CN101938481A - File encryption and distribution method based on digital certificate - Google Patents
File encryption and distribution method based on digital certificate Download PDFInfo
- Publication number
- CN101938481A CN101938481A CN2010102758171A CN201010275817A CN101938481A CN 101938481 A CN101938481 A CN 101938481A CN 2010102758171 A CN2010102758171 A CN 2010102758171A CN 201010275817 A CN201010275817 A CN 201010275817A CN 101938481 A CN101938481 A CN 101938481A
- Authority
- CN
- China
- Prior art keywords
- file
- encryption
- recipient
- encrypted
- new
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a file encryption and distribution method based on a digital certificate, comprising the following steps of: S1, mainly initializing an operational parameter by a file, setting a file encryption code for encrypting the file, obtaining a public key of file receivers and newly building a file; S2, writing the number of the file receivers into the new file; S3, sequentially writing the encryption identification information of each file receiver into the new file; S4, after being encrypted in a grouping mode, sequentially writing source files which need to be encrypted into the new file; and S5, transmitting the new file to the file receivers. The invention has the advantages of combining various encryption methods, being convenient and safe in distribution as well as high in safety, solving the problem that because a code is forgotten, an original text is unable to be restored in the traditional symmetric encryption algorithm, and the like.
Description
Technical field
The present invention relates to field of computer information security, particularly a kind of file encryption and distribution method based on digital certificate.
Background technology
Along with the popularization of information technology and popularizing of Internet, people's life more and more depends on computer.People enjoy that computer system provides simultaneously easily, also be faced with the threat of various information securities, as leakage of personal information, classified papers be stolen, user's USB flash disk is lost, the leakage of information of the webserver side of having malice etc.A few days ago, an investigation about enterprise information security has been carried out at the information-based director of 358 enterprises in the SearchSecurity website.The result of investigation shows that enterprise's secret has 30%~40% in revealing at present, is caused by the leakage of e-file, and the company of last thousand families of " wealth " rank, and the loss that causes of divulging a secret of each electronic document is about 4,000,000 US dollars.
Network hard disc is an important application on the present Internet, and data security is the key problem that network hard disc is used.When transmitting some vital documents of distribution, traditional method adopts some symmetric encipherment algorithms to come encrypt file usually, then password is expressly informed the file recipient, this method operates simple relatively, but a lot of potential safety hazards are also arranged: at first, when leaking appears in password, we can't guarantee that the actual people who views file is legal file recipient; Secondly, when removing declassified document again behind the certain interval of time, if when forgetting initial Crypted password, the file that the user can't enabling decryption of encrypted; The 3rd, after needs are with a file encryption, be distributed to a plurality of man-hours, if adopt identical password encryption, then risk is with uncontrollable, and leaking appears in any one password, and file all will be stolen, and also be difficult to launch when following the trail of source of leaks, if adopt different keys separately to encrypt, then strengthened workload virtually, and the password table is difficult to safeguard to different file recipients.
Summary of the invention
The objective of the invention is to overcome above-mentioned shortcoming and defect, a kind of file encryption and distribution method based on digital certificate is provided, this method has advantages such as adopting multiple encryption method combination, convenience, secure distribution, fail safe height, and solved that traditional symmetric encipherment algorithm brings can't recover the problem of original text because of forgetting Password.
The objective of the invention is to be achieved through the following technical solutions: a kind of file encryption and distribution method based on digital certificate as shown in Figure 1, may further comprise the steps:
S1, file master initialization operational factor, the file encryption password that uses when encrypt file is set obtains file recipient's PKI, and a newly-built file enters step S2;
S2, file recipient's number is write in the new file, enter step S3;
S3, each file recipient's encrypted authentication information is write in the new file successively, enter step S4;
S4, the source file that needs are encrypted carry out being written to successively in the new file behind the block encryption, enter step S5;
S5, new file is sent to each file recipient.
To better implement the present invention, described file recipient comprises file master self.
Preferably, described file recipient's encrypted authentication information specifically comprises:
(1) use file recipient's PKI by rivest, shamir, adelman, is encrypted the file encryption password string among the step S1, obtains file recipient's file encrypted message;
(2) length value of above-mentioned file encrypted message.
Preferably, described step S3, each file recipient's encrypted authentication information is write in the new file successively, specifically may further comprise the steps:
S3.1, file instigator use file recipient's PKI, by rivest, shamir, adelman, the file encryption password string are encrypted, obtain file recipient's file encrypted message, obtain this document encrypted message string length, length value is appended in the new file, enter step S3.2;
S3.2, file chief commander file encrypted message are appended in the new file, enter step S3.3;
S3.3, file master judge whether to generate all files recipient's file encrypted message, if then enter step S4; If not, return step S3.1.
Preferably, described rivest, shamir, adelman is RSA cryptographic algorithms, ECC (elliptic curve) cryptographic algorithm or other rivest, shamir, adelmans.
Preferably, described step S4, the source file that needs are encrypted carry out being written to successively in the new file behind the block encryption, specifically are meant:
The file main root is according to the symmetric encipherment algorithm that will use, source file is divided into groups, when if the not enough composition one of last grouped data of source file divides into groups, then make last grouping consistent with other grouped data length in the terminal zero padding of data, the file master encrypts each grouping by symmetric encipherment algorithm;
The file master is appended to the physical length value of last group of source file in the new file, and each grouping after encrypting is write in the new file successively.
Preferably, described step S4, the source file that needs are encrypted carry out being written to successively in the new file behind the block encryption, specifically may further comprise the steps:
S4.1, file master are the length value that unit obtains source file with the byte, calculate the mould of source file length value and m, and the result is appended to during new file connects, and enter step S4.2;
S4.2, file master judge that whether source file length is 0, if be not 0, then enters step S4.3; If be 0, then jump to step S5;
S4.3, file master read the preceding m byte data of source file, when the not enough m byte of data, make its length just in time be the m byte in the terminal zero padding of data, use the file encryption password among the step S1, by symmetric encipherment algorithm this m byte data is encrypted, result after encrypting is appended in the new file, enters step S4.4;
S4.4, file master judge whether untreated residue file size is 0 in the source file, if be not 0, then enters step S4.5; If be 0, then jump to step S5;
S4.5, file master read ensuing m byte data, when the not enough m byte of data, terminal zero padding makes its length just in time be the m byte, use the file encryption password among the step S1, by symmetric encipherment algorithm this m byte data is encrypted, result after encrypting is appended in the new file, is back to step S4.4.
Preferably, the original length of each grouping when described m represents block encryption, the m value is by the symmetric encipherment algorithm decision of being adopted.
If adopt the AES cryptographic algorithm, then the m value is 16.
Preferably, described symmetric encipherment algorithm is one or more among DES, 3DES, RC4, RC5 and the Blowfish.
Compared with prior art, the present invention has following beneficial effect:
The first, multiple encryption method combination: the present invention combines traditional symmetric encipherment algorithm and modern public key encryption algorithm, use symmetric encipherment algorithm to realize encrypted content file, the cryptographic algorithm that uses public-key stamps file recipient's finger print information and file encryption information, the file recipient at first uses the private key deciphering of oneself to obtain the file encryption password, use oneself private key and file encryption password to carry out file decryption more simultaneously, obtain original document, guarantee safety of files.
The second, secure distribution: adopt file user PKI to come the file of needs distribution is encrypted, system is when encrypting file, in file header, used a variable-length file head form, each file recipient user's of corresponding record public key verifications information and encrypted authentication information realize the secure distribution file.The file master only needs to select simultaneously the PKI of the groups or users correspondence of needs distribution, once encrypts, and just can give different users with the file distributing after encrypting, and reach once the purpose that encryption, multi-user's multigroup component are sent out authentication.
What three, solved that traditional symmetric encipherment algorithm brings can't recover the problem of original text because of forgetting Password.In encrypt file, write down file master's file encrypted message simultaneously, as fingerprint, the convenience file master fetches password when forgetting Password: file master's file encryption encrypted message is encrypted by himself's PKI, data encrypted is put into the assigned address of file header, when the file master forgets Password, can fetch the corresponding file Crypted password by file master's oneself private key.
Four, improve fail safe: the user must use effective private key and file encryption password simultaneously when declassified document, has improved safety of files.
Five, convenience: system can both can carry out above cryptographic operation to a file according to user's actual needs, also can carry out above cryptographic operation to a file, and was very convenient.
Description of drawings
Fig. 1 is that the present invention is a kind of based on the file encryption of digital certificate and the workflow diagram of distribution method;
Fig. 2 is a kind of based on the file encryption of digital certificate and the workflow diagram of distribution method among the embodiment one.
Embodiment
Below in conjunction with embodiment and accompanying drawing, the present invention is described in further detail, but embodiments of the present invention are not limited thereto.
Embodiment one
A kind of file encryption and distribution method based on digital certificate as shown in Figure 2, may further comprise the steps:
S1, file master initialization operational factor, the file encryption password that uses when comprising encrypt file, file master's PKI, and file recipient's PKI enter step S2;
The number that S2, file master add up the encrypt file preserver, this numerical value is written in preceding 4 bytes of new files 1, wherein encrypt file preserver's number comprises that file recipient and file master self (for example wish to send to user B, C behind file of user A encryption, user A self also preserves this encrypt file simultaneously, then the value at this place is 3), enter step S3;
S3, file instigator use the PKI of oneself, by RSA cryptographic algorithms, the file encryption password string are encrypted, and obtain file master's file encrypted message; The file master obtains the length of file encrypted message character string, length value is written in next 4 bytes of new file 1, enters step S4;
S4, file chief commander file encrypted message are appended in the new file 1, enter step S5;
S5, file instigator use file recipient's PKI, by RSA Algorithm, the file encryption password string are encrypted, obtain file recipient's file encrypted message, obtain this document encrypted message string length, length value is appended in new file 1 ensuing 4 bytes, enter step S6;
S6, file chief commander file encrypted message are appended in the new file 1, enter step S7;
S7, file master judge whether to generate all files recipient's file encrypted message, if then enter poly-S8 of step; If not, return step S5;
S8, file master are the length value that unit obtains source file with the byte, calculate the mould of source file length value and 16, and the result is appended in new file 1 ensuing 4 bytes, enter step S9;
S9, file master judge that whether source file length is 0, if be not 0, then enters step S10; If be 0, then jump to step S13;
S10, file master read preceding 16 byte datas of source file, when not enough 16 bytes of data, replenish specific data, the file encryption password that provides among the step S1 is provided, by the AES cryptographic algorithm this 16 byte data is encrypted, the result after encrypting is appended in the new file 1, enter step S11;
S11, file master judge whether untreated residue file size is 0 in the source file, if be not 0, then enters step S12; If be 0, then jump to step S13;
S12, read ensuing 16 byte datas, when not enough 16 bytes of data, replenish specific data, the file encryption password that provides among the step S1 is provided, by the AES cryptographic algorithm this 16 byte data is encrypted, the result after encrypting is appended in the new file 1, be back to step S11;
S13, file master ends file are encrypted, and each file recipient is preserved and sent to new file 1.
Among above-mentioned steps S10 and the step S12, described additional specific data is meant that specifically making its length in the terminal zero padding of data just in time is 16 bytes.Because in S8, write down the physical length of last group of source file, when decryption oprerations, can add according to the deletion of the physical length of last group of source file those zero.
The form of encrypt file in the present embodiment one is shown in Table 1:
● encrypt file preserver number: length is 4 bytes, the number that is used for the encrypted file preserver, comprise file recipient and file master self, for example user A wishes to send to user B, C after encrypting a file, user A self also preserves this encrypt file simultaneously, and then the value at this place is 3.
● file master's file encrypted message length: length is 4 bytes, be used to preserve file master's file encrypted message string length, above-mentioned said file master's file encrypted message is that the PKI by the file master carries out obtaining after RSA cryptographic algorithms is encrypted to the file encryption password.
● file master's file encrypted message: length is determined by the value that last item provides, is used to preserve file master's file encrypted message.
● recipient 1 file encrypted message length: length is 4 bytes, be used to preserve file recipient 1 file encrypted message string length, above-mentioned said file recipient's 1 file encrypted message is that the PKI by file recipient 1 carries out obtaining after RSA cryptographic algorithms is encrypted to the file encryption password.
