CN117728947A - Digital signature verification method and system based on cryptography - Google Patents

Digital signature verification method and system based on cryptography Download PDF

Info

Publication number
CN117728947A
CN117728947A CN202311768041.0A CN202311768041A CN117728947A CN 117728947 A CN117728947 A CN 117728947A CN 202311768041 A CN202311768041 A CN 202311768041A CN 117728947 A CN117728947 A CN 117728947A
Authority
CN
China
Prior art keywords
key
generation platform
verification
key generation
initial
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311768041.0A
Other languages
Chinese (zh)
Inventor
马平
徐兵
兰春嘉
王磊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Lingshuzhonghe Information Technology Co ltd
Original Assignee
Shanghai Lingshuzhonghe Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Lingshuzhonghe Information Technology Co ltd filed Critical Shanghai Lingshuzhonghe Information Technology Co ltd
Priority to CN202311768041.0A priority Critical patent/CN117728947A/en
Publication of CN117728947A publication Critical patent/CN117728947A/en
Pending legal-status Critical Current

Links

Abstract

The application provides a digital signature verification method and a digital signature verification system based on cryptography, which relate to the technical field of information security, wherein the method comprises the following steps: the first key generation platform performs cooperative encryption verification on the second key generation platform; if the verification is successful, obtaining a preset data abstract; obtaining a first key, wherein the first key comprises a first private key and a first public key; generating a digital signature; obtaining a decryption digest; the decryption digest and the preset data digest are compared and checked, so that the technical problems that in the prior art, due to the fact that key setting for generating a digital signature is simple, key safety is simple and easy to crack, and data transmission safety is low are solved, a key with stronger randomness is generated based on a search optimizing algorithm, the regularity of the key is reduced, the key safety is improved, and the technical effect of data transmission safety is improved.

Description

Digital signature verification method and system based on cryptography
Technical Field
The application relates to the technical field of information security, in particular to a digital signature verification method and system based on cryptography.
Background
With the development of information security technology, in order to realize functions such as anti-counterfeiting and identity verification, digital signatures have been developed, information is signed by a private key, and a data receiver decrypts by using a corresponding key, thereby preventing data from being changed. However, in the prior art, the private key for generating the digital signature is set simply, so that the key security is simple and easy to crack, and the technical problem of low data transmission security is caused.
Disclosure of Invention
The application provides a digital signature verification method and a digital signature verification system based on cryptography, which are used for solving the technical problems that in the prior art, the private key setting for generating a digital signature is simpler, the security of the key is simpler and is easy to crack, and the security of data transmission is lower.
According to a first aspect of the present application, there is provided a cryptography-based digital signature verification method comprising: when the first key generation platform receives preset transmission data, the first key generation platform performs cooperative encryption verification on the second key generation platform; if verification is successful, the first key generation platform performs abstract generation on the preset transmission data based on a hash algorithm to obtain a preset data abstract; performing key search optimization through an encryption algorithm in a second key generation platform to obtain a first key, wherein the first key comprises a first private key and a first public key; encrypting the preset data abstract by using the first private key to generate a digital signature; when the first key generation platform decrypts the digital signature through the first public key, a decryption digest is obtained; and comparing and checking the decryption digest with the preset data digest, and if the decryption digest is consistent with the preset data digest, checking the decryption digest.
According to a second aspect of the present application, there is provided a cryptography-based digital signature verification system comprising: the cooperative encryption verification module is used for performing cooperative encryption verification on the second key generation platform by the first key generation platform when the first key generation platform receives preset transmission data; the digest generation module is used for performing digest generation on the preset transmission data based on a hash algorithm by the first key generation platform to obtain a preset data digest if verification is successful; the key searching optimizing module is used for carrying out key searching optimizing through an encryption algorithm in the second key generating platform to obtain a first key, and the first key comprises a first private key and a first public key; the digital signature generation module is used for encrypting the preset data abstract by the first private key to generate a digital signature; the decryption module is used for decrypting the digital signature through the first public key when the first key generation platform obtains a decryption digest; and the comparison and verification module is used for comparing and verifying the decryption digest with the preset data digest, and if the decryption digest is consistent with the preset data digest, the verification is passed.
According to a third aspect of the present application, there is provided an electronic device comprising a memory and a processor, the memory having stored therein a computer program, the computer program being executed by the processor in the steps of the first aspect.
According to a fourth aspect of the present application, there is provided a computer readable storage medium having a computer program stored therein, the computer program being executable by a processor to perform the steps of the first aspect.
The following beneficial effects can be achieved according to one or more technical schemes adopted by the application:
when a first key generation platform receives preset transmission data, the first key generation platform performs collaborative encryption verification on a second key generation platform, if verification is successful, the first key generation platform performs abstract generation on the preset transmission data based on a hash algorithm to obtain a preset data abstract, and performs key search optimization through an encryption algorithm in the second key generation platform to obtain a first key, wherein the first key comprises a first private key and a first public key, and the first private key is used for encrypting the preset data abstract to generate a digital signature; and when the first key generation platform decrypts the digital signature through the first public key, a decryption digest is obtained, the decryption digest and the preset data digest are compared and checked, and if the decryption digest is consistent with the preset data digest, the verification is passed, so that a key with stronger randomness is generated based on a search optimizing algorithm, the regularity of the key is reduced, the key safety is improved, and the technical effect of the safety of data transmission is further improved.
Drawings
In order to more clearly illustrate the technical solutions of the present application or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below. The accompanying drawings, which form a part hereof, illustrate embodiments of the present application and, together with the description, serve to explain the present application and not to limit the application unduly, and to enable a person skilled in the art to make and use other drawings without the benefit of the present inventive subject matter.
Fig. 1 is a schematic flow chart of a digital signature verification method based on cryptography according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of a cryptography-based digital signature verification system according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Reference numerals illustrate: the device comprises a collaborative encryption verification module 11, a digest generation module 12, a key search optimizing module 13, a digital signature generation module 14, a decryption module 15, a comparison verification module 16, an electronic device 300, a memory 301, a processor 302, a communication interface 303 and a bus architecture 304.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, exemplary embodiments of the present application will be described in detail below with reference to the accompanying drawings. It should be apparent that the described embodiments are only some of the embodiments of the present application and not all of the embodiments of the present application, and it should be understood that the present application is not limited by the example embodiments described herein.
The terminology used in the description is for the purpose of describing embodiments only and is not intended to be limiting of the application. As used in this specification, the singular terms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. The terms "comprises" and/or "comprising," when used in this specification, specify the presence of steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other steps, operations, elements, components, and/or groups thereof.
Unless defined otherwise, all terms (including technical and scientific terms) used in this specification should have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. Terms, such as those defined in commonly used dictionaries, should not be interpreted in an idealized or overly formal sense unless expressly so defined herein. Like numbers refer to like elements throughout.
It should be noted that, the user information (including, but not limited to, user equipment information, user personal information, etc.) and the data (including, but not limited to, data for presentation, analyzed data, etc.) referred to in the present application are information and data authorized by the user or sufficiently authorized by each party.
Example 1
Fig. 1 is a diagram of a cryptography-based digital signature verification method according to an embodiment of the present application, where the method includes:
when the first key generation platform receives preset transmission data, the first key generation platform performs cooperative encryption verification on the second key generation platform;
the embodiment of the application provides a digital signature verification method based on cryptography, which is applied to a digital signature verification system based on cryptography, wherein the system is used for executing the method, and comprises a first key generation platform and a second key generation platform, and the first key generation platform and the second key generation platform are servers for encrypting data. That is, in the embodiment of the present application, the verification of the digital signature is performed cooperatively by the first key generation platform and the second key generation platform, so as to improve the security of data transmission.
When the first key generation platform receives preset transmission data, the first key generation platform performs collaborative encryption verification on the second key generation platform, that is, the first key generation platform and the second key generation platform need to perform authority verification and then perform digital signature collaborative generation, so that the data security is improved.
In a preferred embodiment, further comprising:
the first key generation platform sends a cooperative encryption request to the second key generation platform, the second key generation platform generates initial verification information after receiving the cooperative encryption request and sends the initial verification information to the first key generation platform, and the initial verification information is a random number generated randomly; the first key generation platform performs digital signature based on the initial verification, obtains a verification signature and returns the verification signature to the second key generation platform; the second key generation platform analyzes the returned information to obtain analysis verification information, compares the analysis verification information with the initial verification information and obtains a verification result.
In a preferred embodiment, further comprising:
the analysis verification information is a random number extracted from the returned information; consistency comparison is carried out on the analysis verification information and the initial verification information, wherein the consistency comprises 0 and 1; if the consistency is 0, the verification result is verification failure, and the second key generation platform refuses the collaborative encryption request; and if the consistency is 1, the verification result is that the verification is successful, and the second key generation platform agrees with the collaborative encryption request.
Specifically, the predetermined transmission data is determined by a user and uploaded to the first key generation platform, when the first key generation platform receives the predetermined transmission data, the first key generation platform sends a cooperative encryption request to the second key generation platform, the second key generation platform generates initial verification information after receiving the cooperative encryption request, the initial verification information is a random number generated randomly, the initial verification information is sent to the first key generation platform, and the initial verification information is used for ensuring the basic security and identity verification of the first key generation platform and the second key generation platform before starting to encrypt the data generation key. Further, the first key generation platform uses the initial verification information to perform digital signature, the digital signature is used for guaranteeing the integrity and source authentication of the initial verification information, and the public key is generated while the digital signature is generated. The verification signature is obtained and returned to the second key generation platform. And the second key generation platform analyzes the returned information, namely, the user decrypts the verification signature by using the public key, and the analysis verification information can be obtained. And finally, comparing the analysis verification information with the initial verification information, if the analysis verification information is consistent with the initial verification information, verifying successfully, otherwise, verifying unsuccessfully, thereby acquiring a verification result and improving the credibility and the safety of the encryption process.
Specifically, the analysis verification information and the initial verification information are compared, and the verification result is obtained as follows:
the analysis verification information is a random number extracted from the return information, namely, the random number extracted after the digital signature in the return information is decrypted through the public key. And comparing the analysis verification information with the initial verification information, wherein the consistency comprises 0 and 1, namely if the analysis verification information is the same as the initial verification information, the consistency is 1, and otherwise, the consistency is 0. And if the consistency is 0, the verification result is verification failure, and the second key generation platform refuses the collaborative encryption request. If the consistency is 1, the verification result is that the verification is successful, the second key generation platform agrees to the cooperative encryption request, and the cooperative encryption can be performed through the first key generation platform and the second key generation platform, so that the encryption security is improved.
If verification is successful, the first key generation platform performs abstract generation on the preset transmission data based on a hash algorithm to obtain a preset data abstract;
specifically, if verification is successful, the first key generation platform performs summary generation on the predetermined transmission data based on a hash algorithm to obtain a predetermined data summary, the hash algorithm converts data with any length into a hash value with a fixed length, and the hash value is used as the predetermined data summary and can be used for verifying the integrity and the uniqueness of the data, and a specific acquisition process is described in detail below.
In a preferred embodiment, further comprising:
a plurality of hash algorithms with safety strength identifiers and processing efficiency identifiers are embedded in the first key generation platform; acquiring a preset security level and a data volume of the preset transmission data; based on the preset security level and the data volume, matching a hash algorithm by combining the security intensity identification and the processing efficiency identification to obtain a matching hash algorithm; and carrying out abstract generation on the preset transmission data by using the matching hash algorithm to obtain the preset data abstract.
Specifically, the first key generation platform is embedded with a plurality of hash algorithms with security strength identifiers and processing efficiency identifiers, which are all hash algorithms in the prior art, such as MD2, MD4, MD5, SHA-1, and the like. And acquiring the preset security level and the data volume of the preset transmission data, wherein the preset security level is set by a user, and the data volume is required to be determined in combination with reality. Based on the preset security level and the data volume, matching the hash algorithm by combining the security intensity identification and the processing efficiency identification, selecting the hash algorithm with stronger security intensity identification and faster processing efficiency identification as the preset security level is higher, and selecting the hash algorithm with larger data volume, thereby obtaining a matched hash algorithm, and generating the abstract of the preset transmission data by using the matched hash algorithm to obtain the preset data abstract, so as to provide support for the subsequent verification of the digital signature.
In a preferred embodiment, further comprising:
acquiring a plurality of hash algorithms based on a data mining technology; calling hash value length records, data processing rate records and resource occupation records of the plurality of hash algorithms; acquiring a first storage space of the first key generation platform, and performing algorithm screening based on the first storage space and a resource occupation record to acquire a target hash algorithm; and carrying out hash value length average value calculation and processing efficiency average value calculation based on the hash value length record and the data processing rate record to obtain the safety intensity identifier and the processing efficiency identifier.
The plurality of hash algorithms are obtained based on a data mining technique, and it is understood that the plurality of hash algorithms are existing hash algorithms that have been used, such as MD2, MD4, MD5, SHA-1, and the like. Further, the hash value length record, the data processing rate record and the resource occupation record of the hash algorithms are called, and specifically, the hash value length record, the data processing rate record and the resource occupation record can be obtained by calling the use record of the hash algorithms in the history time, and the resource occupation record refers to the occupation record of the storage space. And acquiring a first storage space of the first key generation platform, wherein the first storage space is the size of the first key generation platform which can be used for data storage, performing algorithm screening based on the first storage space and the resource occupation record, and acquiring a hash algorithm with the first storage space larger than the resource occupation record as a target hash algorithm. And further, carrying out hash value length average value calculation and processing efficiency average value calculation based on the hash value length record and the data processing rate record, and generating the safety intensity identifier and the processing efficiency identifier according to an average value calculation result. Providing a basis for the screening of subsequent hash algorithms.
Performing key search optimization through an encryption algorithm in a second key generation platform to obtain a first key, wherein the first key comprises a first private key and a first public key;
in a preferred embodiment, further comprising:
randomly generating a key through an encryption algorithm in a second key generation platform to obtain a first initial key, wherein the first initial key comprises a first initial private key and a first initial public key; collecting a key attack sample; and carrying out attack cracking simulation on the first initial key by using the key attack sample, and carrying out updating optimization on the key based on an attack simulation result to obtain the first key.
In a preferred embodiment, further comprising:
collecting a network protocol and a network architecture of the second key generation platform, and establishing a digital twin key generation platform; carrying out attack test on a first initial key in the digital twin key generation platform by using the key attack sample, and if the test result is that the attack fails, generating the first key by using the first initial key; if the test result is that the attack is successful, randomly updating the first initial key, acquiring the second initial key, and performing the attack test until the test result is that the attack fails; the key attack samples are a plurality of attack samples with different attack intensities.
And carrying out key search optimization through an encryption algorithm in the second key generation platform to obtain a first key, wherein the first key comprises a first private key and a first public key, and the specific acquisition method is described in detail below.
Specifically, in the second key generation platform, the first initial key is randomly generated using an encryption algorithm. The key includes a first initial private key and a first initial public key, which keys are used for generation of digital signatures and decryption verification. Key attack samples are collected based on the prior art, which may include data that has been encrypted or decrypted, as well as attack samples that attempt to crack the key. The first initial key is subjected to attack cracking simulation by using the collected key attack sample, namely, the first initial key is tried to be cracked by simulating the attack behavior of the attack sample, the first initial key is updated and optimized based on the attack simulation result, the private key or the public key is modified to increase the difficulty of cracking, and the first key is obtained after updating and optimizing, so that the key has higher safety and can better resist the key attack.
Randomly generating a key through an encryption algorithm in a second key generation platform to obtain a first initial key, wherein the first initial key comprises a first initial private key and a first initial public key; collecting a key attack sample; and carrying out attack cracking simulation on the first initial key by using the key attack sample, and carrying out updating optimization on the key based on an attack simulation result to obtain the first key.
