in the Digital Signature Algorithm for using;
(4-2) signature result is obtained according to the elliptic curve point P1 and individual subscriber identification information obtained in step (4-1)
First element r=(e+x1) mod n, wherein e=H (Z | | m), Z represents the digest value of individual subscriber identification information;X1 represents P1
The abscissa of point, y1 represents the vertical coordinate of P1 points;
(4-3) the signature result first element r obtained according to the first private key d1, random number k, step (4-2) obtains signature
As a result the second key element s=((1+d1)-1·(k-r·d1))mod n;
(4-4) the signature result the obtained in the signature result first element r for obtaining step (4-2) and step (4-3)
Two key elements s synthesize, to obtain full signature information S.
Preferably, the Digital Signature Algorithm used in step (4) is ECDSA ellipse curve signature algorithms, then step (4) tool
Body includes following sub-step:
(4-1) random number k ∈ [1, n-1] is generated, and obtains the point k*G on elliptic curve, wherein n is the numeral label for using
The rank of elliptic curve in name algorithm;
(4-2) elliptic curve point is obtained according to the point k*G and the first signing messages on the elliptic curve of step (4-1) acquisition
P1=k*G+S1, wherein the point add operation of+expression elliptic curve;
(4-3) signature result first element r=x1mod n are obtained according to the elliptic curve point P1 obtained in step (4-2),
Wherein x1 represents the abscissa of P1 points;
(4-4) the signature result first element r obtained according to the first private key d1, random number k, step (4-3) obtains signature
As a result the second key element s=k-1·(e+r·d1)mod n;Wherein e is equal to H (m);
(4-5) the signature result the obtained in the signature result first element r for obtaining step (4-3) and step (4-4)
Two key elements s synthesize, to obtain full signature information S.
Preferably, the Digital Signature Algorithm used in step (4) is ECDSA ellipse curve signature algorithms, then step (4) tool
Body includes following sub-step:
(4-1) random number k ∈ [1, n-1] is generated, and elliptic curve point is obtained according to the random number and the first signing messages
P1=k*S1, wherein n are the rank of elliptic curve in the Digital Signature Algorithm for using;
(4-2) signature result first element r=x1mod n are obtained according to the elliptic curve point P1 obtained in step (4-1),
Wherein x1 represents the abscissa of P1 points;
(4-3) the signature result first element r obtained according to the first private key d1, random number k, step (4-2) obtains signature
As a result the second key element s=k-1·(e+r·d1)mod n;Wherein e is equal to H (m);
(4-4) the signature result the obtained in the signature result first element r for obtaining step (4-2) and step (4-3)
Two key elements s synthesize, to obtain full signature information S.
Preferably, the step of generating the first signing messages S1 is as follows:
(3-1) elliptic curve point P2 is obtained according to the second private key d2 and signature original text m and using below equation:
P2=H (d2, m) * G
Or obtain oval according to personal user's identification information ID, the second private key d2 and signature original text m and using below equation
Curve point P2:
P2=H (ID, d2, m) * G
(3-2) the abscissa x2 for calculating the elliptic curve point P2 for obtaining is assigned to into the first signing messages S1.
Preferably, the Digital Signature Algorithm used in step (4) is SM2 ellipse curve signature algorithms, and step (4) is concrete
Including following sub-step:
(4-1) random number k ∈ [1, n-1] is generated, and elliptic curve point P1=k*G is obtained according to the random number, wherein n is
The rank of elliptic curve in the Digital Signature Algorithm for using;
(4-2) signature knot is obtained according to the point P1 on individual subscriber identification information, elliptic curve and the first signing messages S1
Fruit first element r=(e+x1+S1) mod n;
(4-3) the signature result first element r obtained according to the first private key d1, random number k, step (4-2) obtains signature
As a result the second key element s=((1+d1)-1·(k-r·d1))mod n;
(4-4) the signature result the obtained in the signature result first element r for obtaining step (4-2) and step (4-3)
Two key elements s synthesize, to obtain full signature information S.
