简体繁体 English

私钥签名

[英]Signature with private key

原文 2017-09-13 15:47:38 6 1 encryption/ key/ digital-signature

My understanding is 我的理解是

for encryption : I use my recipient's PUBLIC KEY to encrypt my message. 加密：我使用收件人的PUBLIC KEY加密邮件。 He will use his PRIVATE KEY to read my message (only HE can do this) => OK with that 他将使用他的私钥阅读我的消息（只有他能做到）=>可以
for signing : I use my PRIVATE KEY (since no one has it, it proves my identity). 签名：我使用我的私钥（因为没有人使用，所以证明了我的身份）。 But if my recipient use my PUBLIC KEY, every one could do the same and read my message ! 但是，如果我的收件人使用我的公共密钥，那么每个人都可以做同样的事情并阅读我的消息！ Can anyone explain this ? 有人可以解释吗？

Then, I thought that what I should do is 然后，我认为我应该做的是

I SIGN my message with my PRIVATE KEY => it proves my identity 我用私钥签名了消息=>证明了我的身份
I ENCRYPT the result of step 1 using my recipient's PUBLIC KEY => to avoid anyone reading it 我使用收件人的PUBLIC KEY =>加密第1步的结果，以避免任何人阅读
HE decrypt with his PRIVATE KEY => only he can do this 他只能使用他的私钥=>解密
HE check my identity with MY PUBLIC KEY 他用我的公钥检查我的身份

Is that correct ? 那是对的吗？

1 个解决方案

Your second guess is not bad. 您的第二个猜测还不错。

Usually the way is the following for signing (not encryption): 通常，签名的方式如下（不是加密）：

Calculate a hash (eg SHA256) of your message that has to be signed. 计算您必须签名的消息的哈希值（例如SHA256）。
Sign this hash (ie use your private key for RSA encryption) 对此哈希签名（即，使用您的私钥进行RSA加密）

That's it. 而已。 Transfer the plain message and the signed hash to anyone. 将纯文本消息和签名的哈希转移给任何人。 The message is not encrypted and therefore readable for all recipients. 该邮件未加密，因此对所有收件人均可读。 With the help of your public key everyone can decrypt the hash, calculate his or her own hash of your message and as long as both hashes (the self calculated and the signed and decrypted one) are equal, the signature is valid and the message has not beed changed after you have signed it. 借助公共密钥，每个人都可以解密散列，计算自己的消息散列，并且只要两个散列（自行计算的以及经过签名和解密的散列）相等，签名就有效且消息具有签名后不要更改。

In case your message has to be encrypted as well you usually do not use RSA, because it is to slow and to inflexible for larger messages (that means larger than the modulus of the private key, eg 2048 bit). 如果您的消息也必须进行加密，则通常不使用RSA，因为对于较大的消息（这意味着大于私钥的模数，例如2048位），它会变慢且不灵活。

Use a symetric algorithm like AES CBC for the encryption of the message. 使用像AES CBC这样的对称算法对消息进行加密。 The coincidentally generated key for encryption can be encrypted with the public key of your recipient and then be transfered. 可以使用收件人的公共密钥对同时生成的用于加密的密钥进行加密，然后进行传输。

To sum up signing and encryption using RSA with SHA256 (signature) and AES CBC (encryption): 1. Calculate a SHA256 hash H of your message M. 2. Sign H with your public key, ie encrypt H with your RSA private key. 总结使用带有SHA256（签名）和AES CBC（加密）的RSA进行签名和加密，请执行以下操作：1.计算消息M的SHA256哈希H。2.用您的公钥签名H，即用RSA私钥加密H。 That is your signature S. 3. Generate a random key K. 4. Encrypt M with AES CBC to get the encrypted message M'. 那就是您的签名S。3.生成一个随机密钥K。4.用AES CBC加密M以得到加密的消息M'。 5. Encrypt K with the public key of your recipient to get K'. 5.用收件人的公共密钥加密K以获得K'。 6. Send K', your signature S and M' to your recipient. 6.将K'，签名S和M'发送给收件人。

Only the recipient can undo all steps: 只有收件人可以撤消所有步骤：

Decrypt K' with private key of the recipient to get K (RSA). 用接收者的私钥解密K'以获得K（RSA）。
Decrypt M' with K (AES CBC) to get the message M. 用K解密M'（AES CBC）以获取消息M。
Decrypt S with your public key (RSA) to get H. 使用公共密钥（RSA）解密S以获取H。
Calculate a SHA256 hash of M. 计算M的SHA256哈希值。
Compare the calculated hash of step 4 with H (from step 3). 将步骤4的计算得出的哈希与H（来自步骤3）进行比较。 If both are equal, the signature is verified successfully. 如果两者相等，则签名成功验证。