A digital signature

Login access to apple, for example, the app will obtain a return to the apple servers JWT data (called identityToken), while the JWT (reference: www.ruanyifeng.com/blog/2018/0… This JWT consists of three parts: header.payload-signature.

Header: contains the key ID and encryption algorithm Payload: iss: issuing institution, Apple AUD: recipient, target app exp: expiration time IAT: issuing time sub: user ID c_hash: A hash sequence whose function is unknown auth_time: signature time signature: used to verify the signature of JWTCopy the code

Signature is encrypted using the private key of the Apple server, so it can only be decrypted using the public key of the Apple server. Application server in the access to the private key of the public key will visit: appleid.apple.com/auth/keys, too… Call N and E, and then perform a series of operations to convert N and E into a PEM public key. After obtaining the public key, you can decrypt signature and obtain a string of plaintext. The decrypted data is compared with the data obtained from the hash(header.payload) to determine whether the data has been tampered with.

  • Question 1: Is it possible that the JWT string was maliciously replaced by a third party?

This is not possible, because the application server will obtain the public key from apple’s official website during verification (unless the process of obtaining the public key is hacked, which cannot be guaranteed), because the signature string is not encrypted with Apple’s private key, and it cannot unlock the signature in the JWT string, so there must be something wrong with the string.

  • The header and payload of the JWT string are changed, and the signature is real.

Payload (header. Payload), hash(header. Payload), hash(header. Payload), hash(header.

To sum up, digital signatures first guarantee that the data is from the right person (because it can be decrypted by the right public key), and second guarantee that the data itself is correct (because the data string produced by the original hash is the same as the data string produced by the decryption of the public key).

The digital certificate

Digital certificates are generally issued by the Certificate Authority. The digital certificate contains the public key and other information of the real server (such as Zhihu). The digital certificate itself is encrypted by the CA using its own private key. After a user accesses a website and obtains the digital certificate of the server, the browser decrypts the public key of the digital certificate authority (simply known as the root certificate) to obtain the public key of the real server. The public key of the real server can be used to carry out subsequent data communication. The key here is that the digital certificate authority’s public key is built into the operating system, installed at initialization, and there is no reason to trust it, unless you either don’t trust Microsoft or change the built-in root certificate with super privileges yourself.

What is the relationship between digital signature, digital certificate and HTTPS? How to ensure that “CA’s public key” is true?