Network protocol information of the second key generation platform is acquired through the existing network scanning tool or related technology, wherein the network protocol information comprises a used network protocol type, a port number, a transport layer protocol and the like. And acquiring network architecture information of the second key generation platform, including network equipment, network connection relation, network route and the like, through the existing network topology analysis tool or related technology. Based on the collected network protocol information and network architecture information, a digital twin key generation platform similar to the second key generation platform is constructed. This platform is capable of simulating the network environment and behavior of the second key generation platform for subsequent attack testing. And further carrying out attack test on the first initial key in the digital twin key generation platform by using a plurality of attack samples with different attack strengths, and if the attack result is failure, indicating that the first initial key has certain security and can be used as the first key. And if the attack result is successful, indicating that the first initial key has potential safety hazard. At this time, the first initial key may be updated randomly, and a new initial key may be generated and recorded as the second initial key.
The key attack samples are a plurality of attack samples with different attack intensities, namely, in the attack test process, the samples with different attack intensities are used for testing, so that the effectiveness of the attack test is improved.
And carrying out attack test again on the updated second initial key, if the attack result is still successful, continuing to carry out random update and attack test until the test result is failed, and obtaining a relatively safe first key by the method to improve the safety of data transmission.
Encrypting the preset data abstract by using the first private key to generate a digital signature;
encrypting the predetermined data digest with the first private key, which is a common technical means for those skilled in the art, without performing an expansion, thereby generating a digital signature.
When the first key generation platform decrypts the digital signature through the first public key, a decryption digest is obtained;
and comparing and checking the decryption digest with the preset data digest, and if the decryption digest is consistent with the preset data digest, checking the decryption digest.
And when the first key generation platform decrypts the digital signature through the first public key, obtaining a decryption digest, comparing and checking the decryption digest with the preset data digest, if the decryption digest is consistent with the preset data digest, checking the decryption digest, the first key generation platform can extract preset transmission data, otherwise, checking the decryption digest is failed.
Based on the above analysis, the following beneficial effects can be achieved by one or more technical solutions provided in the present application:
when a first key generation platform receives preset transmission data, the first key generation platform performs collaborative encryption verification on a second key generation platform, if verification is successful, the first key generation platform performs abstract generation on the preset transmission data based on a hash algorithm to obtain a preset data abstract, and performs key search optimization through an encryption algorithm in the second key generation platform to obtain a first key, wherein the first key comprises a first private key and a first public key, and the first private key is used for encrypting the preset data abstract to generate a digital signature; and when the first key generation platform decrypts the digital signature through the first public key, a decryption digest is obtained, the decryption digest and the preset data digest are compared and checked, and if the decryption digest is consistent with the preset data digest, the verification is passed, so that the regularity of the key is reduced, the security of the key is improved, and the technical effect of the security of data transmission is improved by utilizing different key generation platforms to search and optimize the key.
Example two
Based on the same inventive concept as the cryptography-based digital signature verification method in the foregoing embodiment, as shown in fig. 2, the present application further provides a cryptography-based digital signature verification system, which includes:
the cooperative encryption verification module 11 is configured to perform cooperative encryption verification on the second key generation platform by the first key generation platform when the first key generation platform receives predetermined transmission data;
the digest generation module 12 is configured to, if verification is successful, perform digest generation on the predetermined transmission data by the first key generation platform based on a hash algorithm, to obtain a predetermined data digest;
the key searching optimizing module 13 is used for performing key searching optimizing through an encryption algorithm in the second key generating platform to obtain a first key, wherein the first key comprises a first private key and a first public key;
a digital signature generation module 14, where the digital signature generation module 14 is configured to encrypt the predetermined data digest with the first private key to generate a digital signature;
the decryption module 15 is configured to decrypt the digital signature by the first public key when the first key generation platform decrypts the digital signature by the first public key, so as to obtain a decrypted digest;
and the comparison and verification module 16 is used for comparing and verifying the decryption digest with the preset data digest, and if the decryption digest is consistent with the preset data digest, the verification is passed.
Further, the cooperative encryption verification module 11 further includes:
the first key generation platform sends a cooperative encryption request to the second key generation platform, the second key generation platform generates initial verification information after receiving the cooperative encryption request and sends the initial verification information to the first key generation platform, and the initial verification information is a random number generated randomly;
the first key generation platform performs digital signature based on the initial verification, obtains a verification signature and returns the verification signature to the second key generation platform;
the second key generation platform analyzes the returned information to obtain analysis verification information, compares the analysis verification information with the initial verification information and obtains a verification result.
Further, the cooperative encryption verification module 11 further includes:
the analysis verification information is a random number extracted from the returned information;
consistency comparison is carried out on the analysis verification information and the initial verification information, wherein the consistency comprises 0 and 1;
if the consistency is 0, the verification result is verification failure, and the second key generation platform refuses the collaborative encryption request;
and if the consistency is 1, the verification result is that the verification is successful, and the second key generation platform agrees with the collaborative encryption request.
Further, the first encryption algorithm 12 further includes:
acquiring a data encryption reference condition of the preset transmission data, wherein the data encryption reference condition comprises a data type and a data source;
matching encryption grades according to the data encryption reference conditions, and generating an encryption starting instruction when the encryption grades meet a preset encryption grade threshold;
and controlling the first key generation platform to search and optimize the preset transmission data through a first encryption template by using the encryption starting instruction, and generating the first encryption private key.
Further, the summary generating module 12 further includes:
a plurality of hash algorithms with safety strength identifiers and processing efficiency identifiers are embedded in the first key generation platform;
acquiring a preset security level and a data volume of the preset transmission data;
based on the preset security level and the data volume, matching a hash algorithm by combining the security intensity identification and the processing efficiency identification to obtain a matching hash algorithm;
and carrying out abstract generation on the preset transmission data by using the matching hash algorithm to obtain the preset data abstract.
Further, the summary generating module 12 further includes:
acquiring a plurality of hash algorithms based on a data mining technology;
calling hash value length records, data processing rate records and resource occupation records of the plurality of hash algorithms;
acquiring a first storage space of the first key generation platform, and performing algorithm screening based on the first storage space and a resource occupation record to acquire a target hash algorithm;
and carrying out hash value length average value calculation and processing efficiency average value calculation based on the hash value length record and the data processing rate record to obtain the safety intensity identifier and the processing efficiency identifier.
Further, the key search optimizing module 13 further includes:
randomly generating a key through an encryption algorithm in a second key generation platform to obtain a first initial key, wherein the first initial key comprises a first initial private key and a first initial public key;
collecting a key attack sample;
and carrying out attack cracking simulation on the first initial key by using the key attack sample, and carrying out updating optimization on the key based on an attack simulation result to obtain the first key.
Further, the key search optimizing module 13 further includes:
collecting a network protocol and a network architecture of the second key generation platform, and establishing a digital twin key generation platform;
carrying out attack test on a first initial key in the digital twin key generation platform by using the key attack sample, and if the test result is that the attack fails, generating the first key by using the first initial key
If the test result is that the attack is successful, randomly updating the first initial key, acquiring the second initial key, and performing the attack test until the test result is that the attack fails;
the key attack samples are a plurality of attack samples with different attack intensities.
The specific example of the cryptography-based digital signature verification method in the first embodiment is also applicable to the cryptography-based digital signature verification system of the present embodiment, and those skilled in the art will clearly know the cryptography-based digital signature verification system of the present embodiment through the foregoing detailed description of the cryptography-based digital signature verification method, so that the detailed description thereof will be omitted herein for brevity.
Example III
Based on the same inventive concept as the cryptographic based digital signature verification method in the foregoing embodiments, as shown in fig. 3, the present application further provides an electronic device 300, where the electronic device 300 includes a memory 301 and a processor 302, and a computer program is stored in the memory 301, and the computer program when executed by the processor 302 implements the steps of one method of the embodiments.
The electronic device 300 includes: a processor 302, a communication interface 303, a memory 301. Optionally, the electronic device 300 may also include a bus architecture 304. Wherein the communication interface 303, the processor 302 and the memory 301 may be interconnected by a bus architecture 304; the bus architecture 304 may be a peripheral component interconnect (peripheral component interconnect, PCI) bus, or an extended industry standard architecture (extended industry Standard architecture, EISA) bus, among others. The bus architecture 304 may be divided into address buses, data buses, control buses, and the like. For ease of illustration, only one thick line is shown in fig. 3, but not only one bus or one type of bus.
Processor 302 may be a CPU, microprocessor, ASIC, or one or more integrated circuits for controlling the execution of the programs of the present application.
The communication interface 303 uses any transceiver-like means for communicating with other devices or communication networks, such as ethernet, radio access network (radio access network, RAN), wireless local area network (wire less local area networks, WLAN), wired access network, etc.
The memory 301 may be, but is not limited to, ROM or other type of static storage device, RAM or other type of dynamic storage device, which may store static information and instructions, or may be an electrically erasable programmable read-only memory (electrically erasable Programmable read only memory, EEPROM), a compact disk read-only memory (compact discread only memory, CD ROM) or other optical disk storage, optical disk storage (including compact disk, laser disk, optical disk, digital versatile disk, blu-ray disk, etc.), magnetic disk storage media or other magnetic storage devices, or any other medium capable of carrying or storing desired program code in the form of instructions or data structures and capable of being accessed by a computer. The memory may be self-contained and coupled to the processor through bus architecture 304. The memory may also be integrated with the processor.
The memory 301 is used for storing computer-executable instructions for executing the embodiments of the present application, and is controlled by the processor 302 to execute the instructions. The processor 302 is configured to execute computer-executable instructions stored in the memory 301, thereby implementing the steps of the method in the first embodiment of the present application.
Example IV
Based on the same inventive concept as the cryptographic based digital signature verification method in the previous embodiments, the present application further provides a computer readable storage medium having stored therein a computer program which when executed by a processor implements the steps of the method in embodiment one.
It should be understood that the various forms of flow shown above, reordered, added, or deleted steps may be used, as long as the desired results of the presently disclosed technology are achieved, and are not limited herein.
Note that the above is only a preferred embodiment of the present application and the technical principle applied. Those skilled in the art will appreciate that the present application is not limited to the particular embodiments described herein, but is capable of numerous obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the present application. Therefore, while the present application has been described in connection with the above embodiments, the present application is not limited to the above embodiments, but may include many other equivalent embodiments without departing from the spirit of the present application, the scope of which is defined by the scope of the appended claims.

Claims (10)

1. The digital signature verification method based on cryptography is characterized by being applied to a digital signature verification system based on cryptography, wherein the system comprises a first key generation platform and a second key generation platform, and the method comprises the following steps:
when the first key generation platform receives preset transmission data, the first key generation platform performs cooperative encryption verification on the second key generation platform;
if verification is successful, the first key generation platform performs abstract generation on the preset transmission data based on a hash algorithm to obtain a preset data abstract;
performing key search optimization through an encryption algorithm in a second key generation platform to obtain a first key, wherein the first key comprises a first private key and a first public key;
the second key generation platform encrypts the preset data abstract by the first private key to generate a digital signature;
the first key generation platform decrypts the digital signature through the first public key to obtain a decryption digest;
and comparing and checking the decryption digest with the preset data digest, and if the decryption digest is consistent with the preset data digest, checking the decryption digest.
2. The method of claim 1, wherein the first key generation platform performs cooperative encryption verification to the second key generation platform when the first key generation platform receives the predetermined transmission data, comprising:
the first key generation platform sends a cooperative encryption request to the second key generation platform, the second key generation platform generates initial verification information after receiving the cooperative encryption request and sends the initial verification information to the first key generation platform, and the initial verification information is a random number generated randomly;
the first key generation platform performs digital signature based on the initial verification, obtains a verification signature and returns the verification signature to the second key generation platform;
the second key generation platform analyzes the returned information to obtain analysis verification information, compares the analysis verification information with the initial verification information and obtains a verification result.
3. The method of claim 2, wherein the comparing the parsed authentication information with the initial authentication information to obtain the authentication result comprises:
the analysis verification information is a random number extracted from the returned information;
consistency comparison is carried out on the analysis verification information and the initial verification information, wherein the consistency comprises 0 and 1;
if the consistency is 0, the verification result is verification failure, and the second key generation platform refuses the collaborative encryption request;
and if the consistency is 1, the verification result is that the verification is successful, and the second key generation platform agrees with the collaborative encryption request.
4. The method of claim 1, wherein the first key generation platform performs digest generation on the predetermined transmission data based on a hash algorithm to obtain a predetermined data digest, comprising:
a plurality of hash algorithms with safety strength identifiers and processing efficiency identifiers are embedded in the first key generation platform;
acquiring a preset security level and a data volume of the preset transmission data;
based on the preset security level and the data volume, matching a hash algorithm by combining the security intensity identification and the processing efficiency identification to obtain a matching hash algorithm;
and carrying out abstract generation on the preset transmission data by using the matching hash algorithm to obtain the preset data abstract.
5. The method of claim 4, wherein the method further comprises:
acquiring a plurality of hash algorithms based on a data mining technology;
calling hash value length records, data processing rate records and resource occupation records of the plurality of hash algorithms;
acquiring a first storage space of the first key generation platform, and performing algorithm screening based on the first storage space and a resource occupation record to acquire a target hash algorithm;
and carrying out hash value length average value calculation and processing efficiency average value calculation based on the hash value length record and the data processing rate record to obtain the safety intensity identifier and the processing efficiency identifier.
6. The method of claim 1, wherein the performing the key search optimization by the encryption algorithm in the second key generation platform obtains a first key, the first key including a first private key and a first public key, comprises:
randomly generating a key through an encryption algorithm in a second key generation platform to obtain a first initial key, wherein the first initial key comprises a first initial private key and a first initial public key;
collecting a key attack sample;
and carrying out attack cracking simulation on the first initial key by using the key attack sample, and carrying out updating optimization on the key based on an attack simulation result to obtain the first key.
7. The method of claim 6, wherein performing attack hacking simulation on the first initial key with the key attack sample, performing updating optimization of a key based on an attack simulation result, and obtaining the first key, comprises:
collecting a network protocol and a network architecture of the second key generation platform, and establishing a digital twin key generation platform;
carrying out attack test on a first initial key in the digital twin key generation platform by using the key attack sample, and if the test result is that the attack fails, generating the first key by using the first initial key;
if the test result is that the attack is successful, randomly updating the first initial key, acquiring the second initial key, and performing the attack test until the test result is that the attack fails;
the key attack samples are a plurality of attack samples with different attack intensities.
8. A cryptography-based digital signature verification system, characterized by the steps for performing the method of any of claims 1 to 7, the system comprising a first key generation platform and a second key generation platform, the system comprising:
the cooperative encryption verification module is used for performing cooperative encryption verification on the second key generation platform by the first key generation platform when the first key generation platform receives preset transmission data;
the digest generation module is used for performing digest generation on the preset transmission data based on a hash algorithm by the first key generation platform to obtain a preset data digest if verification is successful;
the key searching optimizing module is used for carrying out key searching optimizing through an encryption algorithm in the second key generating platform to obtain a first key, and the first key comprises a first private key and a first public key;
the digital signature generation module is used for encrypting the preset data abstract by the first private key to generate a digital signature;
the decryption module is used for decrypting the digital signature through the first public key when the first key generation platform obtains a decryption digest;
and the comparison and verification module is used for comparing and verifying the decryption digest with the preset data digest, and if the decryption digest is consistent with the preset data digest, the verification is passed.
9. An electronic device comprising a memory and a processor, the memory having stored therein a computer program which, when executed by the processor, performs the steps of the method of any of claims 1-7.
10. A computer readable storage medium, characterized in that the computer readable storage medium has stored therein a computer program which, when executed by a processor, implements the steps of the method of any of claims 1-7.
CN202311768041.0A 2023-12-20 2023-12-20 Digital signature verification method and system based on cryptography Pending CN117728947A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311768041.0A CN117728947A (en) 2023-12-20 2023-12-20 Digital signature verification method and system based on cryptography

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311768041.0A CN117728947A (en) 2023-12-20 2023-12-20 Digital signature verification method and system based on cryptography

Publications (1)

Publication Number Publication Date
CN117728947A true CN117728947A (en) 2024-03-19

Family

ID=90203282

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311768041.0A Pending CN117728947A (en) 2023-12-20 2023-12-20 Digital signature verification method and system based on cryptography

Country Status (1)

Country Link
CN (1) CN117728947A (en)

Similar Documents

Publication Publication Date Title
CN110519260B (en) Information processing method and information processing device
CN107749848B (en) Internet of things data processing method and device and Internet of things system
CN112637166B (en) Data transmission method, device, terminal and storage medium
JP6199335B2 (en) Communication network system and message inspection method
CN102271042B (en) Certificate authorization method, system, universal serial bus (USB) Key equipment and server
Sumagita et al. Analysis of secure hash algorithm (SHA) 512 for encryption process on web based application
EP2731034A2 (en) Client computer for querying a database stored on a server via a network
WO2003034188A2 (en) Method and system for detecting unauthorised executable programs _______________________________________________________________
KR20080030359A (en) Method for integrity attestation of a computing platform hiding its configuration information
JP6190404B2 (en) Receiving node, message receiving method and computer program
CN110690956B (en) Bidirectional authentication method and system, server and terminal
CN108199827B (en) Client code integrity checking method, storage medium, electronic device and system
KR20120053929A (en) The agent system for digital signature using sign private key with double encryption and method thereof features to store in web storage
CN110213232B (en) fingerprint feature and key double verification method and device
CN111585995A (en) Method and device for transmitting and processing safety wind control information, computer equipment and storage medium
EP2286610B1 (en) Techniques for peforming symmetric cryptography
JP4998314B2 (en) Communication control method and communication control program
CN115514492A (en) BIOS firmware verification method, device, server, storage medium and program product
CN115766192A (en) UKEY-based offline security authentication method, device, equipment and medium
CN112865981B (en) Token acquisition and verification method and device
CN103178955B (en) A kind of authentication method, equipment and system
CN115348107A (en) Internet of things equipment secure login method and device, computer equipment and storage medium
CN117728947A (en) Digital signature verification method and system based on cryptography
JP6454917B2 (en) Communication network system and message inspection method
CN111148213A (en) Registration method of 5G user terminal, user terminal equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination