tailieunhanh - PHP and MySQL Web Development - P64

PHP and MySQL Web Development - P64: PHP and MySQL Web Development teaches the reader to develop dynamic, secure, commercial Web sites. Using the same accessible, popular teaching style of the first edition, this best-selling book has been updated to reflect the rapidly changing landscape of MySQL and PHP. | Digital Certificates 287 A hash function generates a message digest that matches a particular message. If you have a message and a message digest you can verify that the message has not been tampered with as long as you are sure that the digest has not been tampered with. To this end the usual way of creating a digital signature is to create a message digest for the whole message using a fast hash function and then encrypt only the brief digest using a slow public key encryption algorithm. The signature can now be sent with the message via any normal unsecure method. When a signed message is received it can be checked. The signature is decrypted using the sender s public key. A hash value is generated for the message using the same method that the sender used. If the decrypted hash value matches the hash value you generated then the message is from the sender and has not been altered. Digital Certificates It is good to be able to verify that a message has not been altered and that a series of messages all come from a particular user or machine. For commercial interactions it would be even better to be able to tie that user or server to a real legal entity such as a person or company. A digital certificate combines a public key and an individual s or organization s details in a signed digital format. Given a certificate you have the other party s public key in case you want to send an encrypted message and you have that party s details which you know have not been altered. The problem here is that the information is only as trustworthy as the person who signed it. Anybody can generate and sign a certificate claiming to be anybody he likes. For commercial transactions it would be useful to have a trusted third party verify the identity of participants and the details recorded in their certificates. These third parties are called Certifying Authorities CAs . Certifying Authorities issue digital certificates to individuals and companies subject to identity checks. The

TỪ KHÓA LIÊN QUAN