Preferably, the Digital Signature Algorithm used in step (4) is ECDSA ellipse curve signature algorithms, and step (4) has
Body includes following sub-step:
(4-1) random number k ∈ [1, n-1] is generated, and elliptic curve point P1=k*G is obtained according to the random number, wherein n is
The rank of elliptic curve in the Digital Signature Algorithm for using;
(4-2) signature result first element r=(x1+ are obtained according to the point P1 on elliptic curve and the first signing messages S1
S1)mod n;
(4-3) the signature result first element r obtained according to the first private key d1, random number k, step (4-2) obtains signature
As a result the second key element s=k-1·(e+r·d1)mod n;Wherein e is equal to H (m);
(4-4) the signature result the obtained in the signature result first element r for obtaining step (4-2) and step (4-3)
Two key elements s synthesize, to obtain full signature information S.
It is another aspect of this invention to provide that providing a kind of client and service end cooperation generation digital signature method, bag
Include following steps:
(1) client receives the digital signature request from applications, and sends signature according to the digital signature request
, to service end, the wherein individual subscriber identification information may include user name, and/or client for original text and individual subscriber identification information
The the first public key P1 obtained after being processed the first private key d1 that its own is generated using public key algorithm;
(2) service end detects whether private key for user has been revoked according to individual subscriber identification information, if do not removed
Pin then enters step (3), and else process terminates;
(3) service end searches corresponding second private key d2 according to the individual subscriber identification information for receiving in its own,
Original text of signing is digitally signed using the second private key d2, to generate the first signing messages S1, and by the first signing messages
S1 is sent to client;
(4) client is digitally signed using the first private key d1 to original text of signing, to generate the second signing messages S2, will
First signing messages S1 and the second signing messages S2 synthesize full signature information S, and full signature information S is returned to into outside
Using.
In general, by the contemplated above technical scheme of the present invention compared with prior art, can obtain down and show
Beneficial effect:
1st, the method for the present invention generates and preserves the private key for user of part simultaneously as a result of client and service end, and
In client and service end any one party can not separately synthesized complete private key for user, so as to ensure that the safety of private key for user
Property, even if the client part (i.e. the first private key) of private key for user is stolen by hacker, the hacker also cannot recover completely at all
Private key for user;
2nd, the method for the present invention simultaneously participates in signature computing flow process as a result of client and service end, private key for user
Client part (i.e. the first private key) and service end part (i.e. the second private key) the only participation signature computing under the conditions of satisfaction, with
Generating portion is signed, and any one party can not generate complete signature in client and service end, so as to ensure that user signs
The safety of name.
3rd, the private key for user in the present invention is to be saved in decentralized manner, and client does not need special hardware security to set
It is standby preserving private key for user such that it is able to ensure the safety of complete private key for user, at the same user of the present invention using complexity
Degree is low.
4th, the present invention is removed by participating in signature computing using server, and detecting private key for user whether there is before signing
Pin, terminates signature, so as to ensure that it is ageing that private key for user is used if being revoked.
Description of the drawings
Fig. 1 is the stream of the method that digital signature is generated according to the client and service end cooperation of first embodiment of the invention
Cheng Tu.
Fig. 2 is the stream of the method that digital signature is generated according to the client and service end cooperation of second embodiment of the invention
Cheng Tu.
Specific embodiment
In order that the objects, technical solutions and advantages of the present invention become more apparent, it is right below in conjunction with drawings and Examples
The present invention is further elaborated.It should be appreciated that specific embodiment described herein is only to explain the present invention, and
It is not used in the restriction present invention.As long as additionally, technical characteristic involved in invention described below each embodiment
Not constituting conflict each other just can be mutually combined.
