Federal Communications Agency. Federal Communications Agency Digital Signature Verification c# implementation
__________________________________________________________
State educational institution
Higher professional education
"ST. PETERSBURG
STATE UNIVERSITY OF TELECOMMUNICATIONS
them. prof. M.A. BONC-BRUEVICH"
__________________________________________________________________________________________
V.P. Gribachev
Textbook for laboratory work on information security.
St. Petersburg
Lab #1
The study of the crypto-algorithm of encryptionRSA.
Objective.
Study of the structure of the algorithm and methods of practical implementation of the RSA encryption cryptosystem.
The RSA cryptosystem was developed by Ronald Rivest, Adi Shamir and Leonard Adleman in 1972. The system was named after the first letters of their last names. Despite recent reports of individual attempts at successful cryptanalysis of this algorithm, RSA is still one of the most common cryptalgorithms. RSA support is built into most common browsers (Firefox, IE), there are RSA plugins for Total Commandera and some other ftp clients. In our country, the algorithm is not certified.
RSA belongs to the class of two-key cryptosystems. This means that the algorithm uses two keys - public (Public) and secret (Private).
The public key and its corresponding secret together form a key pair (Keypair). The public key does not need to be kept secret. In the general case, it is published in open reference books and is available to everyone. A message encrypted with the public key can only be decrypted with the corresponding paired private key, and vice versa.
RSA security is based on the problem of factoring or factoring two large numbers, the product of which forms the so-called RSA module. Factoring allows you to reveal the secret key, as a result of which it becomes possible to decrypt any secret message encrypted on this key. However, at present it is considered not mathematically proven that in order to restore the plaintext from the encrypted one, it is imperative to decompose the module into factors. Perhaps in the future there will be a more efficient way to cryptanalyze RSA, based on other principles.
Thus, the cryptographic strength of RSA is determined by the module used.
To ensure a sufficient degree of cryptographic strength, it is currently recommended to choose the RSA module length of at least 1024 bits, and due to the rapid progress of computer technology, this value is growing all the time.
Data Encryption Algorithm DiagramRSA
Choose two random prime numbers ( p and q) and calculate the modulus:
The Euler function is calculated: φ (n)=(p-1)(q-1);
A secret key is randomly selected e, while the condition of mutual simplicity of numbers must be satisfied e and φ (n).
The decryption key is calculated by the formula:
ed = 1 mod φ (n);
notice, that d and n must also be relatively prime numbers.
For encryption, it is necessary to break the message into blocks of the same length. The number of bits in the block must match the number of bits in the module n.
Encryption of the message block is carried out according to the formula:
C i =M i e mod n
Decryption of each block c i carried out according to the formula:
M i = C i d mod n
Choice d as a public key, and e as a secret is completely conditional. Both keys are completely equal. As a public key, you can take e, and as a closed d.
Encryption example:
Choose R= 7 , q = 13 , module n = pq = 7 13 = 91;
Calculate the Euler function φ (n) = (p-1)(q-1) = (7-1)(13-1) = 72;
Taking into account the conditions of GCD( e, φ (n)) = 1 and 1< e ≤ φ (n), choose a secret key e = 5;
Based on the condition ed = 1 mod φ (n), calculate the paired secret key 5·d = 1 mod 72 , using the extended Euclid algorithm, we find the public key d = 29;
We take an open message m = 225367 and break it into blocks of the same length m 1 = 22, m 2 = 53, m 3 = 67.
We encrypt: With 1 = 22 5 mod 91 = 29, C 2 = 53 5 mod 91 = 79, C 3 = 67 5 mod 91 = 58;
Deciphering: M 1 = 29 29 mod 91 = 22, M 2 = 79 29 mod 91 = 53, M 3 = 58 29 mod 91 = 67;
The methodology for doing the work.
The assignment for the work is issued by the teacher after the students have passed an interview on the basics of public key cryptosystems.
Purpose and assigned work.
Description of the RSA cryptosystem operation algorithm,
Block - diagram of the RSA cryptosystem operation algorithm,
Conclusions: advantages and disadvantages of the RSA cryptosystem.
Laboratory work №2.
Research of the electronic digital signature (EDS)RSA.
Objective.
Research of the algorithm of electronic digital signature (EDS) RSA.
Basic theoretical provisions.
The electronic digital signature scheme is designed to provide secure workflow in electronic networks, similar to how signatures and seals are used to protect paper documents in the field of traditional workflow. Thus, the EDS technology assumes the presence of a group of subscribers sending signed electronic documents to each other. EDS has all the properties of a real signature. In order to become a subscriber of the EDS system, each user must create a pair of keys - public and private. Public keys of subscribers can be registered in a certified certification center, however, in the general case, this is not a prerequisite for interaction between subscribers of the EDS system.
Currently, EDS systems can be built on various algorithms of two-key cryptography. The RSA algorithm was one of the first to be used for this purpose. In addition to the cryptographic algorithm, the EDS scheme requires the use of so-called one-way or hash functions. The hash function is called one-way because it makes it easy to calculate the hash value from any document. At the same time, the reverse mathematical operation, that is, the calculation of the source document by its hash - value, presents significant computational difficulties. Of the other properties of hash functions, it should be noted that the output values (hash) always have a strictly defined length for each type of function, in addition, the hash calculation algorithm is designed in such a way that each bit of the input message affects all bits of the hash. The hash is like a compressed "digest" of the input message. Of course, given that there are an infinite number of possible messages, and that the hash has a fixed length, it is possible that there are at least two different input documents that produce the same hash values. However, the standard hash length is set in such a way that, with the existing computing power of computers, finding collisions, that is, different documents that give the same function values, is a computationally difficult task.
Thus, the hash function is a non-cryptographic transformation that allows you to calculate the hash for any selected document. The hash has a strictly fixed length and is calculated in such a way that each bit of the hash depends on each bit of the input message.
There is a fairly large variety of options for constructing hash functions. Usually they are built on the basis of an iterative formula, for example, H i = h (H i -1 , M i ) , where as a function h some easily computed encryption function can be taken.
Figure 1 shows a generalized EDS scheme based on the RSA cryptographic algorithm.
Electronic digital signature (EDS) algorithmRSA
Actions of the subscriber - the sender of the message.
Choose two large and coprime numbers p and q;
We calculate the RSA module. n= p* q;
We define the Euler function: φ (n)=(p-1)(q-1);
Choosing a secret key e subject to the conditions: 1< e≤φ(n),
H.O.D. (e, φ(n))=1;
Determining the public key d, subject to the conditions: d< n, e* d ≡ 1(mod φ(n)).
EDS formation
Calculate the message hash M: m = h(M).
We encrypt the hash of the message on the secret key of the subscriber - the sender and send the received EDS, S = m e (mod n), to the subscriber - the recipient along with the plain text of the document M.
Verification of the signature on the side of the subscriber - the recipient
Deciphering the EDS S using the public key d and in this way we get access to the hash - the value sent by the subscriber - the sender.
Calculate the hash of an open document m’= h(M).
We compare the hash - the values of m and m', and conclude that the EDS is reliable if m = m'.
The methodology for doing the work.
The task for performing laboratory work is issued by the teacher after the students have passed an interview on the basics of data authentication and the concept of generating an electronic digital signature.
The procedure for performing the work corresponds to the following practical example of the formation and verification of an EDS.
Example of calculation and verification of EDS.
Two large and coprime numbers 7 and 17 are chosen;
We calculate the RSA module. n=7*17=119;
We define the Euler function: φ (n)=(7-1)(17-1)=96;
Choosing a secret key e subject to the conditions: 1< e≤φ(n), H.O.D. (e, φ(n))=1; e = 11;
Determining the public key d, subject to the conditions: d< n, e* d ≡ 1(mod φ(n)); d=35;
Let's take some random sequence of numbers as an open message. M = 139. Let's break it down into blocks. M 1 = 1, M 2 = 3, M 3 = 9;
To calculate the hash value, we apply the formula for calculating the hash function. To simplify the calculations, we assume that the initialization vector of the hash function H 0 =5, and as an encryption function h we will use the same RSA.
Calculate the hash of the message. H 1 =(H 0 + M 1 ) e mod n =(5+1) 11 mod 119=90; H 2 =(H 1 + M 2 ) e mod n =(90+3) 11 mod 119=53; H 3 = (H 2 + M 3 ) e mod n =(53+9) 11 mod 119=97; Thus, the hash of a given open message m = 97;
We create an EDS by encrypting the received hash - value. S= H e mod n = 97 11 mod 119 = 6;
Sending the public key over the communication channel d, Message text M, module n and electronic digital signature S.
Checking the digital signature on the side of the recipient of the message.
On the side of the subscriber - the recipient of the signed message, using the public key, we obtain a hash - the value of the transferred document. m ´ = S d mod n =6 35 mod 119 =97;
We calculate the hash of the transmitted open message, in the same way as this value was calculated on the side of the subscriber - the sender. H 1 =(H 0 + M 1 ) e mod n=(5+1) 11 mod 119=90; H 2 =(H 1 + M 2 ) e mod n=(90+3) 11 mod 119=53; H 3 = (H 2 + M 3 ) e mod n=(53+9) 11 mod 119=97; m = 97;
We compare the hash value calculated from the transferred open document and the hash value extracted from the EDS. m = m ´ =97. The calculated hash value matches the hash value obtained from the digital signature, therefore, the recipient of the message concludes that the received message is genuine.
The purpose and purpose of the work.
Description of the RSA EDS generation algorithm.
Block diagram of the RSA digital signature generation algorithm.
Conclusions: advantages and disadvantages of EDS RSA.
The article provides answers to the questions: "What does an electronic signature look like", "How does an EDS work", discusses its capabilities and main components, and also provides a visual step-by-step instruction for the process of signing a file with an electronic signature.
What is an electronic signature?
An electronic signature is not an object that can be picked up, but a document requisite that allows you to confirm that the EDS belongs to its owner, as well as to record the state of information / data (presence or absence of changes) in an electronic document from the moment it was signed.
Reference:
The abbreviated name (according to federal law No. 63) is ES, but more often they use the outdated abbreviation EDS (electronic digital signature). This, for example, facilitates interaction with search engines on the Internet, since ES can also mean an electric stove, a passenger electric locomotive, etc.
According to the legislation of the Russian Federation, a qualified electronic signature is the equivalent of a handwritten signature with full legal force. In addition to the qualified in Russia, there are two more types of EDS:
- unqualified - ensures the legal significance of the document, but only after the conclusion of additional agreements between the signatories on the rules for the application and recognition of the EDS, allows you to confirm the authorship of the document and control its invariability after signing,
- simple - does not give the signed document legal significance until the conclusion of additional agreements between the signatories on the rules for the application and recognition of the EDS and without observing the legally fixed conditions for its use (a simple electronic signature must be contained in the document itself, its key must be applied in accordance with the requirements of the information system, where it is used, and so on in accordance with Federal Law-63, Article 9), does not guarantee its invariability from the moment of signing, allows you to confirm authorship. Its use is not allowed in cases related to state secrets.
Possibilities of electronic signature
EDS provides individuals with remote interaction with government, educational, medical and other information systems via the Internet.
For legal entities, an electronic signature gives access to participation in electronic trading, allows organizing legally significant electronic document management (EDM) and submitting electronic reports to regulatory authorities.
The opportunities provided by EDS to users have made it an important part of everyday life for both ordinary citizens and company representatives.
What does the phrase "the client has been issued an electronic signature" mean? What does an ECP look like?
The signature itself is not an object, but the result of cryptographic transformations of the signed document, and it cannot be “physically” issued on any medium (token, smart card, etc.). Nor can it be seen, in the truest sense of the word; it does not look like a stroke of a pen or a figured print. About, What does an electronic signature look like? we will tell below.
Reference:
A cryptographic transformation is an encryption that is built on an algorithm that uses a secret key. The process of restoring the original data after cryptographic transformation without this key, according to experts, should take longer than the validity period of the extracted information.
Flash media is a compact storage medium that includes flash memory and an adapter (usb flash drive).
A token is a device whose body is similar to that of a USB flash drive, but the memory card is password protected. The information for creating an EDS is recorded on the token. To work with it, you need to connect to the USB-connector of the computer and enter a password.
A smart card is a plastic card that allows you to carry out cryptographic operations due to a microcircuit built into it.
A SIM card with a chip is a mobile operator's card equipped with a special chip, on which a java application is safely installed at the production stage, expanding its functionality.
How should one understand the phrase “electronic signature issued”, which is firmly entrenched in the colloquial speech of market participants? What is an electronic signature?
The issued electronic signature consists of 3 elements:
1 - a means of electronic signature, that is, a technical tool necessary for the implementation of a set of cryptographic algorithms and functions. This can be either a cryptographic provider installed on a computer (CryptoPro CSP, ViPNet CSP), or an independent token with a built-in cryptographic provider (Rutoken EDS, JaCarta GOST), or an "electronic cloud". You can read more about EDS technologies related to the use of the "electronic cloud" in the next article of the Single Electronic Signature Portal.
Reference:
A crypto provider is an independent module that acts as an "intermediary" between the operating system, which controls it with a certain set of functions, and a program or hardware complex that performs cryptographic transformations.
Important: the token and the means of a qualified EDS on it must be certified by the Federal Security Service of the Russian Federation in accordance with the requirements of Federal Law No. 63.
2 - a key pair, which consists of two impersonal sets of bytes formed by an electronic signature tool. The first of them is the electronic signature key, which is called "closed". It is used to form the signature itself and must be kept secret. Placing a “private” key on a computer and a flash drive is extremely insecure, on a token it is somewhat unsafe, on a token/smart card/sim card in an unrecoverable form it is the most secure. The second is the electronic signature verification key, which is called "open". It is not kept secret, it is unambiguously tied to a “private” key and is necessary so that anyone can check the correctness of the electronic signature.
3 - EDS verification key certificate issued by a certification authority (CA). Its purpose is to associate an impersonal set of bytes of the “public” key with the identity of the owner of the electronic signature (person or organization). In practice, it looks like this: for example, Ivan Ivanovich Ivanov (an individual) comes to the certification center, presents his passport, and the CA issues him a certificate confirming that the declared “public” key belongs to Ivan Ivanovich Ivanov. This is necessary to prevent a fraudulent scheme, during the deployment of which an attacker, in the process of transmitting an "open" code, can intercept it and replace it with his own. Thus, the offender will be able to impersonate the signatory. In the future, by intercepting messages and making changes, he will be able to confirm them with his EDS. That is why the role of the certificate of the electronic signature verification key is extremely important, and the certification center bears financial and administrative responsibility for its correctness.
In accordance with the legislation of the Russian Federation, there are:
- "electronic signature verification key certificate" is generated for an unqualified digital signature and can be issued by a certification center;
— “qualified digital signature verification key certificate” is generated for a qualified digital signature and can only be issued by a CA accredited by the Ministry of Telecom and Mass Communications.
Conventionally, it can be indicated that the keys for verifying an electronic signature (sets of bytes) are technical concepts, and the “public” key certificate and the certification center are organizational concepts. After all, the CA is a structural unit that is responsible for matching "open" keys and their owners as part of their financial and economic activities.
Summarizing the above, the phrase “the client has been issued an electronic signature” consists of three terms:
- The client purchased an electronic signature tool.
- He received an "open" and "private" key, with the help of which an EDS is generated and verified.
- The CA issued a certificate to the client confirming that the “public” key from the key pair belongs to this particular person.
Security issue
Required properties of signed documents:
- integrity;
- authenticity;
- authenticity (authenticity; "non-repudiation" of the authorship of information).
They are provided by cryptographic algorithms and protocols, as well as software and hardware-software solutions based on them for the formation of an electronic signature.
With a certain degree of simplification, we can say that the security of an electronic signature and services provided on its basis is based on the fact that the "private" keys of an electronic signature are kept secret, in a protected form, and that each user keeps them responsibly and does not allow incidents.
Note: when purchasing a token, it is important to change the factory password, so that no one can access the EDS mechanism except for its owner.
How to sign a file with an electronic signature?
To sign a digital signature file, you need to perform several steps. As an example, let's consider how to put a qualified electronic signature on a trademark certificate of the Unified Electronic Signature Portal in .pdf format. Need:
1. Click on the document with the right mouse button and select the crypto provider (in this case, CryptoARM) and the “Sign” column.
2. Pass the path in the dialog boxes of the cryptographic provider:
At this step, if necessary, you can select another file for signing, or skip this step and go directly to the next dialog box.
The Encoding and Extension fields do not require editing. Below you can choose where the signed file will be saved. In the example, the document with digital signature will be placed on the desktop (Desktop).
In the "Signature properties" block, select "Signed", if necessary, you can add a comment. Other fields can be excluded/selected as desired.
From the certificate store, select the one you need.
After verifying that the "Certificate Owner" field is correct, click the "Next" button.
In this dialog box, the final verification of the data required to create an electronic signature is carried out, and then after clicking on the “Finish” button, the following message should pop up:
Successful completion of the operation means that the file has been cryptographically converted and contains a requisite that fixes the immutability of the document after it is signed and ensures its legal significance.
So, what does an electronic signature look like on a document?
For example, we take a file signed with an electronic signature (saved in the .sig format) and open it through a cryptographic provider.
Fragment of the desktop. On the left: a file signed with an ES, on the right: a cryptographic provider (for example, CryptoARM).
Visualization of the electronic signature in the document itself when it is opened is not provided due to the fact that it is a requisite. But there are exceptions, for example, the electronic signature of the Federal Tax Service upon receipt of an extract from the Unified State Register of Legal Entities / EGRIP through the online service is conditionally displayed on the document itself. Screenshot can be found at
But what about in the end "looks" EDS, or rather, how is the fact of signing indicated in the document?
By opening the “Signed Data Management” window through the crypto provider, you can see information about the file and the signature.
When you click on the "View" button, a window appears containing information about the signature and certificate.
The last screenshot clearly shows what does a digital signature look like on a document"from within".
You can purchase an electronic signature at .
Ask other questions on the topic of the article in the comments, the experts of the Unified Electronic Signature Portal will definitely answer you.
The article was prepared by the editors of the Single Portal of the Electronic Signature site using materials from SafeTech.
With full or partial use of the material, a hyperlink to www..
I decided to highlight today's short entry on the topic of creating an electronic digital signature using the CryptoPRO crypto provider. We will talk about the Bat file, which can be used to automate the signing of electronic documents.
In order to automate the process of signing electronic documents, we need:
1) Crypto PRO CSP;
2) USB Key (eg rutoken) inserted into the USB port;
3) Notepad (Notepad.exe);
4) Installed certificates for your key;
The stumbling block in this whole story is the csptest.exe file which is located in the CryptoPro directory (by default C:\Program Files\Crypto Pro\CSP\csptest.exe).
Open a command prompt and run the command:
Cd C:\Program Files\Crypto Pro\CSP\ and csptest
We will see all the possible parameters of this exe file.
select from:-help print this help -noerrorwait do not wait for any key on error -notime do not show time elapsed -pause Wait for keyboard input after completion so that you may check memory and other resources usage -reboot Call DestroyCSProvider() of last used CSP at exit Services (cryptsrv*, HSM, etc) not affected -randinitIn order to see the parameters of a particular global option, it is enough to call this file with this option, for example
csptest -sfsign
Thus, to sign a file via cmd using csptest.exe, you need to call the command:
Csptest -sfsign -sign -in Dogovor.doc -out Dogovor.doc.sig -my LLC MyPrograms Ivanov Ivan Ivanovich
where:
-my- Indicates the owner of the key;
-in- Specifies which file to sign. If the file is not in the folder with csptest, then you need to specify the full path.;
-out— Specifies the name of the signature file;
You can check the signature on the Gosulsug website at this link.
Most probably. If you now upload this file on the public service website, an error will appear. This is due to the fact that information about the certification center is needed. Also, the date and time of signing documents will not be superfluous. To do this, we need to add two parameters to our command:
Csptest -sfsign -sign -in Dogovor.doc -out Dogovor.doc.sig -my LLC MyPrograms Ivanov Ivan Ivanovich -addsigtime -add
If we need a signature in a concatenated format, then we add one more parameter:
Csptest -sfsign -sign -in Dogovor.doc -out Dogovor.doc.sig -my LLC MyPrograms Ivanov Ivan Ivanovich -addsigtime -add -detached
Note:
If the document is signed with an error
Unable to open file
An error occurred in running the program.
.\signtsf.c:321:Cannot open input file.
Error number 0x2 (2).
The specified file cannot be found.
when calling, as in the last example, and you are sure that the paths in the -in and -out parameters are correct, try creating a signature according to the first example, and then execute the command with the full set of parameters!!!
We received the main command for signing. Now let's simplify the procedure a bit. Let's make a bat file, which, when launched, will sign the Secret.txt file located in the same folder as the bat file. Open notepad and write the following code:
Chcp 1251 set CurPath=%cd% cd C:\Program Files\Crypto Pro\CSP call csptest -sfsign -sign -in %CurPath%\Secret.txt -out %CurPath%\Secret.txt.sig -my LLC MyPrograms Ivanov Ivan Ivanovich -addsigtime -add -detached cd %CurPath%
Click "File" -> "Save As" -> Set the Name from .bat -> "Save"
Sobsvenno and all. For reference:
chcp 1251- Sets the encoding for CMD. Necessary for valid processing of Russian letters in the code;
set CurPath=%cd%- Saves the path of the current CMD directory to the CurPath variable;
cd- Sets the current CMD path;
call- Launches the program;