CN111177801A

CN111177801A - Signature method and device of electronic document, storage medium and electronic equipment

Info

Publication number: CN111177801A
Application number: CN201911421890.2A
Authority: CN
Inventors: 朱启坤; 李利; 解军伟; 马书超
Original assignee: Aisino Corp
Current assignee: Aisino Corp
Priority date: 2019-12-31
Filing date: 2019-12-31
Publication date: 2020-05-19
Anticipated expiration: 2039-12-31
Also published as: CN111177801B

Abstract

The present disclosure relates to a signature method, apparatus, storage medium and electronic device for an electronic document, the method applied to a server, including: receiving document data sent by a client, generating an electronic document to be signed according to a pre-stored stamp picture and the document data, acquiring a hash value and a random number of the electronic document to be signed, and sending first data to the client, wherein the first data comprises: the electronic document to be signed, the hash value and the random number are used, so that the client encrypts the hash value according to a signature private key to obtain a signature digital signature, the first data and the signature digital signature are used as second data to be sent to the server, if the hash value included in the second data sent by the client is matched with the random number, the signature digital signature included in the second data passes verification, a signed electronic document is generated according to the electronic document to be signed, the hash value and the signature digital signature included in the second data, and the signed electronic document is sent to the client. The server in the present disclosure need not store data in the verification process.

Description

Signature method and device of electronic document, storage medium and electronic equipment

Technical Field

The present disclosure relates to the field of electronic information technologies, and in particular, to a signature method and apparatus for an electronic document, a storage medium, and an electronic device.

Background

With the continuous development of electronic information technology, various electronic documents in different formats are widely applied to various technical fields, however, in the process of transmitting the electronic documents, risks of malicious tampering and counterfeiting exist, so that when the electronic documents are transmitted, the electronic documents need to be signed to ensure the safety of the electronic documents in the transmission process. In the prior art, signing an electronic document is mainly completed through a server. When a client needs to sign an electronic document, uploading document data to be signed to a server capable of providing a signing service, wherein the server needs to store the document data uploaded by the client. Since a server providing a signature service is usually a server cluster, that is, includes a plurality of servers, in order to ensure that a client can perform signature when accessing any server, data synchronization needs to be maintained among the plurality of servers all the time, the amount of data to be processed is large, the processing efficiency of the server is reduced, and expansion of the server cluster is not facilitated.

Disclosure of Invention

In order to solve the problems in the prior art, the present disclosure aims to provide a signature method and apparatus for an electronic document, a storage medium, and an electronic device.

In order to achieve the above object, according to a first aspect of the embodiments of the present disclosure, there is provided a signature method of an electronic document, applied to a server, the method including:

receiving document data sent by a client;

generating an electronic document to be signed according to a pre-stored stamp picture and the document data, wherein the electronic document to be signed comprises the stamp picture;

acquiring a hash value of the electronic document to be signed and a random number corresponding to the hash value;

sending first data to the client, the first data comprising: the electronic document to be signed, the hash value and the random number are used for enabling the client to encrypt the hash value according to a signature private key to obtain a signature digital signature, and the first data and the signature digital signature are used as second data and sent to the server;

if the hash value included in the second data sent by the client is matched with the random number included in the second data and the signature digital signature included in the second data passes verification, generating a signed electronic document according to the electronic document to be signed included in the second data, the hash value included in the second data and the signature digital signature included in the second data, wherein the signed electronic document includes the seal picture and the signature digital signature;

and sending the signed electronic document to the client.

Optionally, the obtaining the hash value of the electronic document to be signed and the random number corresponding to the hash value includes:

inputting the electronic document to be signed as a preset algorithm to obtain the hash value output by the preset algorithm;

and generating the random number by taking the hash value as a seed.

Optionally, before the generating of the signed electronic document according to the electronic document to be signed included in the second data, the hash value included in the second data, and the signature digital signature included in the second data, if the hash value included in the second data sent by the client matches the random number included in the second data, and the signature digital signature included in the second data passes verification, the method further includes:

taking the hash value included in the second data as a seed, generating a target random number, and if the random number included in the second data is the same as the target random number, determining that the hash value included in the second data is matched with the random number included in the second data;

and decrypting the signature digital signature included in the second data according to a signature public key, wherein the signature public key is a public key corresponding to the signature private key, and if the signature digital signature included in the second data is decrypted by the signature public key, determining that the signature digital signature included in the second data passes verification.

Optionally, the receiving the document data sent by the client includes:

receiving the document data and a first digital signature sent by the client, wherein the first digital signature is a digital signature obtained by encrypting the document data by the client according to a first private key;

after receiving the document data sent by the client, the method further comprises:

decrypting the first digital signature according to a first public key, wherein the first public key is a public key corresponding to the first private key; if the first digital signature is decrypted by the first public key, determining that the first digital signature passes verification;

the generating of the electronic document to be signed according to the pre-stored stamp picture and the document data comprises the following steps:

and if the first digital signature passes the verification, generating the electronic document to be signed according to the stamp picture and the document data.

Optionally, the sending the first data to the client includes:

sending the first data and the second digital signature to the client, wherein the second digital signature is a digital signature obtained by encrypting the first data by the server according to a second private key, so that the client encrypts the hash value according to the signature private key under the condition that the second digital signature passes verification to obtain the signature digital signature, and sending the second data and a third digital signature to the server, wherein the third digital signature is a digital signature obtained by encrypting the second data by the client according to the first private key;

before the generating a signed electronic document according to the electronic document to be signed included in the second data, the hash value included in the second data, and the signature digital signature included in the second data, if the hash value included in the second data sent by the client matches the random number included in the second data and the signature digital signature included in the second data passes verification, the method further includes:

decrypting the third digital signature according to the first public key; if the third digital signature is decrypted by the first public key, determining that the third digital signature passes verification;

if the hash value included in the second data sent by the client is matched with the random number included in the second data and the signature digital signature included in the second data passes verification, generating a signed electronic document according to the electronic document to be signed included in the second data, the hash value included in the second data and the signature digital signature included in the second data, including:

and if the hash value included in the second data is matched with the random number included in the second data, the signature digital signature included in the second data passes verification, and the third digital signature passes verification, generating the signed electronic document according to the electronic document to be signed included in the second data, the hash value included in the second data and the signature digital signature included in the second data.

