CN104657670A - Data encryption based safety use method of configuration file - Google Patents
Data encryption based safety use method of configuration file Download PDFInfo
- Publication number
- CN104657670A CN104657670A CN201310585315.2A CN201310585315A CN104657670A CN 104657670 A CN104657670 A CN 104657670A CN 201310585315 A CN201310585315 A CN 201310585315A CN 104657670 A CN104657670 A CN 104657670A
- Authority
- CN
- China
- Prior art keywords
- configuration file
- property value
- encryption
- read
- sign bit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
Abstract
The invention relates to the technical field of application security, and specifically discloses a data encryption based safety use method of configuration file. The method comprises the steps of reading plaintexts of the configuration file; respectively determining whether the read plaintexts include identifiers; if so, reading the property value of the configuration file; encrypting the property value through an asymmetric key, a symmetric key or a certificate; backfilling the encrypted data in the property value to the plaintexts of the original configuration file to cover; adding the predefined sign bit as a marker of the encrypted configuration file; performing the following steps; if not so and that the property value of the read configuration file includes the predefined sign bit during use, identifying the configuration file into ciphertexts, and decrypting the property value for use; if the predefined sign bit cannot be read during use, directly using the configuration file, and repeatedly encrypting the property value. According to the method, the encrypting mode is set to protect the sensitive information in the configuration file, and the configuration file can be conveniently modified.
Description
Technical field
The present invention relates to application safety technical field, especially relate to a kind of configuration file safe handling method based on data encryption.
Background technology
Configuration file is can the file of set information for preserving some in software.User profile is exactly when user logs in computer, or user is when using software.Software systems will load the setting of required environment and the set of file for user.It comprises the special configuration of all users and arranges, and as procedural item, screen color, network connects, printer connects, mouse is arranged and the size of window and position etc.Configuration file is preserved mainly with the form of plaintext or ciphertext; Expressly refer to before encryption can the information of direct reading.The information of not directly reading after ciphertext refers to encryption.Configuration file is deposited with the form of plaintext version or overall encryption usually.
In prior art there is following defect in configuration file: the configuration file expressly deposited easily is understood identification by people, thus obtained by sensitive information wherein.The configuration file amendment that ciphertext is deposited is cumbersome, can only be modified by external program.
How can sensitive information both in relaying configuration file, configuration file can be revised easily again, also not have effective scheme to solve the problems referred to above at present.
Summary of the invention
Technical matters solved by the invention is to provide a kind of configuration file safe handling method based on data encryption, by arranging the sensitive information of cipher mode both in relaying configuration file, can revise configuration file easily again.
In order to solve the problems of the technologies described above, the invention provides a kind of configuration file safe handling method based on data encryption, comprising:
S1: the plaintext reading configuration file;
S2: the described plaintext in the described configuration file read is judged whether one by one containing identifier;
If there is described identifier, then carry out following step S3.a.1 and S3.a.2;
If there is not described identifier, then carry out following step S3.b;
S3.a.1: the property value reading described configuration file, uses unsymmetrical key, symmetric key or certificate to be encrypted described property value;
S3.a.2: the data division in the described property value of encryption is backfilling in the plaintext of former described configuration file and covers, and add the mark of predefined sign bit as the described configuration file after encryption; Carry out following step S3.b;
S3.b: if the property value read during use in described configuration file comprises described predefined sign bit, then identifying this is ciphertext, deciphers described property value and uses;
S4: if read less than described predefined sign bit during use, directly use described configuration file, and encryption is repeated to described property value, namely return step S3.a.1.
Preferably, described configuration file supports the properties configuration file of Java language.
Be more preferably, in described step S3.a.1, when reading the property value of described configuration file, use symmetric key to be encrypted described property value.
Be more preferably, in described step S3.b, the process of described deciphering is: 1. load described configuration file; 2. the described property value of described configuration file is read; 3. judge whether described property value is level of confidentiality field: if with the mark ENC of predefine encrypted fields for beginning, then think ciphertext, use key to be decrypted; If do not start with described ENC, then think expressly, use secret key encryption and the value of encryption added the prefix of ENC.
Wherein, described ENC is the mark of system predefine encrypted fields, and it is actual is the abbreviation of encrypt (encryption).
Wherein, described Java is a kind of object oriented program language can writing cross-platform software, it is the general name of java applet design language and the Java platform (i.e. JavaSE, JavaEE, JavaME) released May nineteen ninety-five by Sun Microsystems company.Java technology has remarkable versatility, high efficiency, platform transplantation and security, be widely used in individual PC, data center, game console, science supercomputer, mobile phone and internet, have developer's specialty community that the whole world is maximum simultaneously.Global cloud calculate and mobile Internet industrial environment under, Java has had more significant advantage and bright prospects standby.
Wherein, described properties and XML is similar, as configuration file, therefrom can read the file of needs.Such as multilingual, safety inspection field etc. can be write in properties file.
The present invention compared with prior art, has following beneficial effect:
The present invention is by being need in configuration file expressly to ensure that the field of safety is encrypted to field, and for the level of security of system is reinforced, protect sensitive data, and use mark to mark encrypted configuration file, convenient next time uses; There is the effect can playing encipherment protection to configuration file sensitive data section, directly can revise configuration file easily simultaneously.
Accompanying drawing explanation
What Fig. 1 was exemplary shows schematic flow sheet of the present invention.
Embodiment
Technical matters solved for a better understanding of the present invention, the technical scheme provided, below in conjunction with drawings and Examples, be further elaborated to the present invention.Specific embodiment described herein only in order to explain enforcement of the present invention, but is not intended to limit the present invention.
In a preferred embodiment, what Fig. 1 was exemplary shows a kind of configuration file based on data encryption safe handling method flow schematic diagram; Comprise;
Read the plaintext of configuration file; Described plaintext in the described configuration file read is judged whether one by one containing identifier; A.1 and a.2 if there is described identifier, then following step is carried out; If there is not described identifier, then carry out following step b; A.1: the property value reading described configuration file, unsymmetrical key, symmetric key or certificate is used to be encrypted described property value; : the data division in the described property value of encryption is backfilling in the plaintext of former described configuration file and covers, and add the mark of predefined sign bit as the described configuration file after encryption a.2; Carry out following step b; B: if the property value read during use in described configuration file comprises described predefined sign bit, then identifying this is ciphertext, deciphers described property value and uses; If read less than described predefined sign bit during use, directly use described configuration file, and encryption is repeated to described property value, namely return step a.1.
In the embodiment be more preferably, described configuration file supports the properties configuration file of Java language.
In the embodiment be more preferably, described step a.1 in, when reading the property value of described configuration file, use symmetric key described property value is encrypted.
In the embodiment be more preferably, in described step b, the process of described deciphering is: 1. load described configuration file; 2. the described property value of described configuration file is read; 3. judge whether described property value is level of confidentiality field: if with the mark ENC of predefine encrypted fields for beginning, then think ciphertext, use key to be decrypted; If do not start with described ENC, then think expressly, use secret key encryption and the value of encryption added the prefix of ENC.
In specific embodiment:
System comprises following configuration file:
#Property:server.database-user
#The database user to connect as.
server.database-user=cloudsocadmin
#Property:server.database-password
#The database user’s password.
server.database-password=ENC(S16VGhDrHAG3dnsHn00zKewmO1DlFDwq)
Note:
1) No. # represents annotation, does not namely carry out any process with the row system of No. # beginning;
2)=segmentation front and back two parts ,=number before be attribute-name, afterwards be above-described property value;
In the present embodiment, attribute is called the property value of server.database-password, scheduled adopted secret identifier marked, then its property value is ciphertext ENC (S16VGhDrHAG3dnsHn00zKewmO1DlFDwq), the part of taking off its ENC () is then net result and the S16VGhDrHAG3dnsHn00zKewmO1DlFDwq of its actual value secret, system gets final ciphertext, the key kept then is used to be decrypted the final form of formation property value=plaintext, for system is used.
But the present invention is directed to existing configuration file field be expressly need to ensure that the field of safety is encrypted, for the level of security of system is reinforced, existing a lot of system all needs.
Certificate is a kind of symbol of authentication, is similar to the I.D. that people commonly use, but it has and additionally contains pair of secret keys, and it can be used to carry out encryption and decryption, but is not mainly used in encryption and decryption; This programme only will to encrypt in a part of system usually unheeded little details, as the password field in CONFIG.SYS.Use the somewhat underemployed sensation of certificate; And the function of the authentication that certificate is main does not need to be embodied in encryption and decryption.A bit in certificate, gather around that to have plenty of a pair unsymmetrical key be exactly A-key encryption in addition, B secret key decryption.This programme is without the need to using this kind of complicated mode; This programme uses asymmetric encryption.
In the configuration file of existing certain applications system, password is all directly expressly preserve, the password of such as DataBase combining, if this system is slightly understood the acquisition of program by one, it just can find password directly to sign in in database, in order to avoid this part problem, in order to by safe penetration each little details to system, this programme application and giving birth to, does not let slip any dead angle.
The present invention is described in detail in preferred embodiment above by concrete; but those skilled in the art should be understood that; the present invention is not limited to the above embodiment; all within ultimate principle of the present invention; any amendment of doing, combination and equivalent replacement etc., be all included within protection scope of the present invention.
Claims (4)
1. one kind based on the configuration file safe handling method of data encryption, it is characterized in that, comprising:
S1: the plaintext reading configuration file;
S2: the described plaintext in the described configuration file read is judged whether one by one containing identifier;
If there is described identifier, then carry out following step S3.a.1 and S3.a.2;
If there is not described identifier, then carry out following step S3.b;
S3.a.1: the property value reading described configuration file, uses unsymmetrical key, symmetric key or certificate to be encrypted described property value;
S3.a.2: the data division in the described property value of encryption is backfilling in the plaintext of former described configuration file and covers, and add the mark of predefined sign bit as the described configuration file after encryption; Carry out following step S3.b;
S3.b: if the property value read during use in described configuration file comprises described predefined sign bit, then identifying this is ciphertext, deciphers described property value and uses;
S4: if read less than described predefined sign bit during use, directly use described configuration file, and encryption is repeated to described property value, namely return step S3.a.1.
2. the configuration file safe handling method based on data encryption according to claim 1, is characterized in that, described configuration file supports the properties configuration file of Java language.
3. the configuration file safe handling method based on data encryption according to claim 1, is characterized in that, in described step S3.a.1, when reading the property value of described configuration file, uses symmetric key to be encrypted described property value.
4. the configuration file safe handling method based on data encryption according to claim 1, is characterized in that, in described step S3.b, the process of described deciphering is: 1. load described configuration file; 2. the described property value of described configuration file is read; 3. judge whether described property value is level of confidentiality field: if with the mark ENC of predefine encrypted fields for beginning, then think ciphertext, use key to be decrypted; If do not start with described ENC, then think expressly, use secret key encryption and the value of encryption added the prefix of ENC.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310585315.2A CN104657670A (en) | 2013-11-19 | 2013-11-19 | Data encryption based safety use method of configuration file |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310585315.2A CN104657670A (en) | 2013-11-19 | 2013-11-19 | Data encryption based safety use method of configuration file |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104657670A true CN104657670A (en) | 2015-05-27 |
Family
ID=53248780
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310585315.2A Pending CN104657670A (en) | 2013-11-19 | 2013-11-19 | Data encryption based safety use method of configuration file |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104657670A (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105141643A (en) * | 2015-10-26 | 2015-12-09 | 南威软件股份有限公司 | Document encryption management method and device |
| CN106060806A (en) * | 2016-05-24 | 2016-10-26 | 中国科学院信息工程研究所 | Public/secret communication identification method applicable to circuit domain encrypted communication |
| CN106648791A (en) * | 2016-12-29 | 2017-05-10 | 成都多沐汽车工程有限公司 | Data loading method and device |
| CN106874781A (en) * | 2015-12-11 | 2017-06-20 | 阿里巴巴集团控股有限公司 | A kind of tables of data encryption method and server |
| CN109190385A (en) * | 2018-07-27 | 2019-01-11 | 广东九联科技股份有限公司 | A kind of file encrypting method of law-enforcing recorder |
| CN109542899A (en) * | 2018-10-31 | 2019-03-29 | 桂林金发明科技开发有限公司 | A kind of data method for automatically inputting and system based on target symbol |
| CN109889372A (en) * | 2019-01-21 | 2019-06-14 | 杭州迪普科技股份有限公司 | Obtain method, apparatus, equipment and the storage medium of configuration information |
| CN110704863A (en) * | 2019-08-23 | 2020-01-17 | 深圳市随手科技有限公司 | Configuration information processing method and device, computer equipment and storage medium |
| CN112016102A (en) * | 2019-05-30 | 2020-12-01 | 中移(苏州)软件技术有限公司 | Parameter configuration method and device and computer readable storage medium |
| CN112306582A (en) * | 2020-12-08 | 2021-02-02 | 树根互联技术有限公司 | Configuration variable encryption and decryption method and device, computer equipment and readable storage medium |
| CN112632590A (en) * | 2021-01-04 | 2021-04-09 | 深圳市亿联无限科技有限公司 | Automatic encryption and decryption method and device for database parameters of embedded terminal equipment |
| CN113032806A (en) * | 2021-03-23 | 2021-06-25 | 中国邮政储蓄银行股份有限公司 | File processing method and device, storage medium and electronic device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102572750A (en) * | 2011-12-26 | 2012-07-11 | 中兴通讯股份有限公司 | Method and terminal for protecting short messages |
| US20130019111A1 (en) * | 2010-03-31 | 2013-01-17 | British Telecommunications Public Limited Company | Secure data recorder |
| CN103336929A (en) * | 2012-03-12 | 2013-10-02 | 国际商业机器公司 | Method and system for encrypted file access |
-
2013
- 2013-11-19 CN CN201310585315.2A patent/CN104657670A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130019111A1 (en) * | 2010-03-31 | 2013-01-17 | British Telecommunications Public Limited Company | Secure data recorder |
| CN102572750A (en) * | 2011-12-26 | 2012-07-11 | 中兴通讯股份有限公司 | Method and terminal for protecting short messages |
| CN103336929A (en) * | 2012-03-12 | 2013-10-02 | 国际商业机器公司 | Method and system for encrypted file access |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105141643A (en) * | 2015-10-26 | 2015-12-09 | 南威软件股份有限公司 | Document encryption management method and device |
| CN106874781A (en) * | 2015-12-11 | 2017-06-20 | 阿里巴巴集团控股有限公司 | A kind of tables of data encryption method and server |
| CN106060806A (en) * | 2016-05-24 | 2016-10-26 | 中国科学院信息工程研究所 | Public/secret communication identification method applicable to circuit domain encrypted communication |
| CN106060806B (en) * | 2016-05-24 | 2019-06-25 | 中国科学院信息工程研究所 | A kind of bright close communication identification method suitable for circuit domain coded communication |
| CN106648791B (en) * | 2016-12-29 | 2019-11-05 | 成都多沐汽车工程有限公司 | Data load method and device |
| CN106648791A (en) * | 2016-12-29 | 2017-05-10 | 成都多沐汽车工程有限公司 | Data loading method and device |
| CN109190385A (en) * | 2018-07-27 | 2019-01-11 | 广东九联科技股份有限公司 | A kind of file encrypting method of law-enforcing recorder |
| CN109542899A (en) * | 2018-10-31 | 2019-03-29 | 桂林金发明科技开发有限公司 | A kind of data method for automatically inputting and system based on target symbol |
| CN109889372A (en) * | 2019-01-21 | 2019-06-14 | 杭州迪普科技股份有限公司 | Obtain method, apparatus, equipment and the storage medium of configuration information |
| CN112016102A (en) * | 2019-05-30 | 2020-12-01 | 中移(苏州)软件技术有限公司 | Parameter configuration method and device and computer readable storage medium |
| CN110704863A (en) * | 2019-08-23 | 2020-01-17 | 深圳市随手科技有限公司 | Configuration information processing method and device, computer equipment and storage medium |
| CN110704863B (en) * | 2019-08-23 | 2021-11-26 | 深圳市铭数信息有限公司 | Configuration information processing method and device, computer equipment and storage medium |
| CN112306582A (en) * | 2020-12-08 | 2021-02-02 | 树根互联技术有限公司 | Configuration variable encryption and decryption method and device, computer equipment and readable storage medium |
| CN112632590A (en) * | 2021-01-04 | 2021-04-09 | 深圳市亿联无限科技有限公司 | Automatic encryption and decryption method and device for database parameters of embedded terminal equipment |
| CN113032806A (en) * | 2021-03-23 | 2021-06-25 | 中国邮政储蓄银行股份有限公司 | File processing method and device, storage medium and electronic device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104657670A (en) | Data encryption based safety use method of configuration file | |
| CN104486315B (en) | A kind of revocable key outsourcing decryption method based on contents attribute | |
| CN103457733B (en) | A kind of cloud computing environment data sharing method and system | |
| Gupta et al. | Layer-based privacy and security architecture for cloud data sharing | |
| CN108712412B (en) | Database encryption and decryption methods and devices, storage medium and terminal | |
| CN109728902A (en) | Key management method, equipment, storage medium and device | |
| WO2021012548A1 (en) | Blockchain-based data processing method and system, and electronic apparatus and storage medium | |
| US9608811B2 (en) | Managing access to a secure digital document | |
| CN103378971B (en) | A kind of data encryption system and method | |
| EP3732609A1 (en) | Secure crypto system attributes | |
| CN106022155A (en) | Method and server for security management in database | |
| CN109829333B (en) | OpenID-based key information protection method and system | |
| CN110704854B (en) | Stream type encryption method aiming at text data reserved format | |
| CN104618096A (en) | Method and device for protecting secret key authorized data, and TPM (trusted platform module) secrete key management center | |
| CN106992851A (en) | TrustZone-based database file password encryption and decryption method and device and terminal equipment | |
| CN104463019B (en) | The encipher-decipher method of electronic document | |
| CN105468940A (en) | Software protection method and apparatus | |
| CN110378138A (en) | Data encryption, decryption method and neural network training method and equipment | |
| US8972747B2 (en) | Managing information in a document serialization | |
| CN109510702A (en) | A method of it key storage based on computer characteristic code and uses | |
| CN106330934A (en) | Distributed database system authority management method and device | |
| US10341110B2 (en) | Securing user credentials | |
| CN107493287A (en) | Industry control network data security system | |
| CN103745170A (en) | Processing method and device for disk data | |
| CN103491384B (en) | Encrypting method and device of video and decrypting method and device of video |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150527 |