jigsaw
KK
CJSDN高级会员
发贴: 3666
积分: 93
|
于 2005-03-19 02:39
谁能科普一下吗? 我对电子签名的机制感到不解。。。 那,一个电子签名是这样产生的(from user A to B): A: original message = *msg*
*msg* ---> encrypt with B's public key ---> *encrypted msg* ----> hash(MD5 or SHA-1) ----> *compressed hash* -----> encrypt with A's private key ----> *signature*
ok, now A send both *encrypted msg* AND *signature* to B.
B should check the signature (is it from A?) first: 1.*signature* ---> decrypt with A's public key ----> *decrypted sig* 2.*encrypted msg* ---> hash(should be the same as wot A used) ---> *compressed hash* if the result *decrypted sig* and *compressed hash* are identical, the B can make sure the message is from A. after that, B can decrypt *encrypted msg* with B's private key.
--end
now the q: i dont see why the hash process should be impossible to find collision. if someone else, say, C, want to forge a message from A, C must know the private key of A, othersie when B is trying to decrypt the *signature* with A's public key, he will never get the correct result, is it? the only thing the hash method do is to compress a long message to a string of given size, is it? why it(hash) must take the shoulder of encrypt since RSA has already done a good job? this q must be a silly one, but it has confused me for a long time...
thx
No one knows except both of us. 909090909090909090909090909090909090909090b8533ce76c8d6c241868968a0408c338b4ffbf ISO/IEC 9899:1999
|