According to a second aspect of the embodiments of the present disclosure, there is provided a signature method for an electronic document, applied to a client, the method including:

sending document data to a server to enable the server to generate an electronic document to be signed according to a pre-stored stamp picture and the document data, acquiring a hash value of the electronic document to be signed and a random number corresponding to the hash value, and sending first data to the client, wherein the first data comprises: the electronic document to be signed, the hash value and the random number;

encrypting the hash value included in the first data according to a signature private key to obtain a signature digital signature;

sending the first data and the signature digital signature to the server as second data, so that the server generates a signed electronic document according to the electronic document to be signed included in the second data, the hash value included in the second data and the signature digital signature included in the second data under the condition that the hash value included in the second data is matched with the random number included in the second data and the signature digital signature included in the second data passes verification, wherein the signed electronic document includes the stamp picture and the signature digital signature;

and receiving the signed electronic document sent by the server.

Optionally, the sending the document data to the server includes:

and sending the document data and a first digital signature to the server, wherein the first digital signature is obtained by encrypting the document data by the client according to a first private key, so that the server decrypts the first digital signature according to a first public key and generates the electronic document to be signed according to the stamp picture and the document data under the condition that the first digital signature is decrypted by the first public key, and the first public key is a public key corresponding to the first private key.

Optionally, before the encrypting the hash value included in the first data according to a signature private key to obtain a signature digital signature, the method further includes:

decrypting a second digital signature according to a second public key, if the second digital signature is decrypted by the second public key, determining that the second digital signature passes verification, wherein the second digital signature is a digital signature which is sent to the client when the server sends the first data and is obtained by encrypting the first data according to a second private key, and the second public key is a public key corresponding to the second private key;

the encrypting the hash value included in the first data according to the signature private key to obtain a signature digital signature includes:

if the second digital signature passes the verification, encrypting the hash value included in the first data according to the signature private key to obtain the signature digital signature;

the sending the first data and the signature digital signature as second data to the server includes:

encrypting the second data according to the first private key to obtain a third data signature;

and sending the second data and the third data signature to the server so that the server decrypts the third digital signature according to the first public key and generates a signed electronic document according to the electronic document to be signed included in the second data, the hash value included in the second data and the random number included in the second data under the condition that the third digital signature is decrypted by the first public key, and the signed digital signature included in the second data passes verification.

According to a third aspect of the embodiments of the present disclosure, there is provided a signature apparatus for an electronic document, applied to a server, the apparatus including:

the receiving module is used for receiving the document data sent by the client;

the first generation module is used for generating an electronic document to be signed according to a pre-stored stamp picture and the document data, wherein the electronic document to be signed comprises the stamp picture;

the acquisition module is used for acquiring the hash value of the electronic document to be signed and the random number corresponding to the hash value;

a sending module, configured to send first data to the client, where the first data includes: the electronic document to be signed, the hash value and the random number are used for enabling the client to encrypt the hash value according to a signature private key to obtain a signature digital signature, and the first data and the signature digital signature are used as second data and sent to the server;

a second generation module, configured to, if the hash value included in the second data sent by the client matches the random number included in the second data and the signature digital signature included in the second data passes verification, generate a signed electronic document according to the electronic document to be signed included in the second data, the hash value included in the second data, and the signature digital signature included in the second data, where the signed electronic document includes the seal picture and the signature digital signature;

the sending module is further configured to send the signed electronic document to the client.

According to a fourth aspect of the embodiments of the present disclosure, there is provided a signature apparatus for an electronic document, applied to a client, the apparatus including:

the sending module is used for sending document data to a server so that the server generates an electronic document to be signed according to a pre-stored stamp picture and the document data, acquires a hash value of the electronic document to be signed and a random number corresponding to the hash value, and sends first data to the client, wherein the first data comprises: the electronic document to be signed, the hash value and the random number;

the encryption module is used for encrypting the hash value included in the first data according to a signature private key to obtain a signature digital signature;

the sending module is further configured to send the first data and the signed digital signature to the server as second data, so that the server generates a signed electronic document according to the electronic document to be signed included in the second data, the hash value included in the second data, and the signed digital signature included in the second data, under the condition that the hash value included in the second data matches the random number included in the second data and the signed digital signature included in the second data passes verification, the signed electronic document including the seal picture and the signed digital signature;

and the receiving module is used for receiving the signed electronic document sent by the server.

According to a fifth aspect of embodiments of the present disclosure, there is provided a computer-readable storage medium, on which a computer program is stored, which when executed by a processor, performs the steps of the method of any one of the first aspects of the embodiments of the present disclosure.

According to a sixth aspect of embodiments of the present disclosure, there is provided a computer readable storage medium, on which a computer program is stored, which when executed by a processor, performs the steps of the method of any one of the second aspects of embodiments of the present disclosure.

According to a seventh aspect of the embodiments of the present disclosure, there is provided an electronic apparatus including:

a memory having a computer program stored thereon;

a processor for executing the computer program in the memory to implement the steps of the method of any one of the first aspect of the embodiments of the present disclosure.

According to an eighth aspect of embodiments of the present disclosure, there is provided an electronic apparatus including:

a memory having a computer program stored thereon;

a processor for executing the computer program in the memory to implement the steps of the method of any one of the second aspects of the embodiments of the present disclosure.

Through the technical scheme, the server firstly receives document data sent by the client, then generates an electronic document to be signed according to the pre-stored stamp picture and the document data, wherein the electronic document to be signed comprises the stamp picture, then obtains a hash value of the electronic document to be signed and a random number corresponding to the hash value, and sends first data to the client, wherein the first data comprises: the electronic document to be signed, the hash value and the random number are used for enabling the client to encrypt the hash value according to a signature private key to obtain a signature digital signature, the first data and the signature digital signature are used as second data to be sent to the server, if the hash value included in the second data sent by the client is matched with the random number included in the second data, the signature digital signature included in the second data passes verification, a signed electronic document is generated according to the electronic document to be signed included in the second data, the hash value included in the second data and the signature digital signature included in the second data, the signed electronic document includes a seal picture and the signature digital signature, and finally the signed electronic document is sent to the client. According to the method and the system, signature of the electronic document is realized through data transmission between the client and the server, the server does not need to store data generated in the verification process, and does not need to keep data synchronization with other servers, so that the processing efficiency of the server is improved, and the number of the servers can be expanded according to requirements.