As shown in figure 1, client of the present invention and service end cooperation generate digital signature method and comprise the following steps:
(1) client receives the digital signature request from applications, and sends signature according to the digital signature request
Original text and individual subscriber identification information are to service end;Specifically, the individual subscriber identification information may include user name, and/or
The first public key P1 that client is obtained after being processed the first private key d1 that its own is generated using public key algorithm, wherein
First private key d1 can be that client is generated at random and preserved, or client is generated by performing cipher key derivation function;It is outside
Using app applications, web applications, various processes that can be outside etc.;
(2) service end detects whether private key for user has been revoked according to individual subscriber identification information, if do not removed
Pin then enters step (3), and else process terminates;Specifically, service end checks corresponding mark letter in the personally identifiable information
Breath, the identification information can be identified for that whether private key for user has been revoked;
(3) service end searches corresponding second private key d2 according to the individual subscriber identification information for receiving in its own,
Original text of signing is digitally signed using the second private key d2, to generate the first signing messages S1, and by the first signing messages
S1 is sent to client;Wherein second private key d2 be user first in service end registration phase, generated at random simultaneously by service end
Preserve, or service end is generated by performing cipher key derivation function;
Specifically, the step of a kind of embodiment of the invention, the first signing messages S1 of generation, is as follows:
First, elliptic curve point P2 is obtained according to the second private key d2 and signature original text m and using below equation:
P2=H (d2, m) * G
Or obtain oval according to personal user's identification information ID, the second private key d2 and signature original text m and using below equation
Curve point P2:
P2=H (ID, d2, m) * G
Wherein H represents hash algorithm, and G is the basic point of the elliptic curve that Digital Signature Algorithm is adopted, and * represents elliptic curve
Point multiplication operation;
Secondly, the elliptic curve point P2 for calculating acquisition is assigned to into the first signing messages S1.
The step of another embodiment of the invention, the first signing messages S1 of generation, is as follows:
First, elliptic curve point P2 is obtained according to the second private key d2 and signature original text m and using below equation:
P2=H (d2, m) * G
Or obtain oval according to personal user's identification information ID, the second private key d2 and signature original text m and using below equation
Curve point P2:
P2=H (ID, d2, m) * G
Secondly, the abscissa x2 for calculating the elliptic curve point P2 for obtaining is assigned to into the first signing messages S1.
(4) combination of the client using the first private key d1 to sign original text and the first signing messages S1 is digitally signed,
To generate full signature information S, and full signature information S is returned to into applications.
As a further improvement on the present invention, the method for the present invention is additionally may included in after above-mentioned steps (1), step
(2) following steps before:
(1 ') service end carries out authentication according to individual subscriber identification information to user;Authentication includes requiring user
Any one or a few combination in PIN code information, voice messaging, finger print information, face information, iris information is provided, then
The information is verified.
As a further improvement on the present invention, the method for the present invention is additionally may included in after above-mentioned steps (3), step
(4) following steps before:
(3 ') client carries out authentication to user according to individual subscriber identification information, and authentication includes requiring user
Any one or a few combination in PIN code information, voice messaging, finger print information, face information, iris information is provided, then
The information is verified.
As another embodiment of the invention, as shown in Fig. 2 above-mentioned steps (4) also can be replaced by:
(4 ') client is digitally signed using the first private key d1 to original text of signing, to generate the second signing messages S2,
First signing messages S1 and the second signing messages S2 are synthesized into full signature information S, and full signature information S is returned to outer
Apply in portion.
In one embodiment of the present invention, if the Digital Signature Algorithm used in step (4) is SM2 ellipse curve signatures
Algorithm, then above-mentioned steps (4) specifically include following sub-step:
(4-1) random number k ∈ [1, n-1] is generated, wherein n is the rank of elliptic curve in the Digital Signature Algorithm for using, and
Obtain the point k*G on elliptic curve;
(4-2) elliptic curve point is obtained according to the point k*G and the first signing messages on the elliptic curve of step (4-1) acquisition
P1=k*G+S1, wherein the point add operation of+expression elliptic curve;
(4-3) signature result is obtained according to the elliptic curve point P1 and individual subscriber identification information obtained in step (4-2)
First element r=(e+x1) mod n, wherein e=H (Z | | m), H represents Hash operation, and Z represents plucking for individual subscriber identification information
It is worth;X1 represents the abscissa of P1 points, and y1 represents the vertical coordinate of P1 points;
(4-4) the signature result first element r obtained according to the first private key d1, random number k, step (4-3) obtains signature
As a result the second key element s=((1+d1)-1·(k-r·d1))mod n;
(4-5) the signature result the obtained in the signature result first element r for obtaining step (4-3) and step (4-4)
Two key elements s synthesize, to obtain full signature information S.
As a further improvement on the present invention, above-mentioned steps (4-1) and step (4-2) can also be replaced by following step:
(4-1 ') generates random number k ∈ [1, n-1], and obtains elliptic curve point according to the random number and the first signing messages
P1=k*S1;
As a further improvement on the present invention, above-mentioned steps (4-1), step (4-2) and step (4-3) also can be replaced by
Following step:
(4-1 ") random number k ∈ [1, n-1] is generated, and elliptic curve point P1=k*G is obtained according to the random number;
(4-2 ") signature knot is obtained according to the point P1 on individual subscriber identification information, elliptic curve and the first signing messages S1
Fruit first element r=(e+x1+S1) mod n;
In one embodiment of the present invention, if the Digital Signature Algorithm used in step (4) is ECDSA elliptic curve label
Name algorithm, then above-mentioned steps (4) specifically include following sub-step:
(4-1) random number k ∈ [1, n-1] is generated, and obtains the point k*G on elliptic curve;
(4-2) elliptic curve point is obtained according to the point k*G and the first signing messages on the elliptic curve of step (4-1) acquisition
P1=k*G+S1, wherein the point add operation of+expression elliptic curve;
(4-3) signature result first element r=x1mod n are obtained according to the elliptic curve point P1 obtained in step (4-2),
Wherein x1 represents the abscissa of P1 points;
(4-4) the signature result first element r obtained according to the first private key d1, random number k, step (4-3) obtains signature
As a result the second key element s=k-1·(e+r·d1)mod n;Wherein e is equal to H (m);
(4-5) the signature result the obtained in the signature result first element r for obtaining step (4-3) and step (4-4)
Two key elements s synthesize, to obtain full signature information S.
As a further improvement on the present invention, above-mentioned steps (4-1) and step (4-2) can also be replaced by following step:
(4-1 ') generates random number k ∈ [1, n-1], and obtains elliptic curve point according to the random number and the first signing messages
P1=k*S1;
As a further improvement on the present invention, above-mentioned steps (4-1), step (4-2) and step (4-3) also can be replaced by
Following step:
(4-1 ") random number k ∈ [1, n-1] is generated, and elliptic curve point P1=k*G is obtained according to the random number;
(4-2 ") signature result first element r=(x1+ are obtained according to the point P1 on elliptic curve and the first signing messages S1
S1)mod n。
As it will be easily appreciated by one skilled in the art that the foregoing is only presently preferred embodiments of the present invention, not to
The present invention, all any modification, equivalent and improvement made within the spirit and principles in the present invention etc. are limited, all should be included
Within protection scope of the present invention.
Claims (10)
1. a kind of client and service end cooperation generates digital signature method, it is characterised in that comprise the following steps:
(1) client receives the digital signature request from applications, and sends signature original text m according to the digital signature request
With individual subscriber identification information ID to service end, wherein individual subscriber identification information ID may include user name, and/or client
The the first public key P1 obtained after being processed the first private key d1 that its own is generated using public key algorithm;
(2) service end detects whether private key for user has been revoked according to individual subscriber identification information ID, if be not revoked
Step (3) is then entered, else process terminates;
(3) service end searches corresponding second private key d2 according to individual subscriber identification information ID for receiving in its own, profit
The original text m that signs is digitally signed with the second private key d2, to generate the first signing messages S1, and by the first signing messages S1
It is sent to client;
(4) combination of the client using the first private key d1 to sign original text m and the first signing messages S1 is digitally signed, with life
Into full signature information S, and full signature information S is returned to into applications.
2. client according to claim 1 and service end cooperation generates digital signature method, it is characterised in that generate the
The step of one signing messages S1, is as follows:
(3-1) elliptic curve point P2 is obtained according to the second private key d2 and signature original text m and using below equation:
P2=H (d2, m) * G
Or obtain elliptic curve according to personal user's identification information ID, the second private key d2 and signature original text m and using below equation
Point P2:
P2=H (ID, d2, m) * G
Wherein H represents hash algorithm, and G is the basic point of the elliptic curve that Digital Signature Algorithm is adopted, and * represents the dot product of elliptic curve
Computing;
(3-2) the elliptic curve point P2 for calculating acquisition is assigned to into the first signing messages S1.
