Scribd Logo
Upload

Welcome to Scribd!

  • Digital Signature Using Digital Certificate

    Uploaded by

    vikas
    4 views4 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    4 views4 pages

    Digital Signature Using Digital Certificate

    Uploaded by

    vikas

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    Proceedings of 14th Youth Conference on Communication

    Research on Digital Signature Based on Digital Certificate


    Yong Huang, Fugui Chen, Peixin Qu
    School of Information Engineering, Henan Institute of Science and Technology, Xinxiang, 453003, China
    451800@163.com

    Abstract: The important significance of digital signature on internet transaction security is analyzed. The
    thoery and technology base of digital signature is PKI, and the principle of digital signature is introduced. The
    defaults of the technique of digital signature based on public key and private key pairs, and the approach of
    digital signature based on digital certificate is presented, and its rationality, effectivity and feasibility are dis-
    cussed. The process of design and implementation of digital signature system based on digital certificate are
    introduced, and the important source codes and running interfaces of prototype system are shown..
    Keywords: digital signature; digital certificate; PKI (Public Key Infrastructure)

    1 Introduction buyers and sellers on the Internet must ensure that all
    financial transactions are real and reliable operation, and
    The rapid development of Internet e-commerce has a
    make customers, merchants and other parties have abso-
    new model of business activities. How to open network
    lute confidence. Therefore, e-commerce must ensure that
    (Internet) transmission line to protect the legitimacy of
    the system has a very reliable security technology, that is
    the data, the only, non-repudiation to prevent illegal
    to say, the network must ensure the four major safety
    tampering and trading each other's identity, has become a
    elements, and they are confidentiality, authentication,
    serious problem. Stamp-based digital signature technol-
    integrity, availability and non-repudiation of information.
    ogy is proposed in this context, and become the field of
    information security research in the field of computer 2 PKI (Public Key Infrastructure)
    applications and a hot and difficult. Although
    PKI (Public Key Infrastructure) is a system, which offers
    e-commerce on-line transmission of data security have services of public key encryption and digital signature,
    had a strong demand, however, to meet the security based on public key encryption technologies. It is com-
    needs of the digital signature seals the theory and tech- posed of CA, numeric certificate library, secret key
    nology have not been very good solution. Ensure data backup and restore system, numeric certificate withdraw
    integrity and non-repudiation of transactions each other system and API.
    is based on the seal of the digital signature system must PKI, which is based largely on cryptographic theory
    address the core issue is the digital signature system seal and provides mainly the services of authentication and
    the foundation. confidentiality and integrality and non-repudiation, turns
    In response to these problems, this paper through a into the very important secure platform of authentication
    digital signature technology, domestic and foreign tech- and authorization in network application and guarantees
    the information security of the network activity to peo-
    nology in the current analysis, a digital signature based
    ple.
    on the seal system model and analysis system used in
    CA is the kernel part of PKI, and it provides functions
    key technology: one-way hash function digital signa- of awarding, updating, withdrawing and validating the
    tures. numeric certificate. PKI technology has already been
    E-commerce may include the use of electronic data comprehensively used in many fields.
    interchange, electronic money exchange, Internet adver- For computer system and net. The key to PKl system is
    numeric certificate management (generate, distribute,
    tising, websites, online databases, computer networks,
    validate, remove etc).
    and point-of-sale computer systems. So, the security
    problem becomes very important in e-commerce. Both 3 Digital Certificates
    The Projects Supported by Scientific Research Fund of Hunan Provin- 509 digital certificates based PKI system has offered the
    cial Education Department( 08A009 and 08B015 ) for supporting this good trust mechanism in the network computing envi-
    research.; this research is supported by the construct program of the key
    discipline in Hunan province; project supported by Provincial Natural ronment, and can offer the security services in common
    Science Foundation of Hunan(01JJY2157)support the research; research use such as confidentiality, integrality, no repudiation
    fund of Hunan Institute of Engineering(0850) supporting the research and so on.

    467 978-1-935068-01-3 © 2009 SciRes.


    Proceedings of 14th Youth Conference on Communication

    Digital certificate is an electronic identification card Second, the information received has not any changes.
    similar to the role of the real-life an identification card. It Therefore, digital signature can be used to prevent elec-
    is issued by an authority organization, people can use it tronic information being modified easily, or sending a
    to contact each other to identify the identity. message by fraudulent use of other people's name. Or
    Signing in a written document means to confirm it. sent (received) a letter and then deny to happen, and so
    and its role are two points: first, because it is difficult to on.
    deny their own signature, which confirms the fact that Usually, the digital signatures are in three major ways,
    documents have been signed; Second, because the sig- they are: RSA signature, DSS signature and the signature
    nature difficult to counterfeit, it ensures this document is Hash. The three algorithms can be used alone, or com-
    really. bined use.
    The role of digital signature and signed a written docu-
    ment is similar. Digital signature can confirm the fol- 4 Design and Reali zation of Digital Signa-
    lowing two points: first, the message is sent by the signer; ture
    The structure of digital signature system based on digital
    certificate is as follow:

    Figure 1. The process of signature and verification with certificate

    5. The Core Resource Code


    The code as follow: Certificate Certificate { get; set; }
    1). Store void Load(string FileName, string Password)
    Certificates Certificates { get; } 3). Certificate
    PrivateKey PrivateKey { get; set; }
    void Open(CAPICOM_STORE_LOCATION
    void Load(string FileName, string Password,
    StoreLocation, string StoreName, CAPICOM_KEY_STORAGE_FLAG
    CAPICOM_STORE_OPEN_MODE OpenMode) KeyStorageFlag, CAPICOM_KEY_LOCATION
    2). Signer KeyLocation)

    978-1-935068-01-3 © 2009 SciRes. 468


    Proceedings of 14th Youth Conference on Communication

    void Display() E = 4,
    4). Certificates CAPICOM_CERTIFICATE_FIND_EXTENSION = 5,
    int Count { get; } CAPICOM_CERTIFICATE_FIND_EXTENDED_PRO
    Certificates PERTY = 6,
    Find(CAPICOM_CERTIFICATE_FIND_TYPE CAPICOM_CERTIFICATE_FIND_APPLICATION_P
    OLICY = 7,
    FindType, object varCriteria, bool
    CAPICOM_CERTIFICATE_FIND_CERTIFICATE_PO
    bFindValidOnly) LICY = 8,
    Certificates Select(string Title, string CAPICOM_CERTIFICATE_FIND_TIME_VALID = 9,
    DisplayString, bool bMultiSelect) CAPICOM_CERTIFICATE_FIND_TIME_NOT_YET_
    5). HashedData VALID = 10,
    string Value { get; } CAPICOM_CERTIFICATE_FIND_TIME_EXPIRED =
    CAPICOM_HASH_ALGORITHM Algorithm 11,
    { get; set; } CAPICOM_CERTIFICATE_FIND_KEY_USAGE =
    void Hash(string newVal) 12, }
    6). SignedData public enum CAPICOM_HASH_ALGORITHM
    string Content { get; set; } { CAPICOM_HASH_ALGORITHM_SHA1 = 0,
    CAPICOM_HASH_ALGORITHM_MD2 = 1,
    Certificates Certificates { get; }
    CAPICOM_HASH_ALGORITHM_MD4 = 2,
    string Sign(ISigner pSigner, bool bDetached, CAPICOM_HASH_ALGORITHM_MD5 = 3,
    CAPICOM_ENCODING_TYPE EncodingType) }
    void Verify(string SignedMessage, bool public enum CAPICOM_ENCODING_TYPE
    bDetached, { CAPICOM_ENCODE_ANY = -1,
    CAPICOM_SIGNED_DATA_VERIFY_FLAG CAPICOM_ENCODE_BASE64 = 0,
    VerifyFlag) CAPICOM_ENCODE_BINARY = 1,
    (7). public enum CAPICOM_STORE_LOCATION }
    { public enum
    CAPICOM_MEMORY_STORE = 0, CAPICOM_SIGNED_DATA_VERIFY_FLAG
    CAPICOM_LOCAL_MACHINE_STORE = 1,
    { CAPICOM_VERIFY_SIGNATURE_ONLY = 0,
    CAPICOM_CURRENT_USER_STORE = 2,
    CAPICOM_ACTIVE_DIRECTORY_USER_STORE = CAPICOM_VERIFY_SIGNATURE_AND_CERTIFIC
    3, ATE = 1, }
    CAPICOM_SMART_CARD_USER_STORE = 4, 6. The Running Interface of Digital Signa-
    } ture System Based on Digital Certificate
    public enum CAPICOM_STORE_OPEN_MODE
    { CAPICOM_STORE_OPEN_READ_ONLY = 0, The running interface of digital signature system based
    CAPICOM_STORE_OPEN_READ_WRITE = 1, on digital stamp is based on the scientific research fund
    CAPICOM_STORE_OPEN_MAXIMUM_ALLOWED of Hunan provincial education department( 08A009 and
    = 2, 08B015 ) , as shown in Figure 2.
    CAPICOM_STORE_OPEN_EXISTING_ONLY = 128,
    CAPICOM_STORE_OPEN_INCLUDE_ARCHIVED =
    256, }
    public enum CAPICOM_KEY_STORAGE_FLAG
    { CAPICOM_KEY_STORAGE_DEFAULT = 0,
    CAPICOM_KEY_STORAGE_EXPORTABLE = 1,
    CAPICOM_KEY_STORAGE_USER_PROTECTED =
    2, }
    public enum CAPICOM_KEY_LOCATION
    { CAPICOM_CURRENT_USER_KEY = 0,
    CAPICOM_LOCAL_MACHINE_KEY = 1, }
    public enum
    CAPICOM_CERTIFICATE_FIND_TYPE

    { CAPICOM_CERTIFICATE_FIND_SHA1_HASH = 0,
    CAPICOM_CERTIFICATE_FIND_SUBJECT_NAME
    = 1,
    CAPICOM_CERTIFICATE_FIND_ISSUER_NAME =
    2,
    CAPICOM_CERTIFICATE_FIND_ROOT_NAME = 3, Figure 2. The running interface of digital signature
    CAPICOM_CERTIFICATE_FIND_TEMPLATE_NAM system based on digital stamp (a)

    469 978-1-935068-01-3 © 2009 SciRes.


    Proceedings of 14th Youth Conference on Communication

    References [4] Paolini, Christopher P.; Bhattacharjee, Subrata. A web service


    infrastructure for thermochemical data, Journal of Chemical In-
    [1] Eid, Mohamad; Alamri, Atif. A reference model for dynamic formation and Modeling, v48, n7, Jul, 2008.
    web service composition systems. International Journal of Web [5] Treiber, Martin; Dustdar, Schahram. Active web service regis-
    and Grid Services, v4, n2, Jun, 2008. tries, IEEE Internet Computing, v11, n5, Sep, 2007.
    [2] Erickson, John; Siau, Keng. Web services, service-oriented [6] Zhongxiao Hao, Xilong Qu. The Design and realization of Digi-
    computing, and service-oriented architecture: Separating hype tal Signature Based on Digital Stamp. Proceeding of IASP2009.
    Apr, 2009, Taizhou, China.
    from reality. Journal of Database Management, v19, n3.
    [7] Xilong Qu, Wenfang Sun, Jian Feng. Three-layered Resource
    [3] Cui, Lizhen; Yu, Haixu. Method for web services classification.
    Information Integration and Management Model Based on Web
    Journal of Computational Information Systems. V4, n1, Feb, Service in Regional Networked Manufacturing System. Journal
    2008. of Computational Information Systems.v3, n6, 2007.

    978-1-935068-01-3 © 2009 SciRes. 470

    You might also like