Additional features and advantages of the disclosure will be set forth in the detailed description which follows.

Drawings

The accompanying drawings, which are included to provide a further understanding of the disclosure and are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description serve to explain the disclosure without limiting the disclosure. In the drawings:

FIG. 1 is a flow diagram illustrating a method of signing an electronic document in accordance with an exemplary embodiment;

FIG. 2 is a flow diagram illustrating another method of signing an electronic document in accordance with one illustrative embodiment;

FIG. 3 is a flow diagram illustrating another method of signing an electronic document in accordance with one illustrative embodiment;

FIG. 4 is a flow diagram illustrating another method of signing an electronic document in accordance with one illustrative embodiment;

FIG. 5 is a flow diagram illustrating another method of signing an electronic document in accordance with one illustrative embodiment;

FIG. 6 is a flow diagram illustrating a method of signing an electronic document in accordance with one illustrative embodiment;

FIG. 7 is a flow diagram illustrating another method of signing an electronic document in accordance with one illustrative embodiment;

FIG. 8 is a block diagram illustrating a signing device for an electronic document in accordance with one illustrative embodiment;

FIG. 9 is a block diagram illustrating another electronic document signing device in accordance with one illustrative embodiment;

FIG. 10 is a block diagram illustrating another electronic document signing device in accordance with one illustrative embodiment;

FIG. 11 is a block diagram illustrating a signing device for an electronic document in accordance with one illustrative embodiment;

FIG. 12 is a block diagram illustrating another electronic document signing device in accordance with one illustrative embodiment;

FIG. 13 is a block diagram illustrating an electronic device in accordance with an exemplary embodiment;

FIG. 14 is a block diagram illustrating an electronic device in accordance with an example embodiment.

Detailed Description

Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of methods and apparatus consistent with certain aspects of the present disclosure, as detailed in the appended claims.

Before introducing the signature method, apparatus, storage medium, and electronic device for an electronic document provided by the present disclosure, an application scenario related to various embodiments of the present disclosure is first introduced. The application scene comprises a server and a client, data transmission can be realized between the server and the client through a physical connection line or a Wireless communication technology, for example, data transmission can be realized between the server and the client through a physical connection line such as a Network cable and an optical fiber, and data interaction can also be realized through a Wireless communication technology such as WLAN (English Wireless local area Network), Bluetooth, ZigBee (Chinese: Zigbee protocol) and the like. The server may include, but is not limited to: a server cluster or a cloud server, etc. The client can be a mobile terminal such as a smart phone, a tablet computer, a smart television, a PDA (Personal Digital Assistant, chinese), a portable computer, or a fixed terminal such as a desktop computer.

FIG. 1 is a flow chart illustrating a method of signing an electronic document, as shown in FIG. 1, as applied to a server, comprising the steps of:

in step 101, document data sent by a client is received.

And 102, generating an electronic document to be signed according to the pre-stored stamp pictures and the pre-stored document data, wherein the electronic document to be signed comprises the stamp pictures.

For example, when a user needs to sign an electronic document, the document data of the electronic document may be sent to the server through the client. The Format of the electronic Document may be, for example, a PDF (english: Portable Document Format, chinese: Portable Document Format), a Word (english: Microsoft Office Word, chinese: Document) Format, or the like. Wherein the document data can reflect data contents contained in the electronic document. For example, when the electronic document is an electronic invoice, the corresponding document data may include a service name, an amount, a tax amount, an invoicing date, a customer name, and the like of the electronic invoice, and when the electronic document is an electronic contract, the corresponding document data may include a first party name, a second party name, contract contents, a date, and the like of the electronic contract. Specifically, when the client sends the document data to the server, the client identifier capable of uniquely indicating the client can be sent to the server, so that after the server receives the document data and the client identifier, the server can select the corresponding stamp picture according to the client identifier, and then generate the electronic document to be signed according to the stamp picture and the document data. The client identifier received by the server may be one or multiple, that is, the server can process the document data sent by one or more clients at the same time. The stamp picture may be stored in advance in a database of the server, or may be stored in advance in another terminal device accessible to the server through a network. It should be noted that, when generating an electronic document to be signed, the server may obtain attribute information corresponding to the document data, in addition to the stamp picture and the document data, where the attribute information may be an electronic document template sent while the client sends the document data, or an electronic document template pre-stored in the server, so that the server may restore the electronic document on the client according to the attribute information and the document data, and then cover the stamp picture on the electronic document to obtain the electronic document to be signed.

Step 103, obtaining the hash value of the electronic document to be signed and the random number corresponding to the hash value.

Step 104, sending first data to the client, the first data including: the electronic document to be signed, the hash value and the random number are used for enabling the client to encrypt the hash value according to the signature private key to obtain a signature digital signature, and the first data and the signature digital signature are used as second data and sent to the server.

For example, after the server generates the electronic document to be signed, the hash value of the electronic document to be signed may be obtained according to a preset algorithm, where the preset algorithm may be any hash algorithm, and examples thereof may be: MD4 (Message Digest 4), MD5 (Message Digest 5), SHA (Secure Hash Algorithm), and the like. After the hash value of the electronic document to be signed is obtained, the server can generate a random number according to the hash value and a preset generation function, the random number changes along with the change of the hash value, and the random numbers generated by the same hash value are the same. Here, the random number is generated by a generating function based on the hash value, and is not a true random number. After the hash value of the electronic document to be signed and the random number corresponding to the hash value are obtained, the server sends the electronic document to be signed, the hash value and the random number as first data to the client. After the client receives the first data, the hash value in the first data is encrypted according to the signature private key, so that a signature digital signature is obtained, and the signature digital signature and the first data are used as second data to be sent to the server. The signature private key is stored in the client and is a private key unique to the client, the signature private key corresponds to the signature public key, the signature public key can be stored on the server, and the content encrypted by the signature private key can only be decrypted by the signature public key. The signature public key corresponding to the client may be issued on the network, for example, and obtained by any server when data needs to be decrypted according to the signature public key, or the server may request to obtain the signature public key by sending an email to the client, which is not limited in this disclosure.

