I have clear the process to sign a document. You need a certificate made by a CA. You have a public and private key. With the private you sign and with the public the people open your signed document. When you sign a document a math algoritm process the file and then generate a hash, later with the private key this hash is encrypted. Finally I need to add (concat) this encrypted hash to the document. 开发者_开发百科
Now, to open this document I need to separate the encrypt hash code from the document. And I need the public key to verify the validity of the document. This is very clear for me.
So.. The questions is... From where the people get the public key??? And how I check who sign the document??
Do I need to append my certificate to the document that I want to sing?? If It's true. Is that not insecur??? give my certificate to everyone??
thanks,
What you are asking about is a public-private key cryptosystem. In RSA (one particular such system), the "public" and "private" keys are actually just two numbers that are prime factors of a larger number. Due to how modular exponentiation works (I'm not going to explain the math), the effect is that:
- Anything encrypted with the "public" key can be decrypted with the "private" key
- Anything encrypted with the "private" key can be decrypted with the "public" key
It works both ways. Now, after generating the pair, you keep one of them. That's the "private" one. To the other half, you add some identity information. In the case of X.509 (one particular certificate format), you add a "common name" and some auxiliary information like a date of creation. This is added to the "public" half of the certificate. This half of the certificate, the public key, you distribute somehow.
In the case of document signing, the distribution method is usually that you attach the public key. "Who signed the document" is answered by the X.509 certificate "common name" field. This will look something like "cn=Joe Blow, o=Widgets Inc, l=Washington, st=DC, c=US". You aren't giving the "certificate" to everyone - just the public portion. All that lets people do is:
- Verify your signatures
- Encrypt messages in such a way that only you can decrypt them
This doesn't let people forge messages so that they appear to be from you.
The hash is not "concatenated" to the document. Various data signing standards (PKCS#7, CAdES for generic data, XMLDSig for XML, PDF specification for PDF documents) describe different ways to incorporate signature data into the output file. All of these formats allow you to include the public key (usually X.509 certificate) together with the data for verification. And the goal of verifier is also to check whether the key itself is valid. Alternatively, the user might be supposed to know the public key.
精彩评论