CN113242134B - Digital certificate signing method, device, system and storage medium - Google Patents
Digital certificate signing method, device, system and storage medium Download PDFInfo
- Publication number
- CN113242134B CN113242134B CN202110497547.7A CN202110497547A CN113242134B CN 113242134 B CN113242134 B CN 113242134B CN 202110497547 A CN202110497547 A CN 202110497547A CN 113242134 B CN113242134 B CN 113242134B
- Authority
- CN
- China
- Prior art keywords
- signature
- certificate
- user
- file
- mobile terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Abstract
The application relates to a digital certificate signing method, a device, a system and a storage medium, comprising the following steps: scanning a two-dimensional code displayed by a client through a digital certificate APP installed on an intelligent mobile terminal, and acquiring signature identification information contained in the two-dimensional code, wherein the signature identification information indicates identity information of a user and a transaction center where the user is currently located; acquiring and displaying signature request data to instruct a user to trigger a confirmation signature; and receiving information of triggering and confirming the signature by the user according to the signature request data, sending the information to the certificate server so as to enable the certificate server to sign, and returning a signature result to the client. The method can solve the problems that the USBKey certificates of all places are incompatible and the use environment is harsh because different USBKey and CA certificate suppliers are used by the transaction centers of all places in the existing electronic transaction system.
Description
Technical Field
The application relates to a digital certificate signing method, a digital certificate signing device, a digital certificate signing system and a digital certificate signing storage medium, and belongs to the technical field of computer network security.
Background
Digital certificates have wide-ranging applications in network communication security, such as using digital certificates for identity authentication, data integrity authentication, improving confidentiality of data, etc., and it can be said that digital certificates are an integral part of network communication. Existing digital certificate storage modes are generally classified into two types, namely an intelligent password key and a soft certificate. The smart key is typically a USB device having a CPU, and is connected to a computer through a USB interface. Soft certificates are typically stored in the form of files at locations specified by the computer storage device or operating system.
The digital certificate is generally stored in the USBKey by the electronic transaction bidding system, the USBKey is used as a storage medium of the CA certificate, and then the functions of identity authentication, electronic signature, data signature verification, encryption and decryption and the like are realized through the USBKey certificate.
The CA mechanism provides authentication service for electronic transaction systems in various places, and various transaction centers use different USBKey and CA certificate suppliers, so that the problems of incompatibility in various places, harsh use environment, high charging and the like are generated.
Disclosure of Invention
The application provides a digital certificate storage method, a device and a storage medium using a mobile phone as a medium, which can solve the problems of incompatibility and harsh use environment of various places of USBKey certificates caused by different USBKey and CA certificate suppliers used by various places of transaction centers in the existing electronic transaction system.
The application provides the following technical scheme:
a first aspect provides a digital certificate signing method, applied to an intelligent mobile terminal, the method comprising:
scanning a two-dimensional code displayed by a client through a digital certificate APP installed on an intelligent mobile terminal, and acquiring signature identification information contained in the two-dimensional code, wherein the signature identification information indicates identity information of a user and a transaction center where the user is currently located;
acquiring and displaying signature request data to instruct a user to trigger a confirmation signature;
and receiving information of triggering and confirming the signature by the user according to the signature request data, sending the information to the certificate server so as to enable the certificate server to sign, and returning a signature result to the client.
Optionally, in an embodiment of the first aspect of the present application, the method further includes the step of installing the digital certificate APP at the pass-through smart mobile terminal:
generating a signature key pair and generating a certificate issuing request file;
the CA configuration item is added to the certificate issuing request file and is sent to a CA organization so as to request the CA organization to perform certificate issuing operation;
acquiring an encryption certificate issued by a CA mechanism;
decrypting the encrypted certificate to obtain a certificate file;
and installing and storing the certificate file.
Optionally, in an embodiment of the first aspect of the present application, the decrypting the encrypted certificate to obtain a certificate file includes:
performing asymmetric decryption on the symmetric key corresponding to the encryption certificate to obtain a symmetric key;
symmetrically decrypting the encrypted private key encrypted by the symmetric key to obtain the encrypted private key;
and decrypting the encrypted certificate by using the encrypted private key to obtain a certificate file.
A second aspect provides a digital certificate signing method, applied to a certificate server, the method comprising:
acquiring a signature request sent by a client through a transaction center, wherein the signature request comprises user identity information and the transaction center currently described by a user;
generating a two-dimensional code according to user identity information contained in the signature request and the transaction center of the user at present, and sending the two-dimensional code to a client for display so that an intelligent mobile terminal scans the two-dimensional code to obtain signature identification information;
receiving signature identification information sent by an intelligent mobile terminal, and acquiring and returning signature request data according to the signature identification information to instruct the intelligent mobile terminal to confirm a signature, wherein the signature request data carries file information to be signed;
after receiving the signature confirmation information sent by the intelligent mobile terminal, carrying out digital signature on the file to be signed carried in the signature request data, and returning a signature result to the client.
A third aspect provides a digital certificate signing device applied to an intelligent mobile terminal, the device comprising:
the system comprises a two-dimension code acquisition module, a digital certificate APP, a client and a transaction center, wherein the two-dimension code acquisition module is used for scanning a two-dimension code displayed by the client through a digital certificate APP installed on an intelligent mobile terminal, acquiring signature identification information contained in the two-dimension code, and the signature identification information indicates identity information of a user and the transaction center where the user is currently located;
the signature confirmation module acquires and displays signature request data to instruct a user to trigger a signature confirmation;
and the signature receiving module is used for receiving the information of triggering and confirming the signature by the user according to the signature request data, sending the information to the certificate server so as to enable the certificate server to sign and returning the signature result to the client.
Optionally, in an embodiment of the third aspect of the embodiments of the present application, the apparatus further includes a certificate installation module, where the certificate installation module is configured to:
generating a signature key pair and generating a certificate issuing request file;
the certificate issuing request file is sent to a CA organization carrying a CA configuration item so as to request the CA organization to perform certificate issuing operation;
acquiring an encryption certificate issued by a CA mechanism;
decrypting the encrypted certificate to obtain a certificate file;
and installing and storing the certificate file.
A fourth aspect provides a digital certificate signing device applied to a certificate service, the device comprising:
the request acquisition module is used for acquiring a signature request sent by the client through the transaction center, wherein the signature request comprises user identity information and the transaction center currently described by a user;
the two-dimension code generation module is used for generating a two-dimension code according to the user identity information contained in the signature request and the transaction center of the user at present, and sending the two-dimension code to a client for display so that the intelligent mobile terminal scans the two-dimension code to obtain signature identification information;
the signature acquisition module is used for receiving signature identification information sent by the intelligent mobile terminal, acquiring and returning signature request data according to the signature identification information so as to instruct the intelligent mobile terminal to confirm the signature, wherein the signature request data carries file information to be signed;
and the signature module is used for carrying out digital signature on the file to be signed carried in the signature request data after receiving the signature confirmation information sent by the intelligent mobile terminal, and returning a signature result to the client.
A fifth aspect provides a digital certificate signing system, the system comprising a processor and a memory; the memory has stored therein a program that is loaded and executed by the processor to implement the steps of the digital certificate signing method as set forth in the first or second aspect.
A computer-readable storage medium having stored therein a program for implementing the steps of the digital certificate signing method according to the first or second aspect when executed by a processor.
The beneficial effects of this application lie in: the mobile phone certificate replaces the USBkey certificate, so that a plurality of certificates are simultaneously held, and meanwhile, the installation of a driver is abandoned, and the operations of logging in, signing and encrypting and decrypting the electronic transaction bidding system through the mobile phone are realized. The method has the advantages of seamless compatibility of multiple certificates, air evidence issuing, operation tracing, support of multiple browsers and the like.
The foregoing description is only an overview of the technical solutions of the present application, and in order to make the technical means of the present application more clearly understood, it can be implemented according to the content of the specification, and the following detailed description of the preferred embodiments of the present application will be given with reference to the accompanying drawings.
Drawings
FIG. 1 is a schematic diagram of a network architecture implementing a signature method and apparatus provided in one embodiment of the present application;
FIG. 2 is a flow chart of a signature method provided by one embodiment of the present application;
FIG. 3 is a flow chart of an intelligent mobile terminal installation data certificate provided in one embodiment of the present application;
FIG. 4 is an overall architecture diagram of digital certificate installations provided in one embodiment of the present application;
FIG. 5 is a flow chart of a signature method provided in another embodiment of the present application;
FIG. 6 is a block diagram of a signing device provided in one embodiment of the present application;
fig. 7 is a block diagram of a signing device provided in another embodiment of the present application.
Fig. 8 is a block diagram of a signature system provided in another embodiment of the present application.
Detailed Description
The detailed description of the present application is further described in detail below with reference to the drawings and examples. The following examples are illustrative of the present application, but are not intended to limit the scope of the present application.
First, terms related to the present application will be explained:
the encryption and decryption keys are a pair, and are divided into a public key and a private key, the public key can be completely disclosed, and after the other party encrypts data by using the public key, only a private owner can decrypt ciphertext, so that the encryption and decryption method has been widely used in the aspects of data encryption and data signature.
The symmetric encryption and decryption is mainly used for encrypting the real-time data packet of the secure channel, and the same secret key is used for encryption and decryption.
Fig. 1 is a schematic diagram of a network architecture capable of implementing the method and apparatus according to an embodiment of the present application, where, as shown in fig. 1, the architecture includes a client 1, an intelligent mobile terminal 2, a certificate service 3, a CA institution 4, and a transaction center 5.
The certificate server 3 establishes network connection with the intelligent mobile terminal 2 and the client 1 respectively, wherein the intelligent mobile terminal 2 is provided with a digital certificate APP, namely a new point mark general APP. The client 1 may be a PC. The certificate server 3 may be a server, a computer, or the like.
The client 1, namely the PC, establishes network connection with the CA mechanism through the transaction center 5 and the certificate server 3 in sequence. The intelligent mobile terminal 2 establishes network connection with the CA mechanism through the certificate server 3.
The specific embodiments of each device included in the above network architecture will be described in detail below.
Fig. 2 is a schematic diagram of a digital certificate signing method according to an embodiment of the present application, where the method is applied to the intelligent mobile terminal shown in fig. 1, and the execution subject of each step is illustrated as an example of the intelligent mobile terminal. The method comprises the following steps:
s201, scanning a two-dimensional code displayed by a client through a digital certificate APP installed on an intelligent mobile terminal, and acquiring signature identification information contained in the two-dimensional code.
Specifically, the signature identification information of the embodiment is used for indicating the identity information of the user and the transaction center where the user is currently located.
The present embodiment may trigger a signature request by a user (e.g., bidder) at a client (i.e., PC side), for example, clicking on a "signature" button displayed by the client.
When receiving a signature request of a client, the transaction center sends the corresponding signature request to a certificate server, and the certificate server generates a two-dimension code according to user identity information contained in a two-dimension code request page and the transaction center (for example, the transaction center A) currently described by a user.
The two-dimensional code is contained in the request page, sent to the client side and displayed on the client side.
According to the embodiment, the digital certificate APP is installed on the intelligent mobile terminal, for example, a new point mark is formed by the APP, and the two-dimensional code displayed by the client is scanned through the new point mark so as to acquire signature identification information contained in the two-dimensional code.
S202: signature request data is acquired and displayed to instruct the user to trigger a validation signature.
Specifically, the signature request in this embodiment includes file information to be signed, and prompts the user to confirm whether the information to be signed is wrong or not, and whether to confirm the signature or not. The file information to be signed refers to a file to be signed requested by a user.
The intelligent mobile terminal scans the two-dimensional code through the digital certificate APP to obtain corresponding signature identification information, the corresponding signature identification information is sent to the certificate server, the certificate server determines information such as specific bidder identities, transaction centers (e.g. transaction center A, transaction center B and the like) where bidders are located according to the signature identification information, and then corresponding signature request data is sent to the intelligent mobile terminal to ask a user to confirm whether the signature is signed. And the signature request data carries file information to be signed.
S203: and receiving information of triggering and confirming the signature according to the signature request by the user, sending the information to the certificate server so as to enable the certificate server to sign and returning a signature result to the client.
Specifically, if the user confirms that the information contained in the file to be signed is correct, the user can click on a 'confirm signature' button displayed on the intelligent mobile terminal signature request page, and then a signature result can be received at the client.
Fig. 3 is a flowchart of a method for applying and installing certificates through an intelligent mobile terminal according to an embodiment of the present application, where the method according to the embodiment of the present application uses the intelligent mobile terminal as an execution body, and the method includes the following steps:
s301, a signature key pair is generated, and a certificate issue request file is generated.
Specifically, fig. 4 shows an overall frame diagram for installing a digital certificate, referring to fig. 4, in this embodiment of the present application, a digital certificate APP, for example, a new point certificate APP, is installed in an intelligent mobile terminal, and the new point certificate APP communicates with a CA institution through a certificate service end (new point certificate APP service end) to apply for and install the digital certificate to the CA institution.
A pair of signature key pairs is generated in a key container of a new point mark general APP of the intelligent mobile terminal, CSR (certificate issuing request file) is generated, and certificate application is initiated.
The key pair generated by the intelligent mobile terminal is stored after being encrypted, and the key pair stored by the intelligent mobile terminal can only be used by the owner of the intelligent mobile terminal.
S302, the certificate issue request file is added with a CA configuration item and sent to a CA mechanism so as to request the CA mechanism to conduct certificate issue operation.
Specifically, the certificate issue request is firstly sent to a new point certificate service end, and the new point certificate service end initiates a certificate issue request to a CA gateway after adding a CA configuration item in the certificate issue request.
And the CA gateway adapts the request parameters according to the CA configuration items and initiates a certificate application to the appointed CA mechanism.
S303, obtaining an encryption certificate issued by the CA mechanism.
After receiving a certificate application of a user, a CA (certificate authority) generates an encryption key pair of a digital certificate to be issued, then symmetrically encrypts an encryption private key of the encryption key pair, asymmetrically encrypts the symmetrically encrypted symmetric key, finally generates a key protection structure by the encryption key, and issues the encryption certificate.
The issued encryption certificate is returned to the CA gateway firstly, the CA gateway performs primary key protection structure adaptation, and then sequentially returns to the new point mark communication server and the new point mark communication APP of the intelligent mobile terminal.
S304, decrypting the encrypted certificate to obtain a certificate file.
Specifically, the intelligent mobile terminal decrypts the key protection structure by using the private key in the signature key pair in the key container of the new point mark general APP, obtains the encrypted private key and installs the certificate. The method comprises the following steps:
performing asymmetric decryption on the encrypted certificate to obtain a symmetric key; symmetrically decrypting the encryption private key according to the symmetrical secret key to obtain the encryption private key; and decrypting the encrypted certificate by using the encrypted private key to obtain a certificate file.
And S305, installing and storing the certificate file.
Further, the user can initiate certificate applications of a plurality of different CA institutions on the new point mark certificate application APP, and certificates of different CA institutions can be installed and used simultaneously.
Fig. 5 is a flowchart of a digital certificate signing method according to an embodiment of the present application, where the method is applied to the certificate server (new point certificate service) 3 shown in fig. 1, and the execution subject of each step is illustrated as the certificate server 3. The method at least comprises the following steps:
s501, a signature request sent by a client through a transaction center is obtained, wherein the signature request comprises user identity information and the transaction center where a user is currently located.
S502, generating a two-dimensional code according to user identity information contained in the signature request and the transaction center of the user at present, and sending the two-dimensional code to a client for display, so that the intelligent mobile terminal scans the two-dimensional code to obtain signature identification information.
S503, receiving signature identification information sent by the intelligent mobile terminal, and acquiring and returning signature request data according to the signature identification information to instruct the intelligent mobile terminal to confirm the signature, wherein the signature request data carries file information to be signed.
S504: after receiving the signature confirmation information sent by the intelligent mobile terminal, carrying out digital signature on the file to be signed carried in the signature request data, and returning a signature result to the client.
For the specific implementation of this embodiment, please refer to the description of the related portion using the certificate server as the execution body in the embodiment of fig. 1-3, and the description is omitted here.
In summary, the mobile phone certificate replaces the USBkey certificate, so that the method not only supports the simultaneous holding of a plurality of certificates, but also abandons the installation of a driver, and realizes the operations of logging in, signing and encrypting and decrypting the electronic transaction bidding system through the mobile phone. The method has the advantages of seamless compatibility of multiple certificates, air evidence issuing, operation tracing, support of multiple browsers and the like.
Fig. 6 is a block diagram of a digital certificate signing device according to an embodiment of the present application, and this embodiment is described by taking an example that the device is applied to an intelligent mobile terminal of the architecture shown in fig. 1. The device at least comprises the following modules:
the system comprises a two-dimension code acquisition module, a digital certificate APP, a client and a transaction center, wherein the two-dimension code acquisition module is used for scanning a two-dimension code displayed by the client through a digital certificate APP installed on an intelligent mobile terminal, acquiring signature identification information contained in the two-dimension code, and the signature identification information indicates identity information of a user and the transaction center where the user is currently located;
the signature confirmation module acquires and displays signature request data to instruct a user to trigger a signature confirmation;
and the signature receiving module is used for receiving the information of triggering and confirming the signature by the user according to the signature request data, sending the information to the certificate server so as to enable the certificate server to sign and returning the signature result to the client.
For relevant details reference is made to the method embodiments described above.
Fig. 7 is a block diagram of a digital certificate signing device according to another embodiment of the present application, and this embodiment is described by taking a certificate service end, in which the device is applied to the architecture shown in fig. 1, as an example. The device at least comprises the following modules:
the request acquisition module is used for acquiring a signature request sent by the client through the transaction center, wherein the signature request comprises user identity information and the transaction center currently described by a user;
the two-dimension code generation module is used for generating a two-dimension code according to the user identity information contained in the signature request and the transaction center of the user at present, and sending the two-dimension code to a client for display so that the intelligent mobile terminal scans the two-dimension code to obtain signature identification information;
the signature acquisition module is used for receiving signature identification information sent by the intelligent mobile terminal, acquiring and returning signature request data according to the signature identification information so as to instruct the intelligent mobile terminal to confirm the signature, wherein the signature request data carries file information to be signed;
and the signature module is used for carrying out digital signature on the file to be signed carried in the signature request data after receiving the signature confirmation information sent by the intelligent mobile terminal, and returning a signature result to the client.
It should be noted that: in the digital certificate signing device provided in the above two embodiments, only the division of the above functional modules is used for illustration, in practical application, the above functional allocation can be completed by different functional modules according to needs, that is, the internal structure of the digital certificate signing device of the electronic transaction bidding system is divided into different functional modules, so as to complete all or part of the functions described above. In addition, the digital certificate signing device of the electronic transaction bidding system provided in the above embodiment and the digital certificate signing method embodiment of the electronic transaction bidding system belong to the same concept, and detailed implementation processes of the digital certificate signing device and the digital certificate signing method embodiment of the electronic transaction bidding system are detailed in the method embodiment and are not described herein.
Fig. 8 is a block diagram of a digital certificate signing system provided in one embodiment of the present application, which may be: smart phones, tablet computers, notebook computers, desktop computers, or servers. The system may also be referred to as a user device, portable terminal, laptop terminal, desktop terminal, control terminal, etc., which is not limited in this embodiment. The system includes at least a processor and a memory.
The processor may include one or more processing cores, such as: 4 core processor, 6 core processor, etc. The processor may be implemented in at least one hardware form of DSP (Digital Signal Processing ), FPGA (Field-Programmable GateArray, field programmable gate array), PLA (Programmable Logic Array ). The processor may also include a main processor, which is a processor for processing data in an awake state, also called a CPU (Central Processing Unit ), and a coprocessor; a coprocessor is a low-power processor for processing data in a standby state. In some embodiments, the processor may incorporate a GPU (Graphics Processing Unit, image processor) for rendering and rendering of content required to be displayed by the display screen. In some embodiments, the processor may also include an AI (Artificial Intelligence ) processor for processing computing operations related to machine learning.
The memory may include one or more computer-readable storage media, which may be non-transitory. The memory may also include high-speed random access memory, as well as non-volatile memory, such as one or more magnetic disk storage devices, flash memory storage devices. In some embodiments, a non-transitory computer readable storage medium in memory is used to store at least one instruction for execution by a processor to implement the digital certificate signing method provided by the method embodiments in the present application.
In some embodiments, optionally, the digital certificate signing system further comprises: a peripheral interface and at least one peripheral. The processor, memory, and peripheral interfaces may be connected by buses or signal lines. The individual peripheral devices may be connected to the peripheral device interface via buses, signal lines or circuit boards. Illustratively, peripheral devices include, but are not limited to: radio frequency circuitry, touch display screens, audio circuitry, and power supplies, among others.
Of course, the digital certificate signing system may also include fewer or more components, as the present embodiment is not limited in this regard.
Optionally, the application further provides a computer readable storage medium, where a program is stored, where the program is loaded and executed by a processor to implement the digital certificate signing method of the above method embodiment.
Optionally, the application further provides a computer product, which includes a computer readable storage medium, where a program is stored, and the program is loaded and executed by a processor to implement the digital certificate signing method of the above method embodiment.
The technical features of the above-described embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above-described embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The above examples merely represent a few embodiments of the present application, which are described in more detail and are not to be construed as limiting the scope of the invention. It should be noted that it would be apparent to those skilled in the art that various modifications and improvements could be made without departing from the spirit of the present application, which would be within the scope of the present application. Accordingly, the scope of protection of the present application is to be determined by the claims appended hereto.
Claims (8)
1. A digital certificate signing method applied to an intelligent mobile terminal, the method comprising:
scanning a two-dimensional code displayed by a client through a digital certificate APP installed on an intelligent mobile terminal, and acquiring signature identification information contained in the two-dimensional code, wherein the signature identification information indicates identity information of a user and a transaction center where the user is currently located;
acquiring and displaying signature request data to instruct a user to trigger a confirmation signature;
receiving information of triggering and confirming the signature by a user according to the signature request data, sending the information to a certificate server so as to enable the certificate server to sign, and returning a signature result to a client;
the method further comprises the step of installing a digital certificate APP through the intelligent mobile terminal:
generating a signature key pair and generating a certificate issuing request file;
the CA configuration item is added to the certificate issuing request file and is sent to a CA mechanism to request the CA mechanism to perform certificate issuing operation, after the CA mechanism receives a user application and generates an encryption key pair of a digital certificate to be issued, the encryption private key of the encryption key pair is symmetrically encrypted, the symmetrically encrypted symmetric key is asymmetrically encrypted, and finally the encryption key generates a key protection structure and issues an encryption certificate;
acquiring the encryption certificate issued by the CA mechanism;
decrypting the key protection structure by using a private key in the signature key pair to obtain an encrypted private key;
decrypting the encrypted certificate to obtain a certificate file;
and installing and storing the certificate file.
2. The method according to claim 1, characterized in that: the decrypting the encrypted certificate to obtain a certificate file comprises the following steps:
performing asymmetric decryption on the symmetric key corresponding to the encryption certificate to obtain a symmetric key;
symmetrically decrypting the encrypted private key encrypted by the symmetric key to obtain the encrypted private key;
and decrypting the encrypted certificate by using the encrypted private key to obtain a certificate file.
3. A digital certificate signing method applied to a certificate server, the method comprising:
acquiring a signature request sent by a client through a transaction center, wherein the signature request comprises user identity information and the transaction center currently described by a user;
generating a two-dimensional code according to user identity information contained in the signature request and the transaction center of the user at present, and sending the two-dimensional code to a client for display, so that a digital certificate APP installed on an intelligent mobile terminal scans the two-dimensional code to obtain signature identification information, and sending the signature identification information to the certificate server; the signature identification information indicates the identity information of the user and the transaction center where the user is currently located; the step of installing the digital certificate APP through the intelligent mobile terminal comprises the following steps: generating a signature key pair and generating a certificate issuing request file; the CA configuration item is added to the certificate issuing request file and is sent to a CA mechanism to request the CA mechanism to perform certificate issuing operation, after the CA mechanism receives a user application and generates an encryption key pair of a digital certificate to be issued, the encryption private key of the encryption key pair is symmetrically encrypted, the symmetrically encrypted symmetric key is asymmetrically encrypted, and finally the encryption key generates a key protection structure and issues an encryption certificate; acquiring the encryption certificate issued by the CA mechanism; decrypting the key protection structure by using a private key in the signature key pair to obtain an encrypted private key; decrypting the encrypted certificate to obtain a certificate file; installing and storing the certificate file; receiving signature identification information sent by an intelligent mobile terminal, and acquiring and returning signature request data according to the signature identification information so as to acquire and display the signature request data through the intelligent mobile terminal, so as to instruct the intelligent mobile terminal to confirm a signature, wherein the signature request data carries file information to be signed; the intelligent mobile terminal receives information of triggering and confirming the signature according to the signature request data by a user and sends the information to the certificate server;
after receiving the signature confirmation information sent by the intelligent mobile terminal, carrying out digital signature on the file to be signed carried in the signature request data, and returning a signature result to the client.
4. A digital certificate signing device applied to an intelligent mobile terminal, characterized in that the device comprises:
the system comprises a two-dimension code acquisition module, a digital certificate APP, a client and a transaction center, wherein the two-dimension code acquisition module is used for scanning a two-dimension code displayed by the client through a digital certificate APP installed on an intelligent mobile terminal, acquiring signature identification information contained in the two-dimension code, and the signature identification information indicates identity information of a user and the transaction center where the user is currently located;
the signature confirmation module acquires and displays signature request data to instruct a user to trigger a signature confirmation;
the signature receiving module is used for receiving information of triggering and confirming the signature by a user according to the signature request data and sending the information to the certificate server so as to enable the certificate server to sign and return a signature result to the client; the method further comprises the step of installing a digital certificate APP through the intelligent mobile terminal: generating a signature key pair and generating a certificate issuing request file; the CA configuration item is added to the certificate issuing request file and is sent to a CA mechanism to request the CA mechanism to perform certificate issuing operation, after the CA mechanism receives a user application and generates an encryption key pair of a digital certificate to be issued, the encryption private key of the encryption key pair is symmetrically encrypted, the symmetrically encrypted symmetric key is asymmetrically encrypted, and finally the encryption key generates a key protection structure and issues an encryption certificate; acquiring the encryption certificate issued by the CA mechanism; decrypting the key protection structure by using a private key in the signature key pair to obtain an encrypted private key; decrypting the encrypted certificate to obtain a certificate file; and installing and storing the certificate file.
5. The digital certificate signing device of claim 4, further comprising a certificate installation module to:
generating a signature key pair and generating a certificate issuing request file;
the CA configuration item is added to the certificate issuing request file and is sent to a CA organization so as to request the CA organization to perform certificate issuing operation;
acquiring an encryption certificate issued by a CA mechanism;
decrypting the encrypted certificate to obtain a certificate file;
and installing and storing the certificate file.
6. A digital certificate signing device applied to a certificate server, the device comprising:
the request acquisition module is used for acquiring a signature request sent by the client through the transaction center, wherein the signature request comprises user identity information and the transaction center currently described by a user;
the two-dimension code generation module is used for generating a two-dimension code according to user identity information contained in the signature request and the transaction center of the user at present, sending the two-dimension code to a client for display, enabling a digital certificate APP installed on the intelligent mobile terminal to scan the two-dimension code to obtain signature identification information, and sending the signature identification information to the certificate server; the step of installing the digital certificate APP through the intelligent mobile terminal comprises the following steps: generating a signature key pair and generating a certificate issuing request file; the CA configuration item is added to the certificate issuing request file and is sent to a CA mechanism to request the CA mechanism to perform certificate issuing operation, after the CA mechanism receives a user application and generates an encryption key pair of a digital certificate to be issued, the encryption private key of the encryption key pair is symmetrically encrypted, the symmetrically encrypted symmetric key is asymmetrically encrypted, and finally the encryption key generates a key protection structure and issues an encryption certificate; acquiring the encryption certificate issued by the CA mechanism; decrypting the key protection structure by using a private key in the signature key pair to obtain an encrypted private key; decrypting the encrypted certificate to obtain a certificate file; installing and storing the certificate file;
the device comprises an identification acquisition module, a signature request module and a signature processing module, wherein the identification acquisition module is used for receiving signature identification information sent by an intelligent mobile terminal, acquiring and returning signature request data according to the signature identification information, acquiring and displaying the signature request data through the intelligent mobile terminal to instruct the intelligent mobile terminal to confirm a signature, and the signature request data carries file information to be signed; the intelligent mobile terminal receives information of triggering and confirming the signature according to the signature request data by a user and sends the information to the certificate server;
and the signature module is used for carrying out digital signature on the file to be signed carried in the signature request data after receiving the signature confirmation information sent by the intelligent mobile terminal, and returning a signature result to the client.
7. A digital certificate signing system, the system comprising a processor and a memory; stored in the memory is a program that is loaded and executed by the processor to implement the steps of the digital certificate signing method as claimed in any one of claims 1 to 2 or claim 3.
8. A computer readable storage medium, characterized in that the storage medium has stored therein a program which, when executed by a processor, is adapted to carry out the steps of the digital certificate signing method as claimed in any one of claims 1 to 2 or claim 3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110497547.7A CN113242134B (en) | 2021-05-08 | 2021-05-08 | Digital certificate signing method, device, system and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110497547.7A CN113242134B (en) | 2021-05-08 | 2021-05-08 | Digital certificate signing method, device, system and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113242134A CN113242134A (en) | 2021-08-10 |
| CN113242134B true CN113242134B (en) | 2023-07-04 |
Family
ID=77132328
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110497547.7A Active CN113242134B (en) | 2021-05-08 | 2021-05-08 | Digital certificate signing method, device, system and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113242134B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114760070A (en) * | 2022-04-22 | 2022-07-15 | 深圳市永达电子信息股份有限公司 | Digital certificate issuing method, digital certificate issuing center and readable storage medium |
| CN115277125B (en) * | 2022-07-13 | 2024-02-13 | 南京国电南自电网自动化有限公司 | Substation remote control method and system with bidirectional credibility and safety |
| CN116827542B (en) * | 2023-08-29 | 2023-11-07 | 江苏省国信数字科技有限公司 | Digital certificate management method and system of intelligent device |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105323062B (en) * | 2014-06-03 | 2018-04-20 | 收付宝科技有限公司 | Movable terminal digital certificates electric endorsement method |
| CN106845986A (en) * | 2017-01-12 | 2017-06-13 | 方欣科技有限公司 | The signature method and system of a kind of digital certificate |
| CN109831308B (en) * | 2019-02-27 | 2022-10-04 | 上海棕榈电脑系统有限公司 | Digital signature authentication method, storage medium, and device |
-
2021
- 2021-05-08 CN CN202110497547.7A patent/CN113242134B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN113242134A (en) | 2021-08-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113242134B (en) | Digital certificate signing method, device, system and storage medium | |
| US9246678B2 (en) | Secure cloud storage and encryption management system | |
| CN106063183B (en) | Method and apparatus for cloud assisted cryptography | |
| CN104618116B (en) | A kind of cooperative digital signature system and its method | |
| JP6552714B2 (en) | Data processing method and system, and wearable electronic device | |
| CN109660534B (en) | Multi-merchant-based security authentication method and device, electronic equipment and storage medium | |
| CN110661814A (en) | Bidding file encryption and decryption method, device, equipment and medium | |
| CN109818747A (en) | Digital signature method and device | |
| CN109728905B (en) | Anti-quantum computation MQV key negotiation method and system based on asymmetric key pool | |
| CN109613990A (en) | Soft keyboard secured inputting method, server, client, electronic equipment and medium | |
| CN112636916A (en) | Data processing method, data processing device, storage medium and electronic equipment | |
| CN112839013B (en) | Key transmission method, device and computer readable storage medium | |
| CN106411520B (en) | Method, device and system for processing virtual resource data | |
| CN111464295B (en) | Bank card making method and device | |
| CN105022965A (en) | Data encryption method and apparatus | |
| CN110414269B (en) | Processing method, related device, storage medium and system of application installation package | |
| CN112187726A (en) | Data transmission method, device, storage medium and terminal | |
| CN103873245A (en) | Virtual machine system data encryption method and apparatus | |
| CN111010283A (en) | Method and apparatus for generating information | |
| CN114549206A (en) | Transaction anti-repudiation method, system, electronic equipment and readable storage medium | |
| CN109639409B (en) | Key initialization method, key initialization device, electronic equipment and computer-readable storage medium | |
| CN109543367B (en) | Quantum encryption-based software authorization method and device and storage medium | |
| CN113961931A (en) | Adb tool using method and device and electronic equipment | |
| EP4016921A1 (en) | Certificate management method and apparatus | |
| CN104580181A (en) | Device and method for data encryption and encryption accelerator engine |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |