CN111130803B - Method, system and device for digital signature - Google Patents
Method, system and device for digital signature Download PDFInfo
- Publication number
- CN111130803B CN111130803B CN201911371679.4A CN201911371679A CN111130803B CN 111130803 B CN111130803 B CN 111130803B CN 201911371679 A CN201911371679 A CN 201911371679A CN 111130803 B CN111130803 B CN 111130803B
- Authority
- CN
- China
- Prior art keywords
- ciphertext
- key
- client
- server
- private key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
Abstract
The disclosure relates to the technical field of cryptography, and particularly provides a method, a system and a device for digital signature. The digital signature method is applied to a server side, a second private key ciphertext is stored in the server side and comprises a first ciphertext fragment and a second ciphertext fragment, and the second ciphertext fragment is obtained by encrypting the first private key ciphertext according to user identification information input by a user. The first private key ciphertext is encrypted according to the user identification information, so that in the process of digital signature, the second ciphertext fragment is decrypted according to a client decryption key generated by a client to obtain the first private key ciphertext, the second private key ciphertext can be decrypted only under the condition that a user participates, the digital signature is completed according to the first private key ciphertext, a counterfeiter cannot singly forge the user signature, and the use safety of the user private key is improved.
Description
Technical Field
The present disclosure relates to the field of cryptography, and in particular, to a method, system, and apparatus for digital signature.
Background
At present, digital signatures based on public key cryptography are gradually applied to various fields along with the development of the internet. In order to improve the security of the private key of the user, it is a traditional practice to combine PKI (public key infrastructure) technology with commercial cryptographic chips, such as internet banking, and the banking system uses USB key (U shield) to encrypt information, so as to ensure the confidentiality and authenticity of online transactions.
However, the method is extremely inconvenient in usability and portability, and users are required to carry the U shield at any time to complete digital signatures, so that the use experience is poor. In order to solve the problem of portability, in the related art, a private key is stored in a client in a software form, so that a user does not need to carry a U shield, but the security performance is greatly reduced, and an attacker can obtain a complete private key of the user from the client completely, so that the signature of the user is forged, and therefore how to improve the security of the digital signature becomes an important problem.
Disclosure of Invention
In order to improve the security of the digital signature, the disclosure provides a method, a system and a device of the digital signature.
In a first aspect, the present disclosure provides a digital signature method, which is applied to a server, where a second private key ciphertext is stored in the server, the second private key ciphertext includes a first ciphertext fragment and a second ciphertext fragment, and the second ciphertext fragment is obtained by encrypting the first private key ciphertext according to user identification information input by a user, where the method includes:
when a digital signature request sent by a client is received, sending the first ciphertext fragment to the client, so that the client generates a client decryption key according to the user identification information and the first ciphertext fragment;
receiving the client decryption key and the data to be signed sent by the client;
decrypting the second ciphertext fragment by using the client decryption key to obtain the first private key ciphertext;
and carrying out digital signature on the data to be signed according to the first private key ciphertext.
In some embodiments, the second private key ciphertext further comprises a third ciphertext fragment, the third ciphertext fragment resulting from a Hash operation on the first private key ciphertext based on the user identification information,
the decrypting the second ciphertext fragment with the client decryption key to obtain the first private key ciphertext includes:
decrypting the second ciphertext fragment according to the client decryption key to obtain a private key ciphertext to be verified;
performing Hash operation on the private key ciphertext to be verified according to the client decryption key to obtain a fourth ciphertext fragment;
determining whether the fourth ciphertext fragment is the same as the third ciphertext fragment,
and if so, determining the private key ciphertext to be verified as the first private key ciphertext.
In some embodiments, the digitally signing the data to be signed according to the first private key ciphertext includes:
decrypting the first private key ciphertext to obtain a user private key;
and carrying out digital signature on the data to be signed by utilizing the user private key.
In some embodiments, before said sending the first ciphertext fragment to the client when receiving the digital signature request sent by the client, the method further includes:
receiving a client-side secret key, wherein the client-side secret key is generated based on the user identification information;
randomly generating a first service side key parameter, and generating a service side encryption key based on the client side key and the first service side key parameter;
obtaining the first private key ciphertext, wherein the first private key ciphertext is generated based on a user private key;
and encrypting the first private key ciphertext according to the server side encryption key and the first server side key parameter to obtain and store the second private key ciphertext.
In some embodiments, the second private key ciphertext comprises the first ciphertext fragment and the second ciphertext fragment,
the encrypting the first private key ciphertext according to the server side encryption key and the first server side key parameter to obtain the second private key ciphertext includes:
obtaining a first ciphertext fragment according to the first server key parameter;
and processing the first private key ciphertext according to the server side encryption key to obtain a second ciphertext fragment.
In some embodiments, the second private key ciphertext further comprises a third ciphertext fragment,
the encrypting the first private key ciphertext according to the server encryption key and the first server key parameter to obtain a second private key ciphertext, further comprising:
and carrying out Hash operation on the first private key ciphertext according to the server side encryption key to obtain a third ciphertext fragment.
In some embodiments, after the digitally signing the data to be signed according to the first private key ciphertext, the method further includes:
receiving a client-side secret key, wherein the client-side secret key is generated based on the user identification information;
randomly generating a second server key parameter, and generating a server encryption key based on the client key and the second server key parameter;
and encrypting the first private key ciphertext according to the server side encryption key and the second server side key parameter to obtain and store the second private key ciphertext.
In some embodiments, the server includes a server and a cryptographic engine, and the method includes:
the server receives the client-side secret key and sends the client-side secret key to the cipher machine;
the cipher machine randomly generates the first service side key parameter and generates a service side encryption key based on the client side key and the first service side key parameter;
the cipher machine acquires the first private key ciphertext, and encrypts the first private key ciphertext according to the server side encryption key and the first server side key parameter to obtain a second private key ciphertext;
and the cipher machine sends the second private key ciphertext to a server so that the server stores the second private key ciphertext.
In some embodiments, the method further comprises:
when the server receives a digital signature request sent by a client, extracting the first ciphertext fragment and sending the first ciphertext fragment to the client;
the server receives the client decryption key and the data to be signed sent by the client, and sends the client decryption key and the data to be signed to the cipher machine;
the cipher machine decrypts the second ciphertext fragment by using the client decryption key to obtain the first private key ciphertext, and digitally signs the data to be signed according to the first private key ciphertext;
and the cipher machine sends the signed data to the server so that the server sends the signed data to the client.
In some embodiments, before generating the server-side encryption key based on the client-side key and the first server-side key parameter, the method further comprises:
and decrypting the client key by using the server encryption factor, wherein the server encryption factor is distributed to the client by the server so that the client encrypts the client key according to the server encryption factor.
In a second aspect, the present disclosure provides a method for digital signature, applied to a client, the method including:
when a signature instruction of a user is received, a digital signature request is sent to a server;
receiving a first ciphertext fragment returned by the server according to the digital signature request, and generating a client decryption key according to user identification information input by a user and the first ciphertext fragment;
sending the client decryption key and the data to be signed to a server, so that the server decrypts the second ciphertext fragment according to the client decryption key to obtain a first private key ciphertext and digitally signs the data to be signed according to the first private key ciphertext; the second ciphertext fragment is obtained by encrypting the first private key ciphertext by the server side according to the user identification information;
and receiving the signed data returned by the server.
In some embodiments, the method further comprises:
acquiring the user identification information input by a user;
generating a client key based on the user identification information;
and sending the client secret key to a server, so that the server encrypts the first private key ciphertext based on the client secret key.
In some embodiments, before the sending the client key to the server, the method further includes:
and encrypting the client-side secret key according to the server-side encryption factor, wherein the server-side encryption factor is distributed by the server side.
In a third aspect, the present disclosure provides a private key collaborative encryption method, applied to a server, where the method includes:
receiving a client key, wherein the client key is generated by a client based on user identification information input by a user;
randomly generating a first service side key parameter, and generating a service side encryption key based on the client side key and the first service side key parameter;
obtaining a first private key ciphertext, wherein the first private key ciphertext is generated based on a user private key;
and encrypting the first private key ciphertext according to the server side encryption key and the first server side key parameter to obtain and store a second private key ciphertext.
