CN109510703A - A kind of data encryption/decryption method and device - Google Patents
A kind of data encryption/decryption method and device Download PDFInfo
- Publication number
- CN109510703A CN109510703A CN201811405801.0A CN201811405801A CN109510703A CN 109510703 A CN109510703 A CN 109510703A CN 201811405801 A CN201811405801 A CN 201811405801A CN 109510703 A CN109510703 A CN 109510703A
- Authority
- CN
- China
- Prior art keywords
- encryption key
- random number
- key
- encryption
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of data encryption/decryption method and devices, and the active attack easily caused to plaintext is encrypted to clear data using OFB mode in the prior art to solve the problem of.Data ciphering method includes: encryption side using the first cipher mode, initial key and initial vector, generates the first encryption key;At least one random number is generated, according at least one random number and the first encryption key, determines the second encryption key;Using the second encryption key, clear data to be encrypted is encrypted, obtains the first ciphertext;Each random number is encrypted using the second cipher mode and initial key, respectively obtains each second ciphertext;First ciphertext and each second ciphertext are sent to decryption side.Because attacker does not know initial key, correct random number cannot be decrypted every time, cannot also be accurately obtained the second encryption key, and then cannot decrypt clear data every time, be avoided the attack to clear data to a certain extent.
Description
Technical field
The present invention relates to information protective technology field, in particular to a kind of data encryption/decryption method and device.
Background technique
With the fast development of Information technology, the value of information becomes higher and higher, correspondingly, the protection of information also seems
It is more and more important, generally information is protected by the way of to cleartext information encryption.
Encryption side can encrypt clear data using output feedback (Output Feedback, OFB) mode.It adopts
When being encrypted with OFB mode, need first to know the length L of clear data D to be encrypted, using initial key K and default ratio
Special initial vector IV, generates encryption key K1, and the length of encryption key K1 is the length L of clear data D;It then will be to be encrypted
Clear data D and encryption key K1 carry out exclusive or, obtain ciphertext data ED, the length of ciphertext data ED is L.
Decryption side needs first to know the length L of clear data ED to be decrypted when ciphertext data are decrypted, and uses
Initial vector IV and initial key K, generate decruption key K1, and the length of decruption key K1 is the length L of ciphertext data ED;Then
Ciphertext data and decruption key K1 to be decrypted are subjected to exclusive or, obtain clear data D.
For under the identical application scenarios of length of multiple plaintexts, as soon as attacker after successful decryption goes out time ciphertext,
It is deduced encryption key K1, if subsequent determine encryption key using identical initial vector and initial key, to one section
The clear data of equal length is encrypted, and the encryption key that may be subsequently generated and the encryption key generated before are identical
, attacker is easy to decrypt in plain text ciphertext according to encryption key, be easy to cause the active attack to plaintext.
Summary of the invention
The embodiment of the invention discloses a kind of data encryption/decryption method and devices, to solve in the prior art using OFB
The problem of mode encrypts clear data, easily causes the active attack to plaintext.
In order to achieve the above objectives, the embodiment of the invention discloses a kind of data ciphering methods, which comprises
Encryption side uses preset first cipher mode, and the initial key and initial vector that pre-save, generates the
One encryption key;
At least one random number is generated, according at least one described random number and first encryption key, determines second
Encryption key;
Using second encryption key, clear data to be encrypted is encrypted, obtains the first ciphertext;
Each random number is encrypted using preset second cipher mode and the initial key, respectively
To each second ciphertext;
First ciphertext and each second ciphertext are sent to decryption side.
Further, described at least one random number according to and first encryption key, determine that the second encryption is close
Key includes:
Using the cutting combination pre-saved, using at least one described random number, to first encryption key
It is cut and is reconfigured, obtain the second encryption key.
Further, using the cutting combination pre-saved, using at least two random numbers, to first encryption
Key is cut and is reconfigured, and the second encryption key is obtained, comprising:
According to the sequence of each character in the first encryption key and the priority of each random number, according to priority by
High to low sequence, successively determine each random number corresponding number character composition substring, each substring it is excellent
First grade is identical as the priority of corresponding random number;
Before the low substring of priority is set, the high substring of the priority is postponed, and obtains the second encryption key,
Length of the sum of at least two random numbers less than first encryption key.
Further, the length of second encryption key is the length of clear data to be encrypted.
Further, the length of first encryption key is the length of clear data to be encrypted.
Further, first cipher mode is the cipher mode of output feedback OFB mode.
Further, second cipher mode is the cipher mode of code book ecb mode.
The embodiment of the invention discloses a kind of data decryption method based on data ciphering method described in any of the above embodiments,
The described method includes:
Decryption side uses preset manner of decryption, decrypts to the second ciphertext that at least one random number encrypts respectively,
Obtain at least one random number;
Using preset cipher mode, and the initial key and initial vector that pre-save, generate the first encryption key;
According at least one described random number and first encryption key, the second encryption key is determined;
The first ciphertext that clear data encrypts is decrypted using second encryption key, obtains clear data.
Further, described at least one random number according to and first encryption key, determine that the second encryption is close
Key includes:
Using the cutting combination pre-saved, using at least one described random number, to first encryption key
It is cut and is reconfigured, obtain the second encryption key.
Further, using the cutting combination pre-saved, using at least two random numbers, to first encryption
Key is cut and is reconfigured, and the second encryption key is obtained, comprising:
According to the sequence of each character in the first encryption key and the priority of each random number, according to priority by
High to low sequence, successively determine each random number corresponding number character composition substring, each substring it is excellent
First grade is identical as the priority of corresponding random number;
Before the low substring of priority is set, the high substring of the priority is postponed, and obtains the second encryption key,
Length of the sum of at least two random numbers less than first encryption key.
The embodiment of the invention discloses a kind of data encryption device, described device includes:
Key production module, for using preset first cipher mode, and the initial key that pre-saves and initial
Vector generates the first encryption key;
Random number generation module, for generating at least one random number;
Key updating module, for determining that second adds according at least one described random number and first encryption key
Key;
Plaintext encrypting module encrypts clear data to be encrypted, obtains for using second encryption key
First ciphertext;
Random number encryption module, for using preset second cipher mode and the initial key to it is each it is described with
Machine number is encrypted, and each second ciphertext is respectively obtained;
Sending module, for first ciphertext and each second ciphertext to be sent to decryption side.
Further, the key updating module, specifically for using the cutting combination that pre-saves, using described
At least one random number is cut and is reconfigured to first encryption key, obtains the second encryption key.
Further, the key updating module, specifically for the sequence according to each character in the first encryption key, with
And the priority of each random number successively determines the word of each random number corresponding number according to the sequence of priority from high to low
The substring of composition is accorded with, the priority of each substring is identical as the priority of corresponding random number;Priority is low
Before substring is set, the high substring of the priority is postponed, and obtains the second encryption key, at least two random numbers and small
In the length of first encryption key.
The embodiment of the invention discloses a kind of data decryption apparatus based on data encryption device described in any of the above embodiments,
Described device includes:
Random nnrber decryption module encrypts at least one random number respectively and obtains for using preset manner of decryption
The decryption of second ciphertext, obtains at least one random number;
Key production module, for using preset cipher mode, and the initial key and initial vector that pre-save,
Generate the first encryption key;
Key updating module, for determining that second adds according at least one described random number and first encryption key
Key;
Plaintext decryption module, the first ciphertext solution for being encrypted using second encryption key to clear data
It is close, obtain clear data.
Further, the key updating module, specifically for using the cutting combination that pre-saves, using described
At least one random number is cut and is reconfigured to first encryption key, obtains the second encryption key.
Further, the key updating module, specifically for the sequence according to each character in the first encryption key, with
And the priority of each random number successively determines the word of each random number corresponding number according to the sequence of priority from high to low
The substring of composition is accorded with, the priority of each substring is identical as the priority of corresponding random number;
Before the low substring of priority is set, the high substring of the priority is postponed, and obtains the second encryption key,
Length of the sum of at least two random numbers less than first encryption key.
Due in embodiments of the present invention, using random number and the first encryption key, determining the second new encryption key,
Even if being encrypted using identical initial vector and initial key to the clear data of equal length, because attacker does not know
Road initial key cannot decrypt correct random number every time, cannot also accurately obtain the second encryption key, and then not
Clear data can be decrypted every time, avoid the attack to clear data to a certain extent.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
It obtains other drawings based on these drawings.
Fig. 1 is a kind of data encryption process schematic diagram provided in an embodiment of the present invention;
Fig. 2 is a kind of data decrypting process schematic diagram provided in an embodiment of the present invention;
Fig. 3 is a kind of data encryption device structure chart provided in an embodiment of the present invention;
Fig. 4 is a kind of data decryption apparatus structure chart provided in an embodiment of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
Embodiment 1:
Fig. 1 be a kind of data encryption process schematic diagram provided in an embodiment of the present invention, the process the following steps are included:
S101: encryption side uses preset first cipher mode, and the initial key and initial vector that pre-save, raw
At the first encryption key.
Data ciphering method provided in an embodiment of the present invention is applied to encryption side, which can be electronic equipment, such as
Terminal, server etc., encryption side can be chip, can be the device etc. with encryption function.
Initial key and initial vector have been pre-saved in encryption side, has also preserved the first cipher mode, and encryption side is permissible
According to initial key and initial vector and first cipher mode, encryption key is generated, it will be according to the first cipher mode, just
The encryption key that beginning vector sum initial key generates is known as the first encryption key.First encryption key is generally a string of characters.
First cipher mode includes but is not limited to the cipher mode of OFB mode.
S102: at least one random number is generated.
The sequencing of above-mentioned S101 and S102 can be unlimited, can be and first carry out S101, then execute S102, can be
S102 is first carried out, then executes S101, can also be that S101 and S102 are performed simultaneously.
S103: according at least one described random number and first encryption key, determining the second encryption key, uses
Second encryption key, encrypts clear data to be encrypted, obtains the first ciphertext.
In order to make the encryption key encrypted to clear data be not easy to be cracked, encryption side can also generate at least one
A random number determines the second encryption key using at least one random number and the first encryption key generated, using the second encryption
Key pair clear data is encrypted.Second encryption key is different from the first encryption key.
Encryption key is generally a string of character strings, and encryption side is according at least one random number and the first encryption key, really
When fixed second encryption key, can be the position random number of generation being placed in after the first encryption key, or position before,
First encryption key and random number are reassembled into the second encryption key.It, can be according to random if there is at least two random numbers
Several priority, determine random number constitute substring, by random number constitute substring be placed in the first encryption key it
Position afterwards, or position before, obtain the second encryption key.
The priority of random number can be determined according to the generation time of random number, such as generate the priority height of morning time,
The priority for generating evening time is low, certainly can also be on the contrary.The priority of random number can also be determining according to the size of random number, example
If the big priority of numerical value is high, the small priority of numerical value is low, certainly can also be on the contrary.
It is small higher than numerical value with the big priority of the numerical value of random number, and be that the substring for constituting random number is placed in
After first encryption key, determines and illustrate for the second encryption key, it is assumed that generate three random numbers, respectively 3,3,5, this
The substring that three random numbers are constituted is 533, and the first encryption key is acds, then the second encryption key is acds533.First
The length of encryption key is different from the length of the second encryption key.
Clear data to be encrypted is preserved in encryption side, encryption side can use after determining the second encryption key
Second encryption key encrypts clear data to be encrypted, obtains ciphertext, referred to as the first ciphertext.
S104: encrypting each random number using preset second cipher mode and the initial key, point
Each second ciphertext is not obtained.
Encryption side preserves the second cipher mode, and encryption side can use the second cipher mode encrypted random number.Specifically
, it can be for each random number, using second cipher mode, and the initial key pre-saved carries out the random number
Encryption, obtains the ciphertext of the random number, is properly termed as the second ciphertext.Namely there are several random numbers, just there are several second ciphertexts.
Second cipher mode includes but is not limited to the cipher mode of code book ecb mode.
The sequencing of above-mentioned S103 and S104 can be unlimited, can be and first carry out S103, then execute S104, can be
S104 is first carried out, then executes S103, can also be that S103 and S104 are performed simultaneously.
S105: first ciphertext and each second ciphertext are sent to decryption side.
Encryption side is after having determined out the first ciphertext and the second ciphertext, so that it may send the first ciphertext and the second ciphertext
To decryption side, makes decryption side when using plaintext, the corresponding encrypted cipher text of clear data is decrypted.
Fig. 2 be a kind of data decrypting process schematic diagram provided in an embodiment of the present invention, the process the following steps are included:
S201: decryption side uses preset manner of decryption, the second ciphertext encrypted respectively at least one random number
Decryption, obtains at least one random number.
Data decryption method provided in an embodiment of the present invention is applied to decryption side, which can be electronic equipment, such as
Terminal, server etc., decryption side can be chip, can be the device etc. with decryption function.
Clear data is sent to decryption side using obtaining the first ciphertext after the second encryption keys by encryption side, and will be with
The second ciphertext obtained after the encryption of machine number is sent to decryption side, then what decryption side reception encryption side was sent obtains random number encryption
The second ciphertext and the first ciphertext that clear data is encrypted.
The manner of decryption to random nnrber decryption is pre-saved in decryption side, if it is legal decryption side, the decryption side
The cipher mode phase to random number encryption saved in the manner of decryption to random nnrber decryption of middle preservation and legal encryption side
Together.
Decryption side can decrypt the second ciphertext that random number encryption obtains, be obtained using the manner of decryption pre-saved
Random number.
The quantity of second ciphertext may be one, it is also possible to and multiple, corresponding, the quantity of random number may be one,
It is also likely to be multiple.
The manner of decryption pre-saved includes but is not limited to the manner of decryption of code book ecb mode.
S202: using preset cipher mode, and the initial key and initial vector that pre-save, generates the first encryption
Key.
Initial key and initial vector have been pre-saved in decryption side, has also preserved cipher mode, and decryption side can basis
Initial key and initial vector and the cipher mode generate encryption key, will be according to cipher mode, initial vector and initial
The encryption key that key generates is known as the first encryption key.If it is legal decryption side, what is saved in the decryption side is initial close
Initial key, initial vector and the cipher mode phase saved in key, initial vector and the cipher mode and legal encryption side
Together.Cipher mode includes but is not limited to the cipher mode of OFB mode.
The sequencing of above-mentioned S201 and S202 can be unlimited, can be and first carry out S201, then execute S202, can be
S202 is first carried out, then executes S201, can also be that S201 and S202 are performed simultaneously.
S203: according at least one described random number and first encryption key, the second encryption key is determined.
It is preserved in decryption side and the mode of the identical determining encryption key in the side of encryption, is decrypting at least one random number
After generating the first encryption key, the second encryption key can be determined using at least one random number and the first encryption key, had
The determination process of body is identical as encryption side, is no longer repeated herein.
S204: the first ciphertext that clear data encrypts is decrypted using second encryption key, obtains plaintext number
According to.
Decryption side is after determining the second encryption key, so that it may encrypt to obtain to clear data according to the second encryption key
The decryption of the first ciphertext, obtain clear data, the process of decryption be the inverse process encrypted, herein without being described in detail.
Due in embodiments of the present invention, using random number and the first encryption key, determining the second new encryption key,
Even if being encrypted using identical initial vector and initial key to the clear data of equal length, because attacker does not know
Road initial key cannot decrypt correct random number every time, cannot also accurately obtain the second encryption key, and then not
Clear data can be decrypted every time, avoid the attack to clear data to a certain extent.
Embodiment 2:
Either encryption side or decryption side, at least one random number according to and first encryption key, really
When fixed second encryption key, it can be using the cutting combination pre-saved, using at least one described random number, to institute
It states the first encryption key to be cut and reconfigured, obtains the second encryption key.
It is illustrated by taking the side of encryption as an example, character string cutting combination has been pre-saved in encryption side, encryption side is permissible
Generate random number, specifically can be generation one, be also possible to generate it is multiple, according at least one random number of generation and pre-
The cutting combination first saved is cut and is reconfigured to the first encryption key, and encryption key is generally a string of characters
First encryption key, can be known as the first character string, that is, encryption side's the first character corresponding to the first encryption key by string
String is cut and is reconfigured, and the second encryption key is obtained.
It is exemplary, encryption side generate a random number, the random number less than the first encryption key length, first encryption it is close
The length of key can be understood as the number for the character for including in the first encryption key.Encryption side is according to each in the first encryption key
The sequence of character successively determines the first substring of the character composition of random number corresponding number, will remove in the first encryption key
Character outside first substring is according to the second substring of sequence composition originally, before the second substring is set, the first sub- word
After according with tandem arrangement, it is determined as the second encryption key.
For example, the first encryption key is abcde, the length of the first encryption key is 5, random number 3, the first son determined
Character string is abc, and the second substring is de, and the second encryption key is deabc.
It is pre- in the cutting combination pre-saved in the decryption side if it is legal decryption side and legal encryption side
First save to suit combination identical, the first encryption key is being cut using random number and is reconfiguring to obtain the second encryption
The process of key and encryption side execute identical when this process, and in this not go into detail.
Embodiment 3:
Either encryption side or decryption side are using the cutting combination pre-saved, right using the random number
First encryption key is cut and is reconfigured, and when obtaining the second encryption key, can also be close according to the first encryption
The priority of the sequence of each character and each random number in key successively determines every according to the sequence of priority from high to low
The substring of the character composition of a random number corresponding number, the priority of each substring are preferential with corresponding random number
Grade is identical;
Before the low substring of priority is set, the high substring of the priority is postponed, and obtains the second encryption key,
Length of the sum of at least two random numbers less than first encryption key.
It is illustrated by taking the side of encryption as an example, at least two random numbers, the sum of at least two random numbers can be generated in encryption side
Less than the quantity for the character for including in the first encryption key, encryption side can preset the determination of the priority of multiple random numbers
Rule, such as can be determining according to time sequencing is generated or determining according to size.It first determines to generate at least in encryption side
The priority of two random numbers, after the priority of each random number has been determined, can according to the sequence of priority from high to low,
A random number is successively chosen, then puts in order according to character in the first encryption key, extracts the random number corresponding number
Character, using the character of extraction as the corresponding substring of the random number, the priority of the substring and the random number
Priority is identical.And so on, to the last a random number has determined its corresponding substring, is also possible to have at this time surplus
The priority for the substring that remaining character is constituted can be determined as being lower than the corresponding sub- character of any random number by remaining character
The priority of string.
It is assumed that there are three random number, respectively 2,2,3, three random numbers are followed successively by 3 according to priority from high to low, 2,
2, the first encryption key is abcdefghi, the substring that three random number cuttings obtain according to priority from high to low successively
For abc, de, fg, hi.
After being encrypted in the priority for defining each substring and each substring, so that it may to sub- character
String carries out permutation and combination again, obtains the second encryption key, can be before setting the low substring of priority, described excellent
The high substring of first grade postpones, and obtains the second encryption key.According to the example above, the second encryption key is hifgdeabc.The
The length of one encryption key is identical as the length of the second encryption key.
It is pre- in the cutting combination pre-saved in the decryption side if it is legal decryption side and legal encryption side
The cutting combination first saved is identical, is being cut using random number to the first encryption key and is reconfiguring to obtain the second encryption
The process of key and encryption side execute identical when this process, and in this not go into detail.
Embodiment 4:
When being encrypted using the second encryption key to clear data, it can be and the second encryption key is placed in plaintext number
According to the first ciphertext later, is obtained, the length of the second encryption key can not have any restrictions, in the second encryption key of use to bright
It when literary data are encrypted, can also be that the second encryption key and clear data carry out exclusive or, obtain the first ciphertext, the second encryption
The length of key is the length of clear data to be encrypted.Length described herein can be understood as the number of character, that is,
The number of character for including in the number for the character for including in second encryption key and clear data is identical.If the first encryption is close
The length of key is identical as the length of the second encryption key, then the length of the first encryption key is the length of clear data to be encrypted
Degree.
Description according to the above embodiments, any differentiation in the scheme of the application protection can each belong to the application and protect
The technical solution of shield.
Embodiment 5:
Fig. 3 is a kind of data encryption device structure chart provided in an embodiment of the present invention, and described device includes:
Key production module 31, for using preset first cipher mode, and the initial key that pre-saves and just
Beginning vector generates the first encryption key;
Random number generation module 32, for generating at least one random number;
Key updating module 33, for determining second according at least one described random number and first encryption key
Encryption key;
Plaintext encrypting module 34 encrypts clear data to be encrypted, obtains for using second encryption key
To the first ciphertext;
Random number encryption module 35, for using preset second cipher mode and the initial key to each described
Random number is encrypted, and each second ciphertext is respectively obtained;
Sending module 36, for first ciphertext and each second ciphertext to be sent to decryption side.
Further, the key updating module 35, specifically for utilizing institute using the cutting combination pre-saved
At least one random number is stated, first encryption key is cut and reconfigured, the second encryption key is obtained.
Further, the key updating module 35, specifically for the sequence according to each character in the first encryption key,
And the priority of each random number successively determines each random number corresponding number according to the sequence of priority from high to low
The substring of character composition, the priority of each substring are identical as the priority of corresponding random number;Priority is low
Substring set before, the high substring of the priority postpones, and obtains the second encryption key, the sum of at least two random numbers
Less than the length of first encryption key.
Embodiment 6:
Fig. 4 is a kind of data decryption apparatus structure chart provided in an embodiment of the present invention, and described device includes:
Receiving module 41, for receiving the first ciphertext and at least one second ciphertext that encryption side is sent;
Random nnrber decryption module 42 encrypts at least one random number respectively and obtains for using preset manner of decryption
The second ciphertext decryption, obtain at least one random number;
Key production module 43, for using preset cipher mode, and the initial key that pre-saves and initially to
Amount generates the first encryption key;
Key updating module 44, for determining second according at least one described random number and first encryption key
Encryption key;
Plaintext decryption module 45, the first ciphertext solution for being encrypted using second encryption key to clear data
It is close, obtain clear data.
Further, the key updating module 44, specifically for utilizing institute using the cutting combination pre-saved
At least one random number is stated, first encryption key is cut and reconfigured, the second encryption key is obtained.
Further, the key updating module 44, specifically for the sequence according to each character in the first encryption key,
And the priority of each random number successively determines each random number corresponding number according to the sequence of priority from high to low
The substring of character composition, the priority of each substring are identical as the priority of corresponding random number;
Before the low substring of priority is set, the high substring of the priority is postponed, and obtains the second encryption key,
Length of the sum of at least two random numbers less than first encryption key.
Embodiment 7:
Based on the same inventive concept with above-mentioned data ciphering method, the embodiment of the present application also provides a kind of data encryptions
Device, the data encryption device is for executing the operation that the side of encryption executes in above-mentioned data ciphering method, the data encryption device
It include: processor and transceiver further include optionally memory.Processor is for calling batch processing, when program is performed
When, so that processor executes the operation that the side of encryption executes in above-mentioned data ciphering method.Memory is executed for storage processor
Program.
Based on the same inventive concept with above-mentioned data decryption method, the embodiment of the present application also provides a kind of data decipherings
Device, the data decryption apparatus are used to execute the operation that decryption side executes in above-mentioned data decryption method, the data decryption apparatus
It include: processor and transceiver further include optionally memory.Processor is for calling batch processing, when program is performed
When, so that processor executes the operation that decryption side executes in above-mentioned data decryption method.Memory is executed for storage processor
Program.
Processor can be central processing unit (central processing unit, CPU), network processing unit
The combination of (network processor, NP) or CPU and NP.
Processor can further include hardware chip or other general processors.Above-mentioned hardware chip can be dedicated
Integrated circuit (application-specific integrated circuit, ASIC), programmable logic device
(programmable logic device, PLD) or combinations thereof.Above-mentioned PLD can be Complex Programmable Logic Devices
(complex programmable logic device, CPLD), field programmable gate array (field-
Programmable gate array, FPGA), Universal Array Logic (generic array logic, GAL) and other can compile
Journey logical device, discrete gate or transistor logic, discrete hardware components etc. or any combination thereof.General processor can be with
It is that microprocessor or the processor are also possible to any conventional processor etc..
It should also be understood that the memory referred in the embodiment of the present application can be volatile memory or non-volatile memories
Device, or may include both volatile and non-volatile memories.Wherein, nonvolatile memory can be read-only memory
(Read-Only Memory, ROM), programmable read only memory (Programmable ROM, PROM), erasable programmable are only
Read memory (Erasable PROM, EPROM), electrically erasable programmable read-only memory (Electrically EPROM,
) or flash memory EEPROM.Volatile memory can be random access memory (Random Access Memory, RAM), use
Make External Cache.By exemplary but be not restricted explanation, the RAM of many forms is available, such as static random-access
Memory (Static RAM, SRAM), dynamic random access memory (Dynamic RAM, DRAM), synchronous dynamic random-access
Memory (Synchronous DRAM, SDRAM), double data speed synchronous dynamic RAM (Double Data
Rate SDRAM, DDR SDRAM), it is enhanced Synchronous Dynamic Random Access Memory (Enhanced SDRAM, ESDRAM), same
Step connection dynamic random access memory (Synchlink DRAM, SLDRAM) and direct rambus random access memory
(Direct Rambus RAM, DR RAM).It should be noted that memory described herein is intended to include but is not limited to these and appoints
The memory for other suitable types of anticipating.
The embodiment of the present application provides a kind of computer storage medium, is stored with computer program, the computer program packet
It includes for executing above-mentioned data ciphering method and/or data decryption method.
The embodiment of the present application provides a kind of computer program product comprising instruction, when run on a computer,
So that computer executes above-mentioned data ciphering method and/or data decryption method.
Any data encryption device provided by the embodiments of the present application can also be a kind of chip.
Any data decryption apparatus provided by the embodiments of the present application can also be a kind of chip.
For systems/devices embodiment, since it is substantially similar to the method embodiment, so the comparison of description is simple
Single, the relevent part can refer to the partial explaination of embodiments of method.
It should be noted that, in this document, relational terms such as first and second and the like are used merely to a reality
Body or an operation are distinguished with another entity or another operation, without necessarily requiring or implying these entities
Or there are any actual relationship or orders between operation.
It should be understood by those skilled in the art that, embodiments herein can provide as method, system or computer program
Product.Therefore, the reality of complete hardware embodiment, complete Application Example or connected applications and hardware aspect can be used in the application
Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the application, which can be used in one or more,
The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces
The form of product.
The application is referring to method, the process of equipment (system) and computer program product according to the embodiment of the present application
Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions
The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs
Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce
A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real
The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,
Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or
The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one
The step of function of being specified in a box or multiple boxes.
Although the preferred embodiment of the application has been described, it is created once a person skilled in the art knows basic
Property concept, then additional changes and modifications can be made to these embodiments.So it includes excellent that the following claims are intended to be interpreted as
It selects embodiment and falls into all change and modification of the application range.
Obviously, those skilled in the art can carry out various modification and variations without departing from the essence of the application to the application
Mind and range.In this way, if these modifications and variations of the application belong to the range of the claim of this application and its equivalent technologies
Within, then the application is also intended to include these modifications and variations.
Claims (10)
1. a kind of data ciphering method, which is characterized in that the described method includes:
Encryption side uses preset first cipher mode, and the initial key and initial vector that pre-save, generates first and adds
Key;
At least one random number is generated, according at least one described random number and first encryption key, determines the second encryption
Key;
Using second encryption key, clear data to be encrypted is encrypted, obtains the first ciphertext;
Each random number is encrypted using preset second cipher mode and the initial key, is respectively obtained every
A second ciphertext;
First ciphertext and each second ciphertext are sent to decryption side.
2. the method as described in claim 1, which is characterized in that described at least one random number according to and described first
Encryption key determines that the second encryption key includes:
First encryption key is carried out using at least one described random number using the cutting combination pre-saved
It cuts and reconfigures, obtain the second encryption key.
3. method according to claim 2, which is characterized in that using the cutting combination pre-saved, utilize at least two
A random number is cut and is reconfigured to first encryption key, obtains the second encryption key, comprising:
According to the sequence of each character in the first encryption key and the priority of each random number, according to priority by up to
Low sequence successively determines the substring of the character composition of each random number corresponding number, the priority of each substring
It is identical as the priority of corresponding random number;
Before the low substring of priority is set, the high substring of the priority is postponed, and obtains the second encryption key, at least
Length of the sum of two random numbers less than first encryption key.
4. the method as described in claim 1, which is characterized in that the length of second encryption key is plaintext number to be encrypted
According to length.
5. the method as described in claim 1, which is characterized in that the length of first encryption key is plaintext number to be encrypted
According to length.
6. the method as described in claim 1, which is characterized in that first cipher mode is adding for output feedback OFB mode
Close mode.
7. the method as described in claim 1, which is characterized in that second cipher mode is the encryption of code book ecb mode
Mode.
8. a kind of data decryption method based on the described in any item data ciphering methods of the claims 1-7, feature exist
In, which comprises
Decryption side uses preset manner of decryption, decrypts, obtains to the second ciphertext that at least one random number encrypts respectively
At least one random number;
Using preset cipher mode, and the initial key and initial vector that pre-save, generate the first encryption key;
According at least one described random number and first encryption key, the second encryption key is determined;
The first ciphertext that clear data encrypts is decrypted using second encryption key, obtains clear data.
9. a kind of data encryption device, which is characterized in that described device includes:
Key production module, for using preset first cipher mode, and the initial key and initial vector that pre-save,
Generate the first encryption key;
Random number generation module, for generating at least one random number;
Key updating module, for determining that the second encryption is close according at least one described random number and first encryption key
Key;
Plaintext encrypting module encrypts clear data to be encrypted, obtains first for using second encryption key
Ciphertext;
Random number encryption module, for using preset second cipher mode and the initial key to each random number
It is encrypted, respectively obtains each second ciphertext;
Sending module, for first ciphertext and each second ciphertext to be sent to decryption side.
10. a kind of data decryption apparatus based on data encryption device described in the claims 9, which is characterized in that described
Device includes:
Random nnrber decryption module, for using preset manner of decryption, second encrypted respectively at least one random number
Ciphertext decryption, obtains at least one random number;
Key production module is generated for using preset cipher mode, and the initial key and initial vector that pre-save
First encryption key;
Key updating module, for determining that the second encryption is close according at least one described random number and first encryption key
Key;
Plaintext decryption module is obtained for being decrypted using second encryption key to the first ciphertext that clear data encrypts
To clear data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811405801.0A CN109510703B (en) | 2018-11-23 | 2018-11-23 | Data encryption and decryption method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811405801.0A CN109510703B (en) | 2018-11-23 | 2018-11-23 | Data encryption and decryption method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109510703A true CN109510703A (en) | 2019-03-22 |
| CN109510703B CN109510703B (en) | 2020-02-11 |
Family
ID=65750296
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811405801.0A Active CN109510703B (en) | 2018-11-23 | 2018-11-23 | Data encryption and decryption method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109510703B (en) |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110995411A (en) * | 2019-11-13 | 2020-04-10 | 京东数字科技控股有限公司 | Encryption and decryption method and device, electronic equipment and storage medium |
| CN111431846A (en) * | 2019-05-30 | 2020-07-17 | 杭州海康威视数字技术股份有限公司 | Data transmission method, device and system |
| CN111464564A (en) * | 2020-05-08 | 2020-07-28 | 郑州信大捷安信息技术股份有限公司 | Data high-speed encryption and decryption method and device based on symmetric cryptographic algorithm |
| CN111740954A (en) * | 2020-05-18 | 2020-10-02 | 北京索德电气工业有限公司 | Elevator main controller and elevator board card communication encryption method |
| CN112685756A (en) * | 2020-12-30 | 2021-04-20 | 北京海泰方圆科技股份有限公司 | Data writing and reading method, device, medium and equipment |
| CN113094731A (en) * | 2021-04-15 | 2021-07-09 | 西南大学 | Block chain privacy protection method based on different distribution recombination scheme |
| CN114390317A (en) * | 2022-01-18 | 2022-04-22 | 山东点盾云网络科技有限公司 | Encryption method and system for streaming video |
| CN114465804A (en) * | 2022-02-16 | 2022-05-10 | 贵州福润德文化产业发展有限公司 | Instruction encryption and decryption method capable of resisting replay attack |
| CN114465720A (en) * | 2022-01-25 | 2022-05-10 | 中国工商银行股份有限公司 | Key migration method and device, storage medium and electronic equipment |
| CN114513302A (en) * | 2022-01-24 | 2022-05-17 | 上海焜耀网络科技有限公司 | Data encryption and decryption method and equipment |
| CN114553491A (en) * | 2022-01-24 | 2022-05-27 | 大唐互联科技(武汉)有限公司 | Data grading encryption method, system and storage medium |
| CN114710359A (en) * | 2022-04-15 | 2022-07-05 | 辽宁工控科技有限公司 | Industrial network dynamic key management method and industrial network encryption communication method |
| CN114884716A (en) * | 2022-04-28 | 2022-08-09 | 世融能量科技有限公司 | Encryption and decryption method, device and medium |
| CN115801321A (en) * | 2022-10-20 | 2023-03-14 | 北京海泰方圆科技股份有限公司 | Data combination encryption method and device |
| CN116055039A (en) * | 2022-12-29 | 2023-05-02 | 北京海泰方圆科技股份有限公司 | Random number generation method and device based on block cipher algorithm |
| CN117459233A (en) * | 2023-12-21 | 2024-01-26 | 法琛堂(昆明)医疗科技有限公司 | Medical information multilayer encryption method, device, electronic equipment and storage medium |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101242265A (en) * | 2008-03-07 | 2008-08-13 | 四川虹微技术有限公司 | Stream password and pseudorandom number generation method in secure system |
| CN101782956A (en) * | 2010-02-09 | 2010-07-21 | 杭州晟元芯片技术有限公司 | Method and device for protecting data on basis of AES real-time encryption |
| CN103095696A (en) * | 2013-01-09 | 2013-05-08 | 中国电力科学研究院 | Identity authentication and key agreement method suitable for electricity consumption information collection system |
| CN103458296A (en) * | 2013-09-10 | 2013-12-18 | 江苏银河电子股份有限公司 | Method for generating intelligent set top box safe key |
| CN103716157A (en) * | 2013-12-13 | 2014-04-09 | 厦门市美亚柏科信息股份有限公司 | Grouped multiple-key encryption method and grouped multiple-key encryption device |
| CN104253684A (en) * | 2014-09-23 | 2014-12-31 | 深圳市汇顶科技股份有限公司 | Encryption method and encryption device |
| CN105245505A (en) * | 2015-09-14 | 2016-01-13 | 深圳市优友互联有限公司 | Data transmitting method and device, data receiving method and device, and receiving-transmitting system |
| CN107038383A (en) * | 2016-02-03 | 2017-08-11 | 华为技术有限公司 | A kind of method and apparatus of data processing |
-
2018
- 2018-11-23 CN CN201811405801.0A patent/CN109510703B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101242265A (en) * | 2008-03-07 | 2008-08-13 | 四川虹微技术有限公司 | Stream password and pseudorandom number generation method in secure system |
| CN101782956A (en) * | 2010-02-09 | 2010-07-21 | 杭州晟元芯片技术有限公司 | Method and device for protecting data on basis of AES real-time encryption |
| CN103095696A (en) * | 2013-01-09 | 2013-05-08 | 中国电力科学研究院 | Identity authentication and key agreement method suitable for electricity consumption information collection system |
| CN103458296A (en) * | 2013-09-10 | 2013-12-18 | 江苏银河电子股份有限公司 | Method for generating intelligent set top box safe key |
| CN103716157A (en) * | 2013-12-13 | 2014-04-09 | 厦门市美亚柏科信息股份有限公司 | Grouped multiple-key encryption method and grouped multiple-key encryption device |
| CN104253684A (en) * | 2014-09-23 | 2014-12-31 | 深圳市汇顶科技股份有限公司 | Encryption method and encryption device |
| CN105245505A (en) * | 2015-09-14 | 2016-01-13 | 深圳市优友互联有限公司 | Data transmitting method and device, data receiving method and device, and receiving-transmitting system |
| CN107038383A (en) * | 2016-02-03 | 2017-08-11 | 华为技术有限公司 | A kind of method and apparatus of data processing |
Cited By (27)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111431846A (en) * | 2019-05-30 | 2020-07-17 | 杭州海康威视数字技术股份有限公司 | Data transmission method, device and system |
| CN111431846B (en) * | 2019-05-30 | 2022-12-02 | 杭州海康威视数字技术股份有限公司 | Data transmission method, device and system |
| CN110995411B (en) * | 2019-11-13 | 2022-04-26 | 京东科技控股股份有限公司 | Encryption and decryption method and device, electronic equipment and storage medium |
| CN110995411A (en) * | 2019-11-13 | 2020-04-10 | 京东数字科技控股有限公司 | Encryption and decryption method and device, electronic equipment and storage medium |
| CN111464564A (en) * | 2020-05-08 | 2020-07-28 | 郑州信大捷安信息技术股份有限公司 | Data high-speed encryption and decryption method and device based on symmetric cryptographic algorithm |
| CN111464564B (en) * | 2020-05-08 | 2022-12-23 | 郑州信大捷安信息技术股份有限公司 | Data high-speed encryption and decryption method and device based on symmetric cryptographic algorithm |
| CN111740954A (en) * | 2020-05-18 | 2020-10-02 | 北京索德电气工业有限公司 | Elevator main controller and elevator board card communication encryption method |
| CN111740954B (en) * | 2020-05-18 | 2021-05-11 | 北京索德电气工业有限公司 | Elevator main controller and elevator board card communication encryption method |
| CN112685756B (en) * | 2020-12-30 | 2021-09-21 | 北京海泰方圆科技股份有限公司 | Data writing and reading method, device, medium and equipment |
| CN112685756A (en) * | 2020-12-30 | 2021-04-20 | 北京海泰方圆科技股份有限公司 | Data writing and reading method, device, medium and equipment |
| CN113094731A (en) * | 2021-04-15 | 2021-07-09 | 西南大学 | Block chain privacy protection method based on different distribution recombination scheme |
| CN114390317A (en) * | 2022-01-18 | 2022-04-22 | 山东点盾云网络科技有限公司 | Encryption method and system for streaming video |
| CN114390317B (en) * | 2022-01-18 | 2024-03-19 | 山东点盾云网络科技有限公司 | Encryption method and system for streaming video |
| CN114513302A (en) * | 2022-01-24 | 2022-05-17 | 上海焜耀网络科技有限公司 | Data encryption and decryption method and equipment |
| CN114553491A (en) * | 2022-01-24 | 2022-05-27 | 大唐互联科技(武汉)有限公司 | Data grading encryption method, system and storage medium |
| CN114465720A (en) * | 2022-01-25 | 2022-05-10 | 中国工商银行股份有限公司 | Key migration method and device, storage medium and electronic equipment |
| CN114465804A (en) * | 2022-02-16 | 2022-05-10 | 贵州福润德文化产业发展有限公司 | Instruction encryption and decryption method capable of resisting replay attack |
| CN114465804B (en) * | 2022-02-16 | 2024-03-26 | 贵州福润德文化产业发展有限公司 | Instruction encryption and decryption method capable of resisting replay attack |
| CN114710359B (en) * | 2022-04-15 | 2024-02-06 | 沈阳邦粹科技有限公司 | Industrial network dynamic key management method and industrial network encryption communication method |
| CN114710359A (en) * | 2022-04-15 | 2022-07-05 | 辽宁工控科技有限公司 | Industrial network dynamic key management method and industrial network encryption communication method |
| CN114884716B (en) * | 2022-04-28 | 2024-02-27 | 世融能量科技有限公司 | Encryption and decryption method, device and medium |
| CN114884716A (en) * | 2022-04-28 | 2022-08-09 | 世融能量科技有限公司 | Encryption and decryption method, device and medium |
| CN115801321B (en) * | 2022-10-20 | 2023-11-14 | 北京海泰方圆科技股份有限公司 | Data combination encryption method and device |
| CN115801321A (en) * | 2022-10-20 | 2023-03-14 | 北京海泰方圆科技股份有限公司 | Data combination encryption method and device |
| CN116055039A (en) * | 2022-12-29 | 2023-05-02 | 北京海泰方圆科技股份有限公司 | Random number generation method and device based on block cipher algorithm |
| CN116055039B (en) * | 2022-12-29 | 2023-11-14 | 北京海泰方圆科技股份有限公司 | Random number generation method and device based on block cipher algorithm |
| CN117459233A (en) * | 2023-12-21 | 2024-01-26 | 法琛堂(昆明)医疗科技有限公司 | Medical information multilayer encryption method, device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109510703B (en) | 2020-02-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109510703A (en) | A kind of data encryption/decryption method and device | |
| TWI736271B (en) | Method, device and equipment for generating and using private key in asymmetric key | |
| EP3174238B1 (en) | Protecting white-box feistel network implementation against fault attack | |
| CN103345609B (en) | A kind of text encipher-decipher method and encryption and decryption equipment | |
| CN108712412B (en) | Database encryption and decryption methods and devices, storage medium and terminal | |
| CN113364760A (en) | Data encryption processing method and device, computer equipment and storage medium | |
| US20220038263A1 (en) | Method, User Device, Management Device, Storage Medium and Computer Program Product For Key Management | |
| US9602273B2 (en) | Implementing key scheduling for white-box DES implementation | |
| CN110505054B (en) | Data processing method, device and equipment based on dynamic white box | |
| CN105337722B (en) | Data ciphering method and device | |
| EP2922235B1 (en) | Security module for secure function execution on untrusted platform | |
| CN109687966A (en) | Encryption method and its system | |
| CN110830261B (en) | Encryption method, encryption device, computer equipment and storage medium | |
| CN115603907A (en) | Method, device, equipment and storage medium for encrypting storage data | |
| CN111859435B (en) | Data security processing method and device | |
| CN110611568B (en) | Dynamic encryption and decryption method, device and equipment based on multiple encryption and decryption algorithms | |
| CN116170157A (en) | User password encryption and decryption method and device based on national encryption algorithm | |
| CN111949996A (en) | Generation method, encryption method, system, device and medium of security private key | |
| CN111542050B (en) | TEE-based method for guaranteeing remote initialization safety of virtual SIM card | |
| CN110941861B (en) | File protection method and device, computer equipment and medium | |
| CN113645022A (en) | Method and device for determining privacy set intersection, electronic equipment and storage medium | |
| CN109656600B (en) | Vehicle-mounted software upgrading method, system, device and medium | |
| CN107343001A (en) | Data processing method and device | |
| EP2940677A1 (en) | Method for including an implicit integrity or authenticity check into a white-box implementation | |
| CN112291189A (en) | Method, device, equipment and storage medium for sending and checking ciphertext |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |