The question may sound a bit stupid but I really want to know this.
这个问题可能听起来有点愚蠢,但我真的想知道这一点。
When we download a file, say abc.exe, it is digitally signed with some digital certificate of some organisation. Why do we need to install that certificate? What is the use of it? What if we dont install it?
当我们下载一个文件,比如说abc.exe时,它会用一些组织的某些数字证书进行数字签名。为什么我们需要安装该证书?有什么用?如果我们不安装它会怎么样?
When I run certmgr.msc in my windows system, I see some certificates already installed. What do they mean?
当我在我的Windows系统中运行certmgr.msc时,我看到已经安装了一些证书。他们的意思是什么?
2 个解决方案
#1
0
If you get signed material, you may want to verify the signature.
如果您收到签名材料,则可能需要验证签名。
Digital signatures usually are created using a private key and can be verified using the associated public key.
数字签名通常使用私钥创建,并且可以使用关联的公钥进行验证。
Certificates essentially are transport containers for public keys with some extra information. Thus, to verify signatures you usually need the certificate of the signer.
证书本质上是公钥的传输容器,带有一些额外的信息。因此,要验证签名,您通常需要签名者的证书。
You install certificates to make them known to your system (to allow for signature verification) and to tell your system to trust material signed by the associated private key.
您安装证书以使系统知道它们(以允许签名验证)并告知您的系统信任由相关私钥签名的材料。
As having to install certificates by each and every party you want to trust is too much work, certificates can have hierarchies, some root certificate may be the issuer of multiple other certificates, and by trusting that root you implicitly trust those other certificates the root issued.
由于必须由您想要信任的每一方安装证书太多工作,证书可以具有层次结构,一些根证书可能是多个其他证书的颁发者,并且通过信任该根您隐含地信任根发布的其他证书。
For more details you may want to ask on https://security.stackexchange.com/.
有关详细信息,您可以在https://security.stackexchange.com/上询问。
#2
0
The RSA algorithm used for encryption is used for digital signatures. Use of RSA for a signature is as under:
用于加密的RSA算法用于数字签名。使用RSA签名如下:
1. First, a message digest is calculated.
2. The private key is used to sign the digest of the message.
3. The signature is appended to the message and transmitted to the recipient.
4. The recipient calculates the digest of the received message.
5. Then, verifying the signature requires extracting the signature from the message
and using RSA on the signature with the public key.
6. If the result of the transformation and the newly calculated digest are equal, the signature is valid.
#1
0
If you get signed material, you may want to verify the signature.
如果您收到签名材料,则可能需要验证签名。
Digital signatures usually are created using a private key and can be verified using the associated public key.
数字签名通常使用私钥创建,并且可以使用关联的公钥进行验证。
Certificates essentially are transport containers for public keys with some extra information. Thus, to verify signatures you usually need the certificate of the signer.
证书本质上是公钥的传输容器,带有一些额外的信息。因此,要验证签名,您通常需要签名者的证书。
You install certificates to make them known to your system (to allow for signature verification) and to tell your system to trust material signed by the associated private key.
您安装证书以使系统知道它们(以允许签名验证)并告知您的系统信任由相关私钥签名的材料。
As having to install certificates by each and every party you want to trust is too much work, certificates can have hierarchies, some root certificate may be the issuer of multiple other certificates, and by trusting that root you implicitly trust those other certificates the root issued.
由于必须由您想要信任的每一方安装证书太多工作,证书可以具有层次结构,一些根证书可能是多个其他证书的颁发者,并且通过信任该根您隐含地信任根发布的其他证书。
For more details you may want to ask on https://security.stackexchange.com/.
有关详细信息,您可以在https://security.stackexchange.com/上询问。
#2
0
The RSA algorithm used for encryption is used for digital signatures. Use of RSA for a signature is as under:
用于加密的RSA算法用于数字签名。使用RSA签名如下:
1. First, a message digest is calculated.
2. The private key is used to sign the digest of the message.
3. The signature is appended to the message and transmitted to the recipient.
4. The recipient calculates the digest of the received message.
5. Then, verifying the signature requires extracting the signature from the message
and using RSA on the signature with the public key.
6. If the result of the transformation and the newly calculated digest are equal, the signature is valid.