所以,据我所知,数字签名上发生了什么:
Bob creates message and timestamp: M + Timestamp = L
Bob hashes the L: H(L)
Bob signs the H(L) with his private key: Sign(H(L))
Bob sends this signature and L to Alice: L || Sign(H(L))
Alice open H(L) with Bob's public key.
Alice hashes the L: H(L)
Alice compares if the H(L)s match.
If so source integrity has been established. Thus, we can ensure that message is sent by Bob.
那个么,我们为什么要在消息中包含时间戳呢?我们已经知道消息来自Bob,检查时间戳有什么意义,好像它是否延迟了?
如果Alice检查消息的年龄,和/或收集已接收消息的时间戳,她可以防御重放攻击。
重放攻击是指有人从Bob那里捕获了一条真实的消息,但在以后再次发送(或改为(。