3. client according to claim 2 and service end cooperation generates digital signature method, it is characterised in that step
(4) Digital Signature Algorithm used in is SM2 ellipse curve signature algorithms, and step (4) specifically includes following sub-step:
(4-1) random number k ∈ [1, n-1] is generated, and obtains the point k*G on elliptic curve, wherein n is that the digital signature for using is calculated
The rank of elliptic curve in method;
(4-2) elliptic curve point P1=is obtained according to the point k*G and the first signing messages on the elliptic curve of step (4-1) acquisition
K*G+S1, wherein the point add operation of+expression elliptic curve;
(4-3) signature result first is obtained according to the elliptic curve point P1 and individual subscriber identification information obtained in step (4-2)
Key element r=(e+x1) mod n, wherein e=H (Z | | m), Z represents the digest value of individual subscriber identification information;X1 represents P1 points
Abscissa, y1 represents the vertical coordinate of P1 points;
(4-4) the signature result first element r obtained according to the first private key d1, random number k, step (4-3) obtains signature result
Second key element s=((1+d1)-1·(k-r·d1))mod n;
(4-5) the signature result second obtained in the signature result first element r for obtaining step (4-3) and step (4-4) will
Plain s synthesis, to obtain full signature information S.
4. client according to claim 2 and service end cooperation generates digital signature method, it is characterised in that step
(4) Digital Signature Algorithm used in is SM2 ellipse curve signature algorithms, and step (4) specifically includes following sub-step:
(4-1) random number k ∈ [1, n-1] is generated, and elliptic curve point P1=is obtained according to the random number and the first signing messages
K*S1, wherein n are the rank of elliptic curve in the Digital Signature Algorithm for using;
(4-2) signature result first is obtained according to the elliptic curve point P1 and individual subscriber identification information obtained in step (4-1)
Key element r=(e+x1) mod n, wherein e=H (Z | | m), Z represents the digest value of individual subscriber identification information;X1 represents P1 points
Abscissa, y1 represents the vertical coordinate of P1 points;
(4-3) the signature result first element r obtained according to the first private key d1, random number k, step (4-2) obtains signature result
Second key element s=((1+d1)-1·(k-r·d1))mod n;
(4-4) the signature result second obtained in the signature result first element r for obtaining step (4-2) and step (4-3) will
Plain s synthesis, to obtain full signature information S.
5. client according to claim 2 and service end cooperation generates digital signature method, it is characterised in that step
(4) Digital Signature Algorithm used in is ECDSA ellipse curve signature algorithms, then step (4) specifically includes following sub-step:
(4-1) random number k ∈ [1, n-1] is generated, and obtains the point k*G on elliptic curve, wherein n is that the digital signature for using is calculated
The rank of elliptic curve in method;
(4-2) elliptic curve point P1=is obtained according to the point k*G and the first signing messages on the elliptic curve of step (4-1) acquisition
K*G+S1, wherein the point add operation of+expression elliptic curve;
(4-3) signature result first element r=x1mod n are obtained according to the elliptic curve point P1 obtained in step (4-2), wherein
X1 represents the abscissa of P1 points;
(4-4) the signature result first element r obtained according to the first private key d1, random number k, step (4-3) obtains signature result
Second key element s=k-1·(e+r·d1)mod n;Wherein e is equal to H (m);
(4-5) the signature result second obtained in the signature result first element r for obtaining step (4-3) and step (4-4) will
Plain s synthesis, to obtain full signature information S.
6. client according to claim 2 and service end cooperation generates digital signature method, it is characterised in that step
(4) Digital Signature Algorithm used in is ECDSA ellipse curve signature algorithms, then step (4) specifically includes following sub-step:
(4-1) random number k ∈ [1, n-1] is generated, and elliptic curve point P1=is obtained according to the random number and the first signing messages
K*S1, wherein n are the rank of elliptic curve in the Digital Signature Algorithm for using;
(4-2) signature result first element r=x1mod n are obtained according to the elliptic curve point P1 obtained in step (4-1), wherein
X1 represents the abscissa of P1 points;
(4-3) the signature result first element r obtained according to the first private key d1, random number k, step (4-2) obtains signature result
Second key element s=k-1·(e+r·d1)mod n;Wherein e is equal to H (m);
(4-4) the signature result second obtained in the signature result first element r for obtaining step (4-2) and step (4-3) will
Plain s synthesis, to obtain full signature information S.
7. client according to claim 1 and service end cooperation generates digital signature method, it is characterised in that generate the
The step of one signing messages S1, is as follows:
(3-1) elliptic curve point P2 is obtained according to the second private key d2 and signature original text m and using below equation:
P2=H (d2, m) * G
Or obtain elliptic curve according to personal user's identification information ID, the second private key d2 and signature original text m and using below equation
Point P2:
P2=H (ID, d2, m) * G
(3-2) the abscissa x2 for calculating the elliptic curve point P2 for obtaining is assigned to into the first signing messages S1.
8. client according to claim 7 and service end cooperation generates digital signature method, it is characterised in that step
(4) Digital Signature Algorithm used in is SM2 ellipse curve signature algorithms, and step (4) specifically includes following sub-step:
(4-1) random number k ∈ [1, n-1] is generated, and elliptic curve point P1=k*G is obtained according to the random number, wherein n is to use
Digital Signature Algorithm in elliptic curve rank;
(4-2) signature result the is obtained according to the point P1 on individual subscriber identification information, elliptic curve and the first signing messages S1
One key element r=(e+x1+S1) mod n;
(4-3) the signature result first element r obtained according to the first private key d1, random number k, step (4-2) obtains signature result
Second key element s=((1+d1)-1·(k-r·d1))mod n;
(4-4) the signature result second obtained in the signature result first element r for obtaining step (4-2) and step (4-3) will
Plain s synthesis, to obtain full signature information S.
9. client according to claim 7 and service end cooperation generates digital signature method, it is characterised in that step
(4) Digital Signature Algorithm used in is ECDSA ellipse curve signature algorithms, and step (4) specifically includes following sub-step:
(4-1) random number k ∈ [1, n-1] is generated, and elliptic curve point P1=k*G is obtained according to the random number, wherein n is to use
Digital Signature Algorithm in elliptic curve rank;
(4-2) signature result first element r=(x1+S1) is obtained according to the point P1 on elliptic curve and the first signing messages S1
mod n;
(4-3) the signature result first element r obtained according to the first private key d1, random number k, step (4-2) obtains signature result
Second key element s=k-1·(e+r·d1)mod n;Wherein e is equal to H (m);
(4-4) the signature result second obtained in the signature result first element r for obtaining step (4-2) and step (4-3) will
Plain s synthesis, to obtain full signature information S;
10. a kind of client and service end cooperation generates digital signature method, and its feature exists, comprises the following steps:
(1) client receives the digital signature request from applications, and sends signature original text according to the digital signature request
With individual subscriber identification information to service end, wherein the individual subscriber identification information may include user name, and/or client is used
The first public key P1 that public key algorithm is obtained after processing the first private key d1 that its own is generated;
(2) service end detects whether private key for user has been revoked according to individual subscriber identification information, if not being revoked
Into step (3), else process terminates;
(3) service end searches corresponding second private key d2 according to the individual subscriber identification information for receiving in its own, utilizes
The second private key d2 is digitally signed to original text of signing, and to generate the first signing messages S1, and the first signing messages S1 is sent out
Give client;
(4) client is digitally signed using the first private key d1 to original text of signing, to generate the second signing messages S2, by first
Signing messages S1 and the second signing messages S2 synthesize full signature information S, and full signature information S is returned to into outside answering
With.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611194899.0A CN106685651A (en) | 2016-12-22 | 2016-12-22 | Method for creating digital signatures by cooperation of client and server |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611194899.0A CN106685651A (en) | 2016-12-22 | 2016-12-22 | Method for creating digital signatures by cooperation of client and server |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106685651A true CN106685651A (en) | 2017-05-17 |
Family
ID=58870970
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611194899.0A Pending CN106685651A (en) | 2016-12-22 | 2016-12-22 | Method for creating digital signatures by cooperation of client and server |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106685651A (en) |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107124274A (en) * | 2017-05-18 | 2017-09-01 | 深圳奥联信息安全技术有限公司 | Digital signature method and device based on SM2 |
CN107360002A (en) * | 2017-08-15 | 2017-11-17 | 武汉信安珞珈科技有限公司 | A kind of application method of digital certificate |
CN107483212A (en) * | 2017-08-15 | 2017-12-15 | 武汉信安珞珈科技有限公司 | A kind of method of both sides' cooperation generation digital signature |
CN107566128A (en) * | 2017-10-10 | 2018-01-09 | 武汉大学 | A kind of two side's distribution SM9 digital signature generation methods and system |
CN108964906A (en) * | 2018-07-19 | 2018-12-07 | 数安时代科技股份有限公司 | The digital signature method of co-EC C |
CN109088726A (en) * | 2018-07-19 | 2018-12-25 | 郑州信大捷安信息技术股份有限公司 | Communicating pair collaboration signature and decryption method and system based on SM2 algorithm |
CN109245903A (en) * | 2018-09-29 | 2019-01-18 | 北京信安世纪科技股份有限公司 | Both sides cooperate with endorsement method, device and the storage medium for generating SM2 algorithm |
CN109672539A (en) * | 2019-03-01 | 2019-04-23 | 深圳市电子商务安全证书管理有限公司 | SM2 algorithm collaboration signature and decryption method, apparatus and system |
CN109936455A (en) * | 2017-12-19 | 2019-06-25 | 航天信息股份有限公司 | A kind of methods, devices and systems of digital signature |
CN110690969A (en) * | 2018-07-06 | 2020-01-14 | 武汉信安珞珈科技有限公司 | Method and system for completing bidirectional SSL/TLS authentication in cooperation of multiple parties |
CN111756536A (en) * | 2020-07-03 | 2020-10-09 | 北京无字天书科技有限公司 | Signature private key generation and digital signature method |
WO2023174350A1 (en) * | 2022-03-17 | 2023-09-21 | 中国移动通信集团有限公司 | Identity authentication method, apparatus and device, and storage medium |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1505313A (en) * | 2002-11-29 | 2004-06-16 | 海南信安数据系统有限公司 | Elliptic curve signature and signature verification method and apparatus |
CN102291240A (en) * | 2011-09-01 | 2011-12-21 | 清华大学 | Method and system for authenticating SM2 (Smart Media 2) signature |
CN103701598A (en) * | 2013-12-05 | 2014-04-02 | 武汉信安珞珈科技有限公司 | SM2 signature algorithm-based double-check signature method and digital signature equipment |
CN104243456A (en) * | 2014-08-29 | 2014-12-24 | 中国科学院信息工程研究所 | Signing and decrypting method and system applied to cloud computing and based on SM2 algorithm |
CN104618116A (en) * | 2015-01-30 | 2015-05-13 | 北京数字认证股份有限公司 | Collaborative digital signature system and method |
CN105827412A (en) * | 2016-03-14 | 2016-08-03 | 中金金融认证中心有限公司 | Authentication method, server and client |
-
2016
- 2016-12-22 CN CN201611194899.0A patent/CN106685651A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1505313A (en) * | 2002-11-29 | 2004-06-16 | 海南信安数据系统有限公司 | Elliptic curve signature and signature verification method and apparatus |
CN102291240A (en) * | 2011-09-01 | 2011-12-21 | 清华大学 | Method and system for authenticating SM2 (Smart Media 2) signature |
CN103701598A (en) * | 2013-12-05 | 2014-04-02 | 武汉信安珞珈科技有限公司 | SM2 signature algorithm-based double-check signature method and digital signature equipment |
CN104243456A (en) * | 2014-08-29 | 2014-12-24 | 中国科学院信息工程研究所 | Signing and decrypting method and system applied to cloud computing and based on SM2 algorithm |
CN104618116A (en) * | 2015-01-30 | 2015-05-13 | 北京数字认证股份有限公司 | Collaborative digital signature system and method |
CN105827412A (en) * | 2016-03-14 | 2016-08-03 | 中金金融认证中心有限公司 | Authentication method, server and client |
Cited By (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107124274A (en) * | 2017-05-18 | 2017-09-01 | 深圳奥联信息安全技术有限公司 | Digital signature method and device based on SM2 |
CN107360002A (en) * | 2017-08-15 | 2017-11-17 | 武汉信安珞珈科技有限公司 | A kind of application method of digital certificate |
CN107483212A (en) * | 2017-08-15 | 2017-12-15 | 武汉信安珞珈科技有限公司 | A kind of method of both sides' cooperation generation digital signature |
CN107566128A (en) * | 2017-10-10 | 2018-01-09 | 武汉大学 | A kind of two side's distribution SM9 digital signature generation methods and system |
CN109936455A (en) * | 2017-12-19 | 2019-06-25 | 航天信息股份有限公司 | A kind of methods, devices and systems of digital signature |
CN109936455B (en) * | 2017-12-19 | 2022-06-07 | 航天信息股份有限公司 | Digital signature method, device and system |
CN110690969B (en) * | 2018-07-06 | 2023-06-16 | 武汉信安珞珈科技有限公司 | Method and system for achieving bidirectional SSL/TLS authentication through multiparty cooperation |
CN110690969A (en) * | 2018-07-06 | 2020-01-14 | 武汉信安珞珈科技有限公司 | Method and system for completing bidirectional SSL/TLS authentication in cooperation of multiple parties |
CN108964906A (en) * | 2018-07-19 | 2018-12-07 | 数安时代科技股份有限公司 | The digital signature method of co-EC C |
CN109088726B (en) * | 2018-07-19 | 2021-01-26 | 郑州信大捷安信息技术股份有限公司 | SM2 algorithm-based collaborative signing and decrypting method and system for two communication parties |
CN108964906B (en) * | 2018-07-19 | 2021-05-28 | 数安时代科技股份有限公司 | Digital signature method for cooperation with ECC |
CN109088726A (en) * | 2018-07-19 | 2018-12-25 | 郑州信大捷安信息技术股份有限公司 | Communicating pair collaboration signature and decryption method and system based on SM2 algorithm |
CN109245903B (en) * | 2018-09-29 | 2021-10-01 | 北京信安世纪科技股份有限公司 | Signature method and device for cooperatively generating SM2 algorithm by two parties and storage medium |
CN109245903A (en) * | 2018-09-29 | 2019-01-18 | 北京信安世纪科技股份有限公司 | Both sides cooperate with endorsement method, device and the storage medium for generating SM2 algorithm |
CN109672539A (en) * | 2019-03-01 | 2019-04-23 | 深圳市电子商务安全证书管理有限公司 | SM2 algorithm collaboration signature and decryption method, apparatus and system |
CN109672539B (en) * | 2019-03-01 | 2021-11-05 | 深圳市电子商务安全证书管理有限公司 | SM2 algorithm collaborative signature and decryption method, device and system |
CN111756536A (en) * | 2020-07-03 | 2020-10-09 | 北京无字天书科技有限公司 | Signature private key generation and digital signature method |
WO2023174350A1 (en) * | 2022-03-17 | 2023-09-21 | 中国移动通信集团有限公司 | Identity authentication method, apparatus and device, and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106685651A (en) | Method for creating digital signatures by cooperation of client and server | |
CN107483212B (en) | Method for generating digital signature by cooperation of two parties | |
CN107948143B (en) | Identity-based privacy protection integrity detection method and system in cloud storage | |
Hsiang et al. | Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment | |
Chen et al. | Mobile device integration of a fingerprint biometric remote authentication scheme | |
CN107360002B (en) | Application method of digital certificate | |
US9166957B2 (en) | Digital file authentication using biometrics | |
CN107483191B (en) | SM2 algorithm key segmentation signature system and method | |
CN109818730B (en) | Blind signature acquisition method and device and server | |
CN101129018A (en) | Small public-key based digital signatures for authentication | |
US20160352525A1 (en) | Signature protocol | |
CN110138567A (en) | A kind of collaboration endorsement method based on ECDSA | |
CN110969431A (en) | Safe trusteeship method, equipment and system of block chain digital currency private key | |
CN109728896A (en) | A kind of incoming call certification and source tracing method and process based on block chain | |
Feng et al. | Anonymous authentication on trust in pervasive social networking based on group signature | |
Giri et al. | A novel and efficient session spanning biometric and password based three-factor authentication protocol for consumer USB mass storage devices | |
CN106851635A (en) | A kind of distributed signature method and system of identity-based | |
CN109951292A (en) | The SM9 digital signature simplified separates interaction generation method and system | |
US7424114B2 (en) | Method for enhancing security of public key encryption schemas | |
US20150006900A1 (en) | Signature protocol | |
CN107947939A (en) | Support the PDF endorsement methods and system of SM3 cryptographic Hash algorithm and SM2 Digital Signature Algorithms | |
CN107682156A (en) | A kind of encryption communication method and device based on SM9 algorithms | |
WO2016187689A1 (en) | Signature protocol | |
NL1043779B1 (en) | Method for electronic signing and authenticaton strongly linked to the authenticator factors possession and knowledge | |
Chen et al. | Threshold identity authentication signature: Impersonation prevention in social network services |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170517 |
|
RJ01 | Rejection of invention patent application after publication |