如何使用公钥验证数字签名?
[英]How to verify digital signature with public key?
问题描述
I am doing a project about Cryptocurrency.
我正在做一个关于加密货币的项目。 I am given a pair of public key and private key for one user.我为一个用户提供了一对公钥和私钥。 Here is how I sign my data:这是我签署数据的方式:
sig = this.hash(trans.details +trans.privKey);
The hash function is provided.提供了哈希函数。 My question is how to verify this signature with a given public key?我的问题是如何使用给定的公钥验证此签名?
I have tried this我试过这个
var v = this.hash(trans.details+"");
: var v2=this.hash(sig+trans.pubKey); : var v2=this.hash(sig+trans.pubKey); I compared these two hash value, they are not the same.我比较了这两个哈希值,它们不一样。 For my understanding, there is a way to have these match each other so that I could say the signature is valid.据我所知,有一种方法可以让这些相互匹配,这样我就可以说签名是有效的。
Note: Public key and Private key are given in this project.注意:本项目中给出了公钥和私钥。 So they should be correct.所以他们应该是正确的。
What am I missing?我错过了什么? Any ideas?有任何想法吗?
1 个解决方案
解决方案1
1
You can't.你不能。 That signature scheme doesn't work.该签名方案不起作用。
The linkage between a private key and its corresponding public key only exist within the cryptographic algorithm that generated those keys.私钥与其对应的公钥之间的联系仅存在于生成这些密钥的加密算法中。 (For instance, if you had an RSA key pair, you would need to use the RSA algorithm to generate signatures.) Inserting the private key into a general-purpose hash function has no meaningful effect. (例如,如果您有 RSA 密钥对,则需要使用 RSA 算法来生成签名。)将私钥插入通用哈希函数中没有任何意义。
Generally speaking, signatures are generated by taking an unsalted hash of the data to be signed, then encrypting the resulting hash using the private key, eg一般来说,签名是通过对要签名的数据进行未加盐散列,然后使用私钥对结果散列进行加密来生成的,例如
let signature = RSA_encrypt(H(message), private_key)
The public key can then be used to decrypt the hash, proving that it was generated using the appropriate private key:然后可以使用公钥解密哈希,证明它是使用适当的私钥生成的:
let signature_ok = equal(H(message), RSA_decrypt(signature, public_key))
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.