CN113541972A - Digital certificate generation method and electronic signature method - Google Patents

Digital certificate generation method and electronic signature method Download PDF

Info

Publication number
CN113541972A
CN113541972A CN202111093112.2A CN202111093112A CN113541972A CN 113541972 A CN113541972 A CN 113541972A CN 202111093112 A CN202111093112 A CN 202111093112A CN 113541972 A CN113541972 A CN 113541972A
Authority
CN
China
Prior art keywords
server
client
private key
signature
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111093112.2A
Other languages
Chinese (zh)
Other versions
CN113541972B (en
Inventor
陈传义
郭峰
金宏洲
程亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Tiangu Information Technology Co ltd
Original Assignee
Hangzhou Tiangu Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Tiangu Information Technology Co ltd filed Critical Hangzhou Tiangu Information Technology Co ltd
Priority to CN202111093112.2A priority Critical patent/CN113541972B/en
Publication of CN113541972A publication Critical patent/CN113541972A/en
Application granted granted Critical
Publication of CN113541972B publication Critical patent/CN113541972B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Algebra (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)

Abstract

The application relates to a digital certificate generation method and an electronic signature method, wherein the digital certificate generation method simultaneously generates a pair of public key and private key at a client and a server respectively, and splits a server private key PriKeyB into a plurality of server private key fragments through a threshold secret sharing algorithm to be stored on different databases. There is no way for each database end to directly master the entire server private key. When signing is carried out, a complete electronic signature does not need to be assembled at a client or a server, but component signing is carried out at the client to generate a signature fragment SignBlock, and then a digital certificate is generated at the server according to a server private key PriKeyB and the signature fragment SignBlock, so that the security of a secret key is considered, and the convenience of signing is also considered.

Description

Digital certificate generation method and electronic signature method
Technical Field
The present application relates to the field of digital signature technologies, and in particular, to a digital certificate generation method and an electronic signature method.
Background
Digital certificates contain public and private keys, traditional CA (license authority, GlobalSign) applications, and are typically kept in the hands of users through UKEY carriers. However, UKEY as a digital certificate carrier has natural disadvantages, namely poor compatibility, inconvenient carrying and difficult popularization. Many emerging electronic signing platforms are born in the internet era, the UKEY digital certificate has no way to meet the customer requirements, and most users sign electronic contracts through a cloud certificate scheme at present.
However, the electronic subscription scheme based on the cloud certificate still has a security risk. The cloud certificate is implemented by hosting a private key at a service end of a platform, which causes the control right of the private key of a user to be controlled by the platform side, thereby bringing about the security problem of the private key. The platform can bypass the user and use the private key of the user to perform operations such as electronic signing.
Disclosure of Invention
Therefore, it is necessary to provide a digital certificate generation method and an electronic signature method for solving the problem that the control right of the private key of the user is mastered by the platform side and the private key of the user is unsafe in the conventional electronic subscription scheme based on the cloud certificate.
The application provides a digital certificate generation method, which comprises the following steps:
the client generates a client public key pubKeyA and a client private key priKeyA;
the server generates a server public key pubKeyB and a server private key PriKeyB;
the server converts a server private key PriKeyB into n server private key fragments based on a threshold secret sharing algorithm, and sends the n server private key fragments to n different databases for storage respectively; each database stores a server private key fragment; n is a positive integer and n is greater than 2;
the server acquires a client public key pubKeyA from the client;
the server generates a common public key based on the client public key pubKeyA and a server private key PriKeyB;
the server generates data to be signed based on the user information and the common public key;
the server sends the data to be signed to the client;
the client generates a signature fragment SignBlock according to the data to be signed and a client private key priKeyA;
and the server generates a digital certificate according to the server private key PrIKEyB and the signature fragment SignBloc.
The digital certificate generation method provided by the application fuses the threshold secret sharing algorithm, meanwhile, a pair of public key and private key is generated at the client and the server respectively, and the server private key PriKeyB is divided into a plurality of server private key fragments through the threshold secret sharing algorithm to be stored in different databases. There is no way for each database end to directly master the entire server private key. When signing is carried out, a complete electronic signature does not need to be assembled at a client or a server, but component signing is carried out at the client to generate a signature fragment SignBlock, and then a digital certificate is generated at the server according to a server private key PriKeyB and the signature fragment SignBlock, so that the security of a secret key is considered, and the convenience of signing is also considered.
The present application also provides an electronic signature method for signing a digital certificate generated by the digital certificate generation method as mentioned in the foregoing, the method comprising:
the server extracts the full-text abstract of the electronic contract, generates a data hash to be signed, and sends the data hash to be signed to the client;
the client generates first check data and sends the first check data and the associated ID table to the server; the first check data is generated based on the third random number kA;
the server obtains at least 2 server private key fragments from n different databases according to the association ID table, and restores the server private key priveyB according to the 2 server private key fragments through a threshold password sharing algorithm;
the server verifies the first verification data based on the server private key priveyB and judges whether the server verifies the first verification data successfully;
if the server successfully verifies the first verification data, the server generates second verification data and sends the second verification data to the client; the second check-up data is generated based on a fourth random number kB;
the client checks the second check data and judges whether the client successfully checks the second data;
if the client successfully verifies the second verification data, the client calls a client private key priveyA stored in the client, and the client generates a signature slice SignBlock according to the client private key priveyA;
the server generates an electronic signature according to the fourth random number kB and the signature fragment SignBlock;
the server assembles the electronic signature and the digital certificate generated by applying the digital certificate generation method as mentioned in the foregoing, and generates an electronic signature structural body which can be verified;
the server signs the electronic contract by using the electronic signature structure, and generates a signed electronic contract.
The application provides an electronic signature method, signature fragmentation SignBlock needs to be generated through a client side firstly during signature, then at least 2 server private key fragments are extracted from different databases by a server, a server private key PriKeyB is restored through a threshold password sharing algorithm, then the signature fragmentation SignBlock generated by the client side is merged to form an electronic signature, the client side and the server two sides are matched to generate the electronic signature, the electronic signature method is safer than a single side in electronic signature, the server private key PriKeyB can restore the server private key PriKeyB only through server private key fragments captured by a plurality of databases, and the security is higher on the basis of double-end signature. In addition, the electronic signature can be subjected to standard signature verification through a common public key.
Drawings
Fig. 1 is a schematic flowchart of a digital certificate generation method according to an embodiment of the present application.
Fig. 2 is a schematic flowchart of an electronic signature method according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
The application provides a digital certificate generation method and an electronic signature method. It should be noted that the digital certificate generation method and the electronic signature method provided by the present application are applicable to any type of electronic signature service.
The present application provides a digital certificate method.
As shown in fig. 1, in an embodiment of the present application, the method includes the following steps S110 to S700:
s110, the client generates a client public key pubKeyA and a client private key privkeya.
S120, the server generates a server public key pubKeyB and a server private key PriKeyB.
S130, the server converts the server private key PriKeyB into n server private key fragments based on a threshold secret sharing algorithm, and sends the n server private key fragments to n different databases for storage respectively. Each database stores a fragment of the server private key. n is a positive integer and n is greater than 2.
S310, the server obtains a client public key pubKeyA from the client.
S330, the server generates a common public key based on the client public key pubKeyA and the server private key PriKeyB.
And S350, the server generates data to be signed based on the user information and the common public key.
And S370, the server sends the data to be signed to the client.
And S500, the client generates a signature fragment SignBlock according to the data to be signed and the client private key priKeyA.
S700, the server generates a digital certificate according to the server private key PrIKEyB and the signature fragment SignBlock.
Specifically, the client is communicatively coupled to the server. Specifically, common public key pk = server private key priKeyB × client public key pubKeyA-G (x, y). The common public key pk is stored at both the server and the client.
S500 the specific step of the client generating a signature fragment SignBlock according to the data to be signed and the client private key priveya may include the following steps S510 to S520:
s510, the client calculates the coordinates of the elliptic curve group element point R' according to formula 6.
R' = (XRA + XRB, YRA + YRB) formula 6
Wherein XRA is the abscissa of the first point of coordinates RA. XRB is the abscissa of the third coordinate point RB. YRA is the ordinate of the first coordinate point RA. YRB is the ordinate of the third coordinate point RB.
S520, the client calculates a first signature element r according to formula 7. And calculating a second signature element s 'according to formula 8, merging the first signature element r and the second signature element s' into a signature element (r, s '), and using the signature element (r, s') as a signature slice SignBlock.
r = H (ZA | | M) + (XRA + XRB) mod (q) formula 7
s'=[(kA+r) (priKeyA-1)]mod (q) equation 8
Wherein, H (ZA M) is hash of the data to be signed. XRA is the abscissa of the first coordinate point RA. XRB is the abscissa of the third coordinate point RB. kA is a third random number. r is the first signature element and priKeyA is the client private key. q is the elliptic curve parameter and mod is the remainder symbol.
In this embodiment, a pair of public key and private key is generated at the client and the server, respectively, and the server private key PriKeyB is divided into a plurality of server private key fragments by a threshold secret sharing algorithm and stored in different databases. There is no way for each database end to directly master the entire server private key. When signing is carried out, a complete electronic signature does not need to be assembled at a client or a server, but component signing is carried out at the client to generate a signature fragment SignBlock, and then a digital certificate is generated at the server according to a server private key PriKeyB and the signature fragment SignBlock, so that the security of a secret key is considered, and the convenience of signing is also considered.
Before performing S110, the method further includes:
and S010, logging in the electronic signature platform through the user account and the password of the client, and automatically switching to an interface for registering the account when logging in for the first time.
The client can be an application program of an android platform, an application program of an ios platform or an H5 webpage. The registered user account must be authenticated by a real name.
S020, submitting a flow request for creating a digital certificate, so as to execute the following step S110.
Specifically, after the server converts the server private key PrIKEyB into n server private key fragments based on a threshold secret sharing algorithm, the n server private key fragments are respectively sent to n different databases for storage.
Alternatively, if n is 3, then the server private key PriKeyB is converted into 3 pieces of server private keys, and 3 databases each storing 1 piece of server private key need to be created.
Optionally, each database is mounted in an independent server, and serves as a database server, and each database server is in communication connection with the server, so as to ensure that the server can extract server private key fragments in any one database server at any time. Of course, to ensure security, it is possible to set an extraction authority and set the date of extraction to restrict the fragment extraction freedom of the server.
Optionally, each database server may further set a dedicated encryption algorithm, which is kept secret, and when extracting the server private key fragments, the server needs to pass through the encryption algorithm set by the database server. The encryption algorithm may be an SM2 cryptographic algorithm or a hash algorithm.
In an embodiment of the present application, S700 includes the following S710 to S750:
and S710, the server generates an electronic signature according to the server private key PriKeyB and the signature fragment SignBlock.
S720, the server generates a certificate request file according to the electronic signature and the data to be signed.
S730, the server sends the certificate request file to a third-party CA mechanism.
And S740, after the third-party CA authority signs the certificate request file, acquiring the certificate request file which is returned by the third-party CA authority and signed by the third-party CA authority.
And S750, generating a digital certificate according to the certificate request file signed by the third-party CA organization.
Specifically, the step of generating the electronic signature by the server S710 according to the server private key PriKeyB and the signature fragment SignBlock may specifically include the following steps S711 to S712:
s711, the server extracts the second signature element S' in the signature segment SignBlock, and calculates a third signature element t according to formula 9.
T=[(s’+kB)(priKeyB-1)]mod (q) equation 9
Wherein T is a third signature element. s' is a second signature element. kB is a fourth random number. priKeyB is the server private key. q is an elliptic curve parameter. mod is the remainder symbol.
S712, the server calculates a fourth signature element S according to formula 10.
s = T-r equation 10
Where s is the fourth signature element. T is the third signature element. r is the first signature element.
S713, the server combines the first signature element r and the fourth signature element S to generate an electronic signature (r, S).
Optionally, after the digital certificate is generated in S750 according to the certificate request file signed by the third-party CA authority, the client may not only locally store the client private key priveya, but also upload the client private key priveya to the server for backup. Therefore, when the client side needs to be reloaded due to misunloading, the private key privet of the client side can be replied from the server, and the convenience is considered while the safety is pursued.
In an embodiment of the present application, S110 includes the following S111 to S113:
s111, self-defining an elliptic curve, setting a base point G (x, y) of the elliptic curve and setting an elliptic curve parameter q of the elliptic curve.
Specifically, the encryption algorithm of the present application is established based on the rule of the elliptic curve, so that an elliptic curve needs to be customized first, and a customized base point G (x, y) and an elliptic curve parameter q are obtained.
S112, a first random number a is generated as the client private key priKeyA. A is an integer and A is E [1, n-1 ]. n is the order of base point G.
S113, a client public key pubKeyA is generated according to formula 1.
pubKeyA = priKeyA × G (x, y) formula 1
The pubkeyA is a client public key. priKeyA is the client private key. G (x, y) is the base point of the elliptic curve.
In an embodiment of the present application, S120 includes: s121 to S122 as follows:
s121, a second random number B is generated as the server private key priKeyB. The second random number B is an integer and the value of the second random number B is not equal to the value of the first random number a. B belongs to [1, n-1 ]. n is the order of base point G.
S122, the server public key pubKeyB is generated according to formula 2.
pubKeyB = priKeyB × G (x, y) formula 2
The pubkeyB is a server public key. priKeyB is the server private key. G (x, y) is the base point of the elliptic curve.
In an embodiment of the present application, S130 includes the following S131 to S133:
s131, the server constructs a polynomial F (m), and sets a secret parameter S in the polynomial F (m) to be equal to a server private key PrIKeyB.
F(m)=S+ a1×m+ a2×m2+...+ at-1×mt-1mod (p) equation 3
Wherein S is a preset secret parameter. mod is the remainder symbol. t is a first predetermined parameter. p is a second predetermined parameter and is a prime number. S is less than p. a is1,a2,a3... at-1Are preset parameters whose values are different from each other.
S132, the server randomly selects n m with different values and substitutes the n m into a polynomial F (m) to obtain n groups [ m1, F (m 1) ], [ m2, F (m 2) ]. [ mn, F (mn) ]). Each array is treated as a server private key shard.
S133, deleting the polynomial f (m) with p as public data.
Specifically, the embodiment applies a threshold secret sharing algorithm to perform fragmentation encryption on the server private key PriKeyB. S is a preset secret parameter, which is a secret that we do not want to disclose, then we can introduce a polynomial and encrypt by a polynomial difference of coefficients. During decryption, S can be recovered by substituting at least any 2 [ m1, F (m 1) ], [ m2, F (m 2) ] in formula 3, and the server private key PriKeyB can be obtained.
Wherein t is a first preset parameter, and is preset according to the requirement of user service, and t defines two points: 1) t defines the length of the polynomial, i.e. the length of equation 3. 2) t defines the minimum number of server key fragments required for decryption to obtain S, and the value of t is equal to the minimum number of server key fragments required for decryption to obtain S. p is a second predetermined parameter and is a prime number.
a1,a2...at-1Is also a preset parameter. For example, when t =2 and p =3 are set, the polynomial f (m) = S + a1×m+ a2×m2mod 3. Resetting a1=94,a2After =166, only 2 arrays [ m1, F (m 1) may be needed to be known],[m2,F(m2)]S can be decrypted, each value being a fragment of the server private key.
Since t is set to 2, at least any 2 arrays [ m1, F (m 1) ], [ m2, F (m 2) ] in formula 3 need to be known in advance and substituted into formula 3 to recover S in decryption, and the server private key PriKeyB can be obtained.
In S132, n is the total number of the generated server private key fragments. For example, n is 10, t is 2, then when S is decrypted subsequently, 10 server private key fragments only need to possess any 2 to decrypt S.
The purpose of S133 is to destroy the polynomial f (m) after the encryption is finished to generate multiple pieces of server private keys, so that the public cannot know the structure of the polynomial, but needs to keep p and disclose it, because p can be used as an essential element for decryption, but p is not an important element.
In the embodiment, the server private key PriKeyB is divided into a plurality of server private key fragments through the threshold secret sharing algorithm to be stored in different databases, so that the end of each database has no way to directly master the whole server private key, and the security of the digital certificate is greatly improved.
In an embodiment of the present application, before S310, the method further includes the following S210 to S240:
s210, the server sends the server public key pubKeyB to the client.
Specifically, by this step S210, the client stores the client private key priKeyA and the server public key pubKeyB, and the server stores the server private key priKeyB and the client public key pubKeyA. In addition, the server private key priveyB stored by the server is also converted into n server private key fragments which are dispersedly stored in different databases, so that the security is greatly improved.
It should be noted that the client stores the common public key, and the server also stores the common public key.
In an embodiment of the present application, after S210, before S310, the method further includes:
s220, the client generates a third random number kA. kA is a positive integer and A is E [1, n-1 ]. n is the order of base point G.
S230, the client sets a first coordinate point RA and a second coordinate point RA' for communication verification according to formula 4.
RA = kA × G (x, y), RA' = kA × pubKeyB equation 4
Wherein RA is a first coordinate point. RA' is the second coordinate point. kA is a third random number. pubKeyB is the server public key.
And S240, the client sends a first verification request to the server, sends the first coordinate point RA and the second coordinate point RA' to the server as first verification data, and simultaneously sends a client public key pubKeyA to the server synchronously.
In an embodiment of the present application, before S330, the method further includes the following S321 to S322:
s321, the server receives the first verification data sent by the client, and verifies the first verification data. And judging whether the server successfully verifies the first verification data.
S322, if the server verifies the first verification data successfully, then the following S330 is executed.
Specifically, the validity of the client is verified in this step, and is verified through the first verification data. The way for the server to verify the first verification data is to call the locally stored server private key privkeyb and client public key pubKeyA. If the client is legal, the algorithms of the client and the server are consistent, and whether the first coordinate point RA and the second coordinate point RA' are correct can be deduced through the server private key priKeyB and the client public key pubKeyA.
In an embodiment of the present application, before S350, the method further includes the following S341 to S342:
s341, the server generates a fourth random number kB. kB is a positive integer and A is E [1, n-1 ]. n is the order of base point G. The value of kB is not equal to the value of kA.
S342, the server sets the third coordinate point RB and the fourth coordinate point RB' for communication verification according to equation 5.
RB = kB × pubKeyA, RB' = kB × G (x, y) formula 5
Wherein RB is a third coordinate point. RB' is a fourth coordinate point and kB is a fourth random number. pubKeyA is the client public key.
In an embodiment of the present application, S370 includes the following S371 to S372:
and S371, the server sends the data to be signed to the client, sends a request to be signed to the client, sends a second verification request to the client, and sends the third coordinate point RB and the fourth coordinate point RB' to the client as second verification data.
And S372, when the client side successfully verifies the second verification data, the client side generates a signature fragment SignBlock according to the data to be signed and the client side private key priKeyA.
Specifically, the validity of the server is verified in this step, and the server is verified through the second verification data. The way for the client to verify the second verification data is to call the locally stored client private key privkeya and server public key pubKeyB. If the client is legal, the algorithms of the client and the server are consistent, and the client can deduce whether the third coordinate point RB and the fourth coordinate point RB' are correct or not through the client private key priKeyA and the server public key pubKeyB.
The present application further provides an electronic signature method, configured to sign a digital certificate generated by the digital certificate generation method in any of the foregoing embodiments.
As shown in fig. 2, in an embodiment of the present application, the electronic signature method includes the following steps W100 to S530:
w100, the server extracts the full-text abstract of the electronic contract and generates hash of the data to be signed. Sending the hash of the data to be signed to a client;
and W200, the client generates first check data. And sending the first check data and the associated ID table to a server. The first check data is generated based on the third random number kA.
W310, the server obtains at least 2 server private key fragments from n different databases according to the association ID table. And restoring the server private key priveyB according to the 2 server private key fragments through a threshold password sharing algorithm.
W320, the server verifies the first verification data based on the server private key priveyB. And judging whether the server successfully verifies the first verification data.
And W330, if the server successfully verifies the first verification data, the server generates second verification data and sends the second verification data to the client. The second check data is generated based on a fourth random number kB.
And W410, the client checks the second check data. Judging whether the client successfully checks the second check data;
and W420, if the client successfully verifies the second verification data, the client calls a client private key priveyA stored in the client. And the client generates a signature fragment SignBlock according to the client private key priKeyA.
And W510, the server generates an electronic signature according to the fourth random number kB and the signature slice SignBlock.
W520, the server assembles the electronic signature and the digital certificate generated by applying the digital certificate generation method mentioned in the foregoing to generate an electronic signature structural body capable of being verified;
w530, the server signs the electronic contract using the electronic signature structure, and generates a signed electronic contract.
Specifically, the electronic signature structure may be a standard asn1 structure, and includes an algorithm for extracting a digest of an electronic contract, a full-text digest of the electronic contract, a digital certificate generated by applying the aforementioned digital certificate generation method, and data such as a signature result.
It should be noted that, since the server in W310 obtains at least 2 server private key fragments from n different databases according to the association ID table. And restoring the server private key priveyB according to the 2 server private key fragments through a threshold password sharing algorithm. Therefore, when the value of t in formula 3 is set in the digital certificate generation method, t needs to take 2.
Alternatively, the electronic signature structure may be a PKCS7 signature structure.
In the embodiment, during signature, a client generates a signature fragment SignBlock, a server extracts at least 2 server private key fragments from different databases, the server restores a server private key PriKeyB through a threshold password sharing algorithm, the server private key fragments are merged with the signature fragment SignBlock generated by the client to form an electronic signature, the client and the server are matched to generate the electronic signature, the electronic signature is safer than the electronic signature performed by a single terminal, the server private key PriKeyB is restored by the server private key fragments captured by the databases, and the security is higher on the basis of double-terminal signature. In addition, the electronic signature can be subjected to standard signature verification through a common public key.
In an embodiment of the present application, before W100, the method further includes the following W010 to W020:
w010, the client sends a file pre-signing request to the server;
and W020, receiving the file pre-signing request by the server, calling the electronic contract and the signature information, creating a signature domain on the electronic contract and setting the signature domain according to the signature information.
In an embodiment of the present application, W310 includes the steps of:
w311, the server substitutes 2 server private key fragments into formula 3 to obtain a preset secret parameter S, and the numerical value of S is equal to the server private key priKeyB;
in an embodiment of the present application, W420 includes the following W421 to W422:
w421, the client calculates the coordinates of the elliptic curve group element point R' according to formula 6.
R' = (XRA + XRB, YRA + YRB) formula 6
Wherein XRA is the abscissa of the first point of coordinates RA. XRB is the abscissa of the third coordinate point RB. YRA is the ordinate of the first coordinate point RA. YRB is the ordinate of the third coordinate point RB.
W422, the client calculates the first signature element r according to equation 7. And calculating a second signature element s 'according to formula 8, merging the first signature element r and the second signature element s' into a signature element (r, s '), and sending the signature element (r, s') serving as a signature fragment SignBlock to the server.
r = H (ZA | | M) + (XRA + XRB) mod (q) formula 7
s'=[(kA+r) (priKeyA-1)]mod (q) equation 8
Wherein, H (ZA M) is hash of the data to be signed. XRA is the abscissa of the first coordinate point RA. XRB is the abscissa of the third coordinate point RB. kA is a third random number. r is the first signature element and priKeyA is the client private key. q is the elliptic curve parameter and mod is the remainder symbol.
It can be seen that W420 is identical to step S500, and both are steps of generating, by the client, a signature fragment SignBlock according to the data to be signed and the client private key priveya. It is understood that W421 to W422 are also identical to the aforementioned steps S510 to S520. The only difference is that S500 is in the generation phase of the digital certificate, W420 is in the electronic signature phase, and the electronic signature must require the file of the digital certificate.
In an embodiment of the present application, W510 includes the following W511 to W513:
w511, the server extracts the second signature element s' in the signature slice SignBlock and calculates a third signature element t according to formula 9.
t=[(s’+kB)(priKeyB-1)]mod (q) equation 9
Where t is the third signature element. s' is a second signature element. kB is a fourth random number. priKeyB is the server private key. q is an elliptic curve parameter. mod is the remainder symbol.
W512, the server calculates a fourth signature element s according to equation 10.
s = T-r equation 10
Where s is the fourth signature element. T is the third signature element. r is the first signature element.
W513, the server combines the first signature element r and the fourth signature element s to generate the electronic signature (r, s).
It can be seen that W510 is identical to step S710 described above, and both steps are steps in which the server generates an electronic signature (r, S) from the server private key PriKeyB and the signature fragment SignBlock. It is understood that W511 to W513 are also identical to the aforementioned steps S711 to S713. The only difference is that S710 is in the generation phase of the digital certificate, W510 is in the electronic signature phase, and the electronic signature must require the file of the digital certificate.
In the embodiment, it can be seen that the electronic signature must receive the signature generation fragment SignBlock generated by the client-side transmission client-side, then the signature is performed on the server, and the standard electronic signature can be generated only by matching of two terminals, so that the security is higher than that of a single-terminal signature.
The technical features of the embodiments described above may be arbitrarily combined, the order of execution of the method steps is not limited, and for simplicity of description, all possible combinations of the technical features in the embodiments are not described, however, as long as there is no contradiction between the combinations of the technical features, the combinations of the technical features should be considered as the scope of the present description.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the present application. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present application shall be subject to the appended claims.

Claims (15)

1. A method for digital certificate generation, the method comprising:
the client generates a client public key pubKeyA and a client private key priKeyA;
the server generates a server public key pubKeyB and a server private key PriKeyB;
the server converts a server private key PriKeyB into n server private key fragments based on a threshold secret sharing algorithm, and sends the n server private key fragments to n different databases for storage respectively; each database stores a server private key fragment; n is a positive integer and n is greater than 2;
the server acquires a client public key pubKeyA from the client;
the server generates a common public key based on the client public key pubKeyA and a server private key PriKeyB;
the server generates data to be signed based on the user information and the common public key;
the server sends the data to be signed to the client;
the client generates a signature fragment SignBlock according to the data to be signed and a client private key priKeyA;
and the server generates a digital certificate according to the server private key PrIKEyB and the signature fragment SignBlock.
2. The method according to claim 1, wherein the server generates the digital certificate from a server private key PriKeyB and a signature slice SignBlock, and includes:
the server generates an electronic signature according to a server private key PriKeyB and a signature fragment SignBlock;
the server generates a certificate request file according to the electronic signature and the data to be signed;
the server sends a certificate request file to a third-party CA mechanism;
after the third-party CA mechanism signs the certificate request file, the certificate request file which is returned by the third-party CA mechanism and signed by the third-party CA mechanism is obtained;
and generating the digital certificate according to the certificate request file signed by the third-party CA.
3. The method according to claim 2, wherein the client generates a client public key pubKeyA and a client private key priveya, and includes:
self-defining an elliptic curve, setting a base point G (x, y) of the elliptic curve and setting an elliptic curve parameter q of the elliptic curve;
generating a first random number A as a client private key priKeyA, wherein A is an integer and belongs to [1, n-1], and n is the order of a base point G;
generating a client public key pubKeyA according to a formula 1;
pubKeyA = priKeyA × G (x, y) formula 1;
the pubKeyA is a client public key, the priKeyA is a client private key, and G (x, y) is a base point of an elliptic curve.
4. The method according to claim 3, wherein the server generates a server public key pubKeyB and a server private key PriKeyB, and includes:
generating a second random number B as a server private key priveyB, wherein the second random number B is an integer and the value of the second random number B is not equal to the value of the first random number A, B belongs to [1, n-1], and n is the order of a base point G;
generating a server public key pubKeyB according to a formula 2;
pubKeyB = priKeyB × G (x, y) formula 2;
the pubKeyB is a server public key, the priKeyB is a server private key, and G (x, y) is a base point of an elliptic curve.
5. The method according to claim 4, wherein the server converts the server private key PriKeyB into n pieces of server private keys based on a threshold secret sharing algorithm, and the method includes:
the server constructs a polynomial F (m), and sets a secret parameter S in the polynomial F (m) to be equal to a server private key PrIKeyB;
F(m)=S+ a1×m+ a2×m2+...+ at-1×mt-1mod (p) equation 3;
s is a preset secret parameter, mod is a remainder symbol, t is a first preset parameter, p is a second preset parameter and is a prime number, and S is smaller than p;
the server randomly selects n m with mutually unequal values, substitutes the n m into a polynomial F (m) to obtain n groups [ m1, F (m 1) ], [ m2, F (m 2) ]. [ mn, F (mn) ]), and takes each group as a server private key fragment;
the server deletes the polynomial f (m) with p as public data.
6. The digital certificate generation method of claim 5, before the server obtains the client public key pubKeyA from the client, the method further comprising:
the server sends the server public key pubKeyB to the client.
7. The method according to claim 6, wherein after the server sends the server public key pubKeyB to the client, before the server obtains the client public key pubKeyA from the client, the method further comprises:
the client generates a third random number kA, wherein kA is a positive integer and A belongs to [1, n-1], and n is the order of the base point G;
the client sets a first coordinate point RA and a second coordinate point RA' for communication verification according to formula 4;
RA = kA × G (x, y), RA' = kA × pubKeyB equation 4;
wherein RA is a first coordinate point, RA' is a second coordinate point, kA is a third random number, and pubKeyB is a server public key;
the client sends a first verification request to the server, sends the first coordinate point RA and the second coordinate point RA' to the server as first verification data, and simultaneously sends a client public key pubKeyA to the server synchronously.
8. The method according to claim 7, wherein before the server generates the common public key based on the client public key pubKeyA and the server private key PriKeyB, the method further comprises:
the server receives first verification data sent by the client, verifies the first verification data and judges whether the server successfully verifies the first verification data;
and if the server successfully verifies the first verification data, executing a step of generating a common public key by the server based on the client public key pubKeyA and the server private key PriKeyB.
9. The method of generating a digital certificate as claimed in claim 8, wherein before the server generates the data to be signed based on the user information and the common public key, the method further comprises:
the server generates a fourth random number kB, wherein kB is a positive integer and A belongs to [1, n-1], and n is the order of a base point G; the value of kB is not equal to the value of kA;
the server sets a third coordinate point RB and a fourth coordinate point RB' which are used for communication verification according to formula 5;
RB = kB × pubKeyA, RB' = kB × G (x, y) formula 5;
wherein RB is a third coordinate point, RB' is a fourth coordinate point, kB is a fourth random number, and pubKeyA is a client public key.
10. The method for generating a digital certificate according to claim 9, wherein the server sends the data to be signed to the client, and the method comprises the following steps:
the server sends the data to be signed to the client, sends a request to be signed to the client, simultaneously sends a second verification request to the client, and sends the third coordinate point RB and the fourth coordinate point RB' to the client as second verification data;
and when the client side successfully verifies the second verification data, the client side generates a signature fragment SignBlock according to the data to be signed and a client side private key priKeyA.
11. An electronic signature method for signing a digital certificate generated by the digital certificate generation method according to any one of claims 1 to 10, the electronic signature method comprising:
the server extracts the full-text abstract of the electronic contract, generates a data hash to be signed, and sends the data hash to be signed to the client;
the client generates first check data and sends the first check data and the associated ID table to the server; the first check data is generated based on the third random number kA;
the server obtains at least 2 server private key fragments from n different databases according to the association ID table, and restores the server private key priveyB according to the 2 server private key fragments through a threshold password sharing algorithm;
the server verifies the first verification data based on the server private key priveyB and judges whether the server verifies the first verification data successfully;
if the server successfully verifies the first verification data, the server generates second verification data and sends the second verification data to the client; the second check-up data is generated based on a fourth random number kB;
the client checks the second check data and judges whether the client successfully checks the second data;
if the client successfully verifies the second verification data, the client calls a client private key priveyA stored in the client, and the client generates a signature slice SignBlock according to the client private key priveyA;
the server generates an electronic signature according to the fourth random number kB and the signature fragment SignBlock;
the server assembles the electronic signature and the digital certificate generated by applying the digital certificate generation method of any one of claims 1 to 10 to generate an electronic signature structural body which can be verified;
the server signs the electronic contract by using the electronic signature structure, and generates a signed electronic contract.
12. The electronic signature method according to claim 11, wherein before the server extracts a full-text digest of the electronic contract, generates a hash of the data to be signed, and sends the hash of the data to be signed to the client, the method further comprises:
the client sends a file pre-signing request to the server;
the server receives a file pre-signing request, calls an electronic contract and signature information, creates a signature domain on the electronic contract and sets the signature domain according to the signature information.
13. The electronic signature method of claim 12, wherein the server obtains at least 2 server private key fragments from n different databases according to the association ID table, and restores the server private key priveyb according to the 2 server private key fragments by using a threshold password sharing algorithm, including:
the server substitutes 2 server private key fragments into formula 3 to obtain a preset secret parameter S, and the numerical value of S is equal to the server private key prikeyB.
14. The electronic signature method of claim 13, wherein the client invokes a client private key priveya stored in the client, and the client generates a signature fragment SignBlock according to the client private key priveya, including:
the client calculates the coordinates of the elliptic curve group element points R' according to a formula 6;
r' = (XRA + XRB, YRA + YRB) formula 6;
wherein XRA is the abscissa of the first coordinate point RA, XRB is the abscissa of the third coordinate point RB, YRA is the ordinate of the first coordinate point RA, and YRB is the ordinate of the third coordinate point RB;
the client calculates a first signature element r according to a formula 7, calculates a second signature element s 'according to a formula 8, combines the first signature element r and the second signature element s' into a signature element (r, s '), and sends the signature element (r, s') serving as a signature fragment SignBlock to the server;
r = H (ZA | | M) + (XRA + XRB) mod (q) formula 7;
s'=[(kA+r) ( priKeyA)-1 ]mod (q) equation 8;
h (ZA | | M) is hash of data to be signed, XRA is an abscissa of a first coordinate point RA, XRB is an abscissa of a point third coordinate point RB, kA is a third random number, r is a first signature element, priKeyA is a client-side private key, q is an elliptic curve parameter, and mod is a left symbol.
15. The electronic signature method according to claim 14, wherein the server generating the electronic signature based on the fourth random number kB and the signature slice SignBlock includes:
the server extracts a second signature element s' in the signature fragment SignBlock and calculates a third signature element T according to a formula 9;
T=[(s’+kB)( priKeyB) -1mod (q) equation 9;
wherein T is a third signature element, s' is a second signature element, kB is a fourth random number, priKeyB is a server private key, q is an elliptic curve parameter, and mod is a remainder symbol;
the server calculates a fourth signature element s according to formula 10;
s = T-r equation 10;
wherein s is a fourth signature element, T is a third signature element, and r is a first signature element;
the server combines the first signature element r and the fourth signature element s to generate the electronic signature (r, s).
CN202111093112.2A 2021-09-17 2021-09-17 Digital certificate generation method and electronic signature method Active CN113541972B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111093112.2A CN113541972B (en) 2021-09-17 2021-09-17 Digital certificate generation method and electronic signature method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111093112.2A CN113541972B (en) 2021-09-17 2021-09-17 Digital certificate generation method and electronic signature method

Publications (2)

Publication Number Publication Date
CN113541972A true CN113541972A (en) 2021-10-22
CN113541972B CN113541972B (en) 2021-12-17

Family

ID=78092808

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111093112.2A Active CN113541972B (en) 2021-09-17 2021-09-17 Digital certificate generation method and electronic signature method

Country Status (1)

Country Link
CN (1) CN113541972B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102546173A (en) * 2011-12-19 2012-07-04 河海大学 Digital signature system and signature method based on certificate
CN109831301A (en) * 2017-11-23 2019-05-31 杭州天谷信息科技有限公司 The electric endorsement method of pdf document and the sign test method of the electronic signature
CN110351081A (en) * 2019-07-12 2019-10-18 上海翎阳网络科技有限公司 Monetary assets management method and system
CN111211910A (en) * 2019-12-30 2020-05-29 南京如般量子科技有限公司 Anti-quantum computation CA (certificate Authority) and certificate issuing system based on secret shared public key pool and issuing and verifying method thereof
CN111756537A (en) * 2020-07-13 2020-10-09 广州安研信息科技有限公司 Two-party cooperative decryption method, system and storage medium based on SM2 standard
US20210083882A1 (en) * 2019-09-16 2021-03-18 Cisco Technology, Inc. Distributed certificate authority

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102546173A (en) * 2011-12-19 2012-07-04 河海大学 Digital signature system and signature method based on certificate
CN109831301A (en) * 2017-11-23 2019-05-31 杭州天谷信息科技有限公司 The electric endorsement method of pdf document and the sign test method of the electronic signature
CN110351081A (en) * 2019-07-12 2019-10-18 上海翎阳网络科技有限公司 Monetary assets management method and system
US20210083882A1 (en) * 2019-09-16 2021-03-18 Cisco Technology, Inc. Distributed certificate authority
CN111211910A (en) * 2019-12-30 2020-05-29 南京如般量子科技有限公司 Anti-quantum computation CA (certificate Authority) and certificate issuing system based on secret shared public key pool and issuing and verifying method thereof
CN111756537A (en) * 2020-07-13 2020-10-09 广州安研信息科技有限公司 Two-party cooperative decryption method, system and storage medium based on SM2 standard

Also Published As

Publication number Publication date
CN113541972B (en) 2021-12-17

Similar Documents

Publication Publication Date Title
CN110213042B (en) Cloud data deduplication method based on certificate-free proxy re-encryption
CN114730420A (en) System and method for generating signatures
US20160337124A1 (en) Secure backup and recovery system for private sensitive data
CN110224812B (en) Method and equipment for communication between electronic signature mobile client and collaboration server based on multi-party security calculation
CN107920052B (en) Encryption method and intelligent device
CN109922027B (en) Credible identity authentication method, terminal and storage medium
CN108764912B (en) Payment method and device based on short message verification code
CN110138548B (en) Quantum communication service station key negotiation method and system based on asymmetric key pool pair and DH protocol
CN111327629B (en) Identity verification method, client and server
CN113360943A (en) Block chain private data protection method and device
CN105553667A (en) Dynamic password generating method
CN113067823A (en) Mail user identity authentication and key distribution method, system, device and medium
CN111191218A (en) Authorization authentication method and device
CN114244530A (en) Resource access method and device, electronic equipment and computer readable storage medium
CN113746638A (en) NFT storage method, NFT restoration method, computer device, and storage medium
CN115643098A (en) Cloud data sharing system and auditing system based on certificateless encryption
CN115473703A (en) Identity-based ciphertext equivalence testing method, device, system and medium for authentication
CN114205084A (en) Quantum key-based electronic mail multi-operation encryption method and device
EP2847923A1 (en) Byzantine fault tolerance and threshold coin tossing
CN113507380A (en) Privacy protection remote unified biometric authentication method and device and electronic equipment
CN113541972B (en) Digital certificate generation method and electronic signature method
US20210044435A1 (en) Method for transmitting data from a motor vehicle and method for another vehicle to receive the data through a radio communication channel
CN116318784A (en) Identity authentication method, identity authentication device, computer equipment and storage medium
CN112491840B (en) Information modification method, device, computer equipment and storage medium
CN115314207A (en) Secure and controllable use method and system for SM2 signature making data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant