Digital signature is a typical application of asymmetric encryption algorithm. Digital signature includes two processes: signature and verification. Specifically, the message sender uses the private key to sign the data, and the message receiver uses the public key to verify the signature.

The signature is unique as it is generated and encrypted with a private key. Digital signatures can be used for data tampering and identity authentication.

Topology Map

Procedure

1. The information sender creates an asymmetric user master key (CMK) on the KMS console or by calling the CreateKey API.

2. The information sender obtains the public key by calling the getPublicKey API of KMS, and distributes it to the information receiver.

3. The information sender calls the asymmetricSign API of KMS, and uses the created CMK private key to generate a signature for the data to be transmitted.

4. The information sender transmits the signature and data to the information receiver.

5. After receiving the signature and data, the information receiver uses the public key distributed by the information sender to verify the signature locally through GmSSL, OpenSSL, password library, and national Encryption SDK. In special cases, you can also call the asymmetricVerify API of KMS to use CMK for signature verification.

Key Management Service