전자서명의 목적
DESCRIPTION
전자서명의 목적. 서명자 신원확인 (Authentication) : 서명자 확인 위조 불가 (Unforgeable) : 서명자만이 서명문 작성 재사용 금지 (Unusable): 다른 문서에 재사용 불가능 변조 불가 (Unalterable): 내용 수정 불가능 부인 봉쇄 (Non-repudiate): 서명 사실 부인 불가능. 전자서명 생성 / 검증. 공개키 암호기술은 전자서명생성키와 전자서명검증키를 이용해 데이터를 암호화 , 복호화하는 기술이다 . - PowerPoint PPT PresentationTRANSCRIPT
(Unforgeable) :
(Unusable) :
(Unalterable) :
(Non-repudiate) :
*
, .
.
.
–
–
Digest
Encrypted
At the other end, the clear text is seperated from the encrypted digest (the signature). The clear text is run through the same hash function and this generates a new copy of the digest. The encrypted digest is decrypted using the sender’s public key, which yeilds the original digest. You can now compare the original digest with the new version you just created by hashing the clear text. If these two digests match you can tell the following:
- Mrs. Fields was not able to slip an extra teaspoon of nutmeg into the recipe as it was being sent across the Internet. You know that if the digests match, then what you received was not modified in flight.
- Since you decrypted the encrypted digest with the sender’s public key, and you know that the only way that this decryption would work is if the digest was originally encrypted using the sender’s private key, and you know that the only person who has that private key is the sender, then you know:
- The recipe was sent by the sender (signature)
- The sender cannot claim later that they weren’t the one who sent it (non-repudiation)
*
Manipulate
Here is my (manipulator’s) public key
Intercept & manipulate
*
?
, , PKI , .
, .
, security
*
(Certificate)
:
: (Certification Authority) (Certificate)
: X.509 v3
SerialNumber: 0 (decimal)
NotAfter: Thu Dec 31 13:00:00 1999 (991231040000Z)
SubjectKey: Algorithm RSA (OID 1.2.840.113549.1.1.1), NULL
Public modulus (no. of bits = 1024):
0 98A45731 D67EF810 79BC1875 9141180D
10 6225FD20 FA7219EE CCCB3084 3D0E53FD
20 29A58158 A8582A6D 221F652F 7028BEED
30 72324030 98C00534 5573AD5A 9D377E1C
40 1AA0B5B2 EA334CEF 198B1DD3 60BBCC71
50 4AC98312 8798CB28 B9AC5F3D 663BCF4A
60 1BB8E699 DE9AC312 5DDDBDB2 931DA2FE
70 8262C227 7705C6DA 9CDCAA6E 877BA19D
Public exponent (no. of bits = 24):
0 010001
X.509
PUB
Sign
Signature
Pack
Signature
Pack
PUB
Sign
128bit
1986 1
Technical Excellence
1988 National Institute of standards and Technology
ITU-T series X Recommendations :
*
INISignOn Overview
3~5
DB
*
-
- Password
-
- One Time Log-on
[INISignOn] , .
.
, .
.
(Unusable) :
(Unalterable) :
(Non-repudiate) :
*
, .
.
.
–
–
Digest
Encrypted
At the other end, the clear text is seperated from the encrypted digest (the signature). The clear text is run through the same hash function and this generates a new copy of the digest. The encrypted digest is decrypted using the sender’s public key, which yeilds the original digest. You can now compare the original digest with the new version you just created by hashing the clear text. If these two digests match you can tell the following:
- Mrs. Fields was not able to slip an extra teaspoon of nutmeg into the recipe as it was being sent across the Internet. You know that if the digests match, then what you received was not modified in flight.
- Since you decrypted the encrypted digest with the sender’s public key, and you know that the only way that this decryption would work is if the digest was originally encrypted using the sender’s private key, and you know that the only person who has that private key is the sender, then you know:
- The recipe was sent by the sender (signature)
- The sender cannot claim later that they weren’t the one who sent it (non-repudiation)
*
Manipulate
Here is my (manipulator’s) public key
Intercept & manipulate
*
?
, , PKI , .
, .
, security
*
(Certificate)
:
: (Certification Authority) (Certificate)
: X.509 v3
SerialNumber: 0 (decimal)
NotAfter: Thu Dec 31 13:00:00 1999 (991231040000Z)
SubjectKey: Algorithm RSA (OID 1.2.840.113549.1.1.1), NULL
Public modulus (no. of bits = 1024):
0 98A45731 D67EF810 79BC1875 9141180D
10 6225FD20 FA7219EE CCCB3084 3D0E53FD
20 29A58158 A8582A6D 221F652F 7028BEED
30 72324030 98C00534 5573AD5A 9D377E1C
40 1AA0B5B2 EA334CEF 198B1DD3 60BBCC71
50 4AC98312 8798CB28 B9AC5F3D 663BCF4A
60 1BB8E699 DE9AC312 5DDDBDB2 931DA2FE
70 8262C227 7705C6DA 9CDCAA6E 877BA19D
Public exponent (no. of bits = 24):
0 010001
X.509
PUB
Sign
Signature
Pack
Signature
Pack
PUB
Sign
128bit
1986 1
Technical Excellence
1988 National Institute of standards and Technology
ITU-T series X Recommendations :
*
INISignOn Overview
3~5
DB
*
-
- Password
-
- One Time Log-on
[INISignOn] , .
.
, .
.