CN114362955A - Software code cloud digital signature method, system, device and storage medium - Google Patents
Software code cloud digital signature method, system, device and storage medium Download PDFInfo
- Publication number
- CN114362955A CN114362955A CN202111460514.1A CN202111460514A CN114362955A CN 114362955 A CN114362955 A CN 114362955A CN 202111460514 A CN202111460514 A CN 202111460514A CN 114362955 A CN114362955 A CN 114362955A
- Authority
- CN
- China
- Prior art keywords
- signature
- file
- signed
- data
- digital signature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 79
- 238000003860 storage Methods 0.000 title claims abstract description 20
- 238000012545 processing Methods 0.000 claims abstract description 15
- 238000004891 communication Methods 0.000 claims description 18
- 230000006870 function Effects 0.000 claims description 14
- 238000006243 chemical reaction Methods 0.000 claims description 5
- 238000005516 engineering process Methods 0.000 description 9
- 238000004364 calculation method Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 238000011161 development Methods 0.000 description 3
- 230000001133 acceleration Effects 0.000 description 2
- 239000000284 extract Substances 0.000 description 2
- 230000005484 gravity Effects 0.000 description 2
- 238000012827 research and development Methods 0.000 description 2
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000003111 delayed effect Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000010079 rubber tapping Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a software code cloud digital signature method, a system, equipment and a storage medium, wherein the method comprises the following steps: receiving abstract data of a file to be signed sent by a client; acquiring a signature certificate and a private key, and performing signature processing on the digest data based on the private key to obtain digital signature data; and sending the digital signature data and the signature certificate to a client so that the client can complete the digital signature of the file to be signed based on the digital signature data and the signature certificate. The invention belongs to the field of information security processing, and provides a cloud digital signature method for software codes based on a cloud signature service system.
Description
Technical Field
The invention relates to the field of information security processing, in particular to a software code cloud digital signature method, a system, equipment and a storage medium.
Background
With the development of computers, the development and application of software are more popular, and the problem of software security is also greatly emphasized.
At present, a Windows system requires that all executable software must have digital signatures, and international standards and related national standards require that a method of generating a signature certificate Key and securely storing the signature certificate by using a USB Key is used to protect the Key security of a code signature certificate. A user needs to wait for several days before receiving a USB Key certificate for a digital signature software code posted by a Certificate Authority (CA); if a plurality of research and development teams are located in different areas, the certificate cannot be shared, a plurality of code signing certificates must be mailed or purchased, and the use is very inconvenient; the signature efficiency is also very low if there are multiple pieces of software that require digital signatures.
Disclosure of Invention
The invention mainly aims to provide a software code cloud digital signature method, a system, equipment and a storage medium, and aims to solve the technical problem of low efficiency of completing digital signature by using a code signature certificate.
The application provides a software code cloud digital signature method, which is applied to a cloud signature server and comprises the following steps:
receiving abstract data of a file to be signed sent by a client;
acquiring a signature certificate and a private key, and performing signature processing on the digest data based on the private key to obtain digital signature data;
and sending the digital signature data and the signature certificate to a client so that the client can complete the digital signature of the file to be signed based on the digital signature data and the signature certificate.
Optionally, the step of performing signature processing on the digest data based on the signature certificate to obtain digital signature data includes:
calling code signing service, and performing first signature processing of a private key on the digest data to obtain first signature data;
calling a timestamp signature service, and performing second signature processing of a timestamp on the summary data to obtain second signature data;
and combining the first signature data and the second signature data to obtain the digital signature data.
Optionally, the step of obtaining the signature certificate and the private key includes:
calling a key generation function of the cipher machine to obtain a private key and a public key of the file to be signed;
generating a certificate request file based on the private key;
and applying for obtaining a signature certificate based on the certificate request file.
The software code cloud digital signature method is applied to a client, and further comprises the following steps:
the method comprises the steps of determining abstract data of a file to be signed, and receiving digital signature data and a signature certificate aiming at the abstract data, which are sent by a cloud signature server;
determining the format of a file to be signed, and converting the digital signature data format into the format of the file to be signed;
and writing the signature certificate and the signature data after format conversion into the file to be signed to finish digital signature.
Optionally, the step of determining the digest data of the file to be signed includes:
receiving information of a file to be signed submitted by a user;
judging whether the file to be signed is a signable file or not according to the information of the file to be signed;
the method for judging whether the file to be signed is a signable file comprises the following steps: reading the header information of the file to be signed, comparing the header information with the digital signature code, and if the header information does not contain the digital signature code, determining that the file to be signed is a signable file;
and if the file to be signed is a signable file, calculating the summary data of the file to be signed.
