数字证书：加密和签名有什么区别 [英] Digital certificates: What is the difference between encrypting and signing

问题描述

我对PKI，证书和所有相关的东西还比较陌生。

I am relatively new to PKI, certificates and all related stuff.

据我了解，在公共密钥密码学中，一种是使用公共密钥加密，然后使用私钥。只有一个私钥可以对应于任何公钥，但相反的情况并非如此。这是对的吗？或者是一对一映射？

As far as I understand in public-key cryptography one encrypt with a public key and decrypt with a private key. Only one private key can correspond to any public key but the opposite is not true. Is it correct? Or is it one to one mapping?

因此，数字签名的工作方式是对证书的内容进行哈希处理，然后用私钥签名。然后使用相应的公钥验证签名。

So, the way digital signature works is that the content of a certificate is hashed and then "signed" with a private key. The signature is verified then with the corresponding public key.

因此，这是让我感到困惑的地方。用公钥加密消息和用私钥签名消息摘要有什么区别？

So, here is where I get confused. What is the difference between encrypting a message with a public key and signing a message digest with a private key?

推荐答案

消息加密和签名之间的区别

我认为信息安全目标对于实现消息加密和签名之间的区别。定义一些目标：

Difference between Message Encryption and Signing

I think information security objectives are essential to realize the difference between message encryption and signing. To define a few objectives:

1. 机密：对未经授权的各方保密信息。


2. 数据完整性：确保未通过未经授权的方式更改信息。


3. 消息身份验证（数据源身份验证）：确证
   信息源。


4. 不可否认：防止拒绝先前的操作。

1. Confidentiality: keeping information secret from unauthorized parties.
2. Data integrity: ensuring that information has not been altered by unauthorized means.
3. Message authentication (data origin authentication): corroborating the information source.
4. Non-repudiation: preventing the denial of previous actions.

消息加密提供了机密性。

Message encryption provides confidentiality.

消息签名绑定该消息的消息源身份。它确保数据完整性，消息身份验证和完全不可否认性。

Message signing binds the identity of the message source to this message. It ensures data integrity, message authentication, and non-repudiation altogether.

我找到了第四个目标，不可否认性，我认为它与众不同，所以请允许我对此进行详细说明。爱丽丝可以在某个时间点拒绝对消息进行签名，或者鲍勃可以错误地声称消息签名是由爱丽丝产生的。数字签名允许无偏受信任的第三方（事先同意）解决争端，而无需访问签名者的秘密信息（私钥）。

I find the fourth objective, non-repudiation, I find it distinguishing so please allow me to elaborate on it. Alice could at some point in time deny having signed a message or Bob could falsely claim that a message signature was produced by Alice. A digital signature permits an unbiased trusted third party (agreed upon in advance) to resolve the dispute without requiring access to the signers' secret information (private keys).

您在问题中提到的数字签名系统称为可逆公钥加密的数字签名。总而言之，任何数字签名方案都应具有以下属性：

The digital signature system you mention in your question is referred to as digital signature from reversible public-key encryption. All in all, any digital signature scheme should have the following properties:

1. 签名者易于计算。


2. 任何人都很容易验证。


3. 从伪造到不再需要它（签名寿命）都是安全的。

至于加密系统，Kerchkhoffs定义了一组需求，这些需求在今天大部分仍然有用。请在 Wiki 上阅读。

As for encryption systems, Kerckhoffs defined a set of requirements that are still, for the most part, useful today. Please read up on the wiki.

关于用于密钥生成和加密/解密的函数类型，让我们再次给出一些定义：

Regarding the types of functions that are used for key generation and encryption/decryption, let's again give a few definitions:

1. 一对一函数：函数 f：X->如果 Y 中的每个元素都是 X中一个元素的图像，则Y 是一对一的。 code>。


2. 功能入门：函数 f：X->如果 Y 中的每个元素是 X >。


3. 双射函数：双射既是一对一的又是一对。


4. 一个-way函数：函数 f：X->如果 f（x）易于计算 X 是单向的c>，但对于 Y 中的所有元素 y ，找到任何 x ，这样 f（x）= y 。


5. Trapdoor单向功能：这是单向函数 f：X-> Y ，其中的额外信息（活板门信息）使查找 Y中的任何 y 成为可行， X 中的 x ，这样 f（x）= y 。

1. One-to-one function: A function f: X -> Y is one-to-one if each element in Y is the image of at most one element in X.
2. Onto function: A function f: X -> Y is onto if each element in Y is the image of at least one element in X.
3. Bijection function: A bijection is both one-to-one and onto.
4. One-way function: A function f: X -> Y is one-way if f(x) is easy to compute for all elements in X but for all elements y in Y it is computationally infeasible to find any x such that f(x) = y.
5. Trapdoor one-way function: It is a one-way function f: X -> Y in which the knowledge of extra information (trapdoor information) makes it feasible to find for any y in Y, an x in X such that f(x) = y.

双射被用作加密消息的工具，反双射被用于解密。

A bijection is used as the tool for encrypting messages and the inverse bijection is used to decrypt.

活板门单向函数用于生成公钥密码系统和数字签名方案中的密钥对。

A trapdoor one-way function is used for key pair generation in public-key cryptosystems and digital signature schemes.

活板门具体示例

在RSA中，公钥为（e，n），其中 n = pq 和 p 和 q 是两个不同的大质数。 e 在 1<范围内随机选择。 e< （p-1）（q-1）。给定（p-1）（q-1）的知识，唯一私钥 d 是通过应用扩展的欧几里得算法获得的。这是一个活板门单向函数，使我们能够从（e，n）中获取 d 。

In RSA, the public key is (e,n) where n =pq and p and q are two large, distinct prime numbers . e is randomly chosen in the range 1 < e < (p - 1)(q - 1). Given the knowledge of (p - 1)(q - 1), the unique private key d is obtained through the application of the extended Euclidean algorithm. It is a trapdoor one-way function that enables us to obtain d from (e,n).

如果您不知道（p-1）（q-1），但仍然想发现 d ，那么您需要考虑 n 。如果 p 和 q 较大且经过精心选择，则应考虑 n 应该是棘手的。这就是RSA问题（RSAP）。

If you don't know (p - 1)(q - 1) and still would like to discover d, then you need to factor n. If p and q are large and carefully chosen, factoring n should be intractable. This is the RSA problem (RSAP).

但是活板门在哪里？您可能已经注意到，陷阱门是 n 的因素。如果您知道这些因素，则可以轻松地反转单向函数并显示 d 。

But where is the trapdoor? As you may have noticed, the trapdoor is the factors of n. If you know these factors you can easily invert the one-way function and reveal d.

这篇关于数字证书：加密和签名有什么区别的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！