【Hyperledger Fabric】Identity-身份认证与密钥

Authentication & Public keys and Private Keys

身份认证与密钥

Authentication and message integrity are important concepts of secure communication. Authentication requires that parties who exchange messages can be assured of the identity that created a specific message. Integrity requires that the message was not modified during its transmission. For example, you might want to be sure you’re communicating with the real John Doe than an impersonator. Or if John has sent you a message, you might want to be sure that it hasn’t been tampered with by anyone else during transmission.

身份验证（交流双方身份确定）和消息的完整性（信息在传送过程中未被篡改）是安全交流的重要概念。

Traditional authentication mechanisms rely on digital signature mechanisms, that as the name suggests, allow a party to digitally sign its messages. Digital signatures also provide guarantees on the integrity of the signed message.

传统的验证机制依赖数字签名。

Technically speaking, digital signature mechanisms require require for each party to hold two cryptographically connected keys: a public key that is made widely available, and acts as authentication anchor, and a private key that is used to produce digital signatures on messages. Recipients of digitally signed messages can verify the origin and integrity of a received message by checking that the attached signature is valid under the public key of the expected sender.

严格说，数字签名机制要求每个参与人拥有两把密钥，一把是公钥，一把是私钥。公钥作为认证锚，是公开的。私钥是用来对信息进行数字签名的。接收者通过获取发送人的公钥来验证信息中的私钥是否合法来证明信息的身份认证和完整。

The unique relationship between a private key and the respective public key is the cryptographic magic that makes secure communications possible. The unique mathematical relationship between the keys is such that the private key can be used to produce a signature on a message that only the corresponding public key can match, and only on the same message.

In the example above, to authenticate his message Joe uses his private key to produce a signature on the message, which he then attaches to the message. The signature can be verified by anyone who sees the signed message, using John’s public key.

在上述例子中，为了验证Mary Morris的信息， Mary使用了她的密钥对信息进行了签名。只要通过Mary的公钥，任何收到信息的人都可以核实签名是否有效。