Optionally, the step of receiving information of the file to be signed submitted by the user includes:
receiving a file signature request for a file to be signed, which is submitted by a user;
and extracting the signature identification information and the data information to be signed in the signature request.
Optionally, the step of calculating the digest data of the file to be signed if the file to be signed is a signable file includes:
calculating the hash value of the file to be signed by using a preset SHA256 algorithm;
and taking the hash value as the summary data of the file to be signed.
The application also provides a software code cloud digital signature system, which comprises:
the client is used for receiving a file to be signed submitted by a user, calculating the summary data of the file to be signed, receiving the digital signature data sent by the cloud signature server, and finishing the digital signature of the file to be signed;
the cloud signature server is used for receiving the digest data of the file to be signed sent by the client, acquiring a signature certificate and a private key, calling the private key based on the digest data of the file to be signed to acquire digital signature data, and sending the digital signature data and the signature certificate to the client;
the cipher machine is used for storing and managing the signature certificate and the private key;
and the timestamp signing unit is used for providing a timestamp signing service.
Optionally, the client further includes:
the abstract calculation module is used for calculating the abstract data of the file to be signed;
and the format conversion module is used for converting the digital signature data into the format of the file to be signed.
The application also provides a software code high in clouds digital signature device, is applied to high in the clouds signature server, software code high in the clouds digital signature device includes:
the receiving module is used for receiving the summary data of the file to be signed sent by the client;
the acquisition module is used for acquiring a signature certificate and a private key, and signing the digest data based on the private key to obtain digital signature data;
and the sending module is used for sending the digital signature data and the signature certificate to a client so that the client can complete the digital signature of the file to be signed based on the digital signature data and the signature certificate.
The application also provides a software code cloud digital signature device, the software code cloud digital signature device includes: a memory, a processor, and a program stored on the memory for implementing the software code cloud digital signature method,
the memory is used for storing a program for realizing the software code cloud digital signature method;
the processor is used for executing a program for realizing the software code cloud digital signature method so as to realize the steps of the software code cloud digital signature method.
The application also provides a storage medium, wherein a program for realizing the software code cloud digital signature method is stored in the storage medium, and the program for realizing the software code cloud digital signature method is executed by a processor to realize the steps of the software code cloud digital signature method.
Compared with the prior art that a user needs to wait for a USB Key certificate posted by a Certificate Authority (CA) to perform digital code signature on executing software, so that the signature efficiency is low, the method, the system, the device and the storage medium for software code cloud digital signature are applied to a cloud signature server and receive abstract data of a file to be signed, which is sent by a client; acquiring a signature certificate and a private key, and signing the digest data based on the signature certificate and the private key to obtain digital signature data; and sending the digital signature data to a client side so that the client side can complete the digital signature of the file to be signed based on the digital signature data. In the application, a file to be signed is selected at a client, and the summary data of the file to be signed is generated and submitted to a cloud signing server; acquiring a signature certificate and a private key through a cloud signature server, calling the private key to perform digital signature on digest data to be signed, and generating signed data; the digital signature data and the signature certificate are returned to the client, and the client writes the digital signature data and the signature certificate into a file to be signed to finish software code signature.
Drawings
FIG. 1 is a schematic diagram of an apparatus architecture of a hardware operating environment according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a first embodiment of a cloud-based digital signature method for software code according to the present invention;
FIG. 3 is a detailed flowchart of the steps of receiving the digest data of the file to be signed sent by the client according to the present invention;
FIG. 4 is a flowchart illustrating a detailed process of the step of receiving information of a file to be signed submitted by a user according to the present invention;
FIG. 5 is a detailed flowchart of the step of calculating the digest data of the file to be signed if the file to be signed is a signable file according to the present invention;
FIG. 6 is a flowchart illustrating a detailed process of the steps of obtaining the signature certificate and the private key according to the present invention;
FIG. 7 is a flowchart illustrating a detailed process of the step of signing the digest data to obtain digital signature data according to the present invention based on the signature certificate and the private key;
fig. 8 is a detailed flowchart of the step of the client completing the digital signature of the file to be signed based on the digital signature data according to the present invention;
fig. 9 is a block diagram illustrating a structure of a software code cloud digital signature device according to an embodiment of the present invention;
fig. 10 is a schematic view of the overall flow of the software code cloud digital signature method of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Cloud Technology refers to a hosting Technology for unifying resources of hardware, software, network and the like in a wide area network or a local area network to realize calculation, storage, processing and sharing of data. The cloud technology is a general term of network technology, information technology, integration technology, management platform technology, application technology and the like applied based on a cloud computing business model, can form a resource pool, is used as required, and is flexible and convenient. Cloud computing technology will become an important support. Background services of the technical network system require a large amount of computing and storage resources, such as video websites, picture-like websites and more web portals. With the high development and application of the internet industry, each article may have its own identification mark and needs to be transmitted to a background system for logic processing, data in different levels are processed separately, and various industrial data need strong system background support and can only be realized through cloud computing.
