CN110247759A - A kind of SM9 private key generates and application method and system - Google Patents
A kind of SM9 private key generates and application method and system Download PDFInfo
- Publication number
- CN110247759A CN110247759A CN201910478593.5A CN201910478593A CN110247759A CN 110247759 A CN110247759 A CN 110247759A CN 201910478593 A CN201910478593 A CN 201910478593A CN 110247759 A CN110247759 A CN 110247759A
- Authority
- CN
- China
- Prior art keywords
- private key
- signature
- random bytes
- mark
- bytes string
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
Invention is the generation of SM9 private key and application method: for user identifier IDAWhen generating corresponding SM9 signature private key, private key generator generates a random bytes string, is incorporated into IDAObtain IDAE;Calculate t1=(H1(IDAE| | hid, n)+s) mod n, n is SM9 bilinear map order of a group, and hid is private key generating function identifier;If t1=0, then random bytes string is regenerated, merging obtains IDAE, calculate t1=(H1(IDAE| | hid, n)+s) mod n, until t1≠0;Then, t is calculated2=s (t1)‑1Mod n, dA=[t2]P1, s is main private key, P1It is crowd G1Generation member;Code component uses the SM9 private key d according to said method generatedAMessage is digitally signed, the ID for incorporating random bytes string is usedAEThe digital signature of message is verified.
Description
Technical field
The invention belongs to field of information security technology, especially a kind of SM9 private key generates and application method and system.
Background technique
SM9 is the id password calculation that bilinear map (pairing operation) is based on by one kind that national Password Management office promulgates
Method, bilinear map (pairing operation) therein are as follows:
E:G1×G2→GTWhen, wherein G1、G2It is addition cyclic group, GTIt is a multiplicative cyclic group, G1、G2、GTRank be element
Number n (note: in SM9 specification, G1、G2、GTRank be capital N, present patent application uses small letter n), even P, Q, R
Respectively G1、G2In member, then e (P, Q) be GTIn member, and:
E (P+R, Q)=e (P, Q) e (R, Q),
E (P, Q+R)=e (P, Q) e (P, R),
E (aP, bQ)=e (P, Q)ab。
Digital signature, key exchange and data encryption based on mark are able to achieve based on SM9 cryptographic algorithm.
In SM9 cryptographic algorithm, a user identifier IDAThe corresponding private key for signature is by key generation centre
(Key Generation Center, KGC) or private key generate system private key generator (Private Key Generator,
PKG it) is calculated as follows to obtain:
Calculate t1=(H1(IDA| | hid, n)+s) mod n, wherein H1It is hashing algorithm specified in SM9 specification, s is main
Private key or master key, n G1、G2、GTRank, hid be with the private key generating function identifier of a byte representation, | | indicate word
Section string merges, and mod n indicates that (note: the symbol that main private key or master key use in SM9 specification is ks, group to modulus n remainder operation
G1、G2、GTThe symbol of rank be N, be slightly different with patent application document);
If t1=0, then it needs to regenerate main private key, calculates and announce Your Majesty's key, and update the private key of existing subscriber;It is no
Then, t is calculated2=s (t1)-1Mod n, dA=[t2]P1, wherein (t1)-1It is t1Mould n multiplication it is inverse, P1For group G1Generation member, symbol
Number [] indicating multiple members (point) plus operation (scale multiplication is standardized referring to SM9), then dAIt is user identifier IDACorresponding label
Name private key.
Here work as t1When=0, if calculating and announcing Your Majesty's key by needing to regenerate main private key described in specification, update user
Private key, then, the identity private key of existing user must all be replaced, this will generate very big expense, the time for spending user very much,
It is most fearful, once this occurs, from the mark ID that can not generate user's SM9 private keyAIt can easily derive
The main private key or master key s used before id password system;If being utilized by malicious person, malicious person can generate it is any he need
The identity private key wanted is possible to the signed data for occurring largely forging in this way, than occurring the label of various forgeries if possible
Order, contract etc. after name, this harm will be huge.
Although there is t1=0 probability is minimum, and still, in the case where user volume is big, the minimum event of this probability is
Entirely possible generation, be minimum, but this pole from the angle of probability just as the thing much got huge rewards in the world
Small minimum event but has occurred really.
It should be pointed out that for data deciphering identity private key generation equally will appear the above user identifier private key without
Method leads to the problem of and main private key or master key is thus caused surprisingly to be revealed, and still, harm is less than private for signature
The case where key, because at this moment, even if malicious person can generate his desired identity private key, but he possibly can not obtain encrypted number
According to, therefore, also can not just decrypt acquisition clear data, even and if malicious person obtain encrypted data, and pass through generation
Corresponding identity private key decrypted data, this also only causes information leakage, without the order after the signature of forgery, conjunction
On an equal basis, damage to property, financial dispute will not be generated.
Summary of the invention
The purpose of the present invention is to propose to a kind of generation of SM9 signature private key, application method and corresponding system, to avoid
There is t1Generated various problems when=0, including avoid that main private key need to be regenerated, need to recalculate and disclose Your Majesty
Key, needs to update the private key of existing subscriber, and avoids thus revealing various potential problems caused by main private key.
SM9 signature private key generation method proposed by the present invention is specific as follows.
When user terminal private key obtain private key generator from client to server-side (Private Key Generator,
PKG) application obtains user identifier IDAWhen corresponding SM9 signature private key, private key generator generates user identifier as follows
IDACorresponding signature private key:
A random bytes string E is generated, mark ID is incorporated intoAIn obtain IDAE;
Calculate t1=(H1(IDAE| | hid, n)+s) mod n, wherein H1It is (the hash letter of hash function specified in SM9 algorithm
Number), s is main private key or master key, and n is group G in SM9 algorithm1、G2、GTRank, hid is generated with the private key of byte representation
Function identifier, | | indicate that the byte serial of data merges;
If t1=0, then random bytes string E is regenerated, ID is incorporated intoAIn obtain IDAE, calculate t1=(H1(IDAE||
Hid, n)+s) mod n, until t1≠0;
If t1≠ 0, then calculate t2=S (t1)-1Mod n, dA=[t2]P1, wherein P1It is group G in SM91Generation member;
Private key generator is by the SM9 signature private key d of generationA(or incorporate random bytes string E's with random bytes string E
IDAE) return to user terminal private key obtain client;
The private key of user terminal obtains client and saves the SM9 signature private key d returnedA, save the random bytes string E of return
(or incorporate the ID of random bytes string EAE), or (or the mark of random bytes string E is incorporated in the random bytes string E of return
IDAE) on the basis of form new data;The new data are the data (ratios verified for signature verification or assisted signature
It such as, include random bytes string E or IDAEDigital certificate, obtain random bytes string E index information);
The private key acquisition client is one of user terminal for obtaining the program of user's SM9 private key;The private key is raw
Growing up to be a useful person is the service system that SM9 identity private key is generated for user;
The random bytes string E, which is known as identifying, limits random bytes string;The ID for incorporating random bytes string EAEReferred to as
The mark that random bytes string E is limited;The User IDAItself it is one and does not include (except random bytes string E) other restriction letters
The user identifier (such as cell-phone number, E-mail address) of breath or one include (except random bytes string E) other restrictions
The user identifier (for example, attached the cell-phone number of time limit, E-mail address) of information.
For above-described SM9 signature private key generation method, the random bytes string E of generation is merged by private key generator
Identify IDAIn obtain IDAEMode includes: that random bytes string E is attached to ID by scheduled formatAIn (for example, by random bytes
String E is attached to ID in such a way that byte serial mergesAAfterwards, or before random bytes string E plus the bound symbol arranged or divide
After symbol, the random bytes string E that added bound symbol or separator is attached to ID in such a way that byte serial mergesAAfterwards etc.
Deng).
Based on SM9 signature private key generation method described above, corresponding SM9 private key can be constructed and generate system, system includes
The private key generator of server-side and the private key of user terminal obtain client;It is generated when the private key of user terminal obtains client to private key
Device request user identifier IDAWhen corresponding SM9 signature private key, private key generator presses SM9 signature private key generation side
Method generates user identifier IDACorresponding SM9 signature private key, and client is obtained by private key and is saved.
Application method by the SM9 signature private key of SM9 signature private key generation method described above generation is as follows.
When being digitally signed to message, (signer) code component, which uses, presses SM9 signature private key generation side
The SM9 signature private key d that method generatesAMessage is digitally signed;
When the digital signature to message is verified, (authentication) code component using it is described incorporate (or comprising
Have) the mark ID of random bytes string EAE(with IDAEAs public key) digital signature of message is verified.
It is used by SM9 signature private key application method described above and presses the above SM9 private key generation method SM9 generated
Signature private key is digitally signed message, needs to solve the problems, such as one, the code component for how allowing to carry out signature verification obtains
Obtain the mark ID that random bytes string E is incorporated needed for signature verificationAEIt is three kinds of possible modes (being not all of) below.
Mode one:
Code component uses SM9 signature private key dAThe data of rear signature generated are digitally signed to message
Include mark restriction random bytes string E in (Signed Data), or includes the mark ID that random bytes string E is limitedAE
(being put by code component or other assemblies);And the signature value (Signature in data of the code component to signature
Value, signature value are most basic digital signature data, i.e., usually said digital signature) verified before, code component or
The mark that other assemblies are inserted before first obtaining out from the data of signature limits random bytes string E, then marks it with user
Know IDAMerge and obtains the mark ID of random bytes string E restrictionAEOr code component or other assemblies elder generation are from the data of signature
The mark ID that the random bytes string E inserted before directly obtaining is limitedAE;ID is identified obtainingAEAfterwards, code component uses IDAEIt is right
Signature value (i.e. digital signature) in the data of signature is verified (data SignedData and signature value about signature
Relationship between Signature Value, can refer to PKCS#7);The other assemblies refer to the program except code component.
This usage mode is accomplished consistent with the usage mode of existing SM9 signature private key in the data plane of signature.
Mode two:
When being digitally signed to message, mark is limited random bytes string E as filling or additional number by code component
According to filling or be attached to using user's SM9 signature private key dACarry out (i.e. signature operation in obtained signature value after signature operation
In obtained most basic digital signature data);And when the digital signature to message is verified, code component is from signature value
Filling or additional data in obtain mark and limit random bytes string E, the mark of acquisition is then limited into random bytes string E and is merged
To user identifier IDAIn, obtain the mark ID of random bytes string E restrictionAE, then use IDAETo having removed filling or additional number
According to signature value (i.e. digital signature) verified;The other assemblies refer to the program except code component.
This usage mode accomplishes signature value level, i.e., most basic crypto module level (for example, WindowS CSP,
PKCS#11 module), it is consistent with the usage mode of existing SM9 signature private key.
Mode three:
When being digitally signed to message, code component or other assemblies will acquire the mark that random bytes string E is limited
IDAEIndex information be put into using SM9 signature private key dAMessage sign the data (Signed of signature generated
Data) or in signature value (Signature Value), and when the digital signature to message carries out signature verification, code component
Or other assemblies first obtain ID from the data or signature value of signatureAEIndex information, then obtained using index information random
The ID that byte serial E is limitedAE(such as from an information database, medium from the data information published), then using obtaining
IDAEThe digital signature of message is verified;The other assemblies refer to the program except code component.
This usage mode accomplishes data or signature value or application and existing SM9 signature private key in signature
Usage mode is consistent.
Based on SM9 signature private key generation method described above and SM9 signature private key application method, corresponding SM9 can be constructed
Cryptographic system, system include that SM9 private key generates system and code component, and SM9 private key generates the private that system includes server-side
The private key of key generator and user terminal obtains client;
When the private key of user terminal obtains client to private key generator request user identifier IDACorresponding SM9 label
When name private key, private key generator generates user identifier ID by aforementioned SM9 signature private key generation methodACorresponding SM9 signs private
Key obtains client by private key and saves;
When being digitally signed to message, (signer) code component presses the SM9 signature private key application method pair
Message is digitally signed;
When the digital signature to message is verified, (authentication) code component is used by the SM9 signature private key
Signature verification mode described in method verifies the digital signature of message.
It can be seen that, based on SM9 signature private key generation method of the invention and system, generating user's mark from the above description
Know private key IDACorresponding private key dADuring, even if there is t1=0 the case where, without regenerating main private key, nothing
Your Majesty's key need to be recalculated and announce, without updating the private key of existing subscriber, and the external world does not know to have said such case yet, from
And it avoids said before working as and t occurs1Generated various problems when=0 the case where;And it establishes and signs in SM9 of the invention
SM9 signature private key application method on the basis of private key generation method, the usage mode of SM9 signature private key and common SM9 sign
The usage mode of private key does not have the difference of essence, and generates and application method institute according to based on SM9 signature private key of the invention
The cryptographic system of building, digital signature applications program can carry out number to message as the mode usually using SM9 signature private key
Signature carries out signature verification to the digital signature of message.
Detailed description of the invention
Fig. 1 is SM9 signature private key acquisition of the invention, product process
Fig. 2 is to generate system using the SM9 signature private key of SM9 signature private key generation method of the present invention
Fig. 3 is the SM9 cryptographic system using SM9 signature private key of the present invention generation, application method
Specific embodiment
The present invention will be further described with reference to the examples below.Following embodiment does not represent all possible implementation
Example, it is not as a limitation of the invention.
Embodiment 1,
In the present embodiment, as shown in Figure 1, obtaining use to private key generator application when the private key of user terminal obtains client
Family identifies IDAWhen corresponding SM9 signature private key, private key generator generates a random bytes string E, is incorporated into mark IDA
In obtain IDAE;Calculate t1=(H1(IDAE| | hid, n)+s) mod n, wherein n is group G in SM9 algorithm1、G2、GTRank, hid is
With the private key generating function identifier (being standardized referring to SM9) of a byte representation;If t1=0, then regenerate random bytes string
E is incorporated into IDAIn obtain mark IDAE, calculate t1=(H1(IDAE| | hid, n)+s) mod n, until t1≠ 0, wherein s be
Main private key or master key;If t1≠ 0, calculate t2=s (t1)-1Mod n, dA=[t2]P1, wherein P1It is group G in SM91Generation
Member;Private key generator is by the signature private key d of generationAWith random bytes string E (or random bytes string E limit mark IDAE) return
Client is obtained to the private key of user terminal;The private key of user terminal obtains client and saves the SM9 signature private key d returnedA, preservation returns
Return random bytes string E (or random bytes string E limit mark IDAE), or in random bytes string E (or the random words of return
The mark ID that section string E is limitedAE) on the basis of form new data, for example, including random bytes string E or IDAEDigital certificate,
Obtain the index information of random bytes string E.
In this embodiment, the random bytes string E of generation is merged into mark ID by private key generatorAIn obtain by random words
The ID that section string E is limitedAEMode it is as follows:
Random bytes string E is attached to ID by scheduled formatAIn, for example, directly random bytes string E is closed by byte serial
And mode be attached to IDAAfterwards, or before random bytes string E the bound symbol or separator of agreement are added, for example is accorded with
Number ' # ' or, | ' or ' % ' then will added the random bytes string E of bound symbol or separator in such a way that byte serial merges
It is attached to IDAAfterwards, if for example, user identifier IDAIt is user@example.com, and the random bytes generated when private key generation
The E that goes here and there is 3Ayu75Xy8, then IDAEIt may is that
User@example.com#3Ayu75Xy8,
Or, user@example.com | 3Ayu75Xy8,
Or, user@example.com%3Ayu75Xy8.
For another example, if user identifier IDAIt is the mark limited plus Time Validity: user@example.com |
[2019:05:01-2019:0801],
And private key when generating the random bytes string E that generates be 3Ayu75Xy8, then IDAEIt may is that
User@example.com | [2019:05:01-2019:0801] #3Ayu75Xy8,
Or, user@example.com | [2019:05:01-2019:0801] | 3Ayu75Xy8,
Or, user@example.com | [2019:05:01-2019:0801] %3Ayu75Xy8.
Embodiment 2
This embodiment is that the SM9 private key based on SM9 signature private key generation method of the invention generates system, such as Fig. 2
Shown, this private key generates the private key generator that system includes server-side and the private key of user terminal obtains client;When user terminal
Private key obtains client to private key generator request user identifier IDAWhen corresponding SM9 signature private key, private key generator
User identifier ID is generated by SM9 signature private key generation method of the inventionACorresponding SM9 signature private key obtains visitor by private key
Family end saves.
A key for implementing SM9 signature private key application method of the invention how is readily obtained in signature verification
The mark ID that random word string limitsEA, the following examples 3,4,5 give the three of SM9 signature private key application method of the invention
Kind possible embodiment (but being not all of).
Embodiment 3
This embodiment is to be counted using the SM9 signature private key generated by aforementioned SM9 signature private key generation method to message
The application of word signature, specifically:
When being digitally signed to message, (signer) code component, which uses, presses SM9 signature private key generation side
The SM9 signature private key d that method generatesAMessage is digitally signed;
When the digital signature to message is verified, (authentication) code component using it is described incorporate (or comprising
Have) the mark ID of random bytes string EAE(with IDAEAs public key) digital signature of message is verified.
In order to enable the code component for carrying out signature verification obtains the mark for incorporating random bytes string E needed for signature verification
Know IDAE, code component use SM9 signature private key dAData (the Signed of rear signature generated is digitally signed to message
It Data include that mark limits the mark ID that random bytes string E or random bytes string E is limited in)AE(by code component or other groups
Part is put into);And (Signature Value, signature value are most basic numbers to the signature value in data of the code component to signature
Word signed data, i.e., usually said digital signature) verified before, code component or other assemblies are first from the data of signature
The mark inserted before obtaining out limits random bytes string E, then by itself and user identifier IDAMerging obtains random bytes string E
The mark ID of restrictionAEOr code component or other assemblies first directly obtain the random words inserted before from the data of signature
The mark ID that section string E is limitedAE;ID is identified obtainingAEAfterwards, code component uses IDAE(i.e. to the signature value in the data of signature
Digital signature) verified (about the data of signature, SignedData and signature value, Signature Value, between pass
System, can refer to PKCS#7);The other assemblies refer to the program except code component.
Embodiment 4,
This embodiment is also to be carried out using the SM9 signature private key generated by aforementioned SM9 signature private key generation method to message
The application of digital signature, specifically:
When being digitally signed to message, (signer) code component, which uses, presses SM9 signature private key generation side
The SM9 signature private key d that method generatesAMessage is digitally signed;
When the digital signature to message is verified, (authentication) code component using it is described incorporate (or comprising
Have) the mark ID of random bytes string EAE(with IDAEAs public key) digital signature of message is verified.
In order to enable the code component for carrying out signature verification obtains the mark for incorporating random bytes string E needed for signature verification
Know IDAE, when being digitally signed to message, mark is limited random bytes string E as filling or additional data by code component
It fills or is attached to using user's SM9 signature private key dACarry out after signature operation (i.e. signature operation shape in obtained signature value
At most basic digital signature data in);And when the digital signature to message is verified, code component is from signature value
Mark is obtained in filling or additional data and limits random bytes string E, and the mark of acquisition is then limited into random bytes string E and is merged into
User identifier IDAIn, obtain the mark ID of random bytes string E restrictionAE, then use IDAETo having removed filling or additional data
Signature value (i.e. digital signature) verified;The other assemblies refer to the program except code component.
Embodiment 5,
This embodiment is also to be carried out using the SM9 signature private key generated by aforementioned SM9 signature private key generation method to message
The application of digital signature, specifically:
When being digitally signed to message, (signer) code component, which uses, presses SM9 signature private key generation side
The SM9 signature private key d that method generatesAMessage is digitally signed;
When the digital signature to message is verified, (authentication) code component using it is described incorporate (or comprising
Have) the mark ID of random bytes string EAE(with IDAEAs public key) digital signature of message is verified.
In order to enable the code component for carrying out signature verification obtains the mark for incorporating random bytes string E needed for signature verification
Know IDAE, when being digitally signed to message, code component or other assemblies will acquire the mark that random bytes string E is limited
IDAEIndex information be put into using SM9 signature private key dAMessage sign the data of signature generated
(SignedData) close or in signature value (Signature Value), and when the digital signature to message carries out signature verification
Code character part or other assemblies obtain ID from the data or signature value of signatureAEIndex information, then using index information obtain
The ID that random bytes string E is limitedAE(such as from an information database, medium from the data information published), then utilizes
The ID of acquisitionAESignature verification is carried out to the digital signature of message;The other assemblies refer to the program except code component.
Embodiment 6,
This embodiment is one based on SM9 signature private key generation method of the invention, SM9 signature private key application method
SM9 cryptographic system, as shown in figure 3, system includes that SM9 private key generates system and code component, and SM9 private key generates system packet
The private key of the private key generator and user terminal that include server-side obtains client;Digital signature applications program is by calling code component
It is digitally signed and signature verification operations;It is marked when the private key of user terminal obtains client to private key generator request user
Know IDAWhen corresponding SM9 signature private key, private key generator generates user identifier ID by aforementioned SM9 signature private key generation methodA
Corresponding SM9 signature private key obtains client by private key and saves;When being digitally signed to message, (signer) is close
Code character part is digitally signed message by aforementioned SM9 signature private key application method;When the digital signature to message is verified
When, (authentication) code component is by signature verification mode described in aforementioned SM9 signature private key application method to the number of message
Word signature is verified.
Other unaccounted particular techniques are implemented, and are it is well known that not saying certainly for those skilled in the relevant art
Bright.
Claims (8)
1. a kind of SM9 signature private key generation method, it is characterized in that:
User identifier ID is obtained to the private key generator application of server-side when the private key of user terminal obtains clientACorresponding SM9
When signature private key, private key generator generates user identifier ID as followsACorresponding signature private key:
A random bytes string E is generated, mark ID is incorporated intoAIn obtain IDAE;
Calculate t1=(H1(IDAE| | hid, n)+s) mod n, wherein H1It is hash function specified in SM9 algorithm, s is main private key
Or master key, n are group G in SM9 algorithm1、G2、GTRank, hid be with the private key generating function identifier of a byte representation, | |
Indicate that the byte serial of data merges;
If t1=0, then random bytes string E is regenerated, ID is incorporated intoAIn obtain IDAE, calculate t1=(H1(IDAE| | hid,
N)+s) mod n, until t1≠0;
If t1≠ 0, then calculate t2=s (t1)-1Mod n, dA=[t2]P1, wherein P1It is group G in SM91Generation member;
Private key generator is by the SM9 signature private key d of generationAClient is obtained with the random bytes string E private key for returning to user terminal;
The private key of user terminal obtains client and saves the SM9 signature private key d returnedA, save random bytes the string E, Huo Zhe of return
New data are formed on the basis of the random bytes string E of return;The new data are for signature verification or assisted signature
The data of verifying;
The private key acquisition client is one of user terminal for obtaining the program of user's SM9 private key;The private key generator
It is the service system that SM9 identity private key is generated for user;
The random bytes string E, which is known as identifying, limits random bytes string;The ID for incorporating random bytes string EAEIt is referred to as random
The mark that byte serial E is limited;The User IDAIt itself is the user identifier or one for not including other prescribed informations
A user identifier comprising other prescribed informations.
2. SM9 signature private key generation method according to claim 1, it is characterized in that:
The random bytes string E of generation is merged into mark ID by private key generatorAIn obtain IDAEMode includes: by scheduled format
Random bytes string E is attached to IDAIn.
3. a kind of SM9 private key based on SM9 signature private key generation method as claimed in claim 1 or 2 generates system, it is characterized in that:
The private key generates the private key generator that system includes server-side and the private key of user terminal obtains client;When user terminal
Private key obtains client to private key generator request user identifier IDAWhen corresponding SM9 signature private key, private key generator
User identifier ID is generated by the SM9 signature private key generation methodACorresponding SM9 signature private key, and client is obtained by private key
End saves.
4. a kind of SM9 signature private key application method based on SM9 signature private key generation method described in claim 1, it is characterized in that:
When being digitally signed to message, code component is used signs by the SM9 that the SM9 signature private key generation method generates
Private key dAMessage is digitally signed;
When the digital signature to message is verified, code component uses the mark ID for incorporating random bytes string EAEIt is right
The digital signature of message is verified.
5. SM9 signature private key application method according to claim 4, it is characterized in that: allowing to carry out the password of signature verification
Component obtains the mark ID that random bytes string E is incorporated needed for signature verificationAEA kind of method it is as follows:
Code component uses SM9 signature private key dABeing digitally signed in the data of rear signature generated to message includes mark
Know and limit random bytes string E, or includes the mark ID that random bytes string E is limitedAE;And in code component to the data of signature
In signature value verified before, mark limit that code component or other assemblies are inserted before first obtaining out from the data of signature
Random bytes string E is determined, then by itself and user identifier IDAMerge and obtains the mark ID of random bytes string E restrictionAEOr password
The mark ID that the random bytes string E that component or other assemblies are inserted before first directly obtaining from the data of signature is limitedAE;It is obtaining
ID must be identifiedAEAfterwards, code component uses IDAESignature value in the data of signature is verified;The other assemblies refer to close
Program except code character part.
6. SM9 signature private key application method according to claim 4, it is characterized in that: allowing to carry out the password of signature verification
Component obtains the mark ID that random bytes string E is incorporated needed for signature verificationAEA kind of method it is as follows:
When being digitally signed to message, mark is limited random bytes string E as filling or additional data and filled out by code component
It fills or is attached to using user's SM9 signature private key dAIt carries out after signature operation in obtained signature value;And in the number to message
When word signature is verified, code component obtains mark from the filling of signature value or additional data and limits random bytes string E, so
The mark of acquisition is limited into random bytes string E afterwards and is merged into user identifier IDAIn, obtain the mark of random bytes string E restriction
IDAE, then use IDAEThe signature value for having removed filling or additional data is verified;The other assemblies refer to cipher code set
Program except part.
7. SM9 signature private key application method according to claim 4, it is characterized in that: allowing to carry out the password of signature verification
Component obtains the mark ID that random bytes string E is incorporated needed for signature verificationAEA kind of method it is as follows:
When being digitally signed to message, code component or other assemblies will acquire the mark ID that random bytes string E is limitedAE's
Index information is put into using SM9 signature private key dAMessage sign signature generated data or signature value in, and
When carrying out signature verification to the digital signature of message, code component or other assemblies are first obtained from the data or signature value of signature
IDAEIndex information, then using index information obtain random bytes string E limit IDAE, then utilize the ID obtainedAEIt offsets
The digital signature of breath is verified;The other assemblies refer to the program except code component.
8. a kind of SM9 cryptographic system based on SM9 signature private key application method described in any one of claim 4-7, feature
It is:
The SM9 cryptographic system includes that SM9 private key generates system and code component, and it includes service that SM9 private key, which generates system,
The private key generator at end and the private key of user terminal obtain client;
When the private key of user terminal obtains client to private key generator request user identifier IDACorresponding SM9 signature private key
When, private key generator generates user identifier ID by aforementioned SM9 signature private key generation methodACorresponding SM9 signature private key, by private
Key obtains client and saves;
When being digitally signed to message, code component carries out digital label to message by the SM9 signature private key application method
Name;
When the digital signature to message is verified, code component is by label described in the SM9 signature private key application method
Name verification mode verifies the digital signature of message.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910478593.5A CN110247759B (en) | 2019-06-03 | 2019-06-03 | SM9 private key generation and use method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910478593.5A CN110247759B (en) | 2019-06-03 | 2019-06-03 | SM9 private key generation and use method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110247759A true CN110247759A (en) | 2019-09-17 |
CN110247759B CN110247759B (en) | 2020-07-10 |
Family
ID=67885881
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910478593.5A Active CN110247759B (en) | 2019-06-03 | 2019-06-03 | SM9 private key generation and use method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110247759B (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111064564A (en) * | 2019-12-31 | 2020-04-24 | 武汉理工大学 | SM9 signature private key generation and digital signature method, system and device |
CN111082932A (en) * | 2019-12-25 | 2020-04-28 | 武汉理工大学 | Anti-repudiation identification private key generation and digital signature method, system and device |
CN111262691A (en) * | 2020-01-07 | 2020-06-09 | 武汉理工大学 | Identification private key generation and use method, system and device based on hybrid master key |
CN111866547A (en) * | 2020-07-30 | 2020-10-30 | 北京万协通信息技术有限公司 | Novel video tamper-proofing method |
CN115174100A (en) * | 2022-06-21 | 2022-10-11 | 武汉理工大学 | Password processing method and system for gPRC data |
Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR914757A (en) * | 1944-11-10 | 1946-10-17 | Ericsson Telefon Ab L M | Device for disconnecting false calls in automatic telephony |
CN104753917A (en) * | 2013-12-30 | 2015-07-01 | 三星Sds株式会社 | System and method for identity-based key management |
CN107395368A (en) * | 2017-08-18 | 2017-11-24 | 北京无字天书科技有限公司 | Without the digital signature method in media environment and solution encapsulating method and decryption method |
CN107566128A (en) * | 2017-10-10 | 2018-01-09 | 武汉大学 | A kind of two side's distribution SM9 digital signature generation methods and system |
CN107579819A (en) * | 2017-09-13 | 2018-01-12 | 何德彪 | A kind of SM9 digital signature generation method and system |
CN107819585A (en) * | 2017-11-17 | 2018-03-20 | 武汉理工大学 | SM9 digital signature cooperates with generation method and system |
CN107864037A (en) * | 2017-10-25 | 2018-03-30 | 深圳奥联信息安全技术有限公司 | SM9 Combination with Digital endorsement method and device |
CN108259179A (en) * | 2016-12-29 | 2018-07-06 | 航天信息股份有限公司 | A kind of encryption-decryption coprocessor and its operation method based on SM9 id password algorithms |
CN108418686A (en) * | 2017-11-23 | 2018-08-17 | 矩阵元技术(深圳)有限公司 | A kind of how distributed SM9 decryption methods and medium and key generation method |
CN108551392A (en) * | 2018-04-13 | 2018-09-18 | 武汉大学 | A kind of Proxy Signature generation method and system based on SM9 digital signature |
CN109361519A (en) * | 2018-12-07 | 2019-02-19 | 武汉理工大学 | A kind of improved generation method and system comprising secret number |
-
2019
- 2019-06-03 CN CN201910478593.5A patent/CN110247759B/en active Active
Patent Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR914757A (en) * | 1944-11-10 | 1946-10-17 | Ericsson Telefon Ab L M | Device for disconnecting false calls in automatic telephony |
CN104753917A (en) * | 2013-12-30 | 2015-07-01 | 三星Sds株式会社 | System and method for identity-based key management |
CN108259179A (en) * | 2016-12-29 | 2018-07-06 | 航天信息股份有限公司 | A kind of encryption-decryption coprocessor and its operation method based on SM9 id password algorithms |
CN107395368A (en) * | 2017-08-18 | 2017-11-24 | 北京无字天书科技有限公司 | Without the digital signature method in media environment and solution encapsulating method and decryption method |
CN107579819A (en) * | 2017-09-13 | 2018-01-12 | 何德彪 | A kind of SM9 digital signature generation method and system |
CN107566128A (en) * | 2017-10-10 | 2018-01-09 | 武汉大学 | A kind of two side's distribution SM9 digital signature generation methods and system |
CN107864037A (en) * | 2017-10-25 | 2018-03-30 | 深圳奥联信息安全技术有限公司 | SM9 Combination with Digital endorsement method and device |
CN107819585A (en) * | 2017-11-17 | 2018-03-20 | 武汉理工大学 | SM9 digital signature cooperates with generation method and system |
CN108418686A (en) * | 2017-11-23 | 2018-08-17 | 矩阵元技术(深圳)有限公司 | A kind of how distributed SM9 decryption methods and medium and key generation method |
CN108551392A (en) * | 2018-04-13 | 2018-09-18 | 武汉大学 | A kind of Proxy Signature generation method and system based on SM9 digital signature |
CN109361519A (en) * | 2018-12-07 | 2019-02-19 | 武汉理工大学 | A kind of improved generation method and system comprising secret number |
Non-Patent Citations (1)
Title |
---|
袁峰: ""SM9标识密码算法综述"", 《信息安全研究》 * |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111082932A (en) * | 2019-12-25 | 2020-04-28 | 武汉理工大学 | Anti-repudiation identification private key generation and digital signature method, system and device |
CN111082932B (en) * | 2019-12-25 | 2023-03-28 | 武汉理工大学 | Anti-repudiation identification private key generation and digital signature method, system and device |
CN111064564A (en) * | 2019-12-31 | 2020-04-24 | 武汉理工大学 | SM9 signature private key generation and digital signature method, system and device |
CN111064564B (en) * | 2019-12-31 | 2023-03-28 | 武汉理工大学 | SM9 signature private key generation and digital signature method, system and device |
CN111262691A (en) * | 2020-01-07 | 2020-06-09 | 武汉理工大学 | Identification private key generation and use method, system and device based on hybrid master key |
CN111262691B (en) * | 2020-01-07 | 2023-04-25 | 武汉理工大学 | Identification private key generation and use method, system and device based on mixed master key |
CN111866547A (en) * | 2020-07-30 | 2020-10-30 | 北京万协通信息技术有限公司 | Novel video tamper-proofing method |
CN115174100A (en) * | 2022-06-21 | 2022-10-11 | 武汉理工大学 | Password processing method and system for gPRC data |
CN115174100B (en) * | 2022-06-21 | 2024-04-12 | 武汉理工大学 | Password processing method and system for gRPC data |
Also Published As
Publication number | Publication date |
---|---|
CN110247759B (en) | 2020-07-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110247759A (en) | A kind of SM9 private key generates and application method and system | |
CN107579819B (en) | A kind of SM9 digital signature generation method and system | |
CN103490901B (en) | Key based on combination key system generates and distribution method | |
CN108809658A (en) | A kind of digital signature method and system of the identity base based on SM2 | |
CN107196966A (en) | The identity identifying method and system of multi-party trust based on block chain | |
EP2372948A1 (en) | Method, device, and system for an identity-based forward-secure digital signature | |
CN111010272B (en) | Identification private key generation and digital signature method, system and device | |
CN109003083A (en) | A kind of ca authentication method, apparatus and electronic equipment based on block chain | |
EP2285040A1 (en) | Two-factor combined public key generation and authentication method | |
CN112311538B (en) | Identity verification method, device, storage medium and equipment | |
CN107707358A (en) | A kind of EC KCDSA digital signature generation method and system | |
CN113067823B (en) | Mail user identity authentication and key distribution method, system, device and medium | |
CN106899413B (en) | Digital signature verification method and system | |
CN105978695A (en) | Batch self-auditing method for cloud storage data | |
CN108881279B (en) | Mobile health medical sensor data privacy protection method | |
CN104753680A (en) | Privacy protection and authentication method in vehicle-mounted self-organizing network | |
CN108551435B (en) | Verifiable encryption group signature method with anonymity | |
CN110138567A (en) | A kind of collaboration endorsement method based on ECDSA | |
CN111984959B (en) | Anonymous information publishing and verifying method and device | |
JP2015501110A (en) | Group encryption method and device | |
CN108768975A (en) | Support the data integrity verification method of key updating and third party's secret protection | |
CN116566626B (en) | Ring signature method and apparatus | |
CN103634788A (en) | Certificateless multi-proxy signcryption method with forward secrecy | |
CN109245899A (en) | One kind being based on the novel trust chain design method of SM9 cryptographic algorithm | |
CN111541666A (en) | Certificateless cloud end data integrity auditing method with privacy protection function |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |