主题：【文摘】山东大学王小云教授成功破解MD5 -- 懒厨

Public key cryptography

Public-key cryptography allows one to digitally sign and encrypt information transacted between parties. Public Key Infrastructure (PKI) uses this technology and adds authentication and non-repudiation of the information regarding the parties concerned. Public Key Cryptography Standards (PKCS) is a suite of protocols and algorithms that are used as an industry standard when implementing public-key cryptography and infrastructure. The fundamentals are based on Key Pairs, Message Digests and Certification. These are described below.

A key pair consists of a private key and a public key. The private key is never revealed to any party. The public key is made available to the world, or at least the parties concerned with receiving or sending information. In public key algorithms like those from RSA, any data encrypted with the private key can be decrypted only with the public key, and data encrypted with the public key can be decrypted only with the private key. Stronger encryption uses longer keys. For strong encryption, it is “computationally infeasible” to derive the private key given the public key, or vice versa.

Message Digests are hash functions that take in data and generate a statistically unique digest, like a 20 byte number ?C such that even one bit change in the input data results in a totally different digest. Thus these digests serve as finger-prints of a document. Given a digest and a document, and knowing the hash algorithm, it is easy to verify whether the digest is derived from the document.

Certification is the mechanism by which authenticity is established. A party generates a key pair consisting of the private and public keys. The public key is placed into a certificate request and sent to a certifying authority (CA) like Thawte, IDCertify, VeriSign and so on. The certifying authority (CA) verifies the party’s credentials and the purpose of using the keys, through a vetting process, and then certifies the public key they received. That is, the authority issues a certificate, typically called an X.509 digital certificate that contains the details of the party, the intended use of the certificate and most importantly, the party’s public key. This information is then digitally signed by the CA using the CA’s private key. The authenticity of the certificate itself can be verified by using the CA’s public key, which is made available from the CA’s web site, or comes embedded in a browser by default.

In essence, if you trust the CA, then you can trust that the public key in the verified certificate indeed belongs to who ever the CA says it belongs, and therefore if a digital signature on a document is verified using that public key, the information therein was indeed signed by the party mentioned in the certificate. This establishes authenticity, since only the holder of the corresponding private key could have created that digital signature. And trust in the CA is at the core of this process. If a CA is granted a notary or equivalent status, then the certificate and the information signed or encrypted cannot be repudiated and is valid in many courts of law.

Digital signatures & Data encryption

A digital signature is a digital attestation of a document by a party. This is to establish authenticity. A digital signature is an encrypted digest (hash) of the data to be signed.

One essentially creates a digest or hash (using an algorithm like MD5 or SHA1) from the document data and then encrypts this hash with one’s private key. The encrypted hash thus becomes a digitally signed finger-print for that document, called a digital signature. This signature can now optionally be attached to the document, along with one’s certificate. Anyone intent on verifying the digital signature would verify the certificate for authenticity first, then take the public key from the certificate and then verify the digital signature. The latter part involves decrypting the digital signature with the public key to reveal the digest or hash value. The document is then hashed using the same algorithm to check whether the digest values match.

A digital signature is typically attached to a document. This can be difficult for certain document types. It is required to embed the signature into the document without changing the document (!), which is contradictory. Therefore a signing process only works on the information portion of a document, and uses other sections of the format to embed the signature. For example it is possible to embed signatures into a Word document treating the latter as an OLE compound document. One may also store signatures as attributes of such a document. PDF is another format that is amenable to embedding using the DIGSIG API. Another technique is to create a container document (having a different naming extension) that includes the source document and the signature, and from which either can be extracted. Multiple signatures may be created and attached to a document. The signatures may be peer level or hierarchical level. Peer level signatures imply that one or more parties have endorsed the document by applying their signatures. Hierarchical signatures imply a work-flow and counter-signing process.

Creation of a digital signature involves using one’s private key. In contrast, encryption of information meant for another party uses the other party’s public key. Anyone, knowing that party’s public key can send encrypted information. Only that party can decrypt the information, using his/her own private key.

外链出处