As shown in fig. 1, fig. 1 is a schematic terminal structure diagram of a hardware operating environment according to an embodiment of the present invention.
The terminal of the embodiment of the invention can be a PC, and can also be a mobile terminal device with a display function, such as a smart phone, a tablet computer, an electronic book reader, an MP3(Moving Picture Experts Group Audio Layer III, dynamic video Experts compress standard Audio Layer 3) player, an MP4(Moving Picture Experts Group Audio Layer IV, dynamic video Experts compress standard Audio Layer 3) player, a portable computer, and the like.
As shown in fig. 1, the terminal may include: a processor 1001, such as a CPU, a network interface 1004, a user interface 1003, a memory 1005, a communication bus 1002. Wherein a communication bus 1002 is used to enable connective communication between these components. The user interface 1003 may include a Display screen (Display), an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may also include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface). The memory 1005 may be a high-speed RAM memory or a non-volatile memory (e.g., a magnetic disk memory). The memory 1005 may alternatively be a storage device separate from the processor 1001.
Optionally, the terminal may further include a camera, a Radio Frequency (RF) circuit, a sensor, an audio circuit, a WiFi module, and the like. Such as light sensors, motion sensors, and other sensors. Specifically, the light sensor may include an ambient light sensor that may adjust the brightness of the display screen according to the brightness of ambient light, and a proximity sensor that may turn off the display screen and/or the backlight when the mobile terminal is moved to the ear. As one of the motion sensors, the gravity acceleration sensor can detect the magnitude of acceleration in each direction (generally, three axes), detect the magnitude and direction of gravity when the mobile terminal is stationary, and can be used for applications (such as horizontal and vertical screen switching, related games, magnetometer attitude calibration), vibration recognition related functions (such as pedometer and tapping) and the like for recognizing the attitude of the mobile terminal; of course, the mobile terminal may also be configured with other sensors such as a gyroscope, a barometer, a hygrometer, a thermometer, and an infrared sensor, which are not described herein again.
Those skilled in the art will appreciate that the terminal structure shown in fig. 1 is not intended to be limiting and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
As shown in fig. 1, a memory 1005, which is a kind of computer storage medium, may include therein an operating system, a network communication module, a user interface module, and a network operation control application program.
In the terminal shown in fig. 1, the network interface 1004 is mainly used for connecting to a backend server and performing data communication with the backend server; the user interface 1003 is mainly used for connecting a client (user side) and performing data communication with the client; and the processor 1001 may be used to invoke a network operation control application stored in the memory 1005.
In a first embodiment of the software code cloud digital signature method, referring to fig. 2, the software code cloud digital signature method includes:
step S100, receiving abstract data of a file to be signed sent by a client;
step S200, acquiring a signature certificate and a private key, and signing the digest data based on the private key to obtain digital signature data;
step S300, the digital signature data and the signature certificate are sent to a client side, so that the client side can complete the digital signature of the file to be signed based on the digital signature data and the signature certificate.
The method comprises the following specific steps:
step S100, receiving summary data of the file to be signed sent by the client.
In this embodiment, it should be noted that the software code cloud digital signature method may be applied to a software code cloud digital signature system, and the software code cloud digital signature system belongs to a software code cloud digital signature device. For the software code cloud digital signature system, a cloud signature server is arranged in the software code cloud digital signature system, wherein the cloud signature server is directly or indirectly connected with a client in a wired or wireless communication mode.
In this embodiment, the specific application scenario may be:
a software development team needs to bring the software which is just developed on line in an APP Store (application Store), so the software development team needs to sign codes of the developed software, but the software development team needs to wait for a USB Key posted by a CA (Universal Serial bus) so that the time for bringing the software on line is delayed, and the efficiency is low;
or a plurality of research and development teams are located in different provinces, cannot share the certificate, and must mail or purchase a plurality of code signing certificates, so that the waste of manpower and material resources is great;
in this embodiment, a cloud digital signature method of a software code based on a cloud signature service system is adopted, the cloud signature service system acquires digest data of a file to be signed from a client, acquires a signature certificate and a private key through a cloud signature server, acquires digital signature data by using the private key, and writes the digital signature data and the signature certificate into the file to be signed, so as to complete software code signature. Specifically, the user only needs to select the file to be signed at the client, and the file with the signature completed can be returned.