In a fourth aspect, the present disclosure provides a digital signature system, including a server and a client, where the server stores a second private key ciphertext, the second private key ciphertext includes a first ciphertext fragment and a second ciphertext fragment, and the second ciphertext fragment is obtained by encrypting the first private key ciphertext according to user identification information input by a user; the server is used for sending the first ciphertext fragment to the client when receiving a digital signature request sent by the client; receiving the client decryption key and the data to be signed sent by the client; decrypting the second ciphertext fragment by using the client decryption key to obtain the first private key ciphertext; performing digital signature on the data to be signed according to the first private key ciphertext;
the client is used for sending a digital signature request to the server when receiving a signature instruction of a user; receiving a first ciphertext fragment returned by the server according to the digital signature request, and generating a client decryption key according to user identification information input by a user and the first ciphertext fragment; and sending the client decryption key and the data to be signed to a server.
In a fifth aspect, the present disclosure provides an apparatus for digital signature, applied to a server, the apparatus including:
the storage module is used for storing a second private key ciphertext, the second private key ciphertext comprises a first ciphertext fragment and a second ciphertext fragment, and the second ciphertext fragment is obtained by processing the first private key ciphertext according to user identification information input by a user;
the first sending module is used for sending the first ciphertext fragment to a client when a digital signature request sent by the client is received, so that the client generates a client decryption key according to the user identification information and the first ciphertext fragment;
the first receiving module is used for receiving the client decryption key and the data to be signed sent by the client;
the first processing module is used for decrypting the second ciphertext fragment by using the client decryption key to obtain the first private key ciphertext; and
and the signature module is used for carrying out digital signature on the data to be signed according to the first private key ciphertext.
In some embodiments, the second private key ciphertext further comprises a third ciphertext fragment, the third ciphertext fragment resulting from a Hash operation on the first private key ciphertext based on the user identification information,
the first processing module, when being configured to decrypt the second ciphertext fragment with the client decryption key to obtain the first private key ciphertext, is specifically configured to:
decrypting the second ciphertext fragment according to the client decryption key to obtain a private key ciphertext to be verified;
performing Hash operation on the private key ciphertext to be verified according to the client decryption key to obtain a fourth ciphertext fragment;
determining whether the fourth ciphertext fragment is the same as the third ciphertext fragment,
and if so, determining the private key ciphertext to be verified as the first private key ciphertext.
In some embodiments, the apparatus further comprises:
a second receiving module, configured to receive a client-side key, where the client-side key is generated based on the user identification information;
the first generation module is used for randomly generating a first service side key parameter and generating a service side encryption key based on the client side key and the first service side key parameter;
the first obtaining module is used for obtaining the first private key ciphertext, and the first private key ciphertext is generated based on a user private key; and
and the encryption module is used for encrypting the first private key ciphertext according to the server encryption key and the first server key parameter to obtain and store the second private key ciphertext.
In some embodiments, after the signature module is used to digitally sign the data to be signed according to the first private key ciphertext,
the second receiving module is further configured to receive a client-side key, where the client-side key is generated based on the user identification information;
the first generation module is further used for randomly generating a second server key parameter and generating a server encryption key based on the client key and the second server key parameter;
the encryption module is further configured to encrypt the first private key ciphertext according to the server encryption key and the second server key parameter, so as to obtain and store the second private key ciphertext.
In a sixth aspect, the present disclosure provides an apparatus for digital signature, applied to a client, the apparatus including:
the second sending module is used for sending a digital signature request to the server side when receiving a signature instruction of a user;
the third receiving module is used for receiving a first ciphertext fragment returned by the server according to the digital signature request and generating a client decryption key according to user identification information input by a user and the first ciphertext fragment;
the third sending module is used for sending the client decryption key and the data to be signed to the server, so that the server carries out digital signature on the data to be signed according to the first private key ciphertext after decrypting the second ciphertext fragment according to the client decryption key to obtain the first private key ciphertext; the second ciphertext fragment is obtained by processing a first private key ciphertext by the server according to the user identification information;
and the fourth receiving module is used for receiving the signed data returned by the server.
In some embodiments, the apparatus further comprises:
the second acquisition module is used for acquiring the user identification information input by the user;
a second generation module, configured to generate a client key based on the user identification information;
and the fourth sending module is used for sending the client-side secret key to the server side so that the server side encrypts the first private key ciphertext based on the client-side secret key.
In a seventh aspect, the present disclosure provides a private key collaborative encryption apparatus, applied to a server, where the apparatus includes:
a fifth receiving module, configured to receive a client-side key, where the client-side key is generated by a client side based on user identification information input by a user;
a third generation module, configured to randomly generate a first service-side key parameter, and generate a service-side encryption key based on the client-side key and the first service-side key parameter;
the third obtaining module is used for obtaining a first private key ciphertext, and the first private key ciphertext is generated based on a user private key;
and the second processing module is used for encrypting the first private key ciphertext according to the server encryption key and the first server key parameter to obtain and store a second private key ciphertext.
In an eighth aspect, the present disclosure provides an electronic device comprising:
a processor; and
a memory communicatively coupled to the processor and storing computer readable instructions readable by the processor, the processor performing the method according to any of the embodiments of the first aspect, or the method according to any of the embodiments of the second aspect, or the method according to any of the embodiments of the third aspect when the computer readable instructions are read.
In a ninth aspect, the present disclosure provides a storage medium storing computer instructions for causing a computer to perform the method according to any one of the embodiments of the first aspect, or the method according to any one of the embodiments of the second aspect, or the method according to any one of the embodiments of the third aspect.
The digital signature method provided by the embodiment of the disclosure is applied to a server, a second private key ciphertext is stored in the server, the second private key ciphertext includes a first ciphertext fragment and a second ciphertext fragment, and the second ciphertext fragment is obtained by encrypting the first private key ciphertext according to user identification information input by a user. The first private key ciphertext is encrypted according to the user identification information, so that in the process of digital signature, the second ciphertext fragment is decrypted according to a client decryption key generated by a client to obtain the first private key ciphertext, the second private key ciphertext can be decrypted only under the condition that a user participates, the digital signature is completed according to the first private key ciphertext, a counterfeiter cannot singly forge the user signature, and the use safety of the user private key is improved.
In the digital signature method provided in the present disclosure, the second private key ciphertext further includes a third ciphertext fragment, when performing digital signature, the second ciphertext fragment is decrypted according to a client decryption key sent by the client, so as to obtain a private key ciphertext to be verified, a Hash operation is performed on the private key ciphertext to be verified according to the client decryption key, so as to obtain a fourth ciphertext fragment, the fourth ciphertext fragment is compared with the third ciphertext fragment, and when the two are the same, it is determined that the second ciphertext fragment has not been illegally modified, so that the private key ciphertext to be verified is determined as the first ciphertext private key and is provided to the user, thereby further ensuring the security of the private key storage of the user.
The digital signature method provided in the embodiment of the present disclosure further includes, before performing digital signature, receiving a client key generated by a client based on user identification information, randomly generating a first server key parameter, and encrypting a first private key ciphertext based on the client key and the first server parameter, so as to ensure that a user must participate in an encryption process of a user private key, and a second private key ciphertext cannot be forged singly, and the first server parameter is randomly generated, so that private key ciphertexts participating in operation in each encryption process are different, and a dynamic private key ciphertext further improves security of the user private key.
The digital signature method provided in the embodiment of the present disclosure further includes, after the digital signature is completed, receiving a client key, randomly generating a second server key parameter, and encrypting the first private key ciphertext based on the client key and the second server parameter. Therefore, after the user uses the private key, the private key is dynamically encrypted and stored based on the participation of the user, and the security of the digital signature is improved.
In the digital signature method provided by the embodiment of the disclosure, the server comprises the server and the cipher machine, and the encryption and decryption of the private key are executed in the cipher machine, so that the calculation of data is ensured to be in a relatively closed environment, the server is prevented from being wiretapped illegally, and the signature security is further improved.
According to the digital signature method provided by the embodiment of the disclosure, after the client-side secret key is received, the client-side secret key is decrypted by using the server-side encryption factor, and the server-side encryption factor is distributed to the client side by the server side, so that the client side encrypts the client-side secret key according to the server-side encryption factor, encryption is performed in the sending process of the client-side secret key, information leakage in the sending process is avoided, and the safety is further improved.
The private key collaborative encryption method provided in the disclosure is applied to a server, and the encryption method includes receiving a client key, generating the client key based on user identification information input by a user, generating a server encryption key based on a first server key parameter generated randomly and the client key, and encrypting a first private key ciphertext by using the server encryption key to obtain an encrypted second private key ciphertext. The client-side secret key generated based on the user identification information and the randomly generated first server-side secret key parameter are utilized to jointly encrypt the first private key ciphertext, and the second private key ciphertext can be encrypted and decrypted only under the condition that a user participates, so that the client-side secret key and the server-side secret key cannot singly forge a user signature but can realize the signature only through cooperation of the user and a system under the condition that the user does not participate, and the use safety of the user private key is improved.
Drawings
In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present disclosure, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a schematic diagram of a digital signature system in accordance with some embodiments of the present disclosure.
Fig. 2 is a flow chart of a private key collaborative encryption method according to some embodiments of the present disclosure.
Fig. 3 is a schematic diagram of a private key collaborative encryption method according to an embodiment of the present disclosure.
Fig. 4 is a flow chart of a digital signature method in some embodiments according to the present disclosure.
Fig. 5 is a flow chart of a digital signature method according to further embodiments of the present disclosure.
Fig. 6 is a flow chart of a digital signature method in accordance with still other embodiments of the present disclosure.
Fig. 7 is a flow chart of a digital signature method in accordance with still further embodiments of the present disclosure.
Fig. 8 is a schematic diagram of a digital signature method according to an embodiment of the present disclosure.
Fig. 9 is a schematic diagram of a digital signature method according to another embodiment of the present disclosure.
Fig. 10 is a schematic diagram of a digital signature apparatus in accordance with some embodiments of the present disclosure.
Fig. 11 is a schematic diagram of a digital signature apparatus according to further embodiments of the present disclosure.
Fig. 12 is a schematic diagram of a digital signature apparatus according to still other embodiments of the present disclosure.
Fig. 13 is a schematic diagram of a digital signature apparatus in accordance with still other embodiments of the present disclosure.
Fig. 14 is a schematic diagram of a private key collaborative encryption apparatus according to some embodiments of the present disclosure.
FIG. 15 is a schematic diagram of a computer system suitable for use in implementing the disclosed method.
Detailed Description
The technical solutions of the present disclosure will be described clearly and completely with reference to the accompanying drawings, and it is to be understood that the described embodiments are only some embodiments of the present disclosure, but not all embodiments. All other embodiments, which can be derived by one of ordinary skill in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure. In addition, technical features involved in different embodiments of the present disclosure described below may be combined with each other as long as they do not conflict with each other.
In a first aspect, the method provided by the present disclosure is applied to a digital signature system, and fig. 1 illustrates a digital signature system suitable for implementing the method of the present disclosure in some embodiments. As shown in fig. 1, the system may include a client 200 and a server 300.
The client 200 may be any intelligent terminal with internet access function, for example, a mobile phone, a tablet computer, a Personal Digital Assistant (PDA), and the like, and the client 200 may access the server 300 through a wireless network. In which the client 200 receives the user identification information, for example, the user 100 may input the user identification information on the client 200, so that the client 200 receives the user identification information input by the user.
The user Identification information may be understood as a user Identification that is personally owned by the user and represents the user identity, such as a Personal Identification Number (PIN) code input by the user, and further, for example, identification information that represents a physiological characteristic of the user, such as data information such as sound and fingerprint.
The server 300 may be a server or a cluster of servers that provide respective data storage, analysis, and processing in response to client requests. For example, in the implementation shown in fig. 1, the server 300 includes a server 310 and a cryptographic engine 320. The server 310 establishes a communicable connection with the client 200 through a wireless network, thereby providing corresponding data storage, analysis, and the like according to a service request of the client 200. It is understood that one server 310 may provide one or more services, and that the same service may be provided by multiple servers 310. The encryption engine 320 is a device for encrypting and decrypting data, and the encryption engine 320 performs an encryption or decryption operation on data according to a request sent by the server 310, which is an operation in a closed environment.
In a second aspect, in order to improve the security of storage and use of the user private key, the disclosure provides a private key collaborative encryption method, so that the user private key can be encrypted and stored, and the security of the user private key is improved. A private key collaborative encryption method in accordance with some embodiments of the present disclosure is illustrated in fig. 2.
As shown in fig. 2, in some embodiments, the private key collaborative encryption method provided by the present disclosure is applied to the server 300, and the method includes:
s201, a client key is received, and the client key is generated by the client based on user identification information input by a user.
Specifically, in one example, the user identification information is a user PIN code, and the user PIN code is input by the user on the client, so that the client obtains the PIN code input by the user, and generates a client key according to the PIN code, and sends the client key to the server.
It is understood that the user identification information may also be other types of identification information, such as data information like user voice, fingerprint, etc., which is not limited by this disclosure. In this step, a client key is generated based on the user identification information, thereby ensuring that the user participates in the entire encryption process. The process of the client generating the client key according to the user identification information is explained below.
S202, randomly generating a first server key parameter, and generating a server encryption key based on the client key and the first server key parameter.
Specifically, the server randomly generates the first server key parameter, for example, a random number between [1,n-1] may be randomly generated by the server 310 or the cryptographic machine 320, and the random number is used as the first server key parameter. And generating a server encryption key according to the randomly generated first server key parameter and the received client key. It can be understood that since the first server key parameter is randomly generated, the server encryption key is an encryption result with randomness.
S203, obtaining a first private key ciphertext, wherein the first private key ciphertext is generated based on a user private key.
It should be noted that, when performing digital signature, the digital signature can be performed only by using the user private key, once the user private key is leaked, an illegal person can forge the digital signature of the user by using the user private key, and therefore, the security of the user private key storage directly relates to the security of the digital signature.
Specifically, in this step, the user private key may be generated in advance by the cryptographic device, and the user private key is encrypted to obtain the first private key ciphertext.
S204, encrypting the first private key ciphertext according to the server encryption key and the first server key parameter to obtain and store a second private key ciphertext.
First, it should be noted that, in the related art, a first private key ciphertext is generally stored in a client or a server, so that when a user performs a digital signature, the client or the server decrypts the first private key ciphertext according to a signature request of the user, and then a user private key is obtained, thereby completing the digital signature.
In the step of this embodiment, the server encrypts the first private key ciphertext again according to the server encryption key and the first server key parameter to obtain a second private key ciphertext, and stores the second private key ciphertext in the server. The process of encrypting the first private key ciphertext by the server is described below.
Through the above embodiment, it can be understood that in the method of the present disclosure, the server side encryption key contains the user identification information parameter, and the first server side key parameter has randomness, so that it is ensured that a user participates in the first private key ciphertext encryption process, and the second private key ciphertext has randomness. Therefore, when the user private key is used, the user must participate in decrypting the second private key ciphertext, an illegal party cannot singly forge a user signature, each encryption has randomness, dynamic encryption of the user private key is formed, and the security of private key ciphertext storage is higher.
One embodiment of the private key collaborative encryption method provided by the present disclosure is shown in fig. 3. As shown in fig. 3, in the present embodiment, the method of the present disclosure may be applied to the system shown in fig. 1, which includes:
s301, user identification information P is input.
In particular, the user identification information P may be data information such as a PIN code of the user, or physiological characteristics of the user. In this embodiment, the user identification information P takes a user PIN code as an example, and a user can input a preset PIN code through an input tool provided by the client, such as a keyboard, a virtual keyboard, and the like, so that the client acquires the PIN code of the user.
S302, a client secret key D is generated based on the user identification information P.
In this embodiment, since the user identification information P is personal information grasped by the user, in order to ensure that the user identification information P is not illegally obtained in the transmission process between the client and the server, the SM2 key derivation function KDF is used to encrypt the user identification information P, and an encryption result obtained is a, which can be expressed as:
A=KDF(P)
the SM2 elliptic curve algorithm is a safer public key cryptographic algorithm, the SM2 algorithm is used for encrypting the user identification information P, the encryption result A is used as a private key, a corresponding public key is generated according to the encryption result A, and the public key is used as a client secret key D.
S303, sending the client key D.
And the client sends the generated client secret key D to the server.
S304, sending the client key D.
Specifically, in the present embodiment, to further improve the security of the encryption process, the encryption process of the user private key is executed in the cryptographic engine. The server forwards a client-side secret key D sent by the client side to the cipher machine, so that the subsequent encryption process is ensured to be in a relatively closed hardware environment, and the encryption process is prevented from being intercepted illegally.
S305, randomly generating a first server key parameter R, and calculating according to R and D to obtain a server encryption key E.
In this embodiment, the cryptographic engine may generate a random number located in the interval [1,n-1] as the first server key parameter R, and calculate the server encryption key E according to the first server key parameter R and the client key D forwarded by the server, where the calculation process may be represented as:
E=R[D]
s306, obtaining a first private key ciphertext C.
Specifically, the first private key ciphertext C is generated based on a user private key, which may be a private key ciphertext that is generated in advance and stored at the server or the client, so that the cryptographic engine may extract the first private key ciphertext C from the server or the client. Or a private key ciphertext obtained by encrypting the private key of the user by using the cipher machine.
In an exemplary implementation, in this step, the cryptographic engine generates a user private key, encrypts the generated user private key with a built-in encryption key, and takes the encrypted result as a first private key ciphertext C. The process of encrypting the private key of the user by the cipher machine can be realized by adopting an encryption algorithm in the related technology, and the details of the disclosure are not repeated.
S307, according to the R and the D, encrypting the C to obtain a second private key ciphertext F.
Specifically, in the present embodiment, in order to further improve the security of the private key storage, the second private key ciphertext is divided into three segments for distributed storage, that is, the second private key ciphertext F includes the first ciphertext segment C1, the second ciphertext segment C2, and the third ciphertext segment C3.
In this step, when calculating the second private key ciphertext F, the method includes:
a first ciphertext fragment C1, denoted as
C1=R[G]
In the formula, G is a base point of the first server key parameter R on the n-th order of the elliptic curve in the elliptic curve algorithm.
And processing the first private key ciphertext C according to the server encryption key E to obtain a second ciphertext fragment C2. Specifically, E = (x 2, y 2) is disassembled first, where x and y are divided into abscissa and ordinate on an elliptic curve. The second ciphertext fragment C2 may be represented as
Performing Hash operation on the first private key ciphertext C according to the server-side encryption key E to obtain a third ciphertext fragment C3, which is expressed as
C3=Hash(x2||C||y2)
Thereby obtaining the encrypted second private key ciphertext F = C1| | | C2| | | C3. In the present embodiment, steps S305 to S307 are executed in the cryptographic engine, thereby improving the security of the encryption process.
And S308, returning the second private key ciphertext F to the server.
The second private key ciphertext F is obtained by combining the first service-side key parameter R and the user identification information P to perform encryption operation on the user private key, and cannot be used as the private key. And under the condition that no user participates, the server cannot singly forge the user signature, and the security degree of the user private key storage is higher. It is to be understood that the second private key ciphertext F may also be stored in the client or the cryptographic engine, which is not limited by this disclosure.
In some embodiments, it is considered that when the client and the server transmit the client key D, an illegal person may obtain the client key D, so that the user identification information P has a certain risk of leakage. Therefore, to further improve the security of data transmission between the client and the server, the method of the present disclosure further includes:
and the client encrypts the client secret key D according to the server encryption factor, and the server encryption factor is distributed to the client by the server.
And the server decrypts the encrypted client secret key D sent by the client by using the server encryption factor so as to obtain the client secret key D.
The server-side encryption factor may be an encryption parameter generated by the server, and the public key encryption method in the related art is adopted as a way of encrypting the client-side secret key D, which is not described herein again. Due to the fact that the client secret key D is encrypted, the risk of user information leakage is reduced in the sending process of the client secret key D, and safety is further improved.
In a third aspect, the present disclosure provides a method for digitally signing, which may be implemented in the second aspect. In some embodiments, the method for digitally signing provided by the present disclosure may be applied to a server. The server can be implemented, for example, with reference to the server 300 in the embodiment of fig. 1, and the server stores a second private key ciphertext, which can be obtained by the method in the embodiment of the second aspect, and is not described herein again.
A digital signature method according to some embodiments of the present disclosure is illustrated in fig. 4, and as illustrated in fig. 4, the digital signature method of the present disclosure includes:
s401, when a digital signature request sent by a client is received, sending a first ciphertext fragment to the client, so that the client sets the first ciphertext fragment according to the user identification information to generate a client decryption key.
Specifically, the digital signature request refers to an instruction of a client to initiate a digital signature to a server, and the digital signature request may be triggered by a user through the client, or triggered by the client along with a user communication instruction when the user uses the client for communication.
When the server receives the digital signature request, the representation needs to use the user private key to complete the digital signature of the data to be signed, namely, the second private key ciphertext stored by the server needs to be decrypted, so that the user private key is obtained. Therefore, the server returns the first ciphertext fragment to the client, so that the client generates a client decryption key according to the user identification information input by the user and the first ciphertext fragment. The client decryption key generation process is described in detail below.
S402, receiving a client decryption key and data to be signed sent by the client.
Specifically, the data to be signed is data that needs to be digitally signed using a user private key, and the data may be, for example, information input by a user, and may further be, for example, data information corresponding to a user request. And the server receives the client decryption key generated by the client and the data to be signed.
And S403, decrypting the second ciphertext fragment by using the client decryption key to obtain a first private key ciphertext.
Specifically, the server decrypts the second ciphertext fragment according to the received client decryption key, and the second ciphertext fragment is obtained by encrypting the first private key ciphertext, so that the first private key ciphertext is obtained by decrypting the second ciphertext fragment.
S404, performing digital signature on the data to be signed according to the first private key ciphertext.
Specifically, in some embodiments, the step specifically comprises:
decrypting the first private key ciphertext to obtain a user private key;
and carrying out digital signature on the data to be signed by using a private key.
After the server side obtains the first private key ciphertext, the first private key ciphertext is obtained by encrypting the user private key, so that the user private key can be obtained by decrypting the first private key ciphertext, and digital signature of data to be signed is completed by using the user private key.
In some embodiments, as shown in fig. 5, in step S403, decrypting the second ciphertext fragment with the client decryption key to obtain the first private key ciphertext includes:
s4031, the second ciphertext fragment is decrypted according to the client decryption key, and a private key ciphertext to be verified is obtained.
And the server decrypts the second ciphertext fragment according to the received client decryption key to obtain the to-be-verified private key ciphertext. The to-be-verified private key ciphertext refers to the content of the ciphertext which needs to be verified so as to ensure that the private key ciphertext is not changed.
S4032, hash operation is carried out on the private key ciphertext to be verified according to the client decryption key, and a fourth ciphertext fragment is obtained.
And the server performs Hash operation on the private key ciphertext to be verified according to the received client decryption key, so as to obtain a Hash value of the ciphertext to be verified, namely a fourth ciphertext fragment.
S4033, whether the fourth ciphertext fragment is the same as the third ciphertext fragment is judged. If yes, go to step S4034. If not, go to step S4035.
S4034, the cipher text of the private key to be verified is determined to be the first cipher text of the private key.
S4035, the secret key cryptograph to be verified is determined not to be the first secret key cryptograph.
Specifically, in steps S4033 to S4035, the third ciphertext fragment is a Hash value obtained by performing Hash operation on the first private key ciphertext, and if the first private key ciphertext is not changed in the storage process, the Hash value of the private key ciphertext to be verified decrypted by the second ciphertext fragment should be the same as the Hash value of the first private key ciphertext, that is, the fourth ciphertext fragment is the same as the third ciphertext fragment. If the first private key ciphertext is illegally changed in the storage process, the hash value of the private key ciphertext to be verified decrypted by the second ciphertext fragment is different from the hash value of the first private key ciphertext, that is, the fourth ciphertext fragment is different from the third ciphertext fragment.
In the embodiment of fig. 5, the fourth ciphertext fragment is compared with the third ciphertext fragment, and when the fourth ciphertext fragment and the third ciphertext fragment are the same, it indicates that the second ciphertext fragment has not been illegally modified, so that the ciphertext of the private key to be verified is determined as the ciphertext of the first private key and is provided to the user, and the security of the storage of the private key of the user is further ensured.
In some embodiments, on the basis of the embodiment of fig. 4, after the digital signature of the data to be signed is completed in step S404, the method of the present disclosure further includes a process of encrypting and saving the first private key ciphertext again. Specifically, as shown in fig. 6, after the step S404, the method of the present disclosure further includes:
s405, the server receives the client key, and the client key is generated based on the user identification information.
Specifically, the step may refer to the step S201, which is not described herein again.
S406, randomly generating a second server key parameter, and generating a server encryption key based on the client key and the second server key parameter.
Specifically, the server randomly generates a second server key parameter, and the second server key parameter may refer to the generation manner of the first server key parameter, which is not described herein again. And the server generates a server encryption key according to the randomly generated second server key parameter and the received client key. It can be understood that, since the second server side key parameter is randomly generated, the server side encryption key is an encryption result with randomness, and the process of encrypting the user private key after each signature is a random encryption result.
S407, encrypting the first private key ciphertext according to the server side encryption key and the second server side key parameter to obtain and store a second private key ciphertext.
Specifically, after the server completes digital signature of the data to be signed, the server encrypts the first private key ciphertext again according to the server encryption key and the randomly generated second server key parameter. For example, in an exemplary implementation, the user private key is first encrypted to obtain a first private key ciphertext, and then the first private key ciphertext is encrypted according to the server encryption key and a randomly generated second server key parameter, and the encryption process may refer to the foregoing implementation, which is not described herein again.
Through the embodiment of fig. 6, it can be understood that the server encryption key contains the user identification information parameter, and the first server key parameter has randomness, so that the user participates in the process of encrypting the user private key each time, and the second private key ciphertext has randomness, so that the storage security of the user private key is higher.
In a fourth aspect, the present disclosure also provides a method for digital signature, which is applied to a client and executed by the client. The client may refer to the client 200 in the embodiment of fig. 1, and is not described herein again.
A method according to some embodiments of the present disclosure is illustrated in fig. 7, and as shown in fig. 7, the method includes:
and S701, when receiving a signature command of a user, sending a digital signature request to a server.
Specifically, the user may trigger the signature instruction by triggering the signature instruction at the client, or the client triggers the signature instruction with the user communication instruction when the user uses the client communication. And after the signature command is triggered, the client sends a digital signature request to the server.
S702, receiving a first ciphertext fragment returned by the server according to the digital signature request, and generating a client decryption key according to the user identification information and the first ciphertext fragment input by the user.
And when receiving the digital signature request, the server returns a first ciphertext fragment to the client, and the client generates a client decryption key according to the user identification information and the first ciphertext fragment input by the user. The client decryption key generation process is described in detail below.
And S703, sending the client decryption key and the data to be signed to the server.
Specifically, the data to be signed is data that needs to be digitally signed using a user private key, and the data may be, for example, information input by a user, and may further be, for example, data information corresponding to a user request. And the client sends the generated client decryption key and the data to be signed to the server.
And S704, receiving the signed data returned by the server.
And after the server finishes the digital signature, returning the signed data result to the client.
Fig. 8 shows a specific embodiment of the digital signature method of the present disclosure, and in this embodiment, the method may be applied to the system shown in fig. 1, for example, and the generation process of the second private key ciphertext may refer to the embodiment of fig. 3, which is not described herein again. As shown in fig. 8, in the present embodiment, the digital signature method includes:
s801, the user sends a signature instruction to the client.
In this embodiment, the user may trigger the signature command at the client, or when the user uses the client for communication, the client triggers the signature command along with the user communication command.
S802, the client sends a digital signature request to the server.
And after the signature instruction is triggered, the client generates a digital signature request and sends the digital signature request to the server.
S803, the server extracts the first ciphertext fragment C1.
S804, the server sends the first ciphertext fragment C1 to the client.
And the server extracts the stored first ciphertext fragment C1 according to the digital signature request and sends the first ciphertext fragment C1 to the client.
S805, the client receives user identification information P input by the user.
In an exemplary implementation, the user identification information P is a PIN code entered by the user through the client. The user identification information is information personally owned by the user.
And S806, generating a client decryption key XY according to the user identification information P and the first ciphertext fragment C1 sent by the server.
Specifically, when calculating the client decryption key XY, first, a client encryption private key a, which is expressed as
A=KDF(P)
Then, based on the client encryption private key A and the first ciphertext fragment C1, a client decryption key XY is obtained through calculation and is represented as
XY=[A]C1
S807, the client sends the client decryption key XY and the data to be signed to the server.
Specifically, the data to be signed is data that needs to be digitally signed using a user private key, and the data may be, for example, information input by a user, and may further be, for example, data information corresponding to a user request. And the client sends the calculated client decryption key XY and the data to be signed to the server.
S808, the server forwards the client decryption key XY and the data to be signed to the cipher machine.
In this embodiment, to further improve the security of the decryption process, the decryption process of the user private key is executed in the cryptographic engine. The server transmits a client decryption key XY and data to be signed sent by the client to the cipher machine, so that the subsequent decryption process is ensured to be in a relatively closed hardware environment, and the decryption process is prevented from being illegally intercepted.
S809, the cipher machine extracts the second ciphertext fragment C2 and the third ciphertext fragment C3.
The crypto machine extracts the second ciphertext fragment C2 and the third ciphertext fragment C3 stored in the server or the crypto machine.
S810, decrypting the second ciphertext fragment C2 by using the client decryption key XY to obtain a private key ciphertext C' to be verified.
Specifically, when the second ciphertext fragment C2 is decrypted, the formula is followed
And calculating to obtain a private key ciphertext C' to be verified.
S811, performing Hash operation on the private key ciphertext C' to be verified according to the client decryption key XY to obtain a fourth ciphertext fragment u.
Specifically, when performing Hash operation on C', first, XY = (x 2, y 2) is disassembled, where x and y are divided into horizontal and vertical coordinates on an elliptic curve, and the horizontal and vertical coordinates are calculated according to the formula
u=Hash(x2||C||y2)
And calculating to obtain a fourth ciphertext fragment u.
And S812, judging whether the fourth ciphertext fragment u is the same as the third ciphertext fragment C3, and if so, performing digital signature on the data to be signed according to the first ciphertext fragment C.
Specifically, whether the fourth ciphertext fragment u is the same as the third ciphertext fragment C3 is determined, the third ciphertext fragment C3 is a Hash value obtained by performing Hash operation on the first private key ciphertext C, and if the first private key ciphertext C is not changed in the storage process, the Hash value of the private key ciphertext C' to be verified, which is decrypted by the second ciphertext fragment C2, should be the same as the Hash value of the first private key ciphertext C, that is, the fourth ciphertext fragment u is the same as the third ciphertext fragment C3. If the first private key ciphertext C is illegally altered in the storage process, the hash value of the private key ciphertext C' to be verified decrypted by the second ciphertext fragment C2 is different from the hash value of the first private key ciphertext C, that is, the fourth ciphertext fragment u is different from the third ciphertext fragment C3.
If u is the same as C3, the data to be signed is signed by using the first private key ciphertext C, in an exemplary implementation, the first private key ciphertext C may be decrypted to obtain a user private key, and the crypto engine performs digital signature on the data to be signed by using the user private key.
S813, the cipher machine returns the signed data to the server.
S814, the server forwards the signed data to the client.
And after the digital signature is completed, the cipher machine sends the signed data to the client through the server.
Fig. 9 is another specific embodiment of the digital signature method of the present disclosure, and this embodiment is based on the embodiment of fig. 8, and therefore, the same steps are not described again, and only different steps are described.
In step S806, in the process of generating the client decryption key XY by the client according to the user identification information P and the first ciphertext fragment C1, the client key D is generated according to the user identification information P.
In step S807 and step S808, the client transmits the client key D, the client decryption key XY, and the data to be signed to the server. And the server forwards the client secret key D, the client decryption secret key XY and the data to be signed to the cipher machine.
After step S814, the method further includes:
s815, the cipher machine randomly generates a second server key parameter K, and a server encryption key E is obtained through calculation according to the second server key parameter K and the client key D.
Specifically, in an exemplary implementation, the cryptographic engine may generate a random number located in the interval [1,n-1] as the second server key parameter K, and calculate the server encryption key E according to the second server key parameter K and the client key D forwarded by the server, where the calculation process may be represented as:
E=K[D]
s816, according to the second server key parameter K and the client key D, the first private key ciphertext C is encrypted to obtain a second private key ciphertext L.
In an exemplary implementation, the calculation process of the second private key ciphertext L may refer to the calculation of the second private key ciphertext F in the foregoing embodiment, specifically: e = (x 3, y 3), C1= K [ G],
C3= Hash (x 3| | C | | | y 3), L = C1| | C2| | C3, to giveAnd two private key ciphertexts L.
And S817, returning a second private key ciphertext L to the server by the cipher machine, and storing the L by the server.
In the embodiment shown in fig. 9, after the cryptographic machine completes the digital signature of the data to be signed, the first private key ciphertext is encrypted again according to the server-side encryption key and the randomly generated second server-side key parameter, and the encryption process is executed in the cryptographic machine, so that the security is higher. And the server side encryption key comprises user identification information parameters, and the second server side key parameters have randomness, so that the participation of a user in the process of encrypting the user private key every time is ensured, the second private key ciphertext has randomness, and the storage security of the user private key is higher.
In a fifth aspect, the present disclosure further provides an apparatus for digitally signing, where the apparatus is applied to a server. An apparatus for digital signature in some embodiments is shown in fig. 10, and as shown in fig. 10, the apparatus includes:
the storage module 10 is configured to store a second private key ciphertext, where the second private key ciphertext includes a first ciphertext fragment and a second ciphertext fragment, and the second ciphertext fragment is obtained by processing the first private key ciphertext according to user identification information input by a user;
the first sending module 20 is configured to send a first ciphertext fragment to the client when receiving a digital signature request sent by the client, so that the client generates a client decryption key according to the user identification information and the first ciphertext fragment;
the first receiving module 30 is configured to receive a client decryption key and data to be signed, which are sent by a client;
the first processing module 40 is configured to decrypt the second ciphertext fragment with the client decryption key to obtain a first private key ciphertext; and
and the signature module 50 is configured to perform digital signature on the data to be signed according to the first private key ciphertext.
In some embodiments, the second private key ciphertext further includes a third ciphertext fragment, the third ciphertext fragment resulting from a Hash operation on the first private key ciphertext based on the user identification information,
the first processing module 40 is specifically configured to, when being configured to decrypt the second ciphertext fragment with the client decryption key to obtain the first private key ciphertext:
decrypting the second ciphertext fragment according to the client decryption key to obtain a private key ciphertext to be verified;
performing Hash operation on a private key ciphertext to be verified according to the client decryption key to obtain a fourth ciphertext fragment;
determining whether the fourth ciphertext fragment is the same as the third ciphertext fragment,
and if so, determining the private key ciphertext to be verified as the first private key ciphertext.
In some embodiments, as shown in fig. 11, the apparatus further comprises:
a second receiving module 60, configured to receive a client-side key, where the client-side key is generated based on the user identification information;
a first generating module 70, configured to randomly generate a first service-side key parameter, and generate a service-side encryption key based on the client-side key and the first service-side key parameter;
a first obtaining module 80, configured to obtain a first private key ciphertext, where the first private key ciphertext is generated based on a user private key; and
and the encryption module 90 is configured to encrypt the first private key ciphertext according to the server encryption key and the first server key parameter, so as to obtain and store a second private key ciphertext.
In some embodiments, after signature module 50 is configured to digitally sign data to be signed according to the first private key ciphertext,
the second receiving module 60 is further configured to receive a client key, where the client key is generated based on the user identification information;
the first generating module 70 is further configured to randomly generate a second server key parameter, and generate a server encryption key based on the client key and the second server key parameter;
the encryption module 90 is further configured to encrypt the first private key ciphertext according to the server encryption key and the second server key parameter, so as to obtain and store a second private key ciphertext.
In a sixth aspect, the present disclosure provides an apparatus for digital signature, which is applied to a client. Fig. 12 illustrates an apparatus in some embodiments, comprising:
the second sending module 1 is used for sending a digital signature request to the server side when receiving a signature instruction of a user;
the third receiving module 2 is used for receiving the first ciphertext fragment returned by the server according to the digital signature request, and generating a client decryption key according to the user identification information and the first ciphertext fragment input by the user;
the third sending module 3 is configured to send the client decryption key and the data to be signed to the server, so that the server performs digital signature on the data to be signed according to the first private key ciphertext after decrypting the second ciphertext fragment according to the client decryption key to obtain the first private key ciphertext; the second ciphertext fragment is obtained by the server side processing the first private key ciphertext according to the user identification information;
and the fourth receiving module 4 is configured to receive the signed data returned by the server.
In some embodiments, as shown in fig. 13, the apparatus further comprises:
a second obtaining module 5, configured to obtain user identification information input by a user;
a second generating module 6, configured to generate a client key based on the user identification information;
and the fourth sending module 7 is configured to send the client-side key to the server side, so that the server side encrypts the first private key ciphertext based on the client-side key.
In a seventh aspect, the present disclosure provides a private key collaborative encryption apparatus, which is applied to a server. Fig. 14 illustrates an apparatus in some embodiments, comprising:
a fifth receiving module 100, configured to receive a client-side key, where the client-side key is generated by the client-side based on user identification information input by the user;
a third generating module 200, configured to randomly generate a first service-side key parameter, and generate a service-side encryption key based on the client-side key and the first service-side key parameter;
a third obtaining module 300, configured to obtain a first private key ciphertext, where the first private key ciphertext is generated based on a user private key;
the second processing module 400 is configured to encrypt the first private key ciphertext according to the server encryption key and the first server key parameter, to obtain and store a second private key ciphertext.
In an eighth aspect, the present disclosure provides an electronic device comprising:
a processor; and
a memory communicatively coupled to the processor and storing computer readable instructions readable by the processor, the processor performing the method of any of the above embodiments when the computer readable instructions are read.
In a ninth aspect, the present disclosure provides a storage medium storing computer instructions for causing a computer to perform the method of any one of the above embodiments.
In particular, fig. 15 shows a schematic structural diagram of a computer system 600 suitable for implementing the method or processor of the present disclosure, and the electronic device and the storage medium provided in the eighth aspect and the ninth aspect are implemented by the system shown in fig. 15.
As shown in fig. 15, the computer system 600 includes a Central Processing Unit (CPU) 601 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 602 or a program loaded from a storage section 608 into a Random Access Memory (RAM) 603. In the RAM 603, various programs and data necessary for the operation of the system 600 are also stored. The CPU 601, ROM 602, and RAM 603 are connected to each other via a bus 604. An input/output (I/O) interface 605 is also connected to bus 604.
The following components are connected to the I/O interface 605: an input portion 606 including a keyboard, a mouse, and the like; an output portion 607 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section 608 including a hard disk and the like; and a communication section 609 including a network interface card such as a LAN card, a modem, or the like. The communication section 609 performs communication processing via a network such as the internet. The driver 610 is also connected to the I/O interface 605 as needed. A removable medium 611 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 610 as necessary, so that a computer program read out therefrom is mounted in the storage section 608 as necessary.
In particular, the above method processes may be implemented as a computer software program according to embodiments of the present disclosure. For example, embodiments of the present disclosure include a computer program product comprising a computer program tangibly embodied on a machine-readable medium, the computer program comprising program code for performing the above-described method. In such embodiments, the computer program may be downloaded and installed from a network through the communication section 609, and/or installed from the removable medium 611.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
It should be understood that the above embodiments are only examples for clearly illustrating the present invention, and are not intended to limit the present invention. Other variations and modifications will be apparent to persons skilled in the art in light of the above description. And are neither required nor exhaustive of all embodiments. And obvious variations or modifications of the present disclosure may be made without departing from the scope of the present disclosure.
Claims (18)
1. A method for digital signature, applied to a server, the method comprising:
receiving a client key, wherein the client key is generated based on user identification information;
randomly generating a first service side key parameter, and generating a service side encryption key based on the client side key and the first service side key parameter;
obtaining a first private key ciphertext, wherein the first private key ciphertext is generated based on a user private key;
encrypting the first private key ciphertext according to the server side encryption key and the first server side key parameter to obtain and store a second private key ciphertext;
when a digital signature request sent by a client is received, sending a first ciphertext fragment of the second private key ciphertext to the client, so that the client generates a client decryption key according to the user identification information and the first ciphertext fragment;
receiving the client decryption key and the data to be signed sent by the client;
decrypting a second ciphertext fragment of the second private key ciphertext by using the client decryption key to obtain the first private key ciphertext;
and carrying out digital signature on the data to be signed according to the first private key ciphertext.
2. The method of claim 1, wherein the second private key ciphertext further comprises a third ciphertext fragment, the third ciphertext fragment resulting from a Hash operation on the first private key ciphertext based on the user identification information,
the decrypting the second ciphertext fragment with the client decryption key to obtain the first private key ciphertext includes:
decrypting the second ciphertext fragment according to the client decryption key to obtain a private key ciphertext to be verified;
performing Hash operation on the private key ciphertext to be verified according to the client decryption key to obtain a fourth ciphertext fragment;
determining whether the fourth ciphertext fragment is the same as the third ciphertext fragment,
and if so, determining the private key ciphertext to be verified as the first private key ciphertext.
3. The method according to claim 1, wherein the digitally signing the data to be signed according to the first private key ciphertext comprises:
decrypting the first private key ciphertext to obtain a user private key;
and carrying out digital signature on the data to be signed by utilizing the user private key.
4. The method of claim 1, wherein the encrypting the first private key ciphertext according to the server-side encryption key and the first server-side key parameter to obtain the second private key ciphertext comprises:
obtaining the first ciphertext fragment according to the first server key parameter;
and processing the first private key ciphertext according to the server side encryption key to obtain the second ciphertext fragment.
5. The method of claim 1, wherein the second private key ciphertext further comprises a third ciphertext fragment,
the encrypting the first private key ciphertext according to the server side encryption key and the first server side key parameter to obtain a second private key ciphertext, further comprising:
and carrying out Hash operation on the first private key ciphertext according to the server side encryption key to obtain a third ciphertext fragment.
6. The method according to any one of claims 1 to 3, further comprising, after the digitally signing the data to be signed according to the first private key ciphertext:
receiving the client key;
randomly generating a second server key parameter, and generating a server encryption key based on the client key and the second server key parameter;
and encrypting the first private key ciphertext according to the server side encryption key and the second server side key parameter to obtain and store the second private key ciphertext.
7. The method of claim 1, wherein the server comprises a server and a cryptographic engine,
the receiving a client key includes: the server receives the client-side secret key and sends the client-side secret key to the cipher machine;
the randomly generating a first service key parameter and generating a service encryption key based on the client key and the first service key parameter comprises: the cipher machine randomly generates the first service side key parameter and generates a service side encryption key based on the client side key and the first service side key parameter;
the obtaining of the first private key ciphertext, where the first private key ciphertext is generated based on a user private key, includes: the cipher machine acquires the first private key ciphertext, and encrypts the first private key ciphertext according to the server encryption key and the first server key parameter to obtain a second private key ciphertext;
the encrypting the first private key ciphertext according to the server encryption key and the first server key parameter to obtain and store the second private key ciphertext includes: and the cipher machine sends the second private key ciphertext to a server so that the server stores the second private key ciphertext.
8. The method of claim 7, further comprising:
when the server receives a digital signature request sent by a client, extracting the first ciphertext fragment and sending the first ciphertext fragment to the client;
the server receives the client decryption key and the data to be signed sent by the client, and sends the client decryption key and the data to be signed to the cipher machine;
the cipher machine decrypts the second ciphertext fragment by using the client decryption key to obtain the first private key ciphertext, and digitally signs the data to be signed according to the first private key ciphertext;
and the cipher machine sends the signed data to the server so that the server sends the signed data to the client.
9. The method of claim 1, further comprising, prior to generating a server-side encryption key based on the client-side key and the first server-side key parameter:
and decrypting the client-side secret key by using the server-side encryption factor, wherein the server-side encryption factor is distributed to the client side by the server side so that the client side encrypts the client-side secret key according to the server-side encryption factor.
10. A method of digital signature, applied to a client, the method comprising:
acquiring user identification information input by a user;
generating a client key based on the user identification information;
sending the client key to the server side, so that the server side encrypts the first private key ciphertext based on the client key to obtain a second private key ciphertext; the second private key ciphertext comprises a first ciphertext fragment and a second ciphertext fragment, and the second ciphertext fragment is obtained by encrypting the first private key ciphertext by the server according to the user identification information;
when a signature instruction of a user is received, a digital signature request is sent to a server;
receiving the first ciphertext fragment returned by the server according to the digital signature request, and generating a client decryption key according to user identification information input by a user and the first ciphertext fragment;
sending the client decryption key and the data to be signed to a server, so that the server carries out digital signature on the data to be signed according to the first private key ciphertext after decrypting the second ciphertext fragment according to the client decryption key to obtain the first private key ciphertext;
and receiving the signed data returned by the server.
11. The method of claim 10, further comprising, prior to said sending the client key to the server:
and encrypting the client-side secret key according to the server-side encryption factor, wherein the server-side encryption factor is distributed by the server side.
12. A system for digital signature is characterized in that the system comprises a server and a client,
the server is used for receiving a client key, and the client key is generated by the client based on user identification information input by a user; randomly generating a first service side key parameter, and generating a service side encryption key based on the client side key and the first service side key parameter; obtaining a first private key ciphertext, wherein the first private key ciphertext is generated based on a user private key; encrypting the first private key ciphertext according to the server side encryption key and the first server side key parameter to obtain and store a second private key ciphertext; when a digital signature request sent by a client is received, sending a first ciphertext fragment of the second private key ciphertext to the client, so that the client generates a client decryption key according to the user identification information and the first ciphertext fragment; receiving the client decryption key and the data to be signed sent by the client; decrypting a second ciphertext fragment of the second private key ciphertext by using the client decryption key to obtain the first private key ciphertext; performing digital signature on the data to be signed according to the first private key ciphertext;
the client is used for acquiring the user identification information input by the user; generating a client key based on the user identification information; sending the client key to a server side so that the server side encrypts the first private key ciphertext based on the client key; when a signature instruction of a user is received, a digital signature request is sent to a server; receiving a first ciphertext fragment returned by the server according to the digital signature request, and generating a client decryption key according to user identification information input by a user and the first ciphertext fragment; sending the client decryption key and the data to be signed to a server, so that the server carries out digital signature on the data to be signed according to a first private key ciphertext after decrypting a second ciphertext fragment according to the client decryption key to obtain the first private key ciphertext; the second ciphertext fragment is obtained by encrypting the first private key ciphertext by the server side according to the user identification information; and receiving the signed data returned by the server.
13. An apparatus for digital signature, applied to a server, the apparatus comprising:
the second receiving module is used for receiving a client-side secret key, and the client-side secret key is generated based on the user identification information;
the first generation module is used for randomly generating a first service side key parameter and generating a service side encryption key based on the client side key and the first service side key parameter;
the first obtaining module is used for obtaining a first private key ciphertext, and the first private key ciphertext is generated based on a user private key; and
the encryption module is used for encrypting the first private key ciphertext according to the server encryption key and the first server key parameter to obtain and store a second private key ciphertext;
the storage module is used for storing a second private key ciphertext, the second private key ciphertext comprises a first ciphertext fragment and a second ciphertext fragment, and the second ciphertext fragment is obtained by processing the first private key ciphertext according to user identification information input by a user;
the first sending module is used for sending the first ciphertext fragment to the client when receiving a digital signature request sent by the client, so that the client generates a client decryption key according to the user identification information and the first ciphertext fragment;
the first receiving module is used for receiving the client decryption key and the data to be signed sent by the client;
the first processing module is used for decrypting the second ciphertext fragment by using the client decryption key to obtain the first private key ciphertext; and
and the signature module is used for carrying out digital signature on the data to be signed according to the first private key ciphertext.
14. The apparatus of claim 13, wherein the second private key ciphertext further comprises a third ciphertext fragment, the third ciphertext fragment resulting from a Hash operation on the first private key ciphertext based on the user identification information,
the first processing module, when being configured to decrypt the second ciphertext fragment with the client decryption key to obtain the first private key ciphertext, is specifically configured to:
decrypting the second ciphertext fragment according to the client decryption key to obtain a private key ciphertext to be verified;
performing Hash operation on the private key ciphertext to be verified according to the client decryption key to obtain a fourth ciphertext fragment;
determining whether the fourth ciphertext fragment is the same as the third ciphertext fragment,
and if so, determining the private key ciphertext to be verified as the first private key ciphertext.
15. The apparatus of claim 13, wherein after the signing module is configured to digitally sign the data to be signed according to the first private key ciphertext,
the second receiving module is further configured to receive the client-side key;
the first generation module is further used for randomly generating a second server key parameter and generating a server encryption key based on the client key and the second server key parameter;
the encryption module is further configured to encrypt the first private key ciphertext according to the server encryption key and the second server key parameter, so as to obtain and store the second private key ciphertext.
16. An apparatus for digital signature, applied to a client, the apparatus comprising:
the second acquisition module is used for acquiring user identification information input by a user;
a second generation module, configured to generate a client key based on the user identification information;
the fourth sending module is used for sending the client-side secret key to the server side so that the server side can encrypt the first private key ciphertext based on the client-side secret key to obtain a second private key ciphertext; the second private key ciphertext comprises a first ciphertext fragment and a second ciphertext fragment, and the second ciphertext fragment is obtained by encrypting the first private key ciphertext by the server according to the user identification information;
the second sending module is used for sending a digital signature request to the server side when receiving a signature instruction of a user;
the third receiving module is used for receiving the first ciphertext fragment returned by the server according to the digital signature request and generating a client decryption key according to the user identification information input by the user and the first ciphertext fragment;
the third sending module is used for sending the client decryption key and the data to be signed to the server, so that the server carries out digital signature on the data to be signed according to the first private key ciphertext after decrypting the second ciphertext fragment according to the client decryption key to obtain the first private key ciphertext;
and the fourth receiving module is used for receiving the signed data returned by the server.
17. An electronic device, comprising:
a processor; and
a memory, communicatively coupled to the processor, storing computer readable instructions readable by the processor, the processor performing the method of any of claims 1 to 11 when the computer readable instructions are read.
18. A storage medium having stored thereon computer instructions for causing a computer to perform the method of any one of claims 1 to 11.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911371679.4A CN111130803B (en) | 2019-12-26 | 2019-12-26 | Method, system and device for digital signature |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911371679.4A CN111130803B (en) | 2019-12-26 | 2019-12-26 | Method, system and device for digital signature |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111130803A CN111130803A (en) | 2020-05-08 |
| CN111130803B true CN111130803B (en) | 2023-02-17 |
Family
ID=70503582
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911371679.4A Active CN111130803B (en) | 2019-12-26 | 2019-12-26 | Method, system and device for digital signature |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111130803B (en) |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111628863B (en) * | 2020-05-29 | 2021-02-09 | 北京海泰方圆科技股份有限公司 | Data signature method and device, electronic equipment and storage medium |
| CN111769940B (en) * | 2020-07-09 | 2023-02-03 | 天翼物联科技有限公司 | Online key distribution method, system and medium |
| CN111970114B (en) * | 2020-08-31 | 2023-08-18 | 中移(杭州)信息技术有限公司 | File encryption method, system, server and storage medium |
| WO2022121940A1 (en) * | 2020-12-09 | 2022-06-16 | 北京深思数盾科技股份有限公司 | Information processing method for service key, and serving end and system |
| CN112733200B (en) * | 2020-12-30 | 2023-02-10 | 北京深盾科技股份有限公司 | Information processing method, encryption machine and information processing system of service key |
| CN112581285B (en) * | 2020-12-28 | 2022-12-09 | 上海万向区块链股份公司 | Block chain-based account generation method, system and medium in stock right transaction system |
| CN113032802B (en) * | 2021-03-09 | 2023-09-19 | 航天信息股份有限公司 | Data security storage method and system |
| CN114499871B (en) * | 2021-12-23 | 2024-01-09 | 成都卫士通信息产业股份有限公司 | Signature encryption method, device and system and computer readable storage medium |
| CN114844716B (en) * | 2022-05-25 | 2023-07-25 | 中国联合网络通信集团有限公司 | Digital signature message processing method, device, equipment and computer medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107395368A (en) * | 2017-08-18 | 2017-11-24 | 北京无字天书科技有限公司 | Without the digital signature method in media environment and solution encapsulating method and decryption method |
| CN108173648A (en) * | 2017-12-29 | 2018-06-15 | 数安时代科技股份有限公司 | Security processing method, equipment and storage medium based on private key escrow |
| WO2018127081A1 (en) * | 2017-01-04 | 2018-07-12 | 天地融科技股份有限公司 | Method and system for obtaining encryption key |
| CN108494551A (en) * | 2018-03-16 | 2018-09-04 | 数安时代科技股份有限公司 | Processing method, system, computer equipment and storage medium based on collaboration key |
| WO2019052286A1 (en) * | 2017-09-12 | 2019-03-21 | 广州广电运通金融电子股份有限公司 | User identity verification method, apparatus and system based on blockchain |
-
2019
- 2019-12-26 CN CN201911371679.4A patent/CN111130803B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018127081A1 (en) * | 2017-01-04 | 2018-07-12 | 天地融科技股份有限公司 | Method and system for obtaining encryption key |
| CN107395368A (en) * | 2017-08-18 | 2017-11-24 | 北京无字天书科技有限公司 | Without the digital signature method in media environment and solution encapsulating method and decryption method |
| WO2019052286A1 (en) * | 2017-09-12 | 2019-03-21 | 广州广电运通金融电子股份有限公司 | User identity verification method, apparatus and system based on blockchain |
| CN108173648A (en) * | 2017-12-29 | 2018-06-15 | 数安时代科技股份有限公司 | Security processing method, equipment and storage medium based on private key escrow |
| CN108494551A (en) * | 2018-03-16 | 2018-09-04 | 数安时代科技股份有限公司 | Processing method, system, computer equipment and storage medium based on collaboration key |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111130803A (en) | 2020-05-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111130803B (en) | Method, system and device for digital signature | |
| US10785019B2 (en) | Data transmission method and apparatus | |
| CN107483212B (en) | Method for generating digital signature by cooperation of two parties | |
| US6125185A (en) | System and method for encryption key generation | |
| CN110932851B (en) | PKI-based multi-party cooperative operation key protection method | |
| CN110969431B (en) | Secure hosting method, device and system for private key of blockchain digital coin | |
| CN113691502B (en) | Communication method, device, gateway server, client and storage medium | |
| CN110690956B (en) | Bidirectional authentication method and system, server and terminal | |
| CN108199847B (en) | Digital security processing method, computer device, and storage medium | |
| CN111342955B (en) | Communication method and device and computer storage medium | |
| CN109921905B (en) | Anti-quantum computation key negotiation method and system based on private key pool | |
| CN107465665A (en) | A kind of file encryption-decryption method based on fingerprint identification technology | |
| CN105407467A (en) | Short message encryption methods, devices and system | |
| CN106411520B (en) | Method, device and system for processing virtual resource data | |
| CN110519226B (en) | Quantum communication server secret communication method and system based on asymmetric key pool and implicit certificate | |
| US20060129812A1 (en) | Authentication for admitting parties into a network | |
| US7360238B2 (en) | Method and system for authentication of a user | |
| US20240106633A1 (en) | Account opening methods, systems, and apparatuses | |
| CN110995648A (en) | Secure encryption method | |
| WO2020042023A1 (en) | Instant messaging data encryption method and apparatus | |
| CN102036194B (en) | Method and system for encrypting MMS | |
| CN117081736A (en) | Key distribution method, key distribution device, communication method, and communication device | |
| CN111212068B (en) | Method for encrypting and decrypting characters by input method | |
| CN114448640A (en) | Double-blind information distribution method and device and computer readable storage medium | |
| KR20180046425A (en) | Public key based encryption method and key generation server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP02 | Change in the address of a patent holder |
Address after: Room 301-A30, 3rd Floor, 123 Dongjiao South Road, Liwan District, Guangzhou City, Guangdong Province, 510375 Patentee after: Xin'an Shenzhou Technology (Guangzhou) Co.,Ltd. Address before: Unit 3F-13, Self-made Building A, No. 16, East Ho Shell Street, Shixi Village, Haizhu District, Guangzhou City, Guangdong Province, 510000 Patentee before: Xin'an Shenzhou Technology (Guangzhou) Co.,Ltd. |
|
| CP02 | Change in the address of a patent holder |