CN111125781A

CN111125781A - File signature method and device and file signature verification method and device

Info

Publication number: CN111125781A
Application number: CN201911346101.3A
Authority: CN
Inventors: 陈信雄
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd
Priority date: 2019-12-24
Filing date: 2019-12-24
Publication date: 2020-05-08
Anticipated expiration: 2039-12-24
Also published as: CN111125781B

Abstract

The application discloses a file signature method and device and a file signature verification method and device; the method and the device can perform Hash operation on the electronic file to obtain a first Hash value; performing logic operation on bytes in the electronic file to obtain a byte sequence; performing hash operation on the byte sequence to obtain a second hash value; carrying out Hash operation on the public key of the electronic file to obtain a third Hash value; splicing the first hash value, the second hash value, the third hash value and the attribute information of the electronic file to obtain an information sequence; based on the private key of the electronic file, encrypting the information sequence to obtain signature information of the electronic file; according to the method and the device, the complexity of the algorithm is increased by improving the flow of Hash operation and encryption processing, so that the cracking difficulty of the encrypted information is further improved, and the security of the file signature is improved.

Description

File signature method and device and file signature verification method and device

Technical Field

The application relates to the technical field of information security, in particular to a file signature method and device and a file signature verification method and device.

Background

With the development of information technology, especially the rapid development of the internet, corresponding electronic commerce and the like can be carried out on the internet, and the application of electronic signatures is more and more extensive. The electronic signature is a signature of an electronic form of an electronic document through a cryptographic technique, and provides a security mechanism for electronic commerce and the like. Because the network security is becoming more important due to the openness and sharing of the network, the security of electronic signatures is being emphasized.

In some related technologies at present, an asymmetric encryption and a hash algorithm are used for an electronic signature technology, and generally, when an electronic file is electronically signed, a hash algorithm is directly used for hash operation on the electronic file, and then a result after the hash operation is encrypted by using a private key to obtain signature information of the electronic file; when the signature of the electronic file is verified, the same hash algorithm is adopted to carry out hash operation on the electronic file, the public key is used for decrypting the signature information of the electronic file, the decrypted result is compared with the result after the hash operation, and if the two results are the same, the verification is passed. The hash algorithm is adopted more directly, so that the algorithm complexity is low, the algorithm is easy to crack, and the process of verifying the signature can be cracked as long as the modified hash value of the electronic file is consistent with the decrypted result by using an exhaustion method, so that the security is low.

Disclosure of Invention

The embodiment of the application provides a file signature method and device and a file signature verification method and device, and can improve the security of file signatures by increasing the complexity of an algorithm.

The embodiment of the application provides a file signature method, which comprises the following steps:

carrying out Hash operation on the electronic file to obtain a first Hash value;

performing logic operation on bytes in the electronic file to obtain a byte sequence;

performing hash operation on the byte sequence to obtain a second hash value;

carrying out Hash operation on the public key of the electronic file to obtain a third Hash value;

splicing the first hash value, the second hash value, the third hash value and the attribute information of the electronic file to obtain an information sequence;

and based on the private key of the electronic file, encrypting the information sequence to obtain the signature information of the electronic file.

The embodiment of the application provides a file signature verification method, which comprises the following steps:

carrying out decryption operation on the signature information based on a public key of the electronic file to obtain a decrypted information sequence;

carrying out Hash operation on the electronic file to obtain a first verification Hash value;

performing logic operation on bytes in the electronic file to obtain a verification byte sequence;

performing hash operation on the verification byte sequence to obtain a second verification hash value;

carrying out Hash operation on the public key of the electronic file to obtain a third verification Hash value;

splicing the first verification hash value, the second verification hash value, the third verification hash value and the attribute information of the electronic file to obtain a verification information sequence;

and verifying the signature information of the electronic file based on the verification information sequence and the decrypted information sequence.

Correspondingly, an embodiment of the present application provides a file signature apparatus, including:

the first hash unit is used for carrying out hash operation on the electronic file to obtain a first hash value;

the first logic operation unit is used for carrying out logic operation on bytes in the electronic file to obtain a byte sequence;

the second hash unit is used for carrying out hash operation on the byte sequence to obtain a second hash value;

the third hash unit is used for carrying out hash operation on the public key of the electronic file to obtain a third hash value;

the first splicing unit is used for splicing the first hash value, the second hash value, the third hash value and the attribute information of the electronic file to obtain an information sequence;

and the encryption unit is used for encrypting the information sequence based on the private key of the electronic file to obtain the signature information of the electronic file.

Correspondingly, an embodiment of the present application provides a file signature verification apparatus, including:

the decryption unit is used for carrying out decryption operation on the signature information based on the public key of the electronic file to obtain a decrypted information sequence;

the first verification hash unit is used for carrying out hash operation on the electronic file to obtain a first verification hash value;

the second logic operation unit is used for performing logic operation on the bytes in the electronic file to obtain a verification byte sequence;

the second verification hash unit is used for carrying out hash operation on the verification byte sequence to obtain a second verification hash value;

the third verification hash unit is used for carrying out hash operation on the public key of the electronic file to obtain a third verification hash value;

the second splicing unit is used for splicing the first verification hash value, the second verification hash value, the third verification hash value and the attribute information of the electronic file to obtain a verification information sequence;

and the verification unit is used for verifying the signature information of the electronic file based on the verification information sequence and the decrypted information sequence.

Optionally, in some embodiments of the present application, the first logical operation unit may include a first extraction subunit, a second extraction subunit, and a logical operation subunit, as follows:

the first extraction subunit is configured to extract all even-numbered bytes in the electronic file to obtain an even-numbered byte sequence;

the second extraction subunit is used for extracting all the odd bytes in the electronic file to obtain an odd byte sequence;

and the logic operation subunit is used for performing logic operation on the even byte sequence and the odd byte sequence to obtain a byte sequence.

Optionally, in some embodiments of the present application, the attribute information of the electronic file includes a plurality of pieces of sub-attribute information; the first stitching unit may include a first calculating subunit, a first ordering subunit, and a first stitching subunit, as follows:

the first calculating subunit is configured to calculate a hash value of each piece of sub-attribute information of the electronic file;

the first ordering subunit is used for ordering the first hash value, the second hash value, the third hash value and the sub-attribute information of the electronic file based on the size of the hash value to obtain ordered information;

and the first splicing subunit is used for splicing the sorted information to obtain an information sequence.

Optionally, in some embodiments of the present application, the encryption unit may include a first hashing sub-unit and an encryption sub-unit, as follows:

the first hash subunit is configured to perform hash operation on the information sequence to obtain a hash value of the information sequence;

and the encryption subunit is used for encrypting the hash value of the information sequence based on the private key of the electronic file to obtain the signature information of the electronic file.

Optionally, in some embodiments of the present application, the file signing apparatus may further include a storage unit, as follows:

the storage unit is used for storing the attribute information, the signature information and the public key of the electronic file into an auxiliary file of the electronic file; or storing the attribute information, the signature information and the public key of the electronic file into a hidden field of the electronic file.

Optionally, in some embodiments of the present application, the attribute information of the electronic file includes a plurality of pieces of sub-attribute information; the second concatenation unit may include a second calculation subunit, a second ordering subunit, a second concatenation subunit, and a second hash subunit, as follows

The second calculating subunit is configured to calculate a hash value of each piece of sub-attribute information of the electronic file;

the second sorting subunit is used for sorting the first verification hash value, the second verification hash value, the third verification hash value and the sub-attribute information of the electronic file based on the size of the hash value to obtain sorted verification information;

the second splicing subunit is used for splicing the sorted verification information to obtain spliced verification information;

and the second Hash subunit is used for carrying out Hash operation on the spliced verification information to obtain a verification information sequence.

Optionally, in some embodiments of the present application, the verification unit may include a comparison subunit and a verification subunit, as follows:

the comparison subunit is configured to compare the verification information sequence with the decrypted information sequence to obtain a comparison result;

and the verification subunit is used for verifying the signature information of the electronic file according to the comparison result.

The electronic device provided by the embodiment of the application comprises a processor and a memory, wherein the memory stores a plurality of instructions, and the processor loads the instructions to execute the steps in the file signature method and the file signature verification method provided by the embodiment of the application.

In addition, the embodiment of the present application further provides a storage medium, on which a computer program is stored, wherein the computer program, when executed by a processor, implements the steps in the file signature method and the file signature verification method provided by the embodiment of the present application.

The embodiment of the application provides a file signature method and device and a file signature verification method and device, which can perform hash operation on an electronic file to obtain a first hash value; performing logic operation on bytes in the electronic file to obtain a byte sequence; performing hash operation on the byte sequence to obtain a second hash value; carrying out Hash operation on the public key of the electronic file to obtain a third Hash value; splicing the first hash value, the second hash value, the third hash value and the attribute information of the electronic file to obtain an information sequence; based on the private key of the electronic file, encrypting the information sequence to obtain signature information of the electronic file; according to the method and the device, the complexity of the algorithm is increased by improving the flow of Hash operation and encryption processing, so that the cracking difficulty of the encrypted information is further improved, and the security of the file signature is improved.

Drawings

In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.

Fig. 1a is a schematic view of a scene of a file signature method provided in an embodiment of the present application;

FIG. 1b is a flowchart of a document signing method provided by an embodiment of the present application;

FIG. 1c is another flowchart of a document signing method provided by an embodiment of the present application;

FIG. 1d is another flowchart of a document signing method provided by an embodiment of the present application;

FIG. 1e is another flowchart of a document signing method provided by an embodiment of the present application;

FIG. 1f is another flowchart of a document signing method provided by an embodiment of the present application;

FIG. 1g is another flowchart of a document signing method provided by an embodiment of the present application;

FIG. 1h is another flowchart of a document signing method provided by an embodiment of the present application;

FIG. 2a is a flowchart of a document signature verification method provided by an embodiment of the present application;

FIG. 2b is another flowchart of a document signature verification method provided by an embodiment of the present application;

FIG. 3a is a schematic structural diagram of a document signing apparatus provided in an embodiment of the present application;

FIG. 3b is a schematic structural diagram of a document signature verification apparatus according to an embodiment of the present application;

FIG. 3c is a schematic structural diagram of a document signing apparatus according to an embodiment of the present application;

FIG. 3d is a schematic structural diagram of a document signing apparatus according to an embodiment of the present application;

FIG. 3e is a schematic structural diagram of a document signing apparatus provided in the embodiment of the present application;

FIG. 3f is a schematic structural diagram of a document signature verification apparatus according to an embodiment of the present application;

FIG. 3g is a schematic structural diagram of a document signature verification apparatus according to an embodiment of the present application;

fig. 4 is a schematic structural diagram of an electronic device provided in an embodiment of the present application;

fig. 5 is an alternative structural diagram of the distributed system 100 applied to the blockchain system according to the embodiment of the present application;

fig. 6 is an alternative schematic diagram of a block structure provided in the embodiment of the present application.

Detailed Description

The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.

The embodiment of the application provides a file signature method and device and a file signature verification method and device.

Specifically, the embodiment of the present application provides a file signing apparatus suitable for a first electronic device, where the first electronic device may be a terminal or a server; the embodiment of the application further provides a file signature verification device suitable for a second electronic device, and the second electronic device can be a terminal or a server and other devices. The terminal may be a mobile phone, a tablet Computer, a notebook Computer, or a Personal Computer (PC). The server may be a single server or a server cluster composed of a plurality of servers.

It is understood that the file signature method or the file signature verification method of the present embodiment may be executed on the terminal, may be executed on the server, or may be executed by both the terminal and the server.

The embodiment of the present application will be described by taking an example in which a terminal executes a file signature method and a server executes a file signature verification method. Referring to fig. 1a, a file signature system provided by the embodiment of the present application includes a terminal 10, a server 11, and the like; the terminal 10 and the server 11 are connected via a network, for example, a wired or wireless network connection, wherein the document signing device is integrated in the terminal and the document signature verifying device is integrated in the server. The above examples should not be construed as limiting the present application.

The terminal 10 may be configured to perform a hash operation on the electronic file to obtain a first hash value; performing logic operation on bytes in the electronic file to obtain a byte sequence; performing hash operation on the byte sequence to obtain a second hash value; carrying out Hash operation on the public key of the electronic file to obtain a third Hash value; splicing the first hash value, the second hash value, the third hash value and the attribute information of the electronic file to obtain an information sequence; and based on the private key of the electronic file, encrypting the information sequence to obtain the signature information of the electronic file.

After the signature of the electronic file is completed, the terminal 10 may store the signature information of the electronic file, and when the signature needs to be verified, the terminal 10 may send a signature verification request to the server 11, send the signature information and the electronic file to the server 11 to verify the signature of the electronic file, and receive a verification result sent by the server 11.

The server 11 may be configured to perform a decryption operation on the signature information based on a public key of the electronic file after receiving a signature verification request sent by the terminal 10, so as to obtain a decrypted information sequence; carrying out Hash operation on the electronic file to obtain a first verification Hash value; performing logic operation on bytes in the electronic file to obtain a verification byte sequence; performing hash operation on the verification byte sequence to obtain a second verification hash value; carrying out Hash operation on the public key of the electronic file to obtain a third verification Hash value; splicing the first verification hash value, the second verification hash value, the third verification hash value and the attribute information of the electronic file to obtain a verification information sequence; and verifying the signature information of the electronic file based on the verification information sequence and the decrypted information sequence, and then sending a verification result to the terminal 10.

The above examples are not intended to limit the present application. Alternatively, the verification process of the signature information of the electronic file by the server 11 may be executed by the terminal 10.

The file signature method and the file signature verification method provided by the embodiment of the application relate to Information encryption Technology (Information encryption Technology) under Information security Technology (Information security Technology) in the field of Information Technology (IT). According to the embodiment of the application, the complexity of the algorithm is increased and the security of the file signature is improved by improving the flow of Hash operation and encryption processing.

Among them, Information Technology (IT) mainly applies computer science and communication Technology to design, develop, install and implement Information systems and application software. It is also commonly referred to as information and communication technology. The wide application of information technology enables important production factors and strategic resources of information to play a role, and enables people to perform resource optimization configuration more efficiently.

Among them, the Information security technology (Information security technology) is mainly used to prevent system vulnerabilities, prevent external hackers from intruding, prevent virus damage, and effectively control suspicious accesses. The method takes five safety targets of confidentiality, integrity, availability, controllability and non-repudiation as cores, and has important practical significance for protecting user information data. Information security techniques may include intrusion detection techniques, firewall and virus protection techniques, digital signature techniques, identity authentication techniques, and so forth.

The information encryption technology (information encryption technologies) is a technology that uses technical means to change electronic information into messy codes (encryption) to protect the electronic information in the transmission process and in a storage body so as to prevent other illegal persons from stealing and tampering data. In security, information communication security of the network can be ensured through an information encryption technology. Information encryption techniques can be specifically classified into two types, namely symmetric encryption (private key encryption) and asymmetric encryption (public key encryption). The symmetric encryption has the same encryption key and decryption key, while the asymmetric encryption has different encryption key and decryption key. Asymmetric encryption algorithms require two keys: public key (publickey) and private key (privatekey). The public key and the private key are a pair, and if the public key is used for encrypting data, the data can be decrypted only by using the corresponding private key; if the data is encrypted with a private key, it can only be decrypted with the corresponding public key.

The following are detailed below. It should be noted that the following description of the embodiments is not intended to limit the preferred order of the embodiments.

The first embodiment,

The embodiment of the present application will be described from the perspective of a file signing apparatus, where the file signing apparatus may be specifically integrated in a first electronic device, and the first electronic device may be a terminal or a server and other devices.

As shown in fig. 1b, the specific flow of the file signature method is as follows:

101. and carrying out Hash operation on the electronic file to obtain a first Hash value.

Among them, referring to fig. 1c, the electronic file may be various types of electronic files, such as a Text Document Format (TXT, Text) and a Portable Document Format (PDF), and the like.

The Algorithm used in the hash operation may be a Secure hash Algorithm (SHA, Secure hash Algorithm) and a fifth version of Message Digest Algorithm (MD5, Message Digest Algorithm 5), which are not limited in this embodiment.

Hash operation (Hash Function) is an encryption algorithm mainly used in the field of information security, is also called a Hash Function, and is a Function that converts an input of an arbitrary length into an output of a fixed length through a Hash algorithm, and the output is a string of fixed length, and is called a Hash value. The essence of this translation is a kind of compression mapping, i.e. the space of hash values is usually smaller than the space of input values. An important property of the hash operation is that it is irreversible, i.e. given a hash value, it is extremely difficult to calculate the message to which it corresponds. Since the output values corresponding to different input values are basically different and the input values corresponding to different output values are different, it is impossible to determine a unique input value from the hash value, that is, there is no way to obtain the original input data from the output hash value. Common Hash algorithms based on the Hash principle include Secure Hash Algorithm (SHA), fifth version of Message Digest Algorithm (MD5, Message Digest Algorithm 5), and the like. The Object Identifiers (OIDs) of different hash algorithms are different, where the OID of MD5 is 1.2.840.113549.2.5 and the OID of SHA256 is 1.2.840.113549.1.1.11.

102. And carrying out logic operation on the bytes in the electronic file to obtain a byte sequence.

Optionally, in some embodiments, the step of "performing a logical operation on bytes in the electronic file to obtain a byte sequence" may include:

extracting all even bytes in the electronic file to obtain an even byte sequence;

extracting all odd bytes in the electronic file to obtain an odd byte sequence;

and performing logic operation on the even byte sequence and the odd byte sequence to obtain a byte sequence.

The electronic file consists of N bytes (N is more than or equal to 1), and even bytes of the electronic file are extracted and spliced to obtain an even byte sequence; and similarly, extracting the odd bytes of the electronic file, and splicing to obtain an odd byte sequence.

The logical operations are also called boolean operations, and in the logical algebra, there are three basic logical operations, and, or, and not. There are many operation rules for the logical operation, which are not limited in this embodiment, and the logical operation in this embodiment may be phase or and so on.

For example, the step of "performing a logical operation on the even byte sequence and the odd byte sequence to obtain a byte sequence" may include: and performing phase OR on the even byte sequence and the odd byte sequence to obtain a byte sequence. Specifically, the byte sequence can be obtained by performing phase or logical operation on the even byte sequence and the odd byte sequence, wherein the result bit is 1 if one of the two corresponding binary bits is 1, and the result bit is 0 otherwise.

103. And carrying out Hash operation on the byte sequence to obtain a second Hash value.

The algorithm used in the hash operation may be a secure hash algorithm, a fifth version of a message digest algorithm, and the like, which is not limited in this embodiment.

Optionally, in some embodiments, as shown in fig. 1d, the even byte sequence and the odd byte sequence of the electronic file may be subjected to an exclusive or operation to obtain a byte sequence hex _ or _ val, and then the byte sequence hex _ or _ val is subjected to a hash operation to obtain a second hash value.

104. And carrying out Hash operation on the public key of the electronic file to obtain a third Hash value.

Referring to fig. 1e, in some embodiments, the step of "hashing the public key of the electronic file to obtain a third hash value" may include:

acquiring a public key of the electronic file;

and carrying out Hash operation on the public key to obtain a third Hash value.

Among them, there are many ways of obtaining the public key of the electronic document.

For example, the public key of the electronic file may be acquired from a local database, or the public key of the electronic file may be acquired by another device and provided to the file signing apparatus, that is, the file signing apparatus may receive the public key transmitted by the other device.

105. And splicing the first hash value, the second hash value, the third hash value and the attribute information of the electronic file to obtain an information sequence.

In this embodiment, there are many ways of splicing, and this embodiment does not limit this. For example, the splicing order may be determined according to the size of the hash value, as described below.

In some embodiments, referring to fig. 1f, the attribute information of the electronic file includes a plurality of sub-attribute information; the step of splicing the first hash value, the second hash value, the third hash value, and the attribute information of the electronic file to obtain an information sequence may include:

calculating the hash value of each piece of sub-attribute information of the electronic file;

sorting the first hash value, the second hash value, the third hash value and the sub-attribute information of the electronic file based on the size of the hash value to obtain sorted information;

and splicing the sorted information to obtain an information sequence.

The algorithm used in the hash operation may be a secure hash algorithm, a fifth version of a message digest algorithm, and the like, which is not limited in this embodiment. The sub-attribute information of the electronic file can adopt different hash operations to calculate the corresponding hash value, and can also adopt the same hash operation to calculate the corresponding hash value.

The sorting can be performed on the first hash value, the second hash value, the third hash value and the sub-attribute information of the electronic file from small to large according to the size of the hash value; and the first hash value, the second hash value, the third hash value and the sub-attribute information of the electronic file can be sorted from big to small according to the size of the hash value.

The sub-attribute information of the electronic file may include a creation time of the electronic file, an object identifier of the hash operation, an object identifier of the signature algorithm, and the like. The object identifier of the signature algorithm is the identifier of the signature algorithm, the object identifiers OID of different signature algorithms are different, and common signature algorithms are the national secret and RSA (riewster, samell & aldman, Rivest, Shamir & Adleman) algorithms, and so on. The sub-attribute information of the electronic files is relatively confidential, and the cracking difficulty of the electronic files can be greatly increased by using the sub-attribute information of the electronic files.

The security of the RSA algorithm is based on the difficulty of large prime factorization in number theory. RSA requires the use of sufficiently large integers. The more difficult the factoring, the more difficult the cipher is to break, and the higher the degree of encryption. The object identifier of the RSA algorithm is 1.2.840.113549.1.1-PKCS-1.

106. And based on the private key of the electronic file, encrypting the information sequence to obtain the signature information of the electronic file.

Optionally, as shown in fig. 1g and 1h, in some embodiments, the step "performing encryption processing on the information sequence based on a private key of the electronic file to obtain signature information of the electronic file" may include:

carrying out Hash operation on the information sequence to obtain a Hash value of the information sequence;

and based on the private key of the electronic file, carrying out encryption processing on the hash value of the information sequence to obtain the signature information of the electronic file.

The algorithm used in the hash operation may be a secure hash algorithm, a fifth version of a message digest algorithm, and the like, which is not limited in this embodiment. The algorithm used for the encryption processing may be an RSA algorithm, and the algorithm used for the encryption is not limited in this embodiment.

The signature information of the electronic file implies the information of the private key, so that the signature information can prove the identity of the publisher. The signature information of the electronic file can be used for preventing the electronic file from being tampered by a third party and preventing the content of the electronic file from being repudiated by a publisher, and can provide safety guarantees of identity verification, data integrity, non-repudiation and the like.

In the embodiment of the application, an asymmetric key encryption algorithm is used, which needs to use different keys to respectively complete encryption and decryption operations, wherein one key (called a 'private key') is secret and can only be stored by one party and cannot be shared by all parties; the other key (called the "public key") is not secret and can be widely shared. These two keys (referred to as a "key pair") are used in conjunction in encryption and decryption operations. When using this key pair, if one of the keys is used to encrypt a piece of data, the other key must be used to decrypt the piece of data. For example, encrypting data with a public key necessitates decryption with the private key, and if encrypting with the private key, also must decrypt with the public key, otherwise decryption will not succeed. For example, if a private key is used for encryption when performing digital signature, a corresponding public key must be used for signature verification.

The private key can be generated by the user client based on a key generation tool; while the public key may be determined by the private key, in particular the corresponding public key may be determined by processing the private key by an encryption algorithm. For example, if the algorithm for generating the public key indicated by the key generation tool is a hash operation, the private key may be calculated according to the specific algorithm of the hash operation to obtain the public key. It should be noted that the private key cannot be obtained through reverse calculation of the public key, and this irreversibility makes the security of the public key generated based on the private key higher, and improves the data security.

The advantage of asymmetric key encryption algorithms is that two users can communicate securely without exchanging secret keys. For example, when a user B wants to communicate with a, but wants to ensure that the information is not seen by others, and the information is not modified in the transmission process, i.e. data security needs to be ensured, the public key of a can be used to encrypt the information, and then the ciphertext is transmitted to a, i.e. the information sender uses the public key to encrypt, and the information receiver uses the private key to decrypt. Therefore, only the private key in the hand A can decrypt the ciphertext, and the safety of the information is ensured.

Optionally, in some embodiments, after the step "encrypt the information sequence based on the private key of the electronic file to obtain the signature information of the electronic file", the method may further include:

storing the attribute information, the signature information and the public key of the electronic file into an auxiliary file of the electronic file;

or,

and storing the attribute information, the signature information and the public key of the electronic file into a hidden field of the electronic file.

The electronic file has various formats, and part of the electronic file can store the attribute information, the signature information and the public key of the electronic file into the signature domain of the electronic file, and then the signature domain can be hidden by an analysis tool so as not to be revealed, namely the part of the electronic file is provided with the hidden domain, such as a PDF format file. However, the signature domain of some electronic files cannot be hidden, for example, a TXT format file, the attribute information, the signature information and the public key of the electronic file can be stored in an attached file.

As can be seen from the above, the embodiment can perform hash operation on the electronic file to obtain a first hash value; performing logic operation on bytes in the electronic file to obtain a byte sequence; performing hash operation on the byte sequence to obtain a second hash value; carrying out Hash operation on the public key of the electronic file to obtain a third Hash value; splicing the first hash value, the second hash value, the third hash value and the attribute information of the electronic file to obtain an information sequence; and based on the private key of the electronic file, encrypting the information sequence to obtain the signature information of the electronic file. According to the method and the device, the complexity of the algorithm can be increased by improving the flow of Hash operation and encryption processing, so that the cracking difficulty of the encrypted information is further improved, and the security of the file signature is improved.

Example II,

The embodiment will be described from the perspective of a file signature verification apparatus, which may be specifically integrated in a second electronic device, where the second electronic device may be a terminal or a server or other devices.

The file signature verification method of the embodiment of the application can be applied to signature verification of various types of electronic files, such as Text Document formats (TXT, Text) and Portable Document formats (PDF, Portable Document Format), and the like.

As shown in fig. 2a, the specific flow of the file signature verification method is as follows:

201. and carrying out decryption operation on the signature information based on the public key of the electronic file to obtain a decrypted information sequence.

Optionally, in some embodiments, the step of performing a decryption operation on the signature information based on a public key of the electronic file to obtain a decrypted information sequence may include:

receiving a file signature verification request sent by a terminal, and acquiring an electronic file and the signature information;

and carrying out decryption operation on the signature information based on the public key of the electronic file to obtain a decrypted information sequence.

The electronic file is an electronic file to be verified, the public key and the private key in step 106 are the same key pair, and the electronic file encrypted by the private key can only be decrypted by the public key.

The public key may be determined by the private key, and specifically, the corresponding public key may be determined by processing the private key through an encryption algorithm. For example, if the algorithm for generating the public key indicated by the key generation tool is a hash operation, the private key may be calculated according to the specific algorithm of the hash operation to obtain the public key. It should be noted that the private key cannot be obtained through reverse calculation of the public key, and this irreversibility makes the security of the public key generated based on the private key higher, and improves the data security.

Optionally, in some embodiments, the signature information and the public key may be extracted from an attached file of the electronic file; in other embodiments, the signature information and the public key may also be extracted from a hidden field of the electronic document.

202. And carrying out Hash operation on the electronic file to obtain a first verification Hash value.

Wherein, the hash operation step in the file signature verification process is consistent with the hash operation step in the file signature process. Therefore, in the step "performing a hash operation on the electronic file to obtain the first verification hash value", an algorithm used in the hash operation should be consistent with an algorithm used in the step 101 to calculate the first hash value.

203. And carrying out logic operation on the bytes in the electronic file to obtain a verification byte sequence.

If a process of performing logical operation on the even byte sequence and the odd byte sequence of the electronic file exists in the file signature process, corresponding steps should also exist in the file signature verification process. The step of performing logical operation on the bytes in the electronic file to obtain a verification byte sequence may include:

extracting all even bytes in the electronic file to obtain an even verification byte sequence;

extracting all odd bytes in the electronic file to obtain an odd verification byte sequence;

and performing logic operation on the even verification byte sequence and the odd verification byte sequence to obtain a verification byte sequence.

In this embodiment, the step "performing logical operation on the even verification byte sequence and the odd verification byte sequence to obtain a verification byte sequence" may include: and carrying out phase OR on the even verification byte sequence and the odd verification byte sequence to obtain a verification byte sequence. Specifically, the binary bit corresponding to each of the even verification byte sequence and the odd verification byte sequence participating in the operation is OR, if one of the two corresponding binary bits is 1, the result bit is 1, otherwise, the result bit is 0, and the verification byte sequence can be obtained through the logical operation of phase OR.

204. And carrying out Hash operation on the verification byte sequence to obtain a second verification Hash value.

The hash operation step in the file signature verification process is consistent with the hash operation step in the file signature process. Therefore, in the step "performing hash operation on the verification byte sequence to obtain the second verification hash value", an algorithm used in the hash operation should be consistent with an algorithm used in the step 103 to calculate the second hash value.

205. And carrying out Hash operation on the public key of the electronic file to obtain a third verification Hash value.

The hash operation step in the file signature verification process is consistent with the hash operation step in the file signature process. Therefore, in the step "performing the hash operation on the public key of the electronic file to obtain the third verification hash value", an algorithm used in the hash operation should be consistent with an algorithm used in the step 104 to calculate the third hash value.

206. And splicing the first verification hash value, the second verification hash value, the third verification hash value and the attribute information of the electronic file to obtain a verification information sequence.

The process of the splicing process should be consistent with the method adopted in the splicing process in the file signature process.

Optionally, the attribute information of the electronic file includes a plurality of pieces of sub-attribute information; if the splicing sequence is determined according to the size of the hash value in the file signing process, refer to the description in step 105 specifically; in the encryption process of the file signature process, the information sequence is subjected to hash operation first and then encrypted, see the description in step 106, then the steps are: "splicing the first verification hash value, the second verification hash value, the third verification hash value, and the attribute information of the electronic file to obtain a verification information sequence" may include:

sorting the first verification hash value, the second verification hash value, the third verification hash value and the sub-attribute information of the electronic file based on the size of the hash value to obtain sorted verification information;

splicing the sorted verification information to obtain spliced verification information;

and carrying out Hash operation on the spliced verification information to obtain a verification information sequence.

Wherein each piece of sub-attribute information of the electronic file is the same as the sub-attribute information used in step 105. The first verification hash value, the second verification hash value, the third verification hash value and the sub-attribute information of the electronic file are arranged in the same order as the order in the step 105, and the splicing sequence of the verification information after the arrangement is consistent with the splicing sequence in the step 105.

In the step "performing hash operation on the spliced verification information to obtain the verification information sequence", an algorithm used in the hash operation should be consistent with an algorithm used in the step 106 to calculate the hash value of the information sequence.

Optionally, in some embodiments, the attribute information of the electronic file may be extracted from an attached file of the electronic file; in other embodiments, the attribute information of the electronic file may also be extracted from a hidden field of the electronic file.

207. And verifying the signature information of the electronic file based on the verification information sequence and the decrypted information sequence.

In this embodiment, the step of "verifying the signature information of the electronic file based on the verification information sequence and the decrypted information sequence" may include:

comparing the verification information sequence with the decrypted information sequence to obtain a comparison result;

and verifying the signature information of the electronic file according to the comparison result.

Comparing the verification information sequence with the decrypted information sequence, and if the comparison result is consistent, determining that the signature information passes verification, the electronic file is not modified and the signature is true; if the comparison result is not consistent, the signature information fails to be verified, and the electronic document may be tampered or the signature is not authentic, as shown in fig. 2 b.

It should be noted that the step of hash operation in the file signature verification process corresponds to the step of hash operation in the file signature process one to one, and the hash algorithm used in the file signature verification process is identical to the hash algorithm used in the file signature process.

As can be seen from the above, the embodiment can perform decryption operation on the signature information based on the public key of the electronic file to obtain a decrypted information sequence; carrying out Hash operation on the electronic file to obtain a first verification Hash value; performing logic operation on bytes in the electronic file to obtain a verification byte sequence; performing hash operation on the verification byte sequence to obtain a second verification hash value; carrying out Hash operation on the public key of the electronic file to obtain a third verification Hash value; splicing the first verification hash value, the second verification hash value, the third verification hash value and the attribute information of the electronic file to obtain a verification information sequence; and verifying the signature information of the electronic file based on the verification information sequence and the decrypted information sequence. According to the file signature method and device, the complexity of the algorithm is increased by improving the flow of file signature, so that the cracking difficulty of the encrypted information is further improved, and the security of the file signature is improved.

Example III,

In order to better implement the method, the embodiment of the application also provides a file signature system. The file signature system includes a file signature device 31 and a file signature verification device 32, wherein, as shown in fig. 3a, the file signature device 31 may include a first hash unit 3101, a first logical operation unit 3102, a second hash unit 3103, a third hash unit 3104, a first concatenation unit 3105 and an encryption unit 3106; as shown in fig. 3b, the file signature verification apparatus 32 may include a decryption unit 3201, a first verification hash unit 3202, a second logical operation unit 3203, a second verification hash unit 3204, a third verification hash unit 3205, a second concatenation unit 3206, and a verification unit 3207, as follows:

A. document signing apparatus 31

(1) A first hash unit 3101;

the first hash unit 3101 is configured to perform a hash operation on the electronic file to obtain a first hash value.

(2) A first logical operation unit 3102;

a first logical operation unit 3102, configured to perform logical operation on the bytes in the electronic file to obtain a byte sequence.

Optionally, in some embodiments of the present application, the first logical operation unit 3102 may include a first extraction sub-unit 31021, a second extraction sub-unit 31022 and a logical operation sub-unit 31023, see fig. 3c, as follows:

the first extraction subunit 31021 is configured to extract all even bytes in the electronic file to obtain an even byte sequence;

a second extracting subunit 31022, configured to extract all odd bytes in the electronic file to obtain an odd byte sequence;

a logic operation subunit 31023, configured to perform logic operation on the even byte sequence and the odd byte sequence to obtain a byte sequence.

(3) A second hash unit 3103;

a second hash unit 3103, configured to perform a hash operation on the byte sequence to obtain a second hash value.

(4) A third hash unit 3104;

a third hash unit 3104, configured to perform a hash operation on the public key of the electronic file to obtain a third hash value.

(5) The first splicing unit 3105;

the first splicing unit 3105 is configured to splice the first hash value, the second hash value, the third hash value, and the attribute information of the electronic file to obtain an information sequence.

Optionally, in some embodiments of the present application, the attribute information of the electronic file includes a plurality of pieces of sub-attribute information; the first stitching unit 3105 may comprise a first calculation subunit 31051, a first ordering subunit 31052 and a first stitching subunit 31053, see fig. 3d, as follows:

the first calculating subunit 31051 is configured to calculate hash values of the respective pieces of sub-attribute information of the electronic file;

a first ordering subunit 31052, configured to order the first hash value, the second hash value, the third hash value, and the sub-attribute information of the electronic file based on the size of the hash value, to obtain ordered information;

a first splicing subunit 31053, configured to splice the sorted information to obtain an information sequence.

(6) An encryption unit 3106;

an encrypting unit 3106, configured to encrypt the information sequence based on the private key of the electronic file, to obtain signature information of the electronic file.

Optionally, in some embodiments of the present application, the encryption unit 3106 may include a first hashing sub-unit 31061 and an encryption sub-unit 31062, see fig. 3e, as follows:

the first hashing subunit 31061 is configured to perform a hashing operation on the information sequence to obtain a hash value of the information sequence;

and the encrypting subunit 31062 is configured to encrypt the hash value of the information sequence based on the private key of the electronic file, so as to obtain signature information of the electronic file.

Optionally, in some embodiments of the present application, the document signing apparatus 31 may further include a storage unit, as follows:

B. Document signature verification device 32

(1) A decryption unit 3201;

the decryption unit 3201 is configured to perform decryption operation on the signature information based on the public key of the electronic file to obtain a decrypted information sequence.

(2) A first verification hash unit 3202;

the first verification hash unit 3202 is configured to perform a hash operation on the electronic file to obtain a first verification hash value.

(3) A second logical operation unit 3203;

the second logical operation unit 3203 is configured to perform logical operation on bytes in the electronic file to obtain a verification byte sequence.

(4) A second verification hash unit 3204;

the second verification hash unit 3204 is configured to perform hash operation on the verification byte sequence to obtain a second verification hash value.

(5) A third verification hash unit 3205;

and a third verification hash unit 3205, configured to perform a hash operation on the public key of the electronic file to obtain a third verification hash value.

(6) A second splicing unit 3206;

the second splicing unit 3206 is configured to splice the first verification hash value, the second verification hash value, the third verification hash value, and the attribute information of the electronic file to obtain a verification information sequence.

Optionally, in some embodiments of the present application, the attribute information of the electronic file includes a plurality of pieces of sub-attribute information; the second concatenation unit 3206 may include a second calculation subunit 32061, a second ordering subunit 32062, a second concatenation subunit 32063, and a second hash subunit 32064, see fig. 3f, as follows:

the second calculating subunit 32061, configured to calculate a hash value of each piece of sub-attribute information of the electronic file;

a second sorting subunit 32062, configured to sort the first verification hash value, the second verification hash value, the third verification hash value, and the sub-attribute information of the electronic file based on the size of the hash value, so as to obtain sorted verification information;

the second splicing subunit 32063 is configured to splice the sorted verification information to obtain spliced verification information;

and the second hash subunit 32064 is configured to perform hash operation on the spliced verification information to obtain a verification information sequence.

(7) A verification unit 3207;

a verification unit 3207, configured to verify the signature information of the electronic file based on the verification information sequence and the decrypted information sequence.

Optionally, in some embodiments of the present application, the verification unit 3207 may include a comparison subunit 32071 and a verification subunit 32072, see fig. 3g, as follows:

the comparing subunit 32071 is configured to compare the verification information sequence with the decrypted information sequence to obtain a comparison result;

a verification subunit 32072, configured to verify the signature information of the electronic file according to the comparison result.

As can be seen from the above, the embodiment can perform hash operation on the electronic file to obtain a first hash value; performing logic operation on bytes in the electronic file to obtain a byte sequence; performing hash operation on the byte sequence to obtain a second hash value; carrying out Hash operation on the public key of the electronic file to obtain a third Hash value; splicing the first hash value, the second hash value, the third hash value and the attribute information of the electronic file to obtain an information sequence; based on the private key of the electronic file, encrypting the information sequence to obtain signature information of the electronic file;

or, the signature information may be decrypted based on a public key of the electronic file to obtain a decrypted information sequence; carrying out Hash operation on the electronic file to obtain a first verification Hash value; performing logic operation on bytes in the electronic file to obtain a verification byte sequence; performing hash operation on the verification byte sequence to obtain a second verification hash value; carrying out Hash operation on the public key of the electronic file to obtain a third verification Hash value; splicing the first verification hash value, the second verification hash value, the third verification hash value and the attribute information of the electronic file to obtain a verification information sequence; verifying the signature information of the electronic file based on the verification information sequence and the decrypted information sequence;

according to the method and the device, the complexity of the algorithm can be increased by improving the flow of Hash operation and encryption processing, so that the cracking difficulty of the encrypted information is further improved, and the security of the file signature is improved.

Example four,

An electronic device according to an embodiment of the present application is further provided, as shown in fig. 4, which shows a schematic structural diagram of the electronic device according to an embodiment of the present application, specifically:

the electronic device may include components such as a processor 401 of one or more processing cores, memory 402 of one or more computer-readable storage media, a power supply 403, and an input unit 404. Those skilled in the art will appreciate that the electronic device configuration shown in fig. 4 does not constitute a limitation of the electronic device and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components. Wherein:

the processor 401 is a control center of the electronic device, connects various parts of the whole electronic device by various interfaces and lines, performs various functions of the electronic device and processes data by running or executing software programs and/or modules stored in the memory 402 and calling data stored in the memory 402, thereby performing overall monitoring of the electronic device. Optionally, processor 401 may include one or more processing cores; preferably, the processor 401 may integrate an application processor, which mainly handles operating systems, user interfaces, application programs, etc., and a modem processor, which mainly handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 401.

The memory 402 may be used to store software programs and modules, and the processor 401 executes various functional applications and data processing by operating the software programs and modules stored in the memory 402. The memory 402 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data created according to use of the electronic device, and the like. Further, the memory 402 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device. Accordingly, the memory 402 may also include a memory controller to provide the processor 401 access to the memory 402.

The electronic device further comprises a power supply 403 for supplying power to the various components, and preferably, the power supply 403 is logically connected to the processor 401 through a power management system, so that functions of managing charging, discharging, and power consumption are realized through the power management system. The power supply 403 may also include any component of one or more dc or ac power sources, recharging systems, power failure detection circuitry, power converters or inverters, power status indicators, and the like.

The electronic device may further include an input unit 404, and the input unit 404 may be used to receive input numeric or character information and generate keyboard, mouse, joystick, optical or trackball signal inputs related to user settings and function control.

Although not shown, the electronic device may further include a display unit and the like, which are not described in detail herein. Specifically, in this embodiment, the processor 401 in the electronic device loads the executable file corresponding to the process of one or more application programs into the memory 402 according to the following instructions, and the processor 401 runs the application program stored in the memory 402, thereby implementing various functions as follows:

carrying out Hash operation on the electronic file to obtain a first Hash value; performing logic operation on bytes in the electronic file to obtain a byte sequence; performing hash operation on the byte sequence to obtain a second hash value; carrying out Hash operation on the public key of the electronic file to obtain a third Hash value; splicing the first hash value, the second hash value, the third hash value and the attribute information of the electronic file to obtain an information sequence; based on the private key of the electronic file, encrypting the information sequence to obtain signature information of the electronic file;

or, carrying out decryption operation on the signature information based on the public key of the electronic file to obtain a decrypted information sequence; carrying out Hash operation on the electronic file to obtain a first verification Hash value; performing logic operation on bytes in the electronic file to obtain a verification byte sequence; performing hash operation on the verification byte sequence to obtain a second verification hash value; carrying out Hash operation on the public key of the electronic file to obtain a third verification Hash value; splicing the first verification hash value, the second verification hash value, the third verification hash value and the attribute information of the electronic file to obtain a verification information sequence; and verifying the signature information of the electronic file based on the verification information sequence and the decrypted information sequence.

The above operations can be implemented in the foregoing embodiments, and are not described in detail herein.

It will be understood by those skilled in the art that all or part of the steps of the methods of the above embodiments may be performed by instructions or by associated hardware controlled by the instructions, which may be stored in a computer readable storage medium and loaded and executed by a processor.

