标准摘要
[中文适用范围]: ISO/IEC 14888的这一部分规定了带有附录的数字签名机制,其安全性基于离散对数问题。 ISO/IEC 14888的本部分规定。 - 带有附录机制的数字签名的一般描述; ——提供带有附录的数字签名的多种机制。 对于每种机制,ISO/IEC 14888 的这一部分指定了 - 生成一对密钥的过程; ——产生签名的过程; ——验证签名的过程。 数字签名的验证需要签名实体的验证密钥。 因此,验证者必须能够将正确的验证密钥与签名实体相关联,或者更准确地说,与签名实体的(部分)标识数据相关联。 签名者的标识数据和签名者的公共验证密钥之间的这种关联可以由外部实体或机制来保证,或者该关联可以以某种方式固有于验证密钥本身中。 在前一种情况下,该计划被称为“基于证书”。 在后一种情况下,该方案被称为“基于身份”。 通常,在基于身份的方案中,验证者可以从签名者的标识数据中导出签名者的公共验证密钥。 ISO/IEC 14888 本部分规定的数字签名机制分为基于证书的机制和基于身份的机制。 [外文原描述]: ISO/IEC 14888-3:2006 specifies digital signature mechanisms with appendix whose security is based on the discrete logarithm problem. It provides a general description of a digital signature with appendix mechanism, and a variety of mechanisms that provide digital signatures with appendix. For each mechanism, ISO/IEC 14888-3:2006 specifies the process of generating keys, the process of producing signatures, and the process of verifying signatures. The verification of a digital signature requires the signing entity's verification key. It is thus essential for a verifier to be able to associate the correct verification key with the signing entity, or more precisely, with (parts of) the signing entity's identification data. This association may be provided by another means that is not covered in ISO/IEC 14888-3:2006. Whatever the nature of such means, the scheme is then said to be 'certificate-based'. If not, the association between the correct verification key and the signing entity's identification data is somehow inherent in the verification key itself. In such a case, the scheme is said to be 'identity-based'. Depending on the two different ways of checking the correctness of the verification keys, the digital signature mechanisms specified in ISO/IEC 14888-3:2006 are categorized in two groups: certificate-based and identity-based.
英文名称Information technology - Security techniques - Digital signatures with appendix - Part 3: Discrete logarithm based mechanisms