● recipient 1 file encrypted message: length is determined by the value that last item provides, is used to preserve file recipient 1 file encrypted message.
● recipient 2 file encrypted message length: length is 4 bytes, be used to preserve file recipient 2 file encrypted message string length, above-mentioned said file recipient's 2 file encrypted message is that the PKI by file recipient 2 carries out obtaining after RSA cryptographic algorithms is encrypted to the file encryption password.
● recipient 2 file encrypted message: length is determined by the value that last item provides, is used to preserve file recipient 2 file encrypted message.
●……
●……
● the file encrypted message length of recipient n: length is 4 bytes, be used to preserve the file encrypted message string length of file recipient n, the file encrypted message of above-mentioned said file recipient n is that the PKI by file recipient n carries out obtaining after RSA cryptographic algorithms is encrypted to the file encryption password.
● the file encrypted message of recipient n: length is determined by the value that last item provides, is used to preserve the file encrypted message of file recipient n.
● last group figure place of block encryption: length is 4 bytes, is used to write down the residue figure place (for the mould of source file length value and 16) of last group when source file carried out block encryption, if source file length just is the integral multiple of 16 bytes, should place's value be 0 then.
Body part: when the source file content was empty, this part was empty; When source file was not empty, this part was used to preserve the file content after the encryption, is meant that specifically with 16 bytes be one group, uses the file encryption password by the AES cryptographic algorithm each group to be encrypted, and successively the content after encrypting is written to here and preserves.If last organizes not enough 16 bytes, it just in time is to encrypt after 16 bytes that then terminal zero padding makes its length again.
Based on the file encryption and the distribution method of above-mentioned digital certificate, the file recipient receives new file 1 and is decrypted, and reads file content, specifically may further comprise the steps:
S20, file recipient receive new file 1, are required input file recipient's private key and file decryption password, enter step S21;
S21, file recipient read preceding 4 bytes in the new file 1, learn that total n+1 people can read this document, and promptly this document head includes n+1 file encrypted message, enters step S22;
S22, read new file 1 ensuing 4 byte datas, this data value is represented the string length of ensuing file encrypted message, enters step S23;
S23, according to the data value of reading among the step S22, in new file 1, then reading the data (these data are the file encrypted message) of this data value length, and storage; Enter step S24;
S24, file recipient use the private key of oneself to attempt by RSA Algorithm file encryption information being decrypted, if decrypted result is consistent with the file decryption password of file recipient input, then this document recipient obtains the file decryption password, enters step S25; If deciphering is unsuccessful, then the file recipient further judges whether to have read n+1 file encrypted message, if then enter step S29; If not, then return step S22;
S25, file recipient judge whether to read n+1 file encrypted message, if then enter step S27; If not, then enter step S26;
S26, file recipient read ensuing 4 byte datas in the new file 1, according to this data value, then read the data of this data value length in new file 1, and return step S25;
S27, file recipient read ensuing 4 byte datas in the new file 1, and step S28 is stored and entered to the residue figure place of last group when this data representation source file carried out block encryption;
S28, file recipient then read the remaining data in the new file 1, are one group with 16 bytes in order, and remaining data is divided into groups, and use the file decryption password that obtains among the step S24 successively grouped data to be decrypted by aes algorithm, and preserve; Wherein behind last component group data decryption,, preserve the data of corresponding data length, finally obtain the source file content, enter step S29 according to the residue figure place among the step S27;
S29, end operation.
Based on the file encryption and the distribution method of above-mentioned digital certificate, the file master self preserves new file 1 and is decrypted, and reads file content, specifically may further comprise the steps:
S31, file master read preceding 4 bytes in the new file 1, learn that total n+1 people can read this document, and promptly this document head includes n+1 file encrypted message, enters step S32;
S32, read new file 1 ensuing 4 byte datas, this data value is represented the string length of ensuing file encrypted message, enters step S33;
S33, according to the data value of reading among the step S32, in new file 1, then reading the data (these data are the file encrypted message) of this data value length, and storage, enter step S34;
Whether S34, file master remember the file decryption password, if forget, then the file instigator is decrypted the file encrypted message by RSA Algorithm with the private key of oneself, obtains the file decryption password, and enters step S35; If the file master remembers the file decryption password, then enter step S35;
S35, file master read ensuing 4 byte datas in the new file 1, according to this data value, then read the data of this data value length in new file 1, and enter step S36;
S36, file master judge whether to read n+1 file encrypted message, if then enter step S37; If not, then return step S35;
S37, file master read ensuing 4 byte datas in the new file 1, and step S38 is stored and entered to the residue figure place of last group when this data representation source file carried out block encryption;
S38, file master then read the remaining data in the new file 1, are one group with 16 bytes in order, and remaining data is divided into groups, and use the file decryption password that obtains among the step S34 successively grouped data to be decrypted by aes algorithm, and preserve; Wherein behind last component group data decryption,, preserve the data of corresponding data length, finally obtain the source file content, end operation according to the residue figure place among the step S37.
Embodiment two
A kind of file encryption and distribution method based on digital certificate may further comprise the steps:
S1, file master initialization operational factor, file encryption password that uses when comprising encrypt file and file recipient's PKI enter step S2;
The number that S2, file master add up the encrypt file recipient is written to this numerical value in preceding 4 bytes of new files 2, and (for example user A wishes to send to user B, C after encrypting a file, and then the value at this place is 2) enters step S3;
S3, file instigator use file recipient's PKI, pass through RSA cryptographic algorithms, the file encryption password string is encrypted, obtain file recipient's file encrypted message, obtain this document encrypted message string length, length value is appended in new file 2 ensuing 4 bytes, enters step S4;
S4, file chief commander file encrypted message are appended in the new file 2, enter step S5;
S5, file master judge whether to generate all files recipient's file encrypted message, if then enter step S6; If not, return step S3;
S6, file master are the length value that unit obtains source file with the byte, calculate the mould of source file length value and 7, and the result is appended in new file 2 ensuing 4 bytes, enter step S7;
S7, file master judge that whether source file length is 0, if be not 0, then enters step S8; If be 0, then jump to step S11;
S8, file master read preceding 7 byte datas of source file, when not enough 7 bytes of data, replenish specific data, the file encryption password that provides among the step S1 is provided, by the des encryption algorithm this 7 byte data is encrypted, the result after encrypting is appended in the new file 2, enter step S9;
S9, file master judge whether untreated residue file size is 0 in the source file, if be not 0, then enters step S10; If be 0, then jump to step S11;
S10, read ensuing 7 byte datas, when not enough 7 bytes of data, replenish specific data, the file encryption password that provides among the step S1 is provided, by the des encryption algorithm this 7 byte data is encrypted, the result after encrypting is appended in the new file 2, be back to step S9;
S11, file master ends file are encrypted, and new file 2 is sent to each file recipient.
Among above-mentioned steps S8 and the step S10, described additional specific data, be meant that specifically making its length in the terminal zero padding of data just in time is 7 bytes, because in S6, write down the physical length of last group of source file, be decrypted when operation algorithm can add according to the physical length deletion of last group of source file those zero.
The form of encrypt file in the present embodiment two is shown in Table 2:
● encrypt file recipient number: length is 4 bytes, is used for encrypted file recipient's number, and for example user A wishes to send to user B, C after encrypting a file, and then the value at this place is 2.
● recipient 1 file encrypted message length: length is 4 bytes, be used to preserve file recipient 1 file encrypted message string length, above-mentioned said file recipient's 1 file encrypted message is that the PKI by file recipient 1 carries out obtaining after RSA cryptographic algorithms is encrypted to the file encryption password.
● recipient 1 file encrypted message: length is determined by the value that last item provides, is used to preserve file recipient 1 file encrypted message.
● recipient 2 file encrypted message length: length is 4 bytes, be used to preserve file recipient 2 file encrypted message string length, above-mentioned said file recipient's 2 file encrypted message is that the PKI by file recipient 2 carries out obtaining after RSA cryptographic algorithms is encrypted to the file encryption password.
● recipient 2 file encrypted message: length is determined by the value that last item provides, is used to preserve file recipient 2 file encrypted message.
●……
●……
● the file encrypted message length of recipient n: length is 4 bytes, be used to preserve the file encrypted message string length of file recipient n, the file encrypted message of above-mentioned said file recipient n is that the PKI by file recipient n carries out obtaining after RSA cryptographic algorithms is encrypted to the file encryption password.
● the file encrypted message of recipient n: length is determined by the value that last item provides, is used to preserve the file encrypted message of file recipient n.
● last group figure place of block encryption: length is 4 bytes, is used to write down the residue figure place (for the mould of source file length value and 7) of last group when source file carried out block encryption, if source file length just is the integral multiple of 7 bytes, should place's value be 0 then.
Body part: when the source file content was empty, this part was empty; When source file was not empty, this part was used to preserve the file content after the encryption, is meant that specifically with 7 bytes be one group, uses the file encryption password by the des encryption algorithm each group to be encrypted, and successively the content after encrypting is written to here and preserves.If last organizes not enough 7 bytes, it just in time is to encrypt after 7 bytes that then terminal zero padding makes its length again.
Based on the file encryption and the distribution method of above-mentioned digital certificate, the file recipient receives new file 2 and is decrypted, and reads file content, specifically may further comprise the steps:
S20, file recipient receive new file 2, are required input file recipient's private key and file decryption password, enter step S21;
S21, file recipient read preceding 4 bytes in the new file 2, learn that total n people can read this document, and promptly this document head includes n file encrypted message, enters step S22;
S22, read new file 2 ensuing 4 byte datas, this data value is represented the string length of ensuing file encrypted message, enters step S23;
S23, according to the data value of reading among the step S22, in new file 2, then reading the data (these data are the file encrypted message) of this data value length, and storage; Enter step S24;
S24, file recipient use the private key of oneself to attempt by RSA Algorithm file encryption information being decrypted, if decrypted result is consistent with the file decryption password of file recipient input, then this document recipient obtains the file decryption password, enters step S25; If deciphering is unsuccessful, then the file recipient further judges whether to have read n file encrypted message, if then jump to step S29; If not, then return step S22;
S25, file recipient judge whether to read n file encrypted message, if then enter step S27; If not, then enter step S26;
S26, file recipient read ensuing 4 byte datas in the new file 2, according to this data value, then read the data of this data value length in new file 2, and return step S25;
S27, file recipient read ensuing 4 byte datas in the new file 2, and step S28 is stored and entered to the residue figure place of last group when this data representation source file carried out block encryption;
S28, file recipient then read the remaining data in the new file 2, are one group with 7 bytes in order, and remaining data is divided into groups, and use the file decryption password that obtains among the step S24 successively grouped data to be decrypted by the DES algorithm, and preserve; Wherein behind last component group data decryption,, preserve the data of corresponding data length, finally obtain the source file content, enter step S29 according to the residue figure place among the step S27;
S29, end operation.
Aes algorithm can use DES, 3DES, RC4, RC5, Blowfish or other symmetric encipherment algorithm to substitute in the above process, and RSA Algorithm can substitute with ECC or other rivest, shamir, adelman.
The foregoing description is a preferred implementation of the present invention; but embodiments of the present invention are not limited by the examples; other any do not deviate from change, the modification done under spirit of the present invention and the principle, substitutes, combination, simplify; all should be the substitute mode of equivalence, be included within protection scope of the present invention.
Claims (10)
1. file encryption and distribution method based on a digital certificate is characterized in that, may further comprise the steps:
S1, file master initialization operational factor, the file encryption password that uses when encrypt file is set obtains file recipient's PKI, and a newly-built file enters step S2;
S2, file recipient's number is write in the new file, enter step S3;
S3, each file recipient's encrypted authentication information is write in the new file successively, enter step S4;
S4, the source file that needs are encrypted carry out being written to successively in the new file behind the block encryption, enter step S5;
S5, new file is sent to each file recipient.
2. according to claim 1 described a kind of file encryption and distribution method, it is characterized in that described file recipient comprises file master self based on digital certificate.
3. according to claim 1 described a kind of file encryption and distribution method, it is characterized in that among the step S3, described file recipient's encrypted authentication information specifically comprises based on digital certificate:
(1) use file recipient's PKI by rivest, shamir, adelman, is encrypted the file encryption password string among the step S1, obtains file recipient's file encrypted message;
(2) length value of above-mentioned file encrypted message.
4. according to claim 3 described a kind of file encryption and distribution method, it is characterized in that, described step S3, each file recipient's encrypted authentication information write in the new file successively, specifically may further comprise the steps based on digital certificate:
S3.1, file instigator use file recipient's PKI, by rivest, shamir, adelman, the file encryption password string are encrypted, obtain file recipient's file encrypted message, obtain this document encrypted message string length, length value is appended in the new file, enter step S3.2;
S3.2, file chief commander file encrypted message are appended in the new file, enter step S3.3;
S3.3, file master judge whether to generate all files recipient's file encrypted message, if then enter step S4; If not, return step S3.1.
5. according to claim 3 or 4 described a kind of file encryption and distribution methods, it is characterized in that described rivest, shamir, adelman is RSA cryptographic algorithms or ECC cryptographic algorithm based on digital certificate.
6. according to claim 1 described a kind of file encryption and distribution method, it is characterized in that described step S4, the source file that needs are encrypted carry out being written to successively in the new file behind the block encryption, specifically are meant based on digital certificate:
The file main root is according to the symmetric encipherment algorithm that will use, source file is divided into groups, when if the not enough composition one of last grouped data of source file divides into groups, then make last grouping consistent with other grouped data length in the terminal zero padding of data, the file master encrypts each grouping by symmetric encipherment algorithm;
The file master is appended to the physical length value of last group of source file in the new file, and each grouping after encrypting is write in the new file successively.
7. according to claim 6 described a kind of file encryption and distribution method, it is characterized in that described step S4, the source file that needs are encrypted carry out being written to successively in the new file behind the block encryption, specifically may further comprise the steps based on digital certificate:
S4.1, file master are the length value that unit obtains source file with the byte, calculate the mould of source file length value and m, and the result is appended to during new file connects, and enter step S4.2;
S4.2, file master judge that whether source file length is 0, if be not 0, then enters step S4.3; If be 0, then jump to step S5;
S4.3, file master read the preceding m byte data of source file, when the not enough m byte of data, terminal zero padding makes its length just in time be the m byte, use the file encryption password among the step S1, by symmetric encipherment algorithm this m byte data is encrypted, result after encrypting is appended in the new file, enters step S4.4;
S4.4, file master judge whether untreated residue file size is 0 in the source file, if be not 0, then enters step S4.5; If be 0, then jump to step S5;
S4.5, file master read ensuing m byte data, when the not enough m byte of data, make its length just in time be the m byte in the terminal zero padding of data, use the file encryption password among the step S1, by symmetric encipherment algorithm this m byte data is encrypted, result after encrypting is appended in the new file, is back to step S4.4.
8. according to claim 7 described a kind of file encryption and distribution method, it is characterized in that based on digital certificate, the original length of each grouping when described m represents block encryption, the m value is by the symmetric encipherment algorithm decision of being adopted.
9. described according to Claim 8 a kind of file encryption and distribution method based on digital certificate is characterized in that, if adopt the AES cryptographic algorithm, then the m value is 16.
10. according to claim 6 or 7 or 8 described a kind of file encryption and distribution methods, it is characterized in that described symmetric encipherment algorithm is one or more among DES, 3DES, RC4, RC5 and the Blowfish based on digital certificate.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102758171A CN101938481A (en) | 2010-09-06 | 2010-09-06 | File encryption and distribution method based on digital certificate |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102758171A CN101938481A (en) | 2010-09-06 | 2010-09-06 | File encryption and distribution method based on digital certificate |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101938481A true CN101938481A (en) | 2011-01-05 |
Family
ID=43391611
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010102758171A Pending CN101938481A (en) | 2010-09-06 | 2010-09-06 | File encryption and distribution method based on digital certificate |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101938481A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103324891A (en) * | 2013-05-10 | 2013-09-25 | 四川省林业调查规划院 | Stand growth and yield model dynamic management method based on encryption technique |
| CN106487761A (en) * | 2015-08-28 | 2017-03-08 | 华为终端(东莞)有限公司 | A kind of method for message transmission and the network equipment |
| CN108718312A (en) * | 2018-05-22 | 2018-10-30 | 朱小军 | A kind of online encryption method of file |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1558594A (en) * | 2004-01-14 | 2004-12-29 | 哈尔滨工业大学 | Method of handling secrecy, authentication, authority management and dispersion control for electronic files |
| WO2008087734A1 (en) * | 2007-01-19 | 2008-07-24 | Mitsubishi Electric Corporation | Cryptogram generating device, cryptogram communication system, and group parameter generating device |
| CN101594228A (en) * | 2009-07-02 | 2009-12-02 | 西安电子科技大学 | Authentication encryption method between certificate public key cryptosyst and the identity public key system |
-
2010
- 2010-09-06 CN CN2010102758171A patent/CN101938481A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1558594A (en) * | 2004-01-14 | 2004-12-29 | 哈尔滨工业大学 | Method of handling secrecy, authentication, authority management and dispersion control for electronic files |
| WO2008087734A1 (en) * | 2007-01-19 | 2008-07-24 | Mitsubishi Electric Corporation | Cryptogram generating device, cryptogram communication system, and group parameter generating device |
| CN101594228A (en) * | 2009-07-02 | 2009-12-02 | 西安电子科技大学 | Authentication encryption method between certificate public key cryptosyst and the identity public key system |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103324891A (en) * | 2013-05-10 | 2013-09-25 | 四川省林业调查规划院 | Stand growth and yield model dynamic management method based on encryption technique |
| CN106487761A (en) * | 2015-08-28 | 2017-03-08 | 华为终端(东莞)有限公司 | A kind of method for message transmission and the network equipment |
| CN108718312A (en) * | 2018-05-22 | 2018-10-30 | 朱小军 | A kind of online encryption method of file |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11664984B2 (en) | Method and system for secure distribution of selected content to be protected on an appliance-specific basis with definable permitted associated usage rights for the selected content | |
| US11868447B2 (en) | Method and system for secure distribution of selected content to be protected | |
| KR101656434B1 (en) | Secure data cache | |
| US8619982B2 (en) | Method and system for secure distribution of selected content to be protected on an appliance specific basis | |
| JP4256415B2 (en) | ENCRYPTION DEVICE, DECRYPTION DEVICE, INFORMATION SYSTEM, ENCRYPTION METHOD, DECRYPTION METHOD, AND PROGRAM | |
| US20080016372A1 (en) | Method, apparatus, and program product for revealing redacted information | |
| US20090116643A1 (en) | Encryption apparatus, decryption apparatus, and cryptography system | |
| US20110145576A1 (en) | Secure method of data transmission and encryption and decryption system allowing such transmission | |
| CN105117635B (en) | A kind of safety system and method for local data | |
| GB2484382A (en) | Generating a test database for testing applications by applying format-preserving encryption to a production database | |
| Park et al. | Research on Note-Taking Apps with Security Features. | |
| CN101641701A (en) | Device and method for digital processing management of content so as to enable an imposed work flow | |
| CN103729603B (en) | A kind of secure file management system and method for supporting that read-write separates | |
| CN104794243B (en) | Third party's cipher text retrieval method based on filename | |
| CN113343255A (en) | Data interaction method based on privacy protection | |
| CN101938481A (en) | File encryption and distribution method based on digital certificate | |
| CN109302400B (en) | Asset password exporting method for operation and maintenance auditing system | |
| JP4569593B2 (en) | Encryption communication system, encryption communication method, encryption device, and decryption device | |
| CN108737443B (en) | Method for hiding mail address based on cryptographic algorithm | |
| KR100910303B1 (en) | Data encryption and decryption apparatus using variable code table and method thereof | |
| CN116108410A (en) | Identity credential generation method and device | |
| TW201145959A (en) | System and method of securing data suitable for encrypted file sharing and key recovery | |
| JP5304736B2 (en) | Cryptographic communication system, cryptographic communication method, and decryption device | |
| JP2020043465A (en) | Computer-readable recording medium in which program for causing computer to function is recorded, which is used in virtual currency transaction system using virtual currency | |
| CN102023985A (en) | Method and device for generating blind mixed invert index table as well as method and device for searching joint keywords |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20110105 |