And 105, if the hash value included in the second data sent by the client is matched with the random number included in the second data and the signature digital signature included in the second data passes verification, generating a signed electronic document according to the electronic document to be signed included in the second data, the hash value included in the second data and the signature digital signature included in the second data, wherein the signed electronic document includes a seal picture and the signature digital signature.

Step 106, the signed electronic document is sent to the client.

For example, the client sends the second data to the server, including the electronic document to be signed, the hash value, the random number, and the signed digital signature, then after the server receives the second data, it is first determined whether the hash value included in the second data matches the random number included in the second data, the random number may be generated for example from a hash value in the second data and a preset generating function, whether the hash value in the second data matches the random number is determined by checking whether the newly generated random number is identical to the random number included in the second data, that is, if the newly generated random number is consistent with the random number included in the second data, it is described that the hash value included in the second data matches the random number included in the second data, and if the newly generated random number is inconsistent with the random number included in the second data, it is described that the hash value included in the second data does not match the random number included in the second data. If the hash value included in the second data does not match the random number included in the second data, it indicates that the data content in the first data and/or the second data has changed during the transmission process, and at this time, the server may discard the second data. If the hash value included in the second data is matched with the random number included in the second data, it is indicated that the data content in the first data and the second data is not changed in the transmission process, and at this time, the signature digital signature included in the second data can be verified through the signature public key on the server. The signature public key on the server and the signature private key on the client are in one-to-one correspondence, and the server can decrypt the signature digital signature encrypted by the signature private key on the client according to the signature public key, so that the verification of the signature digital signature is completed. If the signature digital signature in the second data passes the verification, the client is the client corresponding to the signature public key, the server can further process the second data, and if the signature digital signature in the second data fails the verification, the client is not the client corresponding to the signature public key, and the server can discard the second data.

The server can further process the second data only when the hash value included in the second data sent by the client is matched with the random number included in the second data and the signature digital signature included in the second data is verified. Specifically, the server generates a signed electronic document according to the electronic document to be signed included in the second data, the hash value included in the second data, and the signature digital signature included in the second data, and then sends the signed electronic document to the client. The signed electronic document comprises a seal picture and a signature digital signature, and the signature digital signature can be understood as encrypting the whole electronic document comprising the seal picture so as to realize signature of the electronic document.

It should be noted that, in this embodiment, the server does not need to store the data generated in any one of the steps 101 to 106, and accordingly, the multiple servers in the server cluster do not need to perform data synchronization, so that the processing efficiency of the servers is improved, and the capacity expansion of the number of the servers is facilitated. If the number of the servers in the server cluster is required to be expanded, the servers are directly added, and the data of the newly added servers and the data of the original servers are not required to be kept synchronous. Taking four servers A, B, C, D in the server cluster as an example, after the client sends the document data to server a, server a sends the generated first data to the client, the client may send the generated second data to server B (or server C, server D), and server B generates the signed electronic document and sends the signed electronic document to the client, that is, the execution subject of steps 101 to 104 is server a, and the execution subject of steps 105 to 106 is server B. In this process, server B does not need to keep data synchronized with server a.

In summary, in the present disclosure, the server first receives document data sent by the client, and then generates an electronic document to be signed according to a pre-stored stamp picture and the document data, where the electronic document to be signed includes the stamp picture, and then obtains a hash value of the electronic document to be signed and a random number corresponding to the hash value, and then sends first data to the client, where the first data includes: the electronic document to be signed, the hash value and the random number are used for enabling the client to encrypt the hash value according to a signature private key to obtain a signature digital signature, the first data and the signature digital signature are used as second data to be sent to the server, if the hash value included in the second data sent by the client is matched with the random number included in the second data, the signature digital signature included in the second data passes verification, a signed electronic document is generated according to the electronic document to be signed included in the second data, the hash value included in the second data and the signature digital signature included in the second data, the signed electronic document includes a seal picture and the signature digital signature, and finally the signed electronic document is sent to the client. According to the method and the system, signature of the electronic document is realized through data transmission between the client and the server, the server does not need to store data generated in the verification process, and does not need to keep data synchronization with other servers, so that the processing efficiency of the server is improved, and the number of the servers can be expanded according to requirements.

FIG. 2 is a flow chart illustrating another method of signing an electronic document according to an exemplary embodiment, as shown in FIG. 2, step 103 comprising:

and step 1031, inputting the electronic document to be signed as a preset algorithm so as to obtain a hash value output by the preset algorithm.

Step 1032, the hash value is used as a seed to generate a random number.

For example, after the server generates the electronic document to be signed according to the pre-stored stamp picture and the received document data, the electronic document to be signed may be input into the preset algorithm, and the preset algorithm processes the content in the electronic document to be signed, so as to obtain the hash value of the electronic document to be signed output by the preset algorithm. The preset algorithm may be, for example, MD4, MD5, SHA, etc. Further, the hash value of the electronic document to be signed is used as a random seed, and a random number corresponding to the hash value is generated through a preset random number generation function.

FIG. 3 is a flow chart illustrating another method of signing an electronic document according to an exemplary embodiment, as shown in FIG. 3, prior to step 105, the method further comprising:

and 107, taking the hash value included in the second data as a seed, generating a target random number, and if the random number included in the second data is the same as the target random number, determining that the hash value included in the second data is matched with the random number included in the second data.

And 108, decrypting the signature digital signature included in the second data according to the signature public key, wherein the signature public key is a public key corresponding to the signature private key, and if the signature digital signature included in the second data is decrypted by the signature public key, determining that the signature digital signature included in the second data passes verification.

For example, after the server receives the second data sent by the client, it needs to first determine whether the hash value included in the second data matches the random number included in the second data. Specifically, the server may use a hash value included in the second data as a seed to generate a target random number, and if the target random number is the same as a random number included in the second data, it is determined that the hash value included in the second data matches the random number included in the second data, and the server further needs to continue to verify a signature digital signature included in the second data, otherwise, the server may directly discard the second data and no longer verify the signature digital signature included in the second data. And when the server continuously verifies the signature digital signature included in the second data, the signature digital signature is decrypted according to the signature public key, the signature public key of the server is a public key corresponding to the signature private key of the client, and the server can decrypt the signature digital signature encrypted by the signature private key of the client according to the signature public key. If the signature public key can decrypt the signature digital signature, the second data is sent by the client corresponding to the signature public key, and at this time, the signature digital signature included in the second data can be determined to pass verification, otherwise, the signature digital signature included in the second data can be determined not to pass verification.