To this end, the present application provides a storage medium, in which a plurality of instructions are stored, where the instructions can be loaded by a processor to execute the steps in any one of the document signature method and the document signature verification method provided in the present application. For example, the instructions may perform the steps of:

or, the signature information may be decrypted based on a public key of the electronic file to obtain a decrypted information sequence; carrying out Hash operation on the electronic file to obtain a first verification Hash value; performing logic operation on bytes in the electronic file to obtain a verification byte sequence; performing hash operation on the verification byte sequence to obtain a second verification hash value; carrying out Hash operation on the public key of the electronic file to obtain a third verification Hash value; splicing the first verification hash value, the second verification hash value, the third verification hash value and the attribute information of the electronic file to obtain a verification information sequence; and verifying the signature information of the electronic file based on the verification information sequence and the decrypted information sequence.

Wherein the storage medium may include: read Only Memory (ROM), Random Access Memory (RAM), magnetic or optical disks, and the like.

Since the instructions stored in the storage medium can execute the steps in any of the file signature methods and file signature verification methods provided in the embodiments of the present application, the beneficial effects that can be achieved by any of the file signature methods and file signature verification methods provided in the embodiments of the present application can be achieved, which are detailed in the foregoing embodiments and will not be described herein again.

The system related to the embodiment of the application can be a distributed system formed by connecting a client, a plurality of nodes (any form of electronic equipment in an access network, such as a server and a terminal) through a network communication mode.

Taking a distributed system as a blockchain system as an example, referring To fig. 5, fig. 5 is an optional structural schematic diagram of the distributed system 100 applied To the blockchain system provided in this embodiment of the present application, and is formed by a plurality of nodes 200 (computing devices in any form in an access network, such as servers and user terminals) and a client 300, a Peer-To-Peer (P2P, Peer To Peer) network is formed between the nodes, and the P2P protocol is an application layer protocol operating on top of a Transmission Control Protocol (TCP). In a distributed system, any machine, such as a server or a terminal, can join to become a node, and the node comprises a hardware layer, a middle layer, an operating system layer and an application layer. In this embodiment, information such as signature information of an electronic file may be stored in a shared ledger of an area chain system through a node, and an electronic device (e.g., a terminal or a server) may acquire information such as signature information of an electronic file based on record data stored in the shared ledger.

Referring to the functions of each node in the blockchain system shown in fig. 5, the functions involved include:

1) routing, a basic function that a node has, is used to support communication between nodes.

Besides the routing function, the node may also have the following functions:

2) the application is used for being deployed in a block chain, realizing specific services according to actual service requirements, recording data related to the realization functions to form recording data, carrying a digital signature in the recording data to represent a source of task data, and sending the recording data to other nodes in the block chain system, so that the other nodes add the recording data to a temporary block when the source and integrity of the recording data are verified successfully.

For example, the services implemented by the application include:

2.1) wallet, for providing the function of transaction of electronic money, including initiating transaction (i.e. sending the transaction record of current transaction to other nodes in the blockchain system, after the other nodes are successfully verified, storing the record data of transaction in the temporary blocks of the blockchain as the response of confirming the transaction is valid; of course, the wallet also supports the querying of the remaining electronic money in the electronic money address;

and 2.2) sharing the account book, wherein the shared account book is used for providing functions of operations such as storage, query and modification of account data, record data of the operations on the account data are sent to other nodes in the block chain system, and after the other nodes verify the validity, the record data are stored in a temporary block as a response for acknowledging that the account data are valid, and confirmation can be sent to the node initiating the operations.

2.3) Intelligent contracts, computerized agreements, which can enforce the terms of a contract, implemented by codes deployed on a shared ledger for execution when certain conditions are met, for completing automated transactions according to actual business requirement codes, such as querying the logistics status of goods purchased by a buyer, transferring the buyer's electronic money to the merchant's address after the buyer signs for the goods; of course, smart contracts are not limited to executing contracts for trading, but may also execute contracts that process received information.

3) And the Block chain comprises a series of blocks (blocks) which are mutually connected according to the generated chronological order, new blocks cannot be removed once being added into the Block chain, and recorded data submitted by nodes in the Block chain system are recorded in the blocks.

Referring to fig. 6, fig. 6 is an optional schematic diagram of a Block Structure (Block Structure) provided in this embodiment, each Block includes a hash value of a transaction record stored in the Block (hash value of the Block) and a hash value of a previous Block, and the blocks are connected by the hash values to form a Block chain. The block may include information such as a time stamp at the time of block generation. A block chain (Blockchain), which is essentially a decentralized database, is a string of data blocks associated by using cryptography, and each data block contains related information for verifying the validity (anti-counterfeiting) of the information and generating a next block.

The document signature method and the document signature verification method, apparatus, electronic device and storage medium provided in the embodiments of the present application are described in detail above, and specific examples are applied in the present application to explain the principles and embodiments of the present application, and the description of the above embodiments is only used to help understand the method and the core ideas of the present application; meanwhile, for those skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.

Claims

1. A method of signing a document, comprising:

performing hash operation on the byte sequence to obtain a second hash value;

2. The method of claim 1, wherein performing a logical operation on bytes in the electronic file to obtain a byte sequence comprises:

extracting all odd bytes in the electronic file to obtain an odd byte sequence;

3. The method according to claim 1, wherein the attribute information of the electronic file includes a plurality of sub-attribute information; the splicing processing of the first hash value, the second hash value, the third hash value and the attribute information of the electronic file to obtain an information sequence includes:

and splicing the sorted information to obtain an information sequence.

4. The method according to claim 1, wherein the encrypting the information sequence based on the private key of the electronic file to obtain the signature information of the electronic file comprises:

5. The method according to any one of claims 1 to 4, wherein after the encrypting the information sequence based on the private key of the electronic file to obtain the signature information of the electronic file, the method further comprises:

or,

6. A method for document signature verification, comprising:

7. The method according to claim 6, wherein the attribute information of the electronic file includes a plurality of sub-attribute information; the splicing processing is performed on the first verification hash value, the second verification hash value, the third verification hash value and the attribute information of the electronic file to obtain a verification information sequence, and the splicing processing comprises:

8. The method according to claim 6, wherein the verifying the signature information of the electronic document based on the verification information sequence and the decrypted information sequence comprises:

9. A document signing apparatus, comprising:

10. A document signature verification apparatus, comprising: