What is a Digital Signature?
Written by David Youd ,Expanded by LI RuJia
For respecting authentic author, I give all the original text, For reading easily, I expanded it  and  translated it into Chinese

 Bob (Bob’s public key)(Bob’s private key)

Bob has been given two keys. One of Bob’s keys is called a Public Key, the other is called a Private Key.
 Bob’s Co-workers: Anyone can get Bob’s Public Key, but Bob keeps his Private Key to himself Pat Doug Susan

Bob’s Public key is available to anyone who needs it, but he keeps his Private Key to himself. Keys are used to encrypt information. Encrypting information means “scrambling it up”, so that only a person with the appropriate key can make it readable again. Either one of Bob’s two keys can encrypt data, and the other key can decrypt that data.

Susan (shown below) can encrypt a message using Bob’s Public Key. Bob uses his Private Key to decrypt the message. Any of Bob’s coworkers might have access to the message Susan encrypted, but without Bob’s Private Key, the data is worthless.
 “Hey Bob, how about lunch at Taco Bell. I hear they have free refills!” HNFmsEm6Un BejhhyCGKOK JUxhiygSBCEiC 0QYIh/Hn3xgiK BcyLK1UcYiY lxx2lCFHDC/A
 HNFmsEm6Un BejhhyCGKOK JUxhiygSBCEiC 0QYIh/Hn3xgiK BcyLK1UcYiY lxx2lCFHDC/A “Hey Bob, how about lunch at Taco Bell. I hear they have free refills!”

With his private key and the right software, Bob can put digital signatures on documents and other data. A digital signature is a “stamp” Bob places on the data which is unique to Bob, and is very difficult to forge. In addition, the signature assures that any changes made to the data that has been signed can not go undetected.
 To sign a document, Bob’s software will crunch down the data into just a few lines by a process called “hashing”. These few lines are called a message digest. (It is not possible to change a message digest back into the original data from which it was created.)

Bob’s software then encrypts the message digest with his private key. The result is the digital signature.

Finally, Bob’s software appends the digital signature to document. All of the data that was hashed has been signed.

Bob now passes the document on to Pat.
 First, Pat’s software decrypts the signature (using Bob’s public key) changing it back into a message digest. If this worked, then it proves that Bob signed the document, because only Bob has his private key. Pat’s software then hashes the document data into a message digest. If the message digest is the same as the message digest created when the signature was decrypted, then Pat knows that the signed data has not been changed.
Plot complication…
 Doug (our disgruntled employee) wishes to deceive Pat. Doug makes sure that Pat receives a signed message and a public key that appears to belong to Bob. Unbeknownst to Pat, Doug deceitfully sent a key pair he created using Bob’s name. Short of receiving Bob’s public key from him in person, how can Pat be sure that Bob’s public key is authentic?

It just so happens that Susan works at the company’s certificate authority center. Susan can create a digital certificate for Bob simply by signing Bob’s public key as well as some information about Bob.
 Bob Info:     Name     Department     Cubical NumberCertificate Info:     Expiration Date     Serial NumberBob’s Public Key:

Now Bob’s co-workers can check Bob’s trusted certificate to make sure that his public key truly belongs to him. In fact, no one at Bob’s company accepts a signature for which there does not exist a certificate generated by Susan. This gives Susan the power to revoke signatures if private keys are compromised, or no longer needed. There are even more widely accepted certificate authorities that certify Susan.

Let’s say that Bob sends a signed document to Pat. To verify the signature on the document, Pat’s software first uses Susan’s (the certificate authority’s) public key to check the signature on Bob’s certificate. Successful de-encryption of the certificate proves that Susan created it. After the certificate is de-encrypted, Pat’s software can check if Bob is in good standing with the certificate authority and that all of the certificate information concerning Bob’s identity has not been altered.

Pat’s software then takes Bob’s public key from the certificate and uses it to check Bob’s signature. If Bob’s public key de-encrypts the signature successfully, then Pat is assured that the signature was created using Bob’s private key, for Susan has certified the matching public key. And of course, if the signature is valid, then we know that Doug didn’t try to change the signed content.
Although these steps may sound complicated, they are all handled behind the scenes by Pat’s user-friendly software. To verify a signature, Pat need only click on it.

1，对称密钥系统加密和解密用同一个密钥，密钥长度较短，传输熟读较快，常常用于在建立连接后的内容加密
如下图所示;典型的算法，DES（核心思想是替换加密和转换加密），三重DES

—————————————————————————————
2，非对称密钥系统，也称为公钥加密,它使用一对密钥，包括一个公钥（ Public Key ）和一个私钥（ Private Key ）。
主要作用是认证，典型有算法RSA，背包算法，如下图所示

—————————————————————————————

—————————————————————————————

通俗点将就是：通过非对称加密，获取对称加密的密钥，如下图所示：

1.将信息和信息的散列值一同发给收件人
2.收件人收到信息，通过相同的散列算法，计算出另一个散列值
3将两个散列值进行比较，如果相同，则说明在传输过程中未出现丢失，信息是完整的

—————————————————————————————

—————————————————————————————

1.对发送者者内容进行散列

获取发送内容的哈希值，确保完整性
—————————————————————————————
2，对这个散列值进行加密（用发送者的私钥）记住一个原则，私钥加密，公钥解密不安全，但是可以用于身份验证

—————————————————————————————
3.将数字签名（用发送者私钥加密的发送内容的哈希值），附加在发送的内容中生成一个明文A，一起进行发送

—————————————————————————————
4.对明文A，用接收者的公钥进行加密生成密文B，进行发送
5.接受者在收到密文B后，用自己的私钥进行解密，还原成明文Ａ

6.接受者从还原的明文A中，抽取中签名，然后对签名用发送者的公钥进行解密得到一个散列值Ｆ，如果能得到说明，

—————————————————————————————

本文曾经出现我之前的博客中： <http://lirujia00.iteye.com/blog/1731309>

your support will encourage me to continue to create!
版权声明:自由转载-非商用-非衍生-保持署名(创意共享3.0许可证)