FIG. 4 is a flow diagram illustrating another method of signing an electronic document, according to an exemplary embodiment, as shown in FIG. 4, step 101 for:

and receiving document data and a first digital signature sent by the client, wherein the first digital signature is a digital signature obtained by encrypting the document data by the client according to a first private key.

After step 101, the method further comprises:

and 109, decrypting the first digital signature according to the first public key, wherein the first public key is a public key corresponding to the first private key. And if the first digital signature is decrypted by the first public key, determining that the first digital signature passes the verification.

Accordingly, step 102 provides for:

For example, while the client sends the document data to the server, the client may also send a first digital signature to the server, and the server receives the document data and the first digital signature, where the first digital signature is a digital signature obtained by encrypting the document data by the client according to a first private key, and the server may decrypt the first digital signature according to a first public key to complete verification of the first digital signature. The first public keys on the server and the first private keys on the clients are in one-to-one correspondence, and the server may obtain the first public keys corresponding to the clients through a network, or obtain the first public keys by sending mails to the clients. If the first digital signature can be decrypted by the first public key, the client is the client corresponding to the first public key, that is, the document data is confirmed to be sent by the client, and it is determined that the first digital signature passes the verification. Then, the server can generate an electronic document to be signed according to the pre-stored stamp pictures and the received document data. If the first digital signature cannot be decrypted by the first public key, which indicates that the client is not the client corresponding to the first public key, it is determined that the first digital signature is not verified, and at this time, the server may discard the received document data and the first digital signature.

FIG. 5 is a flow diagram illustrating another method of signing an electronic document, according to an exemplary embodiment, as shown in FIG. 5, step 104 for:

and sending the first data and the second digital signature to a client, wherein the second digital signature is a digital signature obtained by encrypting the first data by the server according to a second private key, so that the client encrypts the hash value according to the signature private key under the condition that the second digital signature passes verification to obtain a signature digital signature, and sends the second data and a third digital signature to the server, wherein the third digital signature is a digital signature obtained by encrypting the second data by the client according to the first private key.

Prior to step 105, the method further comprises:

and step 110, decrypting the third digital signature according to the first public key. And if the third digital signature is decrypted by the first public key, determining that the third digital signature passes the verification.

Accordingly, step 105 provides for:

and if the hash value included in the second data is matched with the random number included in the second data, the signature digital signature included in the second data passes verification, and the third digital signature passes verification, and the signed electronic document is generated according to the electronic document to be signed included in the second data, the hash value included in the second data and the signature digital signature included in the second data.

For example, the server may send the first data to the client and may send a second digital signature to the client, and the client receives the first data and the second digital signature, where the second digital signature is a digital signature obtained by encrypting the first data by the server according to a second private key, the second private key is a unique private key of the server, the second private key on the server and the second public key on the client are in one-to-one correspondence, and the second digital signature encrypted by the second private key may only be decrypted by using the second public key. The second public key corresponding to the second private key may be issued on a network, for example, and may be acquired by any client when the second digital signature of the first data needs to be decrypted according to the second public key, or the client may acquire the second public key by sending an email to the server. In this way, the client can decrypt the second digital signature according to the second public key to complete the verification of the second digital signature. If the second public key cannot decrypt the second digital signature, which indicates that the server is not the server corresponding to the second public key, it is determined that the second digital signature is not verified, and the client may discard the received first data and the received second digital signature. If the second public key can decrypt the second digital signature, the server is the server corresponding to the second public key, and the second digital signature is determined to pass the verification. Then, the client side can encrypt the hash value in the first data according to the signature private key to obtain a signature digital signature, encrypt second data composed of the signature digital signature and the first data according to the first private key to obtain a third digital signature, and then send the second data and the third digital signature to the server.

And after receiving the second data and the third digital signature sent by the client, the server decrypts the third digital signature according to the first public key. If the third digital signature cannot be decrypted by the first public key, which indicates that the client is not the client corresponding to the first public key, it is determined that the third digital signature is not verified, and at this time, the server may discard the received second data and the third digital signature. And if the third digital signature is decrypted by the first public key, the client is the client corresponding to the first public key, and the third digital signature is determined to pass verification. Further, it may be determined whether the hash value included in the second data matches the random number included in the second data, and then it may be determined whether the signed digital signature included in the second data can be verified by the signed public key. And the server can generate the signed electronic document according to the electronic document to be signed included in the second data, the hash value included in the second data and the signature digital signature included in the second data only under the conditions that the hash value included in the second data is matched with the random number included in the second data, the signature digital signature included in the second data is verified, and the third digital signature is verified, otherwise, the server can discard all the received data.

FIG. 6 is a flowchart illustrating a method of signing an electronic document, as shown in FIG. 6, applied to a client, comprising the steps of:

step 201, sending document data to a server, so that the server generates an electronic document to be signed according to a pre-stored stamp picture and the document data, obtains a hash value of the electronic document to be signed and a random number corresponding to the hash value, and sends first data to a client, where the first data includes: the electronic document to be signed, the hash value and the random number.

Step 202, encrypting the hash value included in the first data according to the signature private key to obtain a signature digital signature.

For example, when a user needs to sign an electronic document, the client may send document data of the electronic document to the server, so that after receiving the document data, the server may generate an electronic document to be signed according to the document data and a pre-stored stamp image. After the server generates the electronic document to be signed, the hash value of the electronic document to be signed may be obtained according to a preset algorithm, and the random number may be generated according to the hash value and a preset generation function, where the preset algorithm may be any hash algorithm, for example, MD4, MD5, SHA, and the like, and after the hash value of the electronic document to be signed is obtained, the server may generate the random number according to the hash value and the preset generation function, and the random number varies with the variation of the hash value, and the random numbers generated by the same hash value are the same. After the hash value of the electronic document to be signed and the random number corresponding to the hash value are obtained, the server sends the electronic document to be signed, the hash value and the random number as first data to the client. After receiving the first data, the client encrypts the hash value in the first data according to the signature private key, so as to obtain a signature digital signature. The signature private key is stored in the client and is a private key unique to the client, the signature private key corresponds to the signature public key, the signature public key can be stored on the server, and the content encrypted by the signature private key can only be decrypted by the signature public key.

Step 203, the first data and the signature digital signature are sent to a server as second data, so that the server generates a signed electronic document according to the electronic document to be signed included in the second data, the hash value included in the second data and the signature digital signature included in the second data under the condition that the hash value included in the second data is matched with the random number included in the second data and the signature digital signature included in the second data passes verification, wherein the signed electronic document includes a seal picture and a signature digital signature.

Step 204, receiving the signed electronic document sent by the server.

For example, the client sends the first data and the signed digital signature as second data to the server, so that the server determines whether the hash value included in the second data matches the random number included in the second data. For example, the server may generate a random number according to the hash value in the second data and a preset generation function, and determine whether the hash value in the second data matches the random number by checking whether the newly generated random number matches the random number included in the second data, that is, if the newly generated random number matches the random number included in the second data, it indicates that the hash value included in the second data matches the random number included in the second data, and if the newly generated random number does not match the random number included in the second data, it indicates that the hash value included in the second data does not match the random number included in the second data. If the hash value included in the second data does not match the random number included in the second data, it indicates that the data content in the first data and/or the second data has changed during the transmission process, and at this time, the server may discard the second data. If the hash value included in the second data is matched with the random number included in the second data, it is indicated that the data content in the first data and the second data is not changed in the transmission process, and at this time, the signature digital signature included in the second data can be verified through the signature public key on the server. If the signature digital signature in the second data passes verification, the client is a client corresponding to the signature public key, the server can generate a signed electronic document according to the electronic document to be signed included in the second data, the hash value included in the second data and the signature digital signature included in the second data, send the signed electronic document to the client, and then the client receives the signed electronic document. If the signature digital signature in the second data is not verified, the client is not the client corresponding to the signature public key, and the server can discard the second data and send prompt information to the client to prompt the user that the signature fails.

Optionally, step 201 is configured to:

and sending the document data and a first digital signature to a server, wherein the first digital signature is a digital signature obtained by encrypting the document data by the client according to a first private key, so that the server decrypts the first digital signature according to a first public key and generates an electronic document to be signed according to the stamp picture and the document data under the condition that the first digital signature is decrypted by the first public key, and the first public key is a public key corresponding to the first private key.

For example, while the client sends the document data to the server, the client may also send a first digital signature to the server, and the server receives the document data and the first digital signature, where the first digital signature is a digital signature obtained by encrypting the document data according to the first private key by the client. The first private key on the client and the first public key on the server are in one-to-one correspondence. After receiving the document data and the first digital signature, the server first decrypts the first digital signature according to the first public key. If the first digital signature can be decrypted by the first public key, the client is the client corresponding to the first public key, namely the document data is confirmed to be sent by the client, the first digital signature is confirmed to pass the verification, and then the server can generate the electronic document to be signed according to the pre-stored stamp picture and the received document data. If the first digital signature cannot be decrypted by the first public key, which indicates that the client is not the client corresponding to the first public key, it is determined that the first digital signature is not verified, and at this time, the server may discard the received document data and the first digital signature.

FIG. 7 is a flow diagram illustrating another method of signing an electronic document, according to an exemplary embodiment, as shown in FIG. 7, prior to step 202, the method further comprising:

step 205, decrypting the second digital signature according to the second public key, if the second digital signature is decrypted by the second public key, determining that the second digital signature passes verification, wherein the second digital signature is a digital signature which is sent to the client when the server sends the first data and obtained by encrypting the first data according to the second private key, and the second public key is a public key corresponding to the second private key.

Step 202 is for:

and if the second digital signature passes the verification, encrypting the hash value included in the first data according to the signature private key to obtain the signature digital signature.

Step 203 comprises:

step 2031, encrypting the second data according to the first private key to obtain a third data signature.

Step 2032, the second data and the third data signature are sent to the server, so that the server decrypts the third digital signature according to the first public key, and generates a signed electronic document according to the to-be-signed electronic document included in the second data, the hash value included in the second data, and the signature digital signature included in the second data under the condition that the third digital signature is decrypted by the first public key, the hash value included in the second data matches with the random number included in the second data, and the signature digital signature included in the second data passes verification.

For example, the server may further encrypt the first data by using a second private key stored on the server to obtain a second digital signature, then send the second digital signature and the first data to the client at the same time, and then receive the second digital signature and the first data by the client. After receiving the second digital signature and the first data, the client decrypts the second digital signature according to a second public key stored on the client, wherein the second public key on the client is a public key corresponding to a second private key on the server. The client may decrypt the second digital signature according to the second public key to complete verification of the second digital signature.

If the second public key cannot decrypt the second digital signature, which indicates that the server is not the server corresponding to the second public key, it is determined that the second digital signature is not verified, and the client may discard the received first data and the received second digital signature. If the second public key can decrypt the second digital signature, the server is the server corresponding to the second public key, the second digital signature is determined to pass verification, and then the client side can encrypt the hash value in the first data according to the signature private key to obtain the signature digital signature. After the signature digital signature is obtained, the client encrypts second data consisting of the signature digital signature and the first data according to the first private key to obtain a third digital signature, and then sends the second data and the third digital signature to the server.

And after receiving the second data and the third digital signature sent by the client, the server decrypts the third digital signature according to the first public key. If the third digital signature cannot be decrypted by the first public key, which indicates that the client is not the client corresponding to the first public key, it is determined that the third digital signature is not verified, and at this time, the server may discard the received second data and the third digital signature. And if the third digital signature is decrypted by the first public key, the client is the client corresponding to the first public key, and the third digital signature is determined to pass verification. Further, it may be determined whether the hash value included in the second data matches the random number included in the second data, and it may be determined whether the signed digital signature included in the second data can be verified by the signed public key. And the server can generate the signed electronic document according to the electronic document to be signed included in the second data, the hash value included in the second data and the signature digital signature included in the second data only under the conditions that the hash value included in the second data is matched with the random number included in the second data, the signature digital signature included in the second data is verified, and the third digital signature is verified, otherwise, the server can discard all the received data.

In summary, in the present disclosure, a client first sends document data to a server, so that the server generates an electronic document to be signed according to a pre-stored stamp picture and the document data, obtains a hash value of the electronic document to be signed and a random number corresponding to the hash value, and sends first data to the client, where the first data includes: the electronic document to be signed, the hash value and the random number are encrypted according to the hash value included by the first data according to the signature private key to obtain a signature digital signature, the first data and the signature digital signature are sent to the server as second data, so that the server generates a signed electronic document according to the electronic document to be signed included by the second data, the hash value included by the second data and the signature digital signature included by the second data under the condition that the signature digital signature included by the second data is verified, and finally the signed electronic document sent by the server is received. According to the method and the system, signature of the electronic document is realized through data transmission between the client and the server, the server does not need to store data generated in the verification process, and does not need to keep data synchronization with other servers, so that the processing efficiency of the server is improved, and the number of the servers can be expanded according to requirements.

Fig. 8 is a block diagram illustrating a signature apparatus for an electronic document according to an exemplary embodiment, and as shown in fig. 8, the apparatus 300 is applied to a server, and includes:

a receiving module 301, configured to receive document data sent by a client.

The first generating module 302 is configured to generate an electronic document to be signed according to a pre-stored stamp picture and document data, where the electronic document to be signed includes the stamp picture.

The obtaining module 303 is configured to obtain a hash value of the electronic document to be signed and a random number corresponding to the hash value.

A sending module 304, configured to send first data to a client, where the first data includes: the electronic document to be signed, the hash value and the random number are used for enabling the client to encrypt the hash value according to the signature private key to obtain a signature digital signature, and the first data signature digital signature is used as second data and sent to the server.

The second generating module 305 is configured to, if the hash value included in the second data sent by the client matches the random number included in the second data and the signature digital signature included in the second data passes verification, generate a signed electronic document according to the electronic document to be signed included in the second data, the hash value included in the second data, and the signature digital signature included in the second data, where the signed electronic document includes a stamp picture and a signature digital signature.

The sending module 304 is further configured to send the signed electronic document to the client.

Fig. 9 is a block diagram illustrating another signature apparatus for an electronic document according to an exemplary embodiment, where as shown in fig. 9, the obtaining module 303 includes:

the input submodule 3031 is configured to input the electronic document to be signed as a preset algorithm to obtain a hash value output by the preset algorithm.

A generating sub-module 3032 is configured to generate a random number by using the hash value as a seed.

Fig. 10 is a block diagram illustrating another apparatus for signing an electronic document according to an exemplary embodiment, and as shown in fig. 10, the apparatus 300 further includes:

a third generating module 306, configured to, before generating a signed electronic document according to the electronic document to be signed included in the second data, the hash value included in the second data, and the signature digital signature included in the second data, if the hash value included in the second data sent by the client matches the random number included in the second data, and the signature digital signature included in the second data passes verification, generate a target random number by using the hash value included in the second data as a seed, and if the random number included in the second data is the same as the target random number, determine that the hash value included in the second data matches the random number included in the second data.

The decryption module 307 is configured to decrypt the signature digital signature included in the second data according to the signature public key, where the signature public key is a public key corresponding to the signature private key, and if the signature digital signature included in the second data is decrypted by the signature public key, it is determined that the signature digital signature included in the second data passes verification.

Optionally, the receiving module 301 is configured to:

The decryption module 307 is further configured to:

and after receiving the document data sent by the client, decrypting the first digital signature according to the first public key, wherein the first public key is a public key corresponding to the first private key. And if the first digital signature is decrypted by the first public key, determining that the first digital signature passes the verification.

The first generation module 302 is configured to:

Optionally, the sending module 304 is configured to:

The decryption module 307 is further configured to:

and if the hash value included in the second data sent by the client is matched with the random number included in the second data and the signature digital signature included in the second data passes verification, decrypting the third digital signature according to the first public key before generating the signed electronic document according to the electronic document to be signed included in the second data, the hash value included in the second data and the signature digital signature included in the second data. And if the third digital signature is decrypted by the first public key, determining that the third digital signature passes the verification.

The second generation module 305 is configured to:

With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.

Fig. 11 is a block diagram illustrating a signature apparatus for an electronic document according to an exemplary embodiment, and as shown in fig. 11, the apparatus 400 is applied to a client, and includes:

the sending module 401 is configured to send document data to a server, so that the server generates an electronic document to be signed according to a pre-stored stamp picture and the document data, obtains a hash value of the electronic document to be signed and a random number corresponding to the hash value, and sends first data to a client, where the first data includes: the electronic document to be signed, the hash value and the random number.

The encryption module 402 is configured to encrypt the hash value included in the first data according to the signature private key, so as to obtain a signature digital signature.

The sending module 401 is further configured to send the first data and the signed digital signature as second data to the server, so that the server generates a signed electronic document according to the to-be-signed electronic document included in the second data, the hash value included in the second data, and the signed digital signature included in the second data under the condition that the hash value included in the second data matches the random number included in the second data and the signed digital signature included in the second data passes verification, where the signed electronic document includes a stamp picture and a signed digital signature.

A receiving module 403, configured to receive the signed electronic document sent by the server.

Optionally, the sending module 401 is configured to:

Fig. 12 is a block diagram illustrating another apparatus for signing an electronic document according to an exemplary embodiment, and as shown in fig. 12, the apparatus 400 further includes:

the decryption module 404 is configured to decrypt the second digital signature according to the second public key before encrypting the hash value included in the first data according to the signature private key to obtain the signature digital signature, determine that the second digital signature passes verification if the second digital signature is decrypted by the second public key, send the second digital signature to the client when the server sends the first data, encrypt the first data according to the second private key to obtain the digital signature, and use the second public key as the public key corresponding to the second private key.

The encryption module 402 is configured to:

The sending module 401 includes:

the encryption sub-module 4011 is configured to encrypt the second data according to the first private key to obtain a third data signature.

The sending submodule 4012 is configured to send the second data and the third data signature to the server, so that the server decrypts the third digital signature according to the first public key, and generates a signed electronic document according to the to-be-signed electronic document included in the second data, the hash value included in the second data, and the signature digital signature included in the second data, under the condition that the third digital signature is decrypted by the first public key, the hash value included in the second data matches the random number included in the second data, and the signature digital signature included in the second data passes verification.

Fig. 13 is a block diagram illustrating an electronic device 700 according to an example embodiment. As shown in fig. 13, the electronic device 700 may include: a processor 701 and a memory 702. The electronic device 700 may also include one or more of a multimedia component 703, an input/output (I/O) interface 704, and a communication component 705.

The processor 701 is configured to control the overall operation of the electronic device 700, so as to complete all or part of the steps in the above-mentioned signature method applied to the electronic document of the client. The memory 702 is used to store various types of data to support operation at the electronic device 700, such as instructions for any application or method operating on the electronic device 700 and application-related data, such as contact data, transmitted and received messages, pictures, audio, video, and the like. The Memory 702 may be implemented by any type of volatile or non-volatile Memory device or combination thereof, such as Static Random Access Memory (SRAM), Electrically Erasable Programmable Read-Only Memory (EEPROM), Erasable Programmable Read-Only Memory (EPROM), Programmable Read-Only Memory (PROM), Read-Only Memory (ROM), magnetic Memory, flash Memory, magnetic disk, or optical disk. The multimedia components 703 may include screen and audio components. Wherein the screen may be, for example, a touch screen and the audio component is used for outputting and/or inputting audio signals. For example, the audio component may include a microphone for receiving external audio signals. The received audio signal may further be stored in the memory 702 or transmitted through the communication component 705. The audio assembly also includes at least one speaker for outputting audio signals. The I/O interface 704 provides an interface between the processor 701 and other interface modules, such as a keyboard, mouse, buttons, etc. These buttons may be virtual buttons or physical buttons. The communication component 705 is used for wired or wireless communication between the electronic device 700 and other devices. Wireless Communication, such as Wi-Fi, bluetooth, Near Field Communication (NFC), 2G, 3G, 4G, NB-IOT, eMTC, or other 5G, etc., or a combination of one or more of them, which is not limited herein. The corresponding communication component 705 may thus include: Wi-Fi module, Bluetooth module, NFC module, etc.

In an exemplary embodiment, the electronic Device 700 may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), controllers, microcontrollers, microprocessors, or other electronic components for performing the above-described signature method applied to the electronic document at the client.

In another exemplary embodiment, there is also provided a computer readable storage medium including program instructions which, when executed by a processor, implement the steps of the above-described signature method applied to an electronic document of a client. For example, the computer readable storage medium may be the memory 702 described above including program instructions executable by the processor 701 of the electronic device 700 to perform the above-described signature method applied to the electronic document of the client.

Fig. 14 is a block diagram illustrating an electronic device 1900 according to an example embodiment. For example, the electronic device 1900 may be provided as a server. Referring to fig. 14, an electronic device 1900 includes a processor 1922, which may be one or more in number, and a memory 1932 for storing computer programs executable by the processor 1922. The computer program stored in memory 1932 may include one or more modules that each correspond to a set of instructions. Further, the processor 1922 may be configured to execute the computer program to perform the above-described signature method applied to the electronic document of the server.

Additionally, electronic device 1900 may also include a power component 1926 and a communication component 1950, the power component 1926 may be configured to perform power management of the electronic device 1900, and the communication component 1950 may be configured to enable communication, e.g., wired or wireless communication, of the electronic device 1900. In addition, the electronic device 1900 may also include input/output (I/O) interfaces 1958. The electronic device 1900 may operate based on an operating system, such as Windows Server, Mac OS XTM, UnixTM, Linux, etc., stored in memory 1932.

In another exemplary embodiment, there is also provided a computer readable storage medium including program instructions which, when executed by a processor, implement the steps of the above-described signature method applied to an electronic document of a server. For example, the computer readable storage medium may be the memory 1932 comprising program instructions executable by the processor 1922 of the electronic device 1900 to perform the above-described method of signing an electronic document applied to a server.

In another exemplary embodiment, a computer program product is also provided, which comprises a computer program executable by a programmable apparatus, the computer program having code portions for performing the above-mentioned signature method applied to an electronic document of a server when executed by the programmable apparatus.

Although the preferred embodiments of the present disclosure have been described in detail with reference to the accompanying drawings, the present disclosure is not limited to the specific details of the embodiments, and other embodiments of the present disclosure can be easily conceived by those skilled in the art within the technical spirit of the present disclosure after considering the description and practicing the present disclosure, and all fall within the protection scope of the present disclosure.

It should be noted that the various technical features described in the above embodiments can be combined in any suitable way without contradiction, and in order to avoid unnecessary repetition, the disclosure does not need to be separately described in various possible combinations, and should be considered as the disclosure of the disclosure as long as the concepts of the disclosure are not violated.

Claims

1. A signature method of an electronic document, which is applied to a server, the method comprising:

receiving document data sent by a client;

and sending the signed electronic document to the client.

2. The method according to claim 1, wherein the obtaining the hash value of the electronic document to be signed and the random number corresponding to the hash value comprises:

and generating the random number by taking the hash value as a seed.

3. The method according to claim 1, wherein before the signed electronic document is generated according to the electronic document to be signed included in the second data, the hash value included in the second data, and the signed digital signature included in the second data, if the hash value included in the second data sent by the client matches the random number included in the second data and the signed digital signature included in the second data is verified, the method further comprises:

4. The method according to claim 1, wherein the receiving the document data sent by the client comprises:

5. The method of claim 4, wherein sending the first data to the client comprises:

6. A signature method of an electronic document is applied to a client, and the method comprises the following steps:

and receiving the signed electronic document sent by the server.

7. The method of claim 6, wherein sending document data to a server comprises:

8. The method of claim 7, wherein before the encrypting the hash value included in the first data according to a signature private key to obtain a signature digital signature, the method further comprises:

9. An apparatus for signing an electronic document, applied to a server, the apparatus comprising:

10. An apparatus for signing an electronic document, applied to a client, the apparatus comprising:

11. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 5 or 6 to 8.

12. An electronic device, comprising:

a memory having a computer program stored thereon;

a processor for executing the computer program in the memory to carry out the steps of the method of any one of claims 1-5 or 6-8.