As shown in fig. 9, the cloud signature server 102 may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud computing resource pool providing basic cloud computing services such as a cloud service, a cloud database, cloud computing, a cloud function, cloud storage, a Network service, cloud communication, a middleware service, a domain name service, a security service, a CDN (content delivery Network), a big data and an artificial intelligence platform, which is not limited herein. The terminal and the cloud signature server 102 may be directly or indirectly connected through wired or wireless communication.
In this embodiment, the file to be signed may be software developed by a user, or may also be an electronic document file, and specifically, the file to be signed may be various executable software codes, or an electronic document in PDF/OFD format.
The file to be signed can be expressed in Microsoft platform exe format, and the file to be signed can also be expressed in JAVA platform jar format. Or pdf or ofd format.
The cloud signature server receives abstract data of a file to be signed, which is sent by a client, wherein the abstract data is a hash value with a fixed length and is obtained through abstract algorithm calculation, and the abstract data is used for verifying the integrity of the data.
Step S200, acquiring a signature certificate and a private key, and signing the digest data based on the private key to obtain digital signature data.
To ensure the security of software and applications developed by users, including the origin and integrity of the software and applications, users need to sign their software or applications with code using a private key and acquire a certificate of issuance that can be certified by a CA (certificate authority) for verifying the validity of the signature.
In this embodiment, the signature processing is performed on the digest data based on the private key to obtain digital signature data.
Specifically, as shown in fig. 6, the step S200 includes the following steps S210 to S220;
step S210, a key generation function of the cipher machine is called to obtain a private key and a public key of the file to be signed;
in this embodiment, as shown in fig. 9, the cloud signature server 102 invokes a standard interface of the cryptographic engine 103 to execute a key generation function of the cryptographic engine 103, where the standard interface of the cryptographic engine 103 is a middleware based on a public key cryptography, can be universally used in a client and a server, and is compatible with cryptographic devices of multiple models, provides a cryptographic application service for an application system, is suitable for invoking the application system of a C/S architecture, and implements various cryptographic services such as secure communication, identity authentication, information encryption, and electronic signature verification in a cloud signature service system.
The cipher machine 103 in the cloud signature server 102 is used for managing the signature certificate and the private key of the user, so that the problem that the user needs to manage the signature certificate and the private key by himself is solved, and the safety of the signature certificate and the private key of the user is further ensured.
Step S220, based on the private key, generating a certificate request file;
the certificate request file is used for applying a signature certificate to an authority CA (certificate certification authority), and the CA is responsible for verifying the identity of a developer of software or an application program and ensuring that the information of the developer is accurate, and then the digital signature is carried out on the certificate request file of the developer to generate the signature certificate.
Step S230, applying for obtaining a signature certificate based on the certificate request file.
The certificate of signature is a public key authenticated by an authority CA (certificate authority).
As shown in fig. 7, the step of signing the digest data based on the signature certificate and the private key to obtain the digital signature data includes the following steps S230 to S250:
step S230, invoking code signing service, and performing first signature processing of a private key on the digest data to obtain first signature data.
The code signing service is called, namely the cloud signing server executes the digital signing function of the cipher machine 103 by calling a standard interface of the cipher machine 103, and performs first signing processing of a signing certificate and a private key on the digest data. Specifically, the cryptographic engine 103 performs a first signature process on the digest data using a private key based on the user, resulting in first signature data.
Step S240, invoking a timestamp signature service, and performing a second signature process of a timestamp on the summary data to obtain second signature data.
The time stamp service is a service which binds a trusted date and time signed by a time stamp server with specific electronic data and provides trusted time certification for server-side and client-side applications. Specifically, the client calculates the hash value of the file to be signed as summary data through a summary algorithm, and the timestamp server signs the summary data and a date-time record to generate a timestamp.
Step S250, merging the first signature data and the second signature data to obtain the digital signature data.
In this embodiment, after the cloud signature server 102 receives the digest data of the file to be signed, the cloud signature server 102 requests a code signature service and a timestamp signature service from the crypto machine 103 and the timestamp server, respectively, to obtain the first signature data and the second signature data. Specifically, the first signature data is certificate signature data, the second signature data is timestamp signature data, and the certificate signature data and the timestamp signature data are packaged and combined into final digital signature data.
In another embodiment, after the cloud signature server 102 receives the digest data of the file to be signed, a code signature service is requested, certificate signature data is acquired, and after the certificate signature data is returned to the client 101, the client 101 requests a timestamp signature service from a timestamp server, and the client 101 acquires the timestamp signature data, and packages and combines the certificate signature data and the timestamp signature data into digital signature data.
Step S300, the digital signature data and the signature certificate are sent to a client side, so that the client side can complete the digital signature of the file to be signed based on the digital signature data and the signature certificate.
Compared with the prior art that a user needs to wait for a USB Key certificate posted by a Certificate Authority (CA) to perform digital code signature on executing software, so that the signature efficiency is low, the method, the system, the device and the storage medium for software code cloud digital signature are applied to a cloud signature server and receive abstract data of a file to be signed, which is sent by a client; acquiring a signature certificate and a private key, and signing the digest data based on the signature certificate and the private key to obtain digital signature data; and sending the digital signature data to a client side so that the client side can complete the digital signature of the file to be signed based on the digital signature data. In the application, a file to be signed is selected at a client, digest data of the file to be signed is generated and submitted to a cloud signature server, a signature certificate and a private Key are generated through the cloud signature server, the private Key is called to digitally sign the digest data to generate signed data, the digital signature data and the signature certificate are returned to the client, and the client writes in the file to be signed to finish software code signing.
Based on the first embodiment, the present application further provides another embodiment, referring to fig. 8, in this embodiment, when applied to a client, the software code cloud digital signature method further includes the following steps S310 to S330:
step S310, determining abstract data of a file to be signed, and receiving digital signature data and a signature certificate aiming at the abstract data, which are sent by a cloud signature server;
step S320, determining the format of a file to be signed, and converting the digital signature data format into the format of the file to be signed;
the file to be signed is a PE (executable) file, and specifically, the file to be signed may be in an exe format. Before the digital signature data is written into a file to be signed, the format of the digital signature data needs to be converted into the format of the file to be signed. Specifically, the digital signature data is converted to PEM format according to PKCS7 standard format.
And step S330, writing the signature certificate and the signature data after format conversion into the file to be signed, and finishing digital signature.
Optionally, referring to fig. 3, the step of determining the summary data of the file to be signed includes the following steps S110 to S140:
step S110, receiving information of a file to be signed submitted by a user;
step S120, judging whether the file to be signed is a signable file;
step S130, wherein the manner of determining whether the file to be signed is a signable file is as follows: reading the header information of the file to be signed, comparing the header information with the digital signature code, and if the header information does not contain the digital signature code, determining that the file to be signed is a signable file;
step S140, if the file to be signed is a signable file, calculating the summary data of the file to be signed.
Optionally, referring to fig. 4, the step of receiving information of the file to be signed submitted by the user includes the following steps S111-S112:
step S111, receiving a file signature request submitted by a user;
the file signing request may be that the user sends a file to be signed to the client 101 of this embodiment. Specifically, the user sends a file to be signed, and after receiving the service data to be signed, the client 101 generates a file signature request and sends the file signature request to the file judgment module.
And step S112, extracting the signature identifier and the data to be signed in the signature request.
The file judgment module receives a file signature request and extracts a signature identifier and data to be signed in the signature request, wherein the signature identifier can be user information, namely information of a software or application program developer; the data to be signed may be data information of the file to be signed. Specifically, the information of the software or application developer is registered when the user logs in the client 101 for the first time, and after the user makes a file signature request submitted by the user, a signature identifier in the file signature request automatically extracts user information in a back-end database of the client 101 as a signature identifier; based on the file to be signed, the client 101 program reads the entity content of the file to be signed, and analyzes the content data to obtain the data information of the file to be signed.
Referring to fig. 5, if the file to be signed is a signable file, calculating the summary data of the file to be signed includes the following steps S141 to S142:
step S141, calculating a hash value of the file to be signed by using a preset SHA256 algorithm;
in this embodiment, using the SHA256 algorithm, the SHA256 (secure hash algorithm 256) is a kind of hash function, and can calculate a 32-byte-length character string (message digest) for a digital message with an arbitrary length (calculated by bits). The hash function is considered to be a one-way function, which refers to a function that is extremely difficult to extrapolate back to input data according to the result of the function output. The hash function mixes the message data in a mess and compresses the message data into a digest value, so that the data volume is reduced.
SHA256 was developed by the national security agency, is an algorithm subdivided under SHA2, and belongs to one of SHA algorithms. For any length of message, the SHA256 generates a 256-bit (32-byte array) hash value, called the message digest. The digest is typically represented by a hexadecimal string of 64 bits in length. When a message is received, this message digest can be used to verify that the data has changed, i.e., to verify its integrity.
In addition, it should be noted that the signature algorithm includes, but is not limited to, an SHA algorithm (secure hash algorithm), a MAC algorithm (message authentication code algorithm), an SM3 algorithm (cryptographic hash algorithm), and the like, and unless otherwise specified, the signature algorithm according to the embodiment of the present application is described by taking an SHA256 algorithm as an example.
And step S142, determining the hash value as the summary data of the file to be signed.
To more clearly describe the processes of the communication between the client and the cloud signature server and the implementation of the software code cloud digital signature method, reference is made to the overall flow diagram of the software code cloud digital signature method shown in fig. 10. It should be noted that, in fig. 10, the detailed steps of the software code cloud digital signature method are not shown in the drawing, but the steps in which the software code cloud digital signature method is applied to the client and the cloud signature server are shown in a simplified manner.
The present application further provides a software code cloud digital signature system, refer to fig. 9, the software code cloud digital signature system includes:
the client 101 is used for receiving a file to be signed submitted by a user, calculating abstract data of the file to be signed, receiving digital signature data sent by a cloud signature server, and finishing digital signature of the file to be signed;
the cloud signature server 102 is configured to receive digest data of a file to be signed sent by the client 101, obtain a signature certificate and a private key, call the private key based on the digest data of the file to be signed to obtain digital signature data, and send the digital signature data and the signature certificate to the client 101;
and the cipher machine 103 is used for storing and managing the signature certificate and the private key, and is in communication connection with the cloud signature server 102.
And the timestamp signature unit 104 is used for providing a timestamp signature service and is in communication connection with the cloud signature server 102.
Optionally, the client 101 further includes:
the abstract calculation module is used for calculating the abstract data of the file to be signed;
and the format conversion module is used for converting the digital signature data into the format of the file to be signed.
In this embodiment, the cryptographic engine 103 and the timestamp server 104 are disposed in the cloud signature server 102, and the cryptographic engine 103 and the timestamp server 104 are directly or indirectly connected to the cloud signature server 102 through wired or wireless communication.
In another embodiment, the cryptographic engine 103 and the timestamp server 104 are disposed outside the cloud signature server 102 and the client 101, the cryptographic engine 103 and the cloud signature server 102 are directly or indirectly connected through wired or wireless communication, and the timestamp server 104 and the client 101 are directly or indirectly connected through wired or wireless communication.
The specific implementation manner of the variable frame rate audio and video synchronization system is basically the same as that of each embodiment of the software code cloud digital signature method, and is not described herein again.
The application also provides a software code high in clouds digital signature device, is applied to high in the clouds signature server, software code high in the clouds digital signature device includes:
the receiving module is used for receiving the summary data of the file to be signed sent by the client;
the acquisition module is used for acquiring a signature certificate and a private key, and signing the digest data based on the private key to obtain digital signature data;
and the sending module is used for sending the digital signature data and the signature certificate to a client so that the client can complete the digital signature of the file to be signed based on the digital signature data and the signature certificate.
The specific implementation manner of the variable frame rate audio and video synchronization device is basically the same as that of each embodiment of the software code cloud digital signature method, and details are not repeated here.
The application also provides a software code cloud digital signature device, the software code cloud digital signature device includes: a memory, a processor, and a program stored on the memory for implementing the software code cloud digital signature method,
the memory is used for storing a program for realizing the software code cloud digital signature method;
the processor is used for executing a program for realizing the software code cloud digital signature method so as to realize the steps of the software code cloud digital signature method.
The specific implementation manner of the variable frame rate audio and video synchronization device is basically the same as that of each embodiment of the software code cloud digital signature method, and is not described herein again.
The application also provides a storage medium, wherein a program for realizing the software code cloud digital signature method is stored in the storage medium, and the program for realizing the software code cloud digital signature method is executed by a processor to realize the steps of the software code cloud digital signature method.
The specific implementation of the storage medium of the present application is substantially the same as that of each embodiment of the software code cloud digital signature method, and is not described herein again.
It should be added that the method can be used not only for digitally signing software code, but also for digitally signing electronic documents. The method is different from the methods, the software code to be signed or the document to be signed of the user is not uploaded, and the electronic contract signing service in the market at present requires the user to upload the document to be signed. The method does not upload the file or document to be signed of the user, only needs to submit the abstract data of the file or document to be signed, and can quickly realize digital signature for software codes without waiting for uploading a large software uploading time of hundreds of megabytes. For the electronic document, the personal privacy information security and the business confidential information security of the electronic document can be effectively protected, because the electronic document (such as an electronic contract) is not uploaded to the cloud signature service system.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) as described above and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (10)
1. A software code cloud digital signature method is applied to a cloud signature server and comprises the following steps:
receiving abstract data of a file to be signed sent by a client;
acquiring a signature certificate and a private key, and performing signature processing on the digest data based on the private key to obtain digital signature data;
and sending the digital signature data and the signature certificate to a client so that the client can complete the digital signature of the file to be signed based on the digital signature data and the signature certificate.
2. The cloud digital signature method for software code of claim 1, wherein said signing the digest data based on the signature certificate and the private key to obtain the digital signature data comprises:
calling code signing service, and performing first signature processing of a private key on the digest data to obtain first signature data;
calling a timestamp signature service, and performing second signature processing of a timestamp on the summary data to obtain second signature data;
and combining the first signature data and the second signature data to obtain the digital signature data.
3. The cloud-based digital signature method of software code of claim 1, wherein said step of obtaining a signature certificate and a private key comprises:
calling a key generation function of the cipher machine to obtain a private key and a public key of the file to be signed;
generating a certificate request file based on the private key;
and applying for obtaining a code signature certificate based on the certificate request file.
4. The software code cloud digital signature method is applied to a client, and further comprises the following steps:
the method comprises the steps of determining abstract data of a file to be signed, and receiving digital signature data and a signature certificate aiming at the abstract data, which are sent by a cloud signature server;
determining the format of a file to be signed, and converting the digital signature data format into the format of the file to be signed;
and writing the signature certificate and the signature data after format conversion into the file to be signed to finish digital signature.
5. The cloud digital signature method for software code according to claim 4, wherein the step of determining the digest data of the file to be signed, applied to the client, comprises:
receiving information of a file to be signed submitted by a user;
judging whether the file to be signed is a signable file or not according to the information of the file to be signed;
the method for judging whether the file to be signed is a signable file comprises the following steps: reading the header information of the file to be signed, comparing the header information with the digital signature code, and if the header information does not contain the digital signature code, determining that the file to be signed is a signable file;
and if the file to be signed is a signable file, calculating the summary data of the file to be signed.
6. The cloud-based digital signature method for software code of claim 5, wherein the step of receiving the information of the file to be signed submitted by the user comprises:
receiving a file signature request for a file to be signed, which is submitted by a user;
and extracting the signature identification information and the data information to be signed in the signature request.
7. The cloud digital signature method for software code of claim 5, wherein the step of calculating the digest data of the file to be signed if the file to be signed is a signable file comprises:
calculating the hash value of the file to be signed by using a preset SHA256 algorithm;
and taking the hash value as the summary data of the file to be signed.
8. A software code cloud digital signature system, the software code cloud digital signature system comprising:
the client is used for receiving a file to be signed submitted by a user, calculating the summary data of the file to be signed, receiving the digital signature data sent by the cloud signature server, and finishing the digital signature of the file to be signed;
the cloud signature server is used for receiving the digest data of the file to be signed sent by the client, acquiring a signature certificate and a private key, calling the private key based on the digest data of the file to be signed to acquire digital signature data, and sending the digital signature data and the signature certificate to the client;
the cipher machine is used for storing and managing the signature certificate and the private key and is in communication connection with the cloud signature server;
and the timestamp signature server is used for providing timestamp signature service and is in communication connection with the cloud signature server.
9. A software code cloud digital signature device, comprising: a memory, a processor, and a program stored on the memory for implementing the software code cloud digital signature method,
the memory is used for storing a program for realizing the software code cloud digital signature method;
the processor is configured to execute a program implementing the software code cloud digital signature method, so as to implement the steps of the software code cloud digital signature method according to any one of claims 1 to 7.
10. A storage medium, wherein a program for implementing a software code cloud digital signature method is stored on the storage medium, and the program for implementing the software code cloud digital signature method is executed by a processor to implement the steps of the software code cloud digital signature method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111460514.1A CN114362955A (en) | 2021-12-01 | 2021-12-01 | Software code cloud digital signature method, system, device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111460514.1A CN114362955A (en) | 2021-12-01 | 2021-12-01 | Software code cloud digital signature method, system, device and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114362955A true CN114362955A (en) | 2022-04-15 |
Family
ID=81096497
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111460514.1A Pending CN114362955A (en) | 2021-12-01 | 2021-12-01 | Software code cloud digital signature method, system, device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114362955A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115987529A (en) * | 2023-01-31 | 2023-04-18 | 深圳市新国都支付技术有限公司 | APP signature method based on Hongmon system, electronic device and storage medium |
| CN117499050A (en) * | 2023-11-09 | 2024-02-02 | 广西北投声远科技股份公司 | Cloud signature method and system based on encryption technology |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104753881A (en) * | 2013-12-30 | 2015-07-01 | 上海格尔软件股份有限公司 | WebService security certification access control method based on software digital certificate and timestamp |
| CN106355104A (en) * | 2016-08-25 | 2017-01-25 | 杭州天谷信息科技有限公司 | Electronic signature method for realizing original privacy protection based on sandbox technology |
| CN109981287A (en) * | 2019-03-14 | 2019-07-05 | 亚数信息科技(上海)有限公司 | A kind of code signature method and its storage medium |
| CN111625852A (en) * | 2020-05-21 | 2020-09-04 | 杭州尚尚签网络科技有限公司 | Electronic signature method based on document and user private key under hybrid cloud architecture |
| CN111698093A (en) * | 2020-06-11 | 2020-09-22 | 江苏海洋大学 | Digital time stamp issuing and verifying method based on PKI system |
-
2021
- 2021-12-01 CN CN202111460514.1A patent/CN114362955A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104753881A (en) * | 2013-12-30 | 2015-07-01 | 上海格尔软件股份有限公司 | WebService security certification access control method based on software digital certificate and timestamp |
| CN106355104A (en) * | 2016-08-25 | 2017-01-25 | 杭州天谷信息科技有限公司 | Electronic signature method for realizing original privacy protection based on sandbox technology |
| CN109981287A (en) * | 2019-03-14 | 2019-07-05 | 亚数信息科技(上海)有限公司 | A kind of code signature method and its storage medium |
| CN111625852A (en) * | 2020-05-21 | 2020-09-04 | 杭州尚尚签网络科技有限公司 | Electronic signature method based on document and user private key under hybrid cloud architecture |
| CN111698093A (en) * | 2020-06-11 | 2020-09-22 | 江苏海洋大学 | Digital time stamp issuing and verifying method based on PKI system |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115987529A (en) * | 2023-01-31 | 2023-04-18 | 深圳市新国都支付技术有限公司 | APP signature method based on Hongmon system, electronic device and storage medium |
| CN117499050A (en) * | 2023-11-09 | 2024-02-02 | 广西北投声远科技股份公司 | Cloud signature method and system based on encryption technology |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108540459B (en) | Data storage method, device, system, electronic equipment and computer readable medium | |
| CN103155513B (en) | Accelerate the method and apparatus of certification | |
| US20090070589A1 (en) | Method and apparatus for verifying authenticity of digital data using trusted computing | |
| CN111601115B (en) | Video detection method, related device, equipment and storage medium | |
| CN109347620B (en) | Sample alignment method, system and computer readable storage medium | |
| TW201917614A (en) | Digital certificate application | |
| CN112019493A (en) | Identity authentication method, identity authentication device, computer device, and medium | |
| CN114362955A (en) | Software code cloud digital signature method, system, device and storage medium | |
| US20190372782A1 (en) | Data Certification Device, Non-transitory Computer-readable Medium, and Method Therefor | |
| CN112035897A (en) | Block chain evidence storage method and related device | |
| CN112073421B (en) | Communication processing method, communication processing device, terminal and storage medium | |
| CN112199622A (en) | Page jump method, system and storage medium | |
| CN114500093A (en) | Safe interaction method and system for message information | |
| CN114785524B (en) | Electronic seal generation method, device, equipment and medium | |
| WO2022142985A1 (en) | Method, apparatus and device for generating image processing interface, and storage medium | |
| CN115065487A (en) | Privacy protection cloud computing method and cloud computing method for protecting financial privacy data | |
| US8520840B2 (en) | System, method and computer product for PKI (public key infrastructure) enabled data transactions in wireless devices connected to the internet | |
| CN114979048B (en) | Identity verification method, system, electronic device and medium based on instant messaging | |
| CN109150880B (en) | Data transmission method, device and computer readable storage medium | |
| CN114499893B (en) | Bidding file encryption and evidence storage method and system based on block chain | |
| CN113111283B (en) | Forensic server, forensic server method, storage medium, and program product | |
| CN110781523B (en) | Method and apparatus for processing information | |
| CN114693218A (en) | Distribution order processing method and device, electronic equipment and storage medium | |
| CN110213274B (en) | File transmission method, device, equipment and computer readable storage medium | |
| CN109951565B (en) | Data transmission method, device, medium and electronic equipment of supply chain management system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |