CN107733646A - Encryption method, decryption method and encrypting and decrypting system - Google Patents

Encryption method, decryption method and encrypting and decrypting system Download PDF

Info

Publication number
CN107733646A
CN107733646A CN201711234946.4A CN201711234946A CN107733646A CN 107733646 A CN107733646 A CN 107733646A CN 201711234946 A CN201711234946 A CN 201711234946A CN 107733646 A CN107733646 A CN 107733646A
Authority
CN
China
Prior art keywords
content
key
multiple recipients
certpubkey
decrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711234946.4A
Other languages
Chinese (zh)
Inventor
齐霄
周晓龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN201711234946.4A priority Critical patent/CN107733646A/en
Publication of CN107733646A publication Critical patent/CN107733646A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a kind of encryption method, decryption method and encrypting and decrypting system.The encryption method includes:Content key is encrypted using the CertPubKey of multiple recipients, generates encryption key corresponding to multiple recipients;It is encrypted using content key to sent content, generates encrypted content;Ciphering signature is generated according to the summary info of the content;According to encryption key, the ciphering signature and encrypted content generation digital envelope corresponding to information bit, the multiple recipient, described information position includes the quantity of the recipient;The digital envelope is sent to multiple recipients.The present invention realizes to multiple recipients and sends same digital envelope, without making multiple digital envelopes, so as to reduce generation and send the complexity of digital envelope.

Description

Encryption method, decryption method and encrypting and decrypting system
Technical field
The present invention relates to communication technical field, more particularly to a kind of encryption method, decryption method and encrypting and decrypting system.
Background technology
Digital envelope is one of public-key cryptosystem (Public Key Infrastructure, abbreviation PKI) in practice Individual application, it ensures that only defined specific receiver could read the content of communication by encryption technology.
In existing encryption technology, digital envelope is corresponding single recipient.If desired by identical content-encrypt , it is necessary to make multiple digital envelopes in the case of being sent to multiple recipients, so as to add generation and send digital envelope Complexity.
The content of the invention
The present invention provides a kind of encryption method, decryption method and encrypting and decrypting system, for reducing generation and sending numeral The complexity of envelope.
To achieve the above object, the invention provides a kind of encryption method, including:
Content key is encrypted using the CertPubKey of multiple recipients, it is close to generate encryption corresponding to multiple recipients Key;
It is encrypted using content key to sent content, generates encrypted content;
Ciphering signature is generated according to the summary info of the content;
According to encryption key, the ciphering signature and encrypted content life corresponding to information bit, the multiple recipient Into digital envelope, described information position includes the quantity of the recipient;
The digital envelope is sent to multiple recipients.
Alternatively, content key is encrypted the CertPubKey using multiple recipients, generates multiple recipients Include before corresponding encryption key:
Whether inquiry is local is stored with the CertPubKey;
If judging to be stored with the CertPubKey, the CertPubKey using multiple recipients is performed to content key It is encrypted, the step of generating encryption key corresponding to multiple recipients;
If judging not to be stored with the CertPubKey, the CertPubKey of multiple recipients is obtained from KMC.
Alternatively, the CertPubKey that multiple recipients are obtained from KMC includes:
CertPubKey is sent to KMC and obtains request, and the CertPubKey, which obtains request, includes multiple recipients Identity;
Receive the corresponding CertPubKey of the identity with each recipient that the KMC returns.
To achieve the above object, the invention provides a kind of decryption method, including:
The digital envelope that sender sends is received, the digital envelope includes information bit, the corresponding encryption of multiple recipients Key, ciphering signature and encrypted content, described information position include the quantity of recipient;
The encryption key of multiple recipients is decrypted successively according to the private key of itself and described information position, until drawing Content key;
The encrypted content is decrypted using the content key, draws content;
The ciphering signature is decrypted using the content key, generation signature result;
The content is carried out to calculate generation Hash Value;
Sign test is carried out to Hash Value using signature result, if sign test success, determines that content is correct.
Alternatively, it is described that the encryption key of multiple recipients is decrypted successively according to decrypted private key, until in drawing Holding key includes:
First encryption key is decrypted using the private key of itself, content key is obtained if successful decryption;
Counter is carried out if failure is decrypted plus 1 is handled, and next encryption key is carried out using the private key of itself Decryption, draws content key if successful decryption;
Judge that the counter is less than or equal to described information position if failure is decrypted, the counter is less than if judging Described information position, then continue executing with the step of next decruption key is decrypted the private key using itself;If judge Go out the counter and be equal to described information position, then flow terminates.
To achieve the above object, the invention provides a kind of encrypting and decrypting system, including:Sender and recipient;
Described sender, for content key to be encrypted using the CertPubKey of multiple recipients, generation is multiple to be connect Encryption key corresponding to debit;It is encrypted using content key to sent content, generates encrypted content;According to described interior The summary info generation ciphering signature of appearance;According to encryption key, the ciphering signature corresponding to information bit, the multiple recipient Digital envelope is generated with the encrypted content, described information position includes the quantity of the recipient;Institute is sent to multiple recipients State digital envelope;
The recipient, for receiving the digital envelope of sender's transmission, the digital envelope includes information bit, Duo Gejie Encryption key, ciphering signature and encrypted content corresponding to debit, described information position include the quantity of recipient;According to the private of itself The encryption key of multiple recipients is decrypted successively for key and described information position, until drawing content key;Using described interior Hold key the encrypted content is decrypted, draw content;The ciphering signature is decrypted using the content key, Generation signature result;The content is carried out to calculate generation Hash Value;Sign test is carried out to Hash Value using signature result, if sign test Success, determines that content is correct.
Alternatively, in addition to:KMC;
Described sender is additionally operable to whether inquiry is local is stored with the CertPubKey;If judge to be stored with the certificate Public key, perform the CertPubKey using multiple recipients and content key is encrypted, generate corresponding to multiple recipients The step of encryption key;If judging not to be stored with the CertPubKey, the card of multiple recipients is obtained from KMC Book public key;
The KMC is used for the CertPubKey that multiple recipients are sent to described sender.
Alternatively, described sender is specifically used for sending CertPubKey acquisition request, the certificate to KMC Public key acquisition asks the identity for including multiple recipients;Receive that the KMC returns with each recipient's CertPubKey corresponding to the identity.
Alternatively, the recipient is specifically used for first encryption key is decrypted using the private key of itself, if solution Close success then obtains content key;Counter is carried out if failure is decrypted plus 1 is handled, and using the private key of itself to next Encryption key is decrypted, and content key is drawn if successful decryption;Judge that the counter is less than or waited if failure is decrypted In described information position, if judging, the counter is less than described information position, continues executing with the private key pair using itself The step of next decruption key is decrypted;If judging, the counter is equal to described information position, and flow terminates.
Beneficial effects of the present invention:
In the technical scheme of encryption method provided by the present invention, decryption method and encrypting and decrypting system, in digital envelope The digital envelope is sent including encryption key corresponding to multiple recipients, and to multiple recipients, is realized to multiple recipients Same digital envelope is sent, without making multiple digital envelopes, so as to reduce generation and send the complexity of digital envelope.
Brief description of the drawings
Fig. 1 is a kind of flow chart for encryption method that the embodiment of the present invention one provides;
Fig. 2 is a kind of flow chart for decryption method that the embodiment of the present invention two provides;
Fig. 3 is a kind of flow chart for encrypting and decrypting method that the embodiment of the present invention three provides;
Fig. 4 is the schematic diagram of digital envelope in embodiment three;
Fig. 5 is the flow chart that content key is drawn in embodiment three;
Fig. 6 is a kind of structural representation for encrypting and decrypting system that the embodiment of the present invention four provides.
Embodiment
To make those skilled in the art more fully understand technical scheme, the present invention is carried below in conjunction with the accompanying drawings Encryption method, decryption method and the encrypting and decrypting system of confession are described in detail.
Fig. 1 is a kind of flow chart for encryption method that the embodiment of the present invention one provides, as shown in figure 1, this method includes:
Step 101, using the CertPubKey of multiple recipients content key is encrypted, it is corresponding to generate multiple recipients Encryption key.
Each step is performed by sender in the present embodiment.
Step 102, it is encrypted to sent content using content key, generates encrypted content.
Step 103, according to the summary info of the content generate ciphering signature.
Step 104, according to corresponding to information bit, the multiple recipient encryption key, the ciphering signature and it is described plus Close content generates digital envelope, and described information position includes the quantity of the recipient.
Step 105, to multiple recipients send the digital envelope.
In the encryption method that the present embodiment provides, digital envelope includes encryption key corresponding to multiple recipients, and to Multiple recipients send the digital envelope, realize to multiple recipients and send same digital envelope, without making more numbers Word envelope, so as to reduce generation and send the complexity of digital envelope.
Fig. 2 is a kind of flow chart for decryption method that the embodiment of the present invention two provides, as shown in Fig. 2 this method includes:
Step 201, the digital envelope that sender sends is received, the digital envelope includes information bit, multiple recipients couple Encryption key, ciphering signature and the encrypted content answered, described information position include the quantity of recipient.
Each step is performed by recipient in the present embodiment.
Step 202, according to the private key of itself and described information position the encryption key of multiple recipients is decrypted successively, Until drawing content key.
Step 203, using the content key encrypted content is decrypted, draws content.
Step 204, using the content key ciphering signature is decrypted, generation signature result.
Step 205, the content is carried out to calculate generation Hash Value.
Step 206, using signing, result carries out sign test to Hash Value, if sign test success, performs step 207;If sign test Failure, then perform step 208.
Step 207, determine that the content is correct, flow terminates.
Step 208, the content false is determined, flow terminates.
In the decryption method that the present embodiment provides, digital envelope includes encryption key corresponding to multiple recipients, multiple Recipient receives the digital envelope, realizes to multiple recipients and sends same digital envelope, without making multiple numerals Envelope, so as to reduce generation and send the complexity of digital envelope.
Fig. 3 is a kind of flow chart for encrypting and decrypting method that the embodiment of the present invention three provides, as shown in figure 3, this method bag Include:
Whether step 301, sender inquire about locally is stored with CertPubKey, if it is not, then performing step 302;If so, then hold Row step 303.
Step 302, sender obtain the CertPubKey of multiple recipients from KMC.
Specifically, step 302 includes:
Step 3021, sending direction KMC (Key Manage Center, abbreviation KMC) send key and obtained Request, the cipher key acquisition request include the identity of multiple recipients.
In the present embodiment, the identity (Secure ID) of recipient is the identity of recipient, and it can be used for unique Identify recipient.Such as:The identity of each recipient may include phone number or ID card No. etc..
Step 3022, KMC inquire the identity with each recipient according to the identity of each recipient CertPubKey corresponding to mark.
Step 3023, KMC return to certificate public affairs corresponding with the identity of each recipient to sender Key.
Content key is encrypted using the CertPubKey of multiple recipients by step 303, sender, generates multiple receptions Encryption key corresponding to side.
Specifically, sender is close to content by rivest, shamir, adelman (SM2) using the CertPubKey of each recipient Key is encrypted, so as to generate encryption key corresponding to each recipient.Wherein, encryption key corresponding to multiple recipients is distinguished It is expressed as " enkey1 ... enkeyn ".
Step 304, sender are encrypted using content key to sent content, generate encrypted content.
In the present embodiment, sender can randomly generate the content key of a symmetric encipherment algorithm (SM1), and by symmetrical Generation encrypted content is encrypted to sent content using content key in AES.Wherein, content key is expressed as " key ", content representation to be sent are " content ", and encrypted content is expressed as " encontent ".
Step 305, sender generate ciphering signature according to the summary info of content.
This step specifically may include:
Step 3051, sender to content calculate the summary info of generation content.
Specifically, send hair to content can calculate the summary info of generation content by hash algorithm (SM3).Its In, summary info is represented by " hash ".
Step 3052, sender carry out signature calculation, generation signature result to summary info using the private key of itself.
Specifically, sender can be signed by asymmetric arithmetic (SM2) using the private key of sender to summary info Calculate, generation signature result.Wherein, signature result is represented by " signature ".
Signature result is encrypted using content key by step 3053, sender, generates ciphering signature.
Specifically, signature result is encrypted using content key by symmetric encipherment algorithm (SM1) by sender, is generated Ciphering signature.
Wherein, ciphering signature is represented by " encsignature ".
Step 306, encryption key, ciphering signature and encrypted content generation number according to corresponding to information bit, multiple recipients Word envelope, information bit include the quantity of recipient.
In the present embodiment, information bit can be used for the quantity for representing recipient, therefore can be set according to the quantity of recipient Put.
Fig. 4 is the schematic diagram of digital envelope in embodiment three, as shown in figure 4, will add corresponding to information bit, multiple recipients Key, ciphering signature and encrypted content are assembled, and draw digital envelope.Digital envelope includes information bit Encryption key " enkey1 ... enkeyn ", ciphering signature corresponding to " information ", multiple recipients " encsignature " and encrypted content " content ".
According to national commercial cipher algorithm, the encrypted result of symmetric encipherment algorithm (SM1) is consistent with original text length, symmetrical to add The key length of close algorithm (SM1) is 16 bytes;The encrypted result of rivest, shamir, adelman (SM2) increases by 97 bytes than original text; The signature result length of rivest, shamir, adelman (SM2) is 64 bytes;The result of calculation length of hash algorithm (SM3) is 32 words Section.So " information " length is 4 bytes, " enkey1 ... enkeyn " length is quantity × (16+ of recipient 97) byte, " encsignature " length are 64 bytes, and " enccontent " length is content-length.
The multiple recipients of step 307, sending direction send digital envelope.
In the present embodiment, sender can send the digital envelope to each recipient in multiple recipients.
In the present embodiment, recipient, can be according to the digital envelope described in step 306 after the digital envelope received In the length of each information obtain each information.For example, four bytes get information bit in the past;From the 5th byte to reception Quantity × (16+97) byte of side gets encryption key corresponding to multiple recipients;It is close from encryption corresponding to multiple recipients The first character section of key to 64 bytes get ciphering signature;From the first character section after ciphering signature to the word of content-length Section gets content.Then subsequent step is performed further according to each information got.
Step 308, recipient solve to the encryption key of multiple recipients successively according to the private key and information bit of itself It is close, until drawing content key.
Fig. 5 is the flow chart that content key is drawn in embodiment three, as shown in figure 5, step 308 includes:
First encryption key is decrypted using the private key of itself by step 3081, recipient, if successful decryption, is held Row step 3082;If decryption failure, performs step 3083.
Step 3082, recipient obtain content key, and flow terminates.
In the present embodiment, if successful decryption, recipient is decrypted using the private key pair encryption key of itself, can be decrypted Go out content key, so that recipient gets content key.Specifically, recipient can pass through rivest, shamir, adelman (SM2) Encryption key is decrypted and draws content key.
Counter is carried out for step 3083, recipient plus 1 processing.
Next decruption key is decrypted using the private key of itself by step 3084, recipient, if successful decryption, is held Row step 3082;If decryption failure, performs step 3085.
Step 3085, recipient judge that counter is less than or equal to information bit, if judging, counter is less than information bit, Perform step 3084;If judging, counter is equal to information bit, and flow terminates.
Encrypted content is decrypted using content key by step 309, recipient, draws content.
Specifically, encrypted content is decrypted by symmetric encipherment algorithm (SM1) by recipient, draws content.
Ciphering signature is decrypted using content key by step 310, recipient, generation signature result.
For example, ciphering signature is decrypted using content key by symmetric encipherment algorithm (SM1) by recipient, label are drawn Name result.
Step 311, recipient carry out calculating generation Hash Value to content.
Specifically, recipient to content can calculate the Hash Value of generation content by hash algorithm (SM3).
Step 312, recipient carry out sign test using signature result to Hash Value, if sign test success, performs step 214; If sign test fails, step 215 is performed.
Step 313, recipient determine that content is correct, and flow terminates.
Step 314, recipient determine content false, and flow terminates.
In this step, recipient determines content false, shows the content invalid that decryption is drawn.
In the encrypting and decrypting method that the present embodiment provides, digital envelope includes encryption key corresponding to multiple recipients, And the digital envelope is sent to multiple recipients, and realize to multiple recipients and send same digital envelope, it is more without making Individual digital envelope, so as to reduce generation and send the complexity of digital envelope.
Fig. 6 is a kind of structural representation for encrypting and decrypting system that the embodiment of the present invention four provides, as shown in fig. 6, this is System includes:Sender 1 and recipient 2.
Sender 1 is used to content key be encrypted using the CertPubKey of multiple recipients, generates multiple recipients Corresponding encryption key;It is encrypted using content key to sent content, generates encrypted content;According to the content Summary info generates ciphering signature;According to encryption key, the ciphering signature and institute corresponding to information bit, the multiple recipient Encrypted content generation digital envelope is stated, described information position includes the quantity of the recipient;The number is sent to multiple recipients Word envelope.
Recipient 2 is used for the digital envelope for receiving sender's transmission, and the digital envelope includes information bit, multiple recipients Corresponding encryption key, ciphering signature and encrypted content, described information position include the quantity of recipient;According to the private key of itself and The encryption key of multiple recipients is decrypted successively for described information position, until drawing content key;It is close using the content The encrypted content is decrypted key, draws content;The ciphering signature is decrypted using the content key, generated Signature result;The content is carried out to calculate generation Hash Value;Using signature result to Hash Value carry out sign test, if sign test into Work(, determine that content is correct.
Further, the system also includes KMC 3.Sender 1 is additionally operable to whether inquiry is local stores State CertPubKey;If judging to be stored with the CertPubKey, the CertPubKey using multiple recipients is performed to content Key is encrypted, the step of generating encryption key corresponding to multiple recipients;If judging not to be stored with the CertPubKey, The CertPubKey of multiple recipients is obtained from KMC 3.KMC 3 is used to send multiple connect to sender 1 The CertPubKey of debit.
Specifically, sender 1 is specifically used for sending CertPubKey acquisition request to KMC 3, and the certificate is public Key, which obtains request, includes the identity of multiple recipients;Receive that the KMC 3 returns with each recipient's CertPubKey corresponding to the identity.
Specifically, recipient 2 is specifically used for first encryption key is decrypted using the private key of itself, if being decrypted into Work(then obtains content key;Counter is carried out if failure is decrypted plus 1 is handled, and using the private key of itself to next encryption Key is decrypted, and content key is drawn if successful decryption;Judge that the counter is less than or equal to institute if failure is decrypted Information bit is stated, the counter is less than described information position if judging, continues executing with the private key using itself to next The step of individual decruption key is decrypted;If judging, the counter is equal to described information position, and flow terminates.
In the encrypting and decrypting system that the present embodiment provides, digital envelope includes encryption key corresponding to multiple recipients, And the digital envelope is sent to multiple recipients, and realize to multiple recipients and send same digital envelope, it is more without making Individual digital envelope, so as to reduce generation and send the complexity of digital envelope.
It is understood that the principle that embodiment of above is intended to be merely illustrative of the present and the exemplary implementation that uses Mode, but the invention is not limited in this.For those skilled in the art, the essence of the present invention is not being departed from In the case of refreshing and essence, various changes and modifications can be made therein, and these variations and modifications are also considered as protection scope of the present invention.

Claims (9)

  1. A kind of 1. encryption method, it is characterised in that including:
    Content key is encrypted using the CertPubKey of multiple recipients, generates encryption key corresponding to multiple recipients;
    It is encrypted using content key to sent content, generates encrypted content;
    Ciphering signature is generated according to the summary info of the content;
    According to encryption key, the ciphering signature and encrypted content generation number corresponding to information bit, the multiple recipient Word envelope, described information position include the quantity of the recipient;
    The digital envelope is sent to multiple recipients.
  2. 2. encryption method according to claim 1, it is characterised in that the CertPubKey using multiple recipients is internal Hold key to be encrypted, include before generating encryption key corresponding to multiple recipients:
    Whether inquiry is local is stored with the CertPubKey;
    If judging to be stored with the CertPubKey, perform the CertPubKey using multiple recipients and content key is carried out Encryption, the step of generating encryption key corresponding to multiple recipients;
    If judging not to be stored with the CertPubKey, the CertPubKey of multiple recipients is obtained from KMC.
  3. 3. encryption method according to claim 2, it is characterised in that described to obtain multiple recipients from KMC CertPubKey include:
    CertPubKey is sent to KMC and obtains request, and the CertPubKey, which obtains request, includes the body of multiple recipients Part mark;
    Receive the corresponding CertPubKey of the identity with each recipient that the KMC returns.
  4. A kind of 4. decryption method, it is characterised in that including:
    Receive the digital envelope that sender sends, the digital envelope include information bit, encryption key corresponding to multiple recipients, Ciphering signature and encrypted content, described information position include the quantity of recipient;
    The encryption key of multiple recipients is decrypted successively according to the private key of itself and described information position, until drawing content Key;
    The encrypted content is decrypted using the content key, draws content;
    The ciphering signature is decrypted using the content key, generation signature result;
    The content is carried out to calculate generation Hash Value;
    Sign test is carried out to Hash Value using signature result, if sign test success, determines that content is correct.
  5. 5. decryption method according to claim 4, it is characterised in that it is described according to decrypted private key successively to multiple recipients Encryption key be decrypted, until show that content key includes:
    First encryption key is decrypted using the private key of itself, content key is obtained if successful decryption;
    Counter is carried out if failure is decrypted plus 1 is handled, and next encryption key is decrypted using the private key of itself, Content key is drawn if successful decryption;
    Judge that the counter is less than or equal to described information position if failure is decrypted, if it is described to judge that the counter is less than Information bit, then continue executing with the step of next decruption key is decrypted the private key using itself;If judge institute State counter and be equal to described information position, then flow terminates.
  6. A kind of 6. encrypting and decrypting system, it is characterised in that including:Sender and recipient;
    Described sender, for content key to be encrypted using the CertPubKey of multiple recipients, generate multiple recipients Corresponding encryption key;It is encrypted using content key to sent content, generates encrypted content;According to the content Summary info generates ciphering signature;According to encryption key, the ciphering signature and institute corresponding to information bit, the multiple recipient Encrypted content generation digital envelope is stated, described information position includes the quantity of the recipient;The number is sent to multiple recipients Word envelope;
    The recipient, for receiving the digital envelope of sender's transmission, the digital envelope includes information bit, multiple recipients Corresponding encryption key, ciphering signature and encrypted content, described information position include the quantity of recipient;According to the private key of itself and The encryption key of multiple recipients is decrypted successively for described information position, until drawing content key;It is close using the content The encrypted content is decrypted key, draws content;The ciphering signature is decrypted using the content key, generated Signature result;The content is carried out to calculate generation Hash Value;Using signature result to Hash Value carry out sign test, if sign test into Work(, determine that content is correct.
  7. 7. encrypting and decrypting system according to claim 6, it is characterised in that also include:KMC;
    Described sender is additionally operable to whether inquiry is local is stored with the CertPubKey;If judge to be stored with the certificate public affairs Key, perform the CertPubKey using multiple recipients and content key is encrypted, generate and add corresponding to multiple recipients The step of key;If judging not to be stored with the CertPubKey, the certificate of multiple recipients is obtained from KMC Public key;
    The KMC is used for the CertPubKey that multiple recipients are sent to described sender.
  8. 8. encrypting and decrypting system according to claim 7, it is characterised in that described sender is specifically used for key management Center sends CertPubKey and obtains request, and the CertPubKey, which obtains request, includes the identity of multiple recipients;Receive institute State the corresponding CertPubKey of the identity with each recipient of KMC's return.
  9. 9. encrypting and decrypting system according to claim 7, it is characterised in that the recipient is specifically used for using itself First encryption key is decrypted private key, and content key is obtained if successful decryption;Counter is entered if failure is decrypted Row plus 1 processing, and next encryption key is decrypted using the private key of itself, content key is drawn if successful decryption; Judge that the counter is less than or equal to described information position if failure is decrypted, the counter is less than described information if judging Position, then continue executing with the step of next decruption key is decrypted the private key using itself;If judge the meter Number device is equal to described information position, then flow terminates.
CN201711234946.4A 2017-11-30 2017-11-30 Encryption method, decryption method and encrypting and decrypting system Pending CN107733646A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711234946.4A CN107733646A (en) 2017-11-30 2017-11-30 Encryption method, decryption method and encrypting and decrypting system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711234946.4A CN107733646A (en) 2017-11-30 2017-11-30 Encryption method, decryption method and encrypting and decrypting system

Publications (1)

Publication Number Publication Date
CN107733646A true CN107733646A (en) 2018-02-23

Family

ID=61220739

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711234946.4A Pending CN107733646A (en) 2017-11-30 2017-11-30 Encryption method, decryption method and encrypting and decrypting system

Country Status (1)

Country Link
CN (1) CN107733646A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108768638A (en) * 2018-06-01 2018-11-06 北京爱普安信息技术有限公司 A kind of method and device of message encryption
CN110380863A (en) * 2019-07-02 2019-10-25 银清科技(北京)有限公司 Cross-border payment message notifier processes method and device based on block chain framework
WO2021168614A1 (en) * 2020-02-24 2021-09-02 华为技术有限公司 Data encryption processing method, data decryption processing method, apparatus, and electronic device
CN114338228A (en) * 2022-01-26 2022-04-12 北京信安世纪科技股份有限公司 Mirror image security processing method and device and storage medium
CN117336100A (en) * 2023-11-27 2024-01-02 湖南湘科智慧科技有限公司 Data processing method and device based on escort service multiparty flattened communication

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101989984A (en) * 2010-08-24 2011-03-23 北京易恒信认证科技有限公司 Electronic document safe sharing system and method thereof
CN103812871A (en) * 2014-02-24 2014-05-21 北京明朝万达科技有限公司 Development method and system based on mobile terminal application program security application
CN104580180A (en) * 2014-12-26 2015-04-29 北京佳月隶平软件有限公司 Data encryption method, data decryption method and devices
CN105323070A (en) * 2015-02-09 2016-02-10 北京中油瑞飞信息技术有限责任公司 Method for realizing security electronic mail based on digital envelope

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101989984A (en) * 2010-08-24 2011-03-23 北京易恒信认证科技有限公司 Electronic document safe sharing system and method thereof
CN103812871A (en) * 2014-02-24 2014-05-21 北京明朝万达科技有限公司 Development method and system based on mobile terminal application program security application
CN104580180A (en) * 2014-12-26 2015-04-29 北京佳月隶平软件有限公司 Data encryption method, data decryption method and devices
CN105323070A (en) * 2015-02-09 2016-02-10 北京中油瑞飞信息技术有限责任公司 Method for realizing security electronic mail based on digital envelope

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108768638A (en) * 2018-06-01 2018-11-06 北京爱普安信息技术有限公司 A kind of method and device of message encryption
CN110380863A (en) * 2019-07-02 2019-10-25 银清科技(北京)有限公司 Cross-border payment message notifier processes method and device based on block chain framework
WO2021168614A1 (en) * 2020-02-24 2021-09-02 华为技术有限公司 Data encryption processing method, data decryption processing method, apparatus, and electronic device
CN114338228A (en) * 2022-01-26 2022-04-12 北京信安世纪科技股份有限公司 Mirror image security processing method and device and storage medium
CN114338228B (en) * 2022-01-26 2022-07-29 北京信安世纪科技股份有限公司 Mirror image security processing method and device and storage medium
CN117336100A (en) * 2023-11-27 2024-01-02 湖南湘科智慧科技有限公司 Data processing method and device based on escort service multiparty flattened communication
CN117336100B (en) * 2023-11-27 2024-02-23 湖南湘科智慧科技有限公司 Data processing method and device based on escort service multiparty flattened communication

Similar Documents

Publication Publication Date Title
CN107733646A (en) Encryption method, decryption method and encrypting and decrypting system
CN105743646B (en) A kind of Identity based encryption method and system
US11095624B2 (en) End-to-end encryption for personal communication nodes
CN101789865B (en) Dedicated server used for encryption and encryption method
CN101720071B (en) Short message two-stage encryption transmission and secure storage method based on safety SIM card
US20070189517A1 (en) Pseudo public key encryption
CN107425971B (en) Certificateless data encryption/decryption method and device and terminal
CN102394749B (en) Line protection method, system, information safety equipment and application equipment for data transmission
CN104539423A (en) Achievement method of certificate-less public key cryptosystem without bilinear pairing operation
CN102118710A (en) System and method for transmitting data between mobile terminals
CN109743171A (en) It is a kind of to solve multiple party digital signatures, timestamp and the key series connection method of encryption
CN110113150B (en) Encryption method and system based on non-certificate environment and capable of repudiation authentication
CN106850522A (en) The implementation method of Group file encrypted transmission in a kind of instant messaging
WO2016112734A1 (en) Group encryption and decryption method and system having selection and exclusion functions
CN104767612A (en) Signcryption method from certificateless environment to public key infrastructure environment
CN104767611B (en) It is a kind of from PKIX environment to the label decryption method without certificate environment
CN105554031A (en) Encryption method, encryption apparatus, decryption method, decryption apparatus and terminal
CN109600725A (en) A kind of message encryption method based on SM9 algorithm
US11722466B2 (en) Methods for communicating data utilizing sessionless dynamic encryption
CN103117861B (en) Pseudo RSA (Rivest Shamir Adleman) based method for transmitting IBE key information (identity based encryption) in IBE
CN109068322A (en) Decryption method, system, mobile terminal, server and storage medium
CN103297230B (en) Information encipher-decipher method, Apparatus and system
CN104200154A (en) Identity based installation package signing method and identity based installation package signing device
CN109274663A (en) Communication means based on SM2 dynamic key exchange and SM4 data encryption
US11088835B1 (en) Cryptographic module to generate cryptographic keys from cryptographic key parts

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180223