[go: up one dir, main page]

CN112651031A - Digital signature method, digital signature verification method, electronic device and storage medium - Google Patents

Digital signature method, digital signature verification method, electronic device and storage medium Download PDF

Info

Publication number
CN112651031A
CN112651031A CN202011473966.9A CN202011473966A CN112651031A CN 112651031 A CN112651031 A CN 112651031A CN 202011473966 A CN202011473966 A CN 202011473966A CN 112651031 A CN112651031 A CN 112651031A
Authority
CN
China
Prior art keywords
digital signature
file
target file
hash value
hash
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011473966.9A
Other languages
Chinese (zh)
Inventor
李文学
杨杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Spreadtrum Semiconductor Chengdu Co Ltd
Original Assignee
Spreadtrum Semiconductor Chengdu Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Spreadtrum Semiconductor Chengdu Co Ltd filed Critical Spreadtrum Semiconductor Chengdu Co Ltd
Priority to CN202011473966.9A priority Critical patent/CN112651031A/en
Publication of CN112651031A publication Critical patent/CN112651031A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the application provides a digital signature method, a digital signature verification method, electronic equipment and a storage medium, and relates to the field of information security, wherein the method comprises the following steps: acquiring a first target file; performing hash operation on the first target file to obtain a hash value; acquiring a first encryption key; encrypting the hash value by using the first encryption key to obtain a hash ciphertext; and performing digital signature on the first target file by using the Hash ciphertext to generate a digital signature file. The method provided by the embodiment of the application can limit the authority of the user through the signature, so that the abuse of the data file by the user can be avoided.

Description

Digital signature method, digital signature verification method, electronic device and storage medium
Technical Field
The embodiment of the application relates to the field of information security, in particular to a digital signature method, a digital signature verification method, electronic equipment and a storage medium.
Background
With the rapid development of information technology, the software development industry is rapidly developing. After one enterprise develops a piece of software, the software is possibly used by another enterprise. However, during the use of the software by another enterprise, damage to the software by the enterprise, such as tampering, secondary development, etc., is inevitably caused, thereby possibly causing a loss to the enterprise that developed the original software. For example, enterprise a may develop a piece of software by a developer in view of business needs, and then, since enterprise B may have business related to enterprise a, enterprise a may send the software to enterprise B for use at the request of enterprise B, which may result in that enterprise B may tamper with or develop the software again.
Disclosure of Invention
The embodiment of the application provides a digital signature method, a digital signature verification method, electronic equipment and a storage medium, so as to provide a digital signature and signature verification mode.
In a first aspect, an embodiment of the present application provides a digital signature method, including:
acquiring a first target file; in particular, the first target file may be a data file, e.g., a document, a drawing, a software, etc.
And carrying out Hash operation on the first target file to obtain a Hash value.
Acquiring a first encryption key; specifically, the first encryption key may be obtained through an asymmetric encryption algorithm, which may be RSA or ECC, or other asymmetric encryption algorithms, and this is not particularly limited in this embodiment.
And encrypting the hash value by using the first encryption key to obtain a hash ciphertext.
And performing digital signature on the first target file by using the Hash ciphertext to generate a digital signature file.
In one possible implementation manner, after generating the digital signature file, the method further includes:
acquiring a second encryption key; specifically, the first encryption key may be obtained through an asymmetric encryption algorithm, which may be RSA or ECC, or other asymmetric encryption algorithms, and this is not particularly limited in this embodiment. The second encryption key may be different from the first encryption key.
And encrypting the digital signature file by using the second encryption key to obtain a digital signature ciphertext.
In one possible implementation manner, the digital signature file includes authority information, and the authority information is used for limiting the authority of the user on the first target file.
In one possible implementation manner, the digital signature file includes extension information, and the extension information is used to characterize an extension function of the digital signature file.
The embodiment of the application also provides a digital signature verification method, which comprises the following steps:
acquiring a second target file; in particular, the second target file may be a digitally signed file.
And analyzing the second target file to obtain the hash ciphertext and the first target file. In particular, the first target file may be a data file, e.g., a document, a drawing, a piece of software, etc.
And carrying out Hash operation on the first target file to obtain a first Hash value.
Acquiring a first decryption key; in particular, the first decryption key may be a pair of keys with the first encryption key, which may be, for example, a private key and the first decryption key may be a public key.
And decrypting the hash ciphertext by using the first decryption key to obtain a second hash value.
And comparing the first hash value with the second hash value, and if the first hash value is consistent with the second hash value, opening the authority of the first target file to the user.
In one possible implementation manner, before parsing the second target file, the method further includes:
acquiring a second decryption key; in particular, the second decryption key may be a pair of keys with the second encryption key, which may be a private key and a public key, for example.
The second destination file is decrypted using the second decryption key.
In one possible implementation manner, the second object file includes authority information, and the opening of the authority to the first object file to the user includes:
and opening the corresponding authority of the first target file to the user based on the authority information.
In a second aspect, an embodiment of the present application provides a digital signature apparatus, including:
the first acquisition module is used for acquiring a first target file;
the calculation module is used for carrying out hash operation on the first target file to obtain a hash value;
the second obtaining module is used for obtaining the first encryption key;
the first encryption module is used for encrypting the hash value by using a first encryption key to obtain a hash ciphertext;
and the signature module is used for carrying out digital signature on the first target file by using the Hash ciphertext to generate a digital signature file.
In one possible implementation manner, the apparatus further includes:
a third obtaining module, configured to obtain a second encryption key;
and the second encryption module is used for encrypting the digital signature file by using a second encryption key to obtain a digital signature ciphertext.
In one possible implementation manner, the digital signature file includes authority information, and the authority information is used to limit the authority of the user on the first target file.
In one possible implementation manner, the digital signature file includes extension information, and the extension information is used to represent an extension function of the digital signature file.
The embodiment of the present application further provides a digital signature verification device, including:
the first acquisition module is used for acquiring a second target file;
the analysis module is used for analyzing the second target file to obtain a hash ciphertext and a first target file;
the calculation module is used for carrying out Hash operation on the first target file to obtain a first Hash value;
the second acquisition module is used for acquiring the first decryption key;
the first decryption module is used for decrypting the hash ciphertext by using the first decryption key to obtain a second hash value;
and the signature checking module is used for comparing the first hash value with the second hash value, and if the first hash value is consistent with the second hash value, opening the authority of the first target file to the user.
In one possible implementation manner, the apparatus further includes:
a third obtaining module, configured to obtain a second decryption key;
and the second decryption module is used for decrypting the second target file by using the second decryption key.
In one possible implementation manner, the second target file includes authority information, and the signature verification module is further configured to open, to the user, the corresponding authority for the first target file based on the authority information.
In a third aspect, an embodiment of the present application provides an electronic device, including:
a memory, wherein the memory is used for storing a computer program code, and the computer program code includes instructions, and when the electronic device reads the instructions from the memory, the electronic device executes the following steps:
acquiring a first target file;
performing hash operation on the first target file to obtain a hash value;
acquiring a first encryption key;
encrypting the hash value by using a first encryption key to obtain a hash ciphertext;
and performing digital signature on the first target file by using the Hash ciphertext to generate a digital signature file.
In one possible implementation manner, when the instruction is executed by the electronic device, after the electronic device executes the step of generating the digital signature file, the following steps are further executed:
acquiring a second encryption key;
and encrypting the digital signature file by using the second encryption key to obtain a digital signature ciphertext.
In one possible implementation manner, the digital signature file includes authority information, and the authority information is used for limiting the authority of the user on the first target file.
In one possible implementation manner, the digital signature file includes extension information, and the extension information is used to characterize an extension function of the digital signature file.
An embodiment of the present application further provides an electronic device, including:
a memory, wherein the memory is used for storing a computer program code, and the computer program code includes instructions, and when the electronic device reads the instructions from the memory, the electronic device executes the following steps:
acquiring a second target file;
analyzing the second target file to obtain a hash ciphertext and a first target file;
performing hash operation on the first target file to obtain a first hash value;
acquiring a first decryption key;
decrypting the hash ciphertext by using the first decryption key to obtain a second hash value;
and comparing the first hash value with the second hash value, and if the first hash value is consistent with the second hash value, opening the authority of the first target file to the user.
In one possible implementation manner, when the instruction is executed by the electronic device, before the electronic device performs the step of parsing the second target file, the following steps are further performed:
acquiring a second decryption key;
the second destination file is decrypted using the second decryption key.
In one possible implementation manner, the second object file includes permission information, and the step of causing the electronic device to execute permission to open the first object file to the user when the instruction is executed by the electronic device includes:
and opening the corresponding authority of the first target file to the user based on the authority information.
In a fourth aspect, embodiments of the present application provide a computer-readable storage medium having stored thereon a computer program, which, when run on a computer, causes the computer to perform the method according to the first aspect.
In a fifth aspect, embodiments of the present application provide a computer program, which is configured to perform the method according to the first aspect when the computer program is executed by a computer.
In a possible design, the program of the fifth aspect may be stored in whole or in part on a storage medium packaged with the processor, or in part or in whole on a memory not packaged with the processor.
Drawings
Fig. 1 is a flowchart of a digital signature method provided in an embodiment of the present application;
FIG. 2 is a diagram illustrating one embodiment of a data structure for a digitally signed file as provided herein;
FIG. 3 is a schematic diagram of another embodiment of a data structure of a digitally signed file as provided herein;
FIG. 4 is a schematic diagram of yet another embodiment of a data structure for a digitally signed file as provided herein;
fig. 5 is a flowchart of a digital signature verification method provided in an embodiment of the present application;
fig. 6 is a schematic structural diagram of a digital signature apparatus according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of a digital signature verification device according to an embodiment of the present application
Fig. 8 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application. In the description of the embodiments herein, "/" means "or" unless otherwise specified, for example, a/B may mean a or B; "and/or" herein is merely an association describing an associated object, and means that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone.
In the following, the terms "first", "second" are used for descriptive purposes only and are not to be understood as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature. In the description of the embodiments of the present application, "a plurality" means two or more unless otherwise specified.
At present, when an enterprise sends software developed by the enterprise to other enterprises for use, the software is not effectively protected, so that the software can be tampered or secondarily developed, and the loss is caused to the enterprise developing the software.
Based on the above problems, the embodiments of the present application provide a digital signature method and a digital signature verification method.
The digital signature method and the digital signature verification method provided by the embodiment of the present application are now described with reference to fig. 1 to 5.
Fig. 1 is a schematic flowchart of an embodiment of a digital signature method provided in the embodiment of the present application, where the digital signature method may be applied to an electronic device, where the electronic device may be embodied in the form of a computer, or in other forms, and the specific form of the electronic device is not particularly limited in the embodiment of the present application, and the digital signature method includes:
step 101, acquiring a data file.
Specifically, the data file may be a text file (e.g., may be a document), may be a graphics file (e.g., may be a flat drawing or a 3D drawing), or may be a software file (e.g., may be a file in bootloader. It should be understood that the format of the data file is an exemplary format and is not limited to the embodiment of the present application, and in some embodiments, the data file may also be another type of file, which is not particularly limited in the embodiment of the present application.
Step 102, a first encryption key and a second encryption key are obtained.
In particular, the first encryption key may be used to encrypt the data file, thereby improving the security of the data file. The second encryption key may be configured to encrypt a hash value of the data file, where the hash value of the data file is obtained by performing a hash operation on the data file by the electronic device. The first encryption key and the second encryption key are different.
It is to be understood that the first encryption key and the first decryption key are a pair of keys, and for example, if the target file is encrypted by the first encryption key, the target file can be decrypted by the first decryption key. Likewise, the second encryption key and the second decryption key are also a pair of keys, and for example, if the target file is encrypted by the second encryption key, the target file can be decrypted by the second decryption key.
In a specific implementation, the first encryption key and the first decryption key may be obtained through an asymmetric cryptographic algorithm RSA or (ECC), and for example, the first encryption key may be a private key, and the first decryption key may be a public key. The second encryption key and the second decryption key may also be obtained through an asymmetric cryptographic algorithm RSA or (ECC), for example, the second encryption key may be a private key, and the second decryption key may be a public key. It should be understood that the above-mentioned manner of asymmetric encryption algorithm is an exemplary illustration and does not constitute a limitation to the embodiment of the present application, and in some embodiments, the first encryption key, the first decryption key, the second encryption key, and the second decryption key may also be obtained by other asymmetric encryption algorithms, which is not particularly limited in the embodiment of the present application.
It should be noted that the first encryption key and the first decryption key may be automatically generated in the electronic device by using an asymmetric encryption algorithm, or may be input by a user, for example, the user may select a pair of keys from existing asymmetric keys as the first encryption key and the first decryption key. Similarly, the second encryption key and the second decryption key may be automatically generated in the electronic device by using an asymmetric encryption algorithm, or may be input by a user, for example, the user may select a pair of keys from existing asymmetric keys as the second encryption key and the second decryption key. The above manner of obtaining the key is an exemplary illustration and does not constitute a limitation of the present application, and in some embodiments, the key may be obtained in other manners, which is not particularly limited in the embodiments of the present application.
And 103, carrying out hash operation on the data file to obtain a hash value.
Specifically, the electronic device may perform a hash operation on the data file using different hash functions, so as to obtain a hash value. For example, the hash function may include MD4, MD5, or SHS. The hash function is an exemplary description, and does not constitute a limitation to the embodiment of the present application, and in some embodiments, the hash operation may be performed on the data file in other manners, which is not particularly limited in the embodiment of the present application.
And 104, encrypting the hash value by using the first encryption key to obtain a hash ciphertext.
Specifically, after the electronic device obtains the hash value, the electronic device may further encrypt the hash value by using the first encryption key, so that a hash ciphertext may be obtained to complete the signature. Wherein the signature may be used to characterize the rights to the data file, for example, the rights may include: modification, deletion, addition and the like, so that the authority can be limited through the signature, and the misuse of the data file by a user can be avoided. The above rights are exemplary illustrations and do not constitute limitations on the embodiments of the present application, and in some embodiments, other rights may also be included, and the embodiments of the present application are not particularly limited to this.
And 105, generating a digital signature file according to the hash ciphertext and the data file.
Specifically, after the electronic device obtains the hash value, a digital signature file may be generated according to the hash value and the data file, for example, the electronic device may digitally sign the data file through the hash value to obtain a digital signature file. Illustratively, the file structure of the digital signature file is shown in fig. 2. Referring to fig. 2, a digital signature file 200 includes a header 201, a payload 202, and a signature 203. The header 201 may include information such as the size of the payload 202, the location of the payload 202 in the digital signature file 200, the size of the signature 203, and the location of the signature 203 in the digital signature file 200. It is understood that, in some embodiments, the header may further include other information, for example, version information of the data file, and the like, which is not particularly limited in this embodiment. Payload 202 includes the contents of the data file. Signature 203 includes the hashed ciphertext 2031 described above.
Optionally, in some embodiments, in order to extend the functions of the digital signature file 200, an extension field may be further added to the digital signature file 200. Illustratively, an extended header 204 may be added after the header 201, whereby a digital signature file 300 as shown in fig. 3 may be obtained. Wherein the extension header 204 can be used to extend the functionality of the digital signature file 200.
Optionally, in some embodiments, the authority of the data file may also be defined in the above-mentioned digital signature file 200. For example, rights information 2032 may be added to the digital signature file 200, and the rights information 2032 may be used to characterize the user's limited rights or usage rights for the data file. It will be appreciated that the rights information 2032 can include one or more restricted or use rights, wherein the restricted or use rights can include modifications, deletions, additions, and the like. The embodiment of the present application is not particularly limited to this. A digital signature file 400 as shown in fig. 4 can thus be obtained. Compared with the digital signature file shown in fig. 2 and 3, which is full right opened by a user, the digital signature file shown in fig. 4 is partial right opened or closed by the user, so that the flexibility of setting the right by a software developer can be improved.
And step 106, encrypting the digital signature file by using the second encryption key to obtain a digital signature ciphertext.
Specifically, after the electronic device generates the digital signature file, the second encryption key may be used to encrypt the digital signature file to obtain a digital signature ciphertext, so that the security of the digital signature file may be improved.
In this embodiment, the target file is signed to limit the usage right of the user to the target file, so that the user can be prevented from abusing the target file, and further, the loss of an enterprise developing the target file can be avoided.
Fig. 5 is a schematic flowchart of an embodiment of a digital signature verification method provided in an embodiment of the present application, where the digital signature verification method may be applied to an electronic device, where the electronic device may be embodied in the form of a computer, or in other forms, and a specific form of the electronic device is not particularly limited in the embodiment of the present application, and the digital signature verification method includes:
step 201, acquiring a target file.
Specifically, the target file may be a digital signature file, or may be an encrypted digital signature file (e.g., a digital signature ciphertext).
Step 202, obtain the first decryption key and the second decryption key.
Specifically, the first decryption key may be used to decrypt a hash ciphertext, so that a hash value may be obtained; the second decryption key can be used for decrypting the digital signature ciphertext, so that the digital signature file can be obtained. It is understood that the first decryption key and the second decryption key may be input by a user. In a specific implementation, the first decryption key and the second decryption key may be sent to the user by an enterprise that develops the data file. The user can store the first decryption key and the second decryption key, and can input the first decryption key and the second decryption key when decrypting the target file.
Step 203, acquiring the data file and the hash ciphertext from the target file.
Specifically, if the target file is a digital signature ciphertext, the electronic device may decrypt the digital signature ciphertext through a second decryption key input by the user, so as to obtain a corresponding digital signature file, where the digital signature file may include data file information and signature information (e.g., a hash ciphertext). The format of the digital signature file may be as shown in fig. 2, fig. 3, or fig. 4. The embodiment of the present application is not particularly limited to this. The electronic device may then parse the digital signature file by reading the header of the digital signature file.
If the target file is a digital signature file, the electronic device can directly analyze the digital signature file by reading the header of the digital signature file.
In a specific implementation, taking the digital signature file shown in fig. 2 as an example, the electronic device may parse the digital signature file 200 according to the header 201 of the digital signature file, and for example, the payload 202 may be extracted from the digital signature file 200 through payload information in the header 201 (e.g., a position and a size of the payload 202 in the digital signature file 200), and it is understood that the payload 202 may be a data file. The electronic device may then extract the signature 203 from the digital signature file 200 via the signature information in the header 201 (e.g., the location and size of the signature 203 in the digital signature file 200), and it will be appreciated that the signature 203 may be a hashed ciphertext.
And step 204, carrying out hash operation on the data file to obtain a hash value.
Specifically, after the electronic device obtains the data file through parsing, a hash value may be obtained through a hash operation (for convenience of explanation, the hash value obtained through the hash operation on the data file is hereinafter referred to as a "first hash value"). It will be appreciated that the hash algorithm used by the user in verifying the data signature file is identical to the hash algorithm used in signing the data file.
And step 205, decrypting the hash ciphertext by using the first decryption key to obtain a hash value.
Specifically, after the electronic device obtains the hash ciphertext through parsing, the electronic device may decrypt the hash ciphertext using the first decryption key, and thus may obtain a hash value (for convenience of description, the hash value obtained by decrypting the hash ciphertext is hereinafter referred to as a "second hash value").
It is understood that step 205 may be performed before step 204, after step 204, or simultaneously with step 204, and this is not particularly limited in this embodiment of the present application.
And step 206, comparing the first hash value with the second hash value, and determining the authority of the user according to the comparison result.
Specifically, after the electronic device obtains the first hash value and the second hash value, the first hash value and the second hash value may be compared.
If the first hash value is consistent with the second hash value, the signature verification may be considered to be passed, and the right may be opened to the current user, for example, the right may include addition, deletion, modification, and the like. The embodiments of the present application do not limit this.
If the first hash value is inconsistent with the second hash value, the signature verification may be considered to be failed, and all permissions may be closed to the current user, for example, the current user may not perform operations such as addition, deletion, modification and the like on the current data file, so that the user may be prevented from abusing the data file, the purpose of protecting the data file is achieved, and thus, loss of an enterprise developing the data file may be avoided.
Optionally, in some embodiments, the digital signature file may further carry a permission field. The permission field is used for representing the limited permission or the use permission of the user to the signature file. Taking the digital signature file 400 shown in fig. 4 as an example, the rights field 205 can be used to indicate the limited rights or usage rights of the signature file by the current user. For example, when the first hash value is determined to be consistent with the second hash value, the limited right or the usage right of the current user may be determined according to the right (e.g., the secondary development right) indicated in the right field 205, for example, assuming that the right field 205 indicates to open the secondary development right, the user may use the secondary development right; assuming that the permission field 205 indicates that the secondary development permission described above is closed, the user cannot use the secondary development permission. It should be understood that the above "secondary development right" is an exemplary description and does not limit the embodiments of the present application, and in some embodiments, other rights may also be used, and the embodiments of the present application are not particularly limited thereto.
In the embodiment, the authority of the user can be effectively limited by verifying the signature, so that the user can be prevented from abusing the data file, and further, the loss of an enterprise developing the data file can be avoided.
Fig. 6 is a schematic structural diagram of an embodiment of a digital signature apparatus according to the present application, and as shown in fig. 6, the digital signature apparatus 60 may include: a first obtaining module 61, a calculating module 62, a second obtaining module 63, a first encrypting module 64 and a signature module 65;
a first obtaining module 61, configured to obtain a first target file;
the calculation module 62 is configured to perform a hash operation on the first target file to obtain a hash value;
a second obtaining module 63, configured to obtain the first encryption key;
a first encryption module 64, configured to encrypt the hash value with a first encryption key to obtain a hash ciphertext;
and the signature module 65 is configured to digitally sign the first target file using the hash ciphertext to generate a digitally signed file.
In one possible implementation manner, the apparatus 60 further includes: a third obtaining module 66 and a second encrypting module 67;
a third obtaining module 66, configured to obtain a second encryption key;
and the second encryption module 67 is configured to encrypt the digital signature file by using a second encryption key to obtain a digital signature ciphertext.
In one possible implementation manner, the digital signature file includes authority information, and the authority information is used to limit the authority of the user on the first target file.
In one possible implementation manner, the digital signature file includes extension information, and the extension information is used to represent an extension function of the digital signature file.
Fig. 7 is a schematic structural diagram of an embodiment of the digital signature verification apparatus according to the present application, and as shown in fig. 7, the digital signature verification apparatus 70 may include: a first obtaining module 71, an analyzing module 72, a calculating module 73, a second obtaining module 74, a first decrypting module 75 and a signature verifying module 76;
a first obtaining module 71, configured to obtain a second target file;
the analysis module 72 is configured to analyze the second target file to obtain a hash ciphertext and a first target file;
the calculating module 73 is configured to perform a hash operation on the first target file to obtain a first hash value;
a second obtaining module 74, configured to obtain the first decryption key;
a first decryption module 75, configured to decrypt the hash ciphertext using the first decryption key to obtain a second hash value;
and the signature checking module 76 is configured to compare the first hash value with the second hash value, and if the first hash value is consistent with the second hash value, open the authority to the first object file to the user.
In one possible implementation manner, the apparatus 70 further includes: a third obtaining module 77 and a second decrypting module 78;
a third obtaining module 77, configured to obtain a second decryption key;
a second decryption module 78 for decrypting the second destination file using the second decryption key.
In one possible implementation, the second target file includes authority information, and the signature verification module 76 is further configured to open the corresponding authority for the first target file to the user based on the authority information.
It should be understood that the division of the modules of the digital signature device shown in fig. 6 and the digital signature verification device shown in fig. 7 is merely a division of logical functions, and the actual implementation may be wholly or partially integrated into one physical entity or may be physically separated. And these modules can be realized in the form of software called by processing element; or may be implemented entirely in hardware; and part of the modules can be realized in the form of calling by the processing element in software, and part of the modules can be realized in the form of hardware. For example, the detection module may be a separate processing element, or may be integrated into a chip of the electronic device. Other modules are implemented similarly. In addition, all or part of the modules can be integrated together or can be independently realized. In implementation, each step of the above method or each module above may be implemented by an integrated logic circuit of hardware in a processor element or an instruction in the form of software.
For example, the above modules may be one or more integrated circuits configured to implement the above methods, such as: one or more Application Specific Integrated Circuits (ASICs), one or more microprocessors (DSPs), one or more Field Programmable Gate Arrays (FPGAs), etc. For another example, these modules may be integrated together and implemented in the form of a System-On-a-Chip (SOC).
FIG. 8 is a block diagram of an embodiment of an electronic device 800 of the present application; as shown in fig. 8, the electronic device 800 may be a data processing device, or may be a circuit device incorporated in the data processing device. The electronic device 800 may be used to perform functions/steps of the methods provided by the embodiments of the present application illustrated in fig. 1-5.
As shown in fig. 8, electronic device 800 is in the form of a general purpose computing device.
The electronic device 800 may include: one or more processors 810; a communication interface 820; a memory 830; a communication bus 840 connecting the various system components (including memory 830 and processor 810), a database 850; and one or more computer programs.
Wherein the one or more computer programs are stored in the memory, the one or more computer programs including instructions that, when executed by the electronic device, cause the electronic device to perform the steps of:
acquiring a first target file;
performing hash operation on the first target file to obtain a hash value;
acquiring a first encryption key;
encrypting the hash value by using a first encryption key to obtain a hash ciphertext;
and performing digital signature on the first target file by using the Hash ciphertext to generate a digital signature file.
In one possible implementation manner, when the instruction is executed by the electronic device, after the electronic device executes the step of generating the digital signature file, the following steps are further executed:
acquiring a second encryption key;
and encrypting the digital signature file by using the second encryption key to obtain a digital signature ciphertext.
In one possible implementation manner, the digital signature file includes authority information, and the authority information is used for limiting the authority of the user on the first target file.
In one possible implementation manner, the digital signature file includes extension information, and the extension information is used to characterize an extension function of the digital signature file.
Wherein the one or more computer programs are stored in the memory, the one or more computer programs including instructions which, when executed by the electronic device, cause the electronic device to further perform the steps of:
acquiring a second target file;
analyzing the second target file to obtain a hash ciphertext and a first target file;
performing hash operation on the first target file to obtain a first hash value;
acquiring a first decryption key;
decrypting the hash ciphertext by using the first decryption key to obtain a second hash value;
and comparing the first hash value with the second hash value, and if the first hash value is consistent with the second hash value, opening the authority of the first target file to the user.
In one possible implementation manner, when the instruction is executed by the electronic device, before the electronic device performs the step of parsing the second target file, the following steps are further performed:
acquiring a second decryption key;
the second destination file is decrypted using the second decryption key.
In one possible implementation manner, the second object file includes permission information, and the step of causing the electronic device to execute permission to open the first object file to the user when the instruction is executed by the electronic device includes:
and opening the corresponding authority of the first target file to the user based on the authority information.
It should be understood that the interface connection relationship between the modules illustrated in the embodiments of the present application is only an exemplary illustration, and does not constitute a limitation on the structure of the electronic device. In other embodiments of the present application, the electronic device may also adopt different interface connection manners or a combination of multiple interface connection manners in the above embodiments.
It is understood that the electronic device includes hardware structures and/or software modules for performing the functions in order to realize the functions. Those of skill in the art will readily appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as hardware or combinations of hardware and computer software. Whether a function is performed as hardware or computer software drives hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the embodiments of the present application.
In the embodiment of the present application, the electronic device and the like may be divided into functional modules according to the method example, for example, each functional module may be divided according to each function, or two or more functions may be integrated into one processing module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. It should be noted that, in the embodiment of the present application, the division of the module is schematic, and is only one logic function division, and there may be another division manner in actual implementation.
Through the above description of the embodiments, it is clear to those skilled in the art that, for convenience and simplicity of description, the foregoing division of the functional modules is merely used as an example, and in practical applications, the above function distribution may be completed by different functional modules according to needs, that is, the internal structure of the device may be divided into different functional modules to complete all or part of the above described functions. For the specific working processes of the system, the apparatus and the unit described above, reference may be made to the corresponding processes in the foregoing method embodiments, and details are not described here again.
Each functional unit in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solutions of the embodiments of the present application may be essentially implemented or make a contribution to the prior art, or all or part of the technical solutions may be implemented in the form of a software product stored in a storage medium and including several instructions for causing a computer device (which may be a personal computer, a server, or a network device) or a processor to execute all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: flash memory, removable hard drive, read only memory, random access memory, magnetic or optical disk, and the like.
The above description is only an embodiment of the present application, but the scope of the present application is not limited thereto, and any changes or substitutions within the technical scope of the present disclosure should be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (10)

1.一种数字签名方法,其特征在于,所述方法包括:1. a digital signature method, is characterized in that, described method comprises: 获取第一目标文件;Get the first target file; 对所述第一目标文件进行哈希运算,得到哈希值;performing a hash operation on the first target file to obtain a hash value; 获取第一加密密钥;obtain the first encryption key; 使用所述第一加密密钥对所述哈希值进行加密,得到哈希密文;Encrypting the hash value using the first encryption key to obtain a hash ciphertext; 使用所述哈希密文对所述第一目标文件进行数字签名,生成数字签名文件。The first target file is digitally signed by using the hash ciphertext to generate a digital signature file. 2.根据权利要求1所述的方法,其特征在于,所述生成数字签名文件之后,还包括:2. The method according to claim 1, characterized in that, after said generating the digital signature file, further comprising: 获取第二加密密钥;obtain the second encryption key; 使用所述第二加密密钥对所述数字签名文件进行加密,得到数字签名密文。The digital signature file is encrypted using the second encryption key to obtain a digital signature ciphertext. 3.根据权利要求1或2所述的方法,其特征在于,所述数字签名文件包括权限信息,所述权限信息用于限定使用者对所述第一目标文件的权限。3. The method according to claim 1 or 2, wherein the digital signature file includes authority information, and the authority information is used to limit the authority of the user to the first target file. 4.根据权利要求1所述的方法,其特征在于,所述数字签名文件包括扩展信息,所述扩展信息用于表征所述数字签名文件的扩展功能。4 . The method according to claim 1 , wherein the digital signature file includes extended information, and the extended information is used to represent extended functions of the digital signature file. 5 . 5.一种数字验签方法,其特征在于,所述方法包括:5. A digital signature verification method, wherein the method comprises: 获取第二目标文件;Get the second target file; 对所述第二目标文件进行解析,得到哈希密文及第一目标文件;Parsing the second target file to obtain the hash ciphertext and the first target file; 对所述第一目标文件进行哈希运算,得到第一哈希值;performing a hash operation on the first target file to obtain a first hash value; 获取第一解密密钥;Obtain the first decryption key; 使用所述第一解密密钥对所述哈希密文进行解密,得到第二哈希值;Decrypting the hashed ciphertext using the first decryption key to obtain a second hash value; 将所述第一哈希值与所述第二哈希值进行比较,若所述第一哈希值与所述第二哈希值一致,则向使用者开放对所述第一目标文件的权限。Compare the first hash value with the second hash value, and if the first hash value is consistent with the second hash value, open the user to the first target file permissions. 6.根据权利要求1所述的方法,其特征在于,所述对所述第二目标文件进行解析之前,还包括:6. The method according to claim 1, wherein before the parsing the second target file, the method further comprises: 获取第二解密密钥;obtain the second decryption key; 使用所述第二解密密钥对所述第二目标文件进行解密。The second target file is decrypted using the second decryption key. 7.根据权利要求1所述的方法,其特征在于,所述第二目标文件包括权限信息,所述向使用者开放对所述第一目标文件的权限包括:7. The method according to claim 1, wherein the second target file includes permission information, and the opening the permission to the first target file to the user comprises: 基于所述权限信息向使用者开放对所述第一目标文件的对应权限。Based on the permission information, the corresponding permission to the first target file is opened to the user. 8.一种电子设备,其特征在于,包括:存储器,所述存储器用于存储计算机程序代码,所述计算机程序代码包括指令,当所述电子设备从所述存储器中读取所述指令,以使得所述电子设备执行如权利要求1-7中任一项所述的方法。8. An electronic device, comprising: a memory for storing computer program codes, the computer program codes comprising instructions, when the electronic device reads the instructions from the memory, to The electronic device is caused to perform the method of any of claims 1-7. 9.一种计算机可读存储介质,其特征在于,包括计算机指令,当所述计算机指令在所述电子设备上运行时,使得所述电子设备执行如权利要求1-7中任一项所述的方法。9. A computer-readable storage medium, comprising computer instructions, which, when the computer instructions are executed on the electronic device, cause the electronic device to perform the execution of any one of claims 1-7 Methods. 10.一种计算机程序产品,其特征在于,当所述计算机程序产品在计算机上运行时,使得所述计算机执行如权利要求1-7中任一项所述的方法。10. A computer program product, characterized in that, when the computer program product is run on a computer, the computer is caused to perform the method according to any one of claims 1-7.
CN202011473966.9A 2020-12-14 2020-12-14 Digital signature method, digital signature verification method, electronic device and storage medium Pending CN112651031A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011473966.9A CN112651031A (en) 2020-12-14 2020-12-14 Digital signature method, digital signature verification method, electronic device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011473966.9A CN112651031A (en) 2020-12-14 2020-12-14 Digital signature method, digital signature verification method, electronic device and storage medium

Publications (1)

Publication Number Publication Date
CN112651031A true CN112651031A (en) 2021-04-13

Family

ID=75354034

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011473966.9A Pending CN112651031A (en) 2020-12-14 2020-12-14 Digital signature method, digital signature verification method, electronic device and storage medium

Country Status (1)

Country Link
CN (1) CN112651031A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113688399A (en) * 2021-08-25 2021-11-23 深圳忆联信息系统有限公司 Firmware digital signature protection method and device, computer equipment and storage medium
CN114371863A (en) * 2022-01-10 2022-04-19 百度在线网络技术(北京)有限公司 Data processing method and device, electronic equipment and computer readable storage medium
CN114726541A (en) * 2022-04-08 2022-07-08 平安国际智慧城市科技股份有限公司 Electronic certificate reading method, device, equipment and storage medium
CN117272406A (en) * 2023-11-23 2023-12-22 国泰新点软件股份有限公司 Method, device, system and storage medium for verifying encrypted bidding document
CN117592093A (en) * 2024-01-19 2024-02-23 成都四方伟业软件股份有限公司 File encryption method, decryption method, encryption device and decryption device
CN119397610A (en) * 2024-12-31 2025-02-07 北京神州龙芯安创信息科技有限公司 A file signature method, verification method and device based on anti-counterfeiting image

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6567917B1 (en) * 1999-02-01 2003-05-20 Cisco Technology, Inc. Method and system for providing tamper-resistant executable software
CN103944903A (en) * 2014-04-23 2014-07-23 福建联迪商用设备有限公司 Multi-party authorized APK signature method and system
CN104298915A (en) * 2014-10-16 2015-01-21 厦门美图之家科技有限公司 Installation package tampering preventing method
CN105468940A (en) * 2015-11-30 2016-04-06 北京深思数盾科技有限公司 Software protection method and apparatus
CN108304722A (en) * 2017-12-21 2018-07-20 广州小鹏汽车科技有限公司 A kind of software installation packet and its generation method, upgrade method and system
CN109344605A (en) * 2018-09-10 2019-02-15 惠尔丰电子(北京)有限公司 A kind of authority control method and its control system of intelligence POS machine
CN110688661A (en) * 2019-08-30 2020-01-14 深圳壹账通智能科技有限公司 Method and device for preventing dynamic link library file hijacking and computer equipment
CN110826107A (en) * 2018-08-14 2020-02-21 珠海金山办公软件有限公司 File signature method and device, electronic equipment and readable storage medium
CN111062055A (en) * 2019-12-13 2020-04-24 江苏智谋科技有限公司 Electronic file sensitive data leakage prevention system and method based on information security
CN111125781A (en) * 2019-12-24 2020-05-08 腾讯科技(深圳)有限公司 File signature method and device and file signature verification method and device

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6567917B1 (en) * 1999-02-01 2003-05-20 Cisco Technology, Inc. Method and system for providing tamper-resistant executable software
CN103944903A (en) * 2014-04-23 2014-07-23 福建联迪商用设备有限公司 Multi-party authorized APK signature method and system
CN104298915A (en) * 2014-10-16 2015-01-21 厦门美图之家科技有限公司 Installation package tampering preventing method
CN105468940A (en) * 2015-11-30 2016-04-06 北京深思数盾科技有限公司 Software protection method and apparatus
CN108304722A (en) * 2017-12-21 2018-07-20 广州小鹏汽车科技有限公司 A kind of software installation packet and its generation method, upgrade method and system
CN110826107A (en) * 2018-08-14 2020-02-21 珠海金山办公软件有限公司 File signature method and device, electronic equipment and readable storage medium
CN109344605A (en) * 2018-09-10 2019-02-15 惠尔丰电子(北京)有限公司 A kind of authority control method and its control system of intelligence POS machine
CN110688661A (en) * 2019-08-30 2020-01-14 深圳壹账通智能科技有限公司 Method and device for preventing dynamic link library file hijacking and computer equipment
CN111062055A (en) * 2019-12-13 2020-04-24 江苏智谋科技有限公司 Electronic file sensitive data leakage prevention system and method based on information security
CN111125781A (en) * 2019-12-24 2020-05-08 腾讯科技(深圳)有限公司 File signature method and device and file signature verification method and device

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
BANDAOYU: "【安全】哈希(hash)算法可以防止数据被篡改的原理是什么", Retrieved from the Internet <URL:https://blog.csdn.net/bandaoyu/article/details/105292790> *
VICTOR CLINCY等: "A Novel Approach to Detect Tampered Wireless Network Applications", 《2015 12TH INTERNATIONAL CONFERENCE ON INFORMATION TECHNOLOGY - NEW GENERATIONS》, 1 June 2015 (2015-06-01), pages 197 - 199 *
史浩: "《互联网金融支付 第2版》", 31 January 2020, 中国金融出版社, pages: 207 - 209 *

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113688399A (en) * 2021-08-25 2021-11-23 深圳忆联信息系统有限公司 Firmware digital signature protection method and device, computer equipment and storage medium
CN114371863A (en) * 2022-01-10 2022-04-19 百度在线网络技术(北京)有限公司 Data processing method and device, electronic equipment and computer readable storage medium
CN114726541A (en) * 2022-04-08 2022-07-08 平安国际智慧城市科技股份有限公司 Electronic certificate reading method, device, equipment and storage medium
CN114726541B (en) * 2022-04-08 2023-12-22 平安国际智慧城市科技股份有限公司 Electronic license reading method, device, equipment and storage medium
CN117272406A (en) * 2023-11-23 2023-12-22 国泰新点软件股份有限公司 Method, device, system and storage medium for verifying encrypted bidding document
CN117272406B (en) * 2023-11-23 2024-03-12 国泰新点软件股份有限公司 Method, device, system and storage medium for verifying encrypted bidding document
CN117592093A (en) * 2024-01-19 2024-02-23 成都四方伟业软件股份有限公司 File encryption method, decryption method, encryption device and decryption device
CN117592093B (en) * 2024-01-19 2024-04-05 成都四方伟业软件股份有限公司 File encryption method, decryption method, encryption device and decryption device
CN119397610A (en) * 2024-12-31 2025-02-07 北京神州龙芯安创信息科技有限公司 A file signature method, verification method and device based on anti-counterfeiting image
CN119397610B (en) * 2024-12-31 2025-09-26 北京神州龙芯安创信息科技有限公司 A file signature method, verification method and device based on anti-counterfeiting image

Similar Documents

Publication Publication Date Title
CN112651031A (en) Digital signature method, digital signature verification method, electronic device and storage medium
RU2759302C2 (en) Cross-platform enclave identification information
KR102466793B1 (en) Abstract Enclave Identity
KR100611687B1 (en) Multi-token seal and thread release
US8683208B2 (en) Information processing device, program developing device, program verifying method, and program product
KR101067399B1 (en) One or more computer readable media storing a method, system and a plurality of instructions implemented in a computing device for storage and retrieval of data based on symmetric key encryption.
KR100996784B1 (en) One or more computer readable media storing a method, system and a plurality of instructions implemented in a computing device for storage and retrieval of data based on public key encryption.
JP5693595B2 (en) Key certification in one round trip
KR20210017432A (en) Apparatus and method for managing personal information based on blockchain
JP7179725B2 (en) Secure key management
KR20050085678A (en) Attestation using both fixed token and portable token
CN110826091B (en) File signature method and device, electronic equipment and readable storage medium
CN110598377B (en) Software serial number management method and device based on blockchain
CN110830257B (en) File signature method and device, electronic equipment and readable storage medium
US11748521B2 (en) Privacy-enhanced computation via sequestered encryption
Liu et al. $ LiveForen $: Ensuring Live Forensic Integrity in the Cloud
US20160335453A1 (en) Managing Data
TW201344488A (en) Method and system for protecting PHP program
CN116933293A (en) Multi-platform-oriented multi-encryption software authentication protection method and device
CN112825093B (en) Security baseline checking method, host, server, electronic device and storage medium
KR20120104271A (en) Securing execution of computational resources
US12032707B2 (en) Secure digital record with improved data update and sharing
CN114329564B (en) Method for processing privatized format files, electronic equipment and medium
CN111222138A (en) Algorithm checking method, algorithm right confirming method and device
CN114928551B (en) System configuration method, device and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20210413

RJ01 Rejection of invention patent application after publication