公钥如何验证签名? [英] How does a public key verify a signature?
问题描述
我正试图更好地解决公钥/私钥的工作方式。我知道发件人可以使用他/她的私钥将数字签名添加到文档中,以本质上获取文档的哈希值,但是我不了解的是如何使用公钥来验证该签名。
I am trying to get a better grapple on how public/private keys work. I understand that a sender may add a digital signature to a document using his/her private key to essentially obtain a hash of the document, but what I do not understand is how the public key can be used to verify that signature.
我的理解是公钥加密,私钥解密...任何人都可以帮助我理解吗?
My understanding was that public keys encrypt, private keys decrypt... can anyone help me understand?
推荐答案
您对公钥加密,私钥解密的理解是正确的……对于数据/消息加密。对于数字签名,则相反。使用数字签名,您正在尝试证明您签名的文档来自您。为此,您需要使用只有您拥有的东西:您的私钥。
Your understanding of "public keys encrypt, private keys decrypt" is correct... for data/message ENCRYPTION. For digital signatures, it is the reverse. With a digital signature, you are trying to prove that the document signed by you came from you. To do that, you need to use something that only YOU have: your private key.
最简单描述中的数字签名是哈希(SHA1,MD5等)。 )的数据(文件,消息等),随后使用签名者的私钥对其进行加密。因为那是只有签名者才能(或应该拥有)的东西,信任才是信任的来源。每个人都可以(或应该)访问签名者的公钥。
A digital signature in its simplest description is a hash (SHA1, MD5, etc.) of the data (file, message, etc.) that is subsequently encrypted with the signer's private key. Since that is something only the signer has (or should have) that is where the trust comes from. EVERYONE has (or should have) access to the signer's public key.
因此,为了验证数字签名,收件人
So, to validate a digital signature, the recipient
- 计算哈希相同的数据(文件,消息等),
- 使用发送者的PUBLIC密钥解密数字签名,并且
- 比较2个哈希价值观。
如果匹配,则认为签名有效。如果它们不匹配,则意味着使用了其他密钥对其进行签名,或者数据已被更改(有意或无意)。
If they match, the signature is considered valid. If they don't match, it either means that a different key was used to sign it, or that the data has been altered (either intentionally or unintentionally).
希望会有所帮助!
这篇关于公钥如何验证签名?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
