The Solution Of Making An Electronic Seal Based On Cryptology And Digital Signature

Jilin Subsidiary firm of China mobile must verify the financial report of its own subsidiary firms every month. After the verification, Jilin Subsidiary firm needs to sign and stamp, than sending back to its subsidiary firms again. Because the number of the report could be several thousand, so it is a waste in terms of labor and wealth. Therefore China Mobile Firm needs a soft which could deal with signature and stamping on batch. The soft could publish the report on the net which need to verify after dealing with in order to be down load to read by those subsidiary firms.This software should have several functions below:1. Dealing with all the documents on batch which are under the certain contents2. The seal could offer information about the people who affixed it, affixing date and other information about it.3. The electronic seal should have anti-revision character. That is to say, it will show mention information when you browse it again once it was revised.4. The article which was affixed electronic seal should be affirmed the reality. According to the analyses and study for the reality problem, I have offered a solution that combine the cryptography, PKI foundation facility and digital signature and have achieved the making of the software.The solution encryption on digit through packaging the secret key. Because it is deal with documents on batch, therefore the speed of affixing will affect the procedure's reality which was ensured by packaging the secret key.Packaging the secret key is combining the solution about the symmetrical and asymmetrical and develops the advantage. The so called symmetrical is adding and solving manner is the same or it's very easy to referent one based on another. The character is as follows.Advantages:1. The encryption efficiency is high, the hardware realization may amount to each second several hundred bytes (software realization is slower )2. The secrete key is comparatively short.3. It can be used to construct all kinds of secrete code system.4. It can be used to construct a high quality secrete code.Disadvantages:1. Both sides of communicator need to keep the secrecy of the secrete key2. In the large scale net system, every user needs a lot of secrete key.3. Secrete key needs to be changed frequently for safe.Asymmetrical encryption refers to that encryption and decryption are independent to each other. It is impossible for us to get one of them under the situation of known another, for it needs absolutely calculation complexity. Usually we can change it to a process which is to find the solution of a mathematical problem. E.g. the realization of RSA, which is the hottest calculation method, is as follows:Every entity has its own public key (n, e) and pirate key p, q, d . p, q are two big prime number , n=p*q,e*d = 1 modφ(n),obviously e meets gcd(e,φ(n))=1。Entity B'encryption information m, sending the secrete document to entity A in the public letter. When entity A receives the secrete document it will decrypt the secrete code of it. The detail progress is as follows: Encryption calculation:The detail operation of entity B:1. Getting the real public key of entity A (n ,e)2. Changing the information into integer m, m,0≤m≤n-1.3. Calculating C = E~k (m) = m~e mod n.4. Sending the secrete C to entity A.Decryption calculation:When the entity A received secrete document C, then it uses its own private key d to calculate m= D_k(C)= C_d mod n,m∈Z n。The feature of asymmetry encryption calculation is as follows: Advantages:1. In the large-scale net system, every user needs few secrete key.2. It requires less trusty to the credible third part who changes the public key, and this process can be done under the off line situation.3. Only the private key needs to maintain its secrecy, however, the public key just requires it's authentic to be kept.Disadvantages:1. The speed of encrypting to public key is usually very much slower than to symmetrical secrecy key.2. The length of the scheme which belongs to encrypting to public key is longer than the length of secrecy key which belongs to symmetrical encryption.3. The scheme of encrypting to public key is not proved to be safe.To conclude, the obvious disadvantage of encryption calculation is its speed. This can be made up b the symmetrical encryption calculation, for its speed is fast.However, the disadvantage of symmetrical encryption calculation is that it is uncertain if it can maintain secrecy of the secrete key.This problem can be made up by the un-relativity of the public key and private key, which belong to the asymmetrical encryption calculation. E.g. if we want to encrypt the document, we can encrypt it by using symmetrical encryption calculation at first. After that we will get a secrete document E (m), then we use secrete key K to encrypt it by using the asymmetrical encryption calculation. For the length of K is usually short, hence although we have used the asymmetrical encryption calculation to encrypt it, time consuming won't occur.The unchangeable feature if the original document can be completed by the function HASH encryption. The feature of it is as follows:1. Compression: no matter how long the data is, the length of the abstract which is been calculated out are all the same.2. Easy to calculate: it is easy to calculate the abstract out from the original data.3. Anti-modification: although a simple change of the original data, even if one char change , the outcome would be totally different.4. It is hard to calculate under the situation that we have known the original data and abstract ,then want to find a similar abstract'data.(counterfeited data)5. It is hard to find out tow different data who share the same abstract. Use function HASH to calculate, we can get"abstract 1", and then use one's private key to encrypt"abstract 1". When the other side received the secrete document, while it should use the function HASH to calculate out the"abstract 2".At the same, time use public key of the sending part to decrypt the secrete code of"abstract 1". Making comparison of"abstract 1"and"abstract 2", if they are the same , it proves that the document had not been modified, meanwhile, it can check the identity of the sending part . This process is called digital signature.This solution scheme needs to apply electronic certificate and a pair of RSA secrete key from a center who has the legalized qualification of CA. Insert the electronic certificate and RSA secrete key into signature and stamping program separately, then mutual-legalize and mutual-distinguish can be brought out. They are recorded as KEY1 and KEY2 separately.Detail explanation of the signing and stamping process:1. At the beginning, read the document information which is signed and stamped.2. Reading the information of the used signature and the official seal.3. Making sure the identities of the people who have signed and stamped, and at the same time make record of it.4. Encrypting the above data by using 3-DES encryption calculation, for the quantity of the information is not too much; at the same time the 3-DES is fast, hence, this process is very quick.5. Using KEYI to add code to the secrete key which is used by 3-DES by using RSA code adding calculation.6. Using SHAI calculation to calculate the information and the information of secrete key, both of them are been encrypted, then we get the HASH-value.7. Using KEYI to encrypt the HASH-value by using RSA encryption calculation. This process uses KEI1 to fulfill the digital signature.8. Storing the information of document, secrete key and HASH-value, the above items are been encrypted, prepare for checking.Checking process:1. Click"file"—>"open", then we can open any appointed way of document.2.Open one of them, using KEY2 to undo the code of 3-DES which is encrypted by KEI1, then we can get a HASH value. At the same time use SHAI calculation to calculate the document information which is encrypted by RSA, then getting another HASH-value. , if the HASH-value are not the same, it means it has been modified while after the progress of signing and stamping. It will report the wrong information.Attention please: the program had not decrypted the secrete code of the document information. Hence, it will not only save time but also will guarantee the safety of the information, making it not be interpreted and be captured when it was in the memory.3. If the above progress has been passed through, then using KIY2 to decrypted the secrete code of the 3-DES's secrete key, which is encrypted by RSA calculation. At last, using the secrete key, whose secrete code was undone during the above process, to undo the secrete code, and then the original data of the document information can be got.