CN110532129A - A kind of method, apparatus, equipment and the storage medium of file encryption storage - Google Patents
A kind of method, apparatus, equipment and the storage medium of file encryption storage Download PDFInfo
- Publication number
- CN110532129A CN110532129A CN201910823621.2A CN201910823621A CN110532129A CN 110532129 A CN110532129 A CN 110532129A CN 201910823621 A CN201910823621 A CN 201910823621A CN 110532129 A CN110532129 A CN 110532129A
- Authority
- CN
- China
- Prior art keywords
- encryption
- information
- offset
- configuration
- encrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/08—Error detection or correction by redundancy in data representation, e.g. by using checking codes
- G06F11/10—Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's
- G06F11/1004—Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's to protect a block of data words, e.g. CRC or checksum
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1408—Protection against unauthorised use of memory or access to memory by using cryptography
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1458—Protection against unauthorised use of memory or access to memory by checking the subject access rights
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Quality & Reliability (AREA)
- Storage Device Security (AREA)
Abstract
A kind of method that the embodiment of the present application discloses file encryption storage increases the cipher round results to configuration file for reducing configuration file by the probability of attack and analysis.The method of a kind of disaggregated model training provided by the embodiments of the present application, comprising: obtain at least one configuration information of configuration file;At least one configuration information is encrypted by the first Encryption Algorithm, to obtain the first encryption information;Dynamic Link Library Function is generated according to the first encryption information, for carrying out encryption storage to configuration file.The embodiment of the present application also provides corresponding device, equipment and storage medium.
Description
Technical field
The invention relates to field of computer technology, and in particular to a kind of method, apparatus of file encryption storage is set
Standby and storage medium.
Background technique
Currently, being usually that configuration file is stored as to dat format in clear text manner for the storage mode of configuration file
Or simply stored using Lightweight Database (sqlite, SQLite), attacker attempts to pass through different sides in order to prevent
Formula enters to read to configuration text and parsing, causes configuration file by malicious attack, therefore uses the exclusive or (xor, XOR) of single
Or the stream cipher algorithm (rivestcipher4, RC4) that key length can be changed encrypts configuration file.
It however, current cipher mode is too simple, can be analyzed, configuration file can not be played preferably easily
Encryption effect.
Summary of the invention
The embodiment of the present application provides method, apparatus, equipment and the storage medium of a kind of file encryption storage, for dropping
Low configuration file increases the cipher round results to configuration file by the probability of attack and analysis.
In a first aspect, the embodiment of the present application provides a kind of method of disaggregated model training, comprising:
Obtain at least one configuration information of configuration file;
At least one described configuration information is encrypted by the first Encryption Algorithm, to obtain the first encryption information;
Dynamic Link Library Function is generated according to first encryption information, to deposit for carrying out encryption to the configuration file
Storage.
In a kind of possible design, in the first possible implementation of the first aspect of the embodiment of the present application, lead to
It crosses the first Encryption Algorithm to encrypt at least one described configuration information, to obtain the first encryption information, comprising:
At least one described configuration information is encrypted by the second Encryption Algorithm, to obtain at least one list items,
Wherein, each configuration information corresponds to a list items, and second Encryption Algorithm is included in first Encryption Algorithm;
In the configuration item table for the first offset that the write-in of at least one described list items is located in storage medium, described the
One offset is obtained according to the second offset with offset increment, and second offset is the storage location of random key;
At least one described list table is encrypted using random key described at least one, to obtain the second encryption letter
Breath;
First key is generated according at least one described random key, for encrypting to second encryption information
After obtain the first encryption information.
In a kind of possible design, in second of possible implementation of the first aspect of the embodiment of the present application, root
Dynamic Link Library Function is generated according to first encryption information, comprising:
C source file is generated according to first encryption information;
Dynamic base entrance function is written into the C source file and Magic number, to obtain Dynamic Link Library Function, wherein institute
Magic number is stated for the list at the first offset obtained by verifying after the Dynamic Link Library Function is decrypted
The legitimacy of the corresponding configuration information of table.
In a kind of possible design, in the third possible implementation of the first aspect of the embodiment of the present application, In
Before in the configuration item table for the first offset that the write-in of at least one described list items is located in storage medium, further includes:
Each list items and the random key are converted into the first list item information by exclusive or algorithm;
Accordingly, the write-in of at least one described list items is located to the configuration item table of the first offset in storage medium
In, comprising:
In the configuration item table for the first offset that first list item information write-in is located in storage medium.
In a kind of possible design, in the 4th kind of possible implementation of the first aspect of the embodiment of the present application, In
Before at least one configuration information for obtaining configuration file, further includes:
Random number is obtained from random seed generator by random algorithm, for generating the random key;
The random key is written at the second offset in the storage medium.
Second aspect, the embodiment of the present application provide a kind of encryption storage device, which includes:
Acquiring unit, for obtaining at least one configuration information of configuration file;
Encryption unit, for passing through the first Encryption Algorithm at least one configuration information described in acquiring unit acquisition
It is encrypted, to obtain the first encryption information;
Generation unit, first encryption information for being obtained according to the encryption unit generate dynamic link library letter
Number, for carrying out encryption storage to the configuration file.
In a kind of possible design, in the first possible implementation of the second aspect of the embodiment of the present application, institute
State encryption unit, comprising:
First encrypting module, for carrying out cyclic redundancy school at least one described configuration information by the second Encryption Algorithm
Encryption is tested, to obtain at least one list items, wherein each configuration information corresponds to a list items, and second encryption is calculated
Method is included in first Encryption Algorithm;
First writing module is located at for the write-in of at least one list items described in obtaining first encrypting module and deposits
In the configuration item table of the first offset in storage media, first offset is obtained according to the second offset with offset increment,
Second offset is the storage location of random key;
Second encrypting module, for being added using random key described at least one at least one described list table
It is close, to obtain the second encryption information;
First generation module, for generating first key according at least one described random key, for described the
Second encryption information that two encrypting modules obtain obtains the first encryption information after being encrypted.
In a kind of possible design, in second of possible implementation of the second aspect of the embodiment of the present application, institute
State generation unit, comprising:
Second generation module, for generating C source file according to first encryption information;
Second writing module, the C source file and Magic number write-in dynamic for obtaining second generation module
Library entrance function, to obtain Dynamic Link Library Function, wherein the Magic number is for verifying to the Dynamic Link Library Function
The legitimacy of the corresponding configuration information of the list table at rear acquired first offset is decrypted.
In a kind of possible design, in second of possible implementation of the second aspect of the embodiment of the present application, institute
State encryption storage device further include:
Converting unit, at least one list items write-in to be located in storage medium in first writing module
The first offset configuration item table in front of, each list items and the random key are converted by exclusive or algorithm
First list item information;Accordingly, first writing module includes:
Submodule is written, for first list item information write-in to be located to the configuration of the first offset in storage medium
In item table.
In a kind of possible design, in the third possible implementation of the second aspect of the embodiment of the present application, institute
State encryption storage device further include:
First acquisition unit, for leading to before at least one configuration information that the acquiring unit obtains configuration file
It crosses random algorithm and obtains random number from random seed generator, for generating the random key;
First writing unit is obtained for the first acquisition unit to be written at the second offset in the storage medium
The random key got.
The third aspect, the embodiment of the present application provide a kind of encrypted memory device, which includes:
It include: input/output (I/O) interface, processor and memory,
Program instruction is stored in memory;
Processor is for executing the program instruction stored in memory, for realizing such as above-mentioned first aspect, first party
The method of any one possible implementation of face.
The application fourth aspect provides a kind of computer readable storage medium, and meter is stored in computer readable storage medium
Calculation machine executable instruction, any one can the side of being able to achieve for executing such as first aspect, first aspect for computer executable instructions
The method of formula.
5th aspect of the embodiment of the present application provides a kind of computer program product comprising instruction, when it is in computer
Or when being run on processor, so that the method that computer or processor execute any of the above-described aspect.
As can be seen from the above technical solutions, the embodiment of the present application has the advantage that
In the embodiment of the present application, after being encrypted by the first Encryption Algorithm at least one configuration information, according to first
Encryption information generates Dynamic Link Library Function, allows to carry out encryption storage to configuration file according to Dynamic Link Library Function,
Even with identical Configuration Values, which is also different, so the Dynamic Link Library Function generated can not yet
Together, so that the cipher round results to configuration file be significantly enhanced, a possibility that configuration file is by malicious attack is reduced.
Detailed description of the invention
In order to illustrate the technical solutions in the embodiments of the present application or in the prior art more clearly, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of application for those of ordinary skill in the art without creative efforts, can be with
It obtains other drawings based on these drawings.
Fig. 1 is in the embodiment of the present application to the schematic diagram of a scenario of file storage;
Fig. 2 is one embodiment schematic diagram of the method for the file encryption storage provided in the embodiment of the present application;
Fig. 3 is another embodiment schematic diagram of the method for the file encryption storage provided in the embodiment of the present application;
Fig. 4 is the flow chart of the method for the encryption storage provided in the embodiment of the present application;
Fig. 5 is the schematic diagram of the CRC macrodefinition header file provided in the embodiment of the present application;
Fig. 6 is the encryption storage device one embodiment schematic diagram provided in the embodiment of the present application;
Fig. 7 is encryption storage device another embodiment schematic diagram provided in the embodiment of the present application;
Fig. 8 is encryption storage device another embodiment schematic diagram provided in the embodiment of the present application;
Fig. 9 is the structural schematic diagram of encrypted memory device provided by the embodiments of the present application.
Specific embodiment
The embodiment of the present application provides method, apparatus, equipment and the storage medium of a kind of file encryption storage, for dropping
Low configuration file increases the cipher round results to configuration file by the probability of attack and analysis.
Below in conjunction with the attached drawing in the embodiment of the present application, technical solutions in the embodiments of the present application carries out clear, complete
Site preparation description, it is clear that the described embodiments are only a part but not all of the embodiments of the present application.Based on this
Embodiment in application, every other reality obtained by those of ordinary skill in the art without making creative efforts
Example is applied, shall fall in the protection scope of this application.
The description and claims of this application and term " first ", " second ", " third ", " in above-mentioned attached drawing
The (if present)s such as four " are to be used to distinguish similar objects, without being used to describe a particular order or precedence order.It should manage
The data that solution uses in this way are interchangeable under appropriate circumstances, so as to embodiments herein described herein can in addition to
Here the sequence other than those of diagram or description is implemented.In addition, term " includes " and " having " and their any deformation,
Be intended to cover it is non-exclusive include, for example, containing the process, method of a series of steps or units, system, product or setting
It is standby those of to be not necessarily limited to be clearly listed step or unit, but may include be not clearly listed or for these mistakes
The intrinsic other step or units of journey, method, product or equipment.The name or volume that step is carried out occurred in this application
Number, it is not meant to that the step in method flow must be executed according to the indicated time/logic sequencing of name or number
Suddenly, named or number process step can change execution order according to the technical purpose to be realized, as long as can reach
Identical or similar technical effect.
The method that the embodiment of the present application is proposed is mainly used in the scene stored to text.As shown in Figure 1, for this
Apply in embodiment to the schematic diagram of a scenario of file storage.From figure 1 it appears that may include multiple configuration texts in client
Part, such as: configuration file 1, configuration file 2 or configuration file 3, wherein each configuration text includes configuration information, client
The contents such as self information, it should be understood that in practice can also include such as other configurations of configuration file 4, configuration file 5
File.In order to avoid attacker is entered to read and be parsed by different modes to configuration text, cause configuration file by malice
Attack is all usually at present to be encrypted using the XOR or RC4 of single to configuration file, but these cipher modes are too simple,
It can be analyzed easily, preferable encryption can not be played the role of to configuration file.
Therefore to solve the above-mentioned problems, the embodiment of the present application provides a kind of method of file encryption storage, and this method can
The configuration information in configuration file is encrypted with the first Encryption Algorithm, and obtained first encryption information is generated into dynamic
Library function is linked, realizes that the encryption to configuration file stores, improves the effect of file encryption, reduce a possibility that being attacked.
To facilitate a better understanding of the scheme that the embodiment of the present application is proposed, below to the detailed process in the present embodiment into
Row is introduced, referring to Fig. 2, one embodiment schematic diagram of the method for the file encryption storage provided in the embodiment of the present application,
This method comprises:
201, at least one configuration information of configuration file is obtained.
In the present embodiment, configuration information may include section name, key name and entry value in configuration file.Wherein, section name refers to
Fixed is a certain major class, such as: " preventing from debugging " this major class;And some specific side that key name is then specifically designated in a certain major class
Method, such as: the method for " preventing software breakpoint from debugging " in " preventing from debugging " this major class;Entry value is then to specify currentitem
The percentage whether opened or opened is indicated usually using numerical value, such as " 0 " indicates to close.
202, at least one described configuration information is encrypted by the first Encryption Algorithm, to obtain the first encryption letter
Breath.
In the present embodiment, after getting at least one configuration information in configuration file, the first encryption calculation can be used
These configuration informations are encrypted in method, and the first mentioned Encryption Algorithm, which can be, carries out first layer encryption using CRC
It uses stored random key to carry out secondary encryption and Tertiary infilling after removal plaintext, adds to obtain encrypted first
Confidential information.It specifically may refer to embodiment described in Fig. 3 to be understood.
203, Dynamic Link Library Function is generated according to first encryption information, for adding to the configuration file
Close storage.
In the present embodiment, Dynamic Link Library Function can be a kind of other program tune of supply with static call or dynamic call
Function.Wherein, using dynamic base, in compiling link executable file, it is only necessary to link the dynamic chain
The introducing library file of library function is connect, the function code and data in the Dynamic Link Library Function do not copy to executable file
In, when executable program operation, just goes to load required Dynamic Link Library Function, which is mapped to
In the address space of process, derived function in Dynamic Link Library Function is then accessed.In addition, in described executable file
Face contains above-mentioned described configuration file.
Therefore, Dynamic Link Library Function is generated after obtaining the first encryption information, so that only needing in application process quiet
State or dynamic link are into required product, such as: certain software, so that encryption storage is carried out to the configuration file in the product,
It prevents from maliciously being analyzed and used, realizes the effect of efficient cryptographic.
In the embodiment of the present application, after being encrypted by the first Encryption Algorithm at least one configuration information, according to first
Encryption information generates Dynamic Link Library Function, allows to carry out encryption storage to configuration file according to Dynamic Link Library Function,
Even with identical Configuration Values, which is also different, so the Dynamic Link Library Function generated can not yet
Together, so that the cipher round results to configuration file be significantly enhanced, a possibility that configuration file is by malicious attack is reduced.
In order to make it easy to understand, further the detailed process in the embodiment of the present application will be specifically introduced below, ask
It is another embodiment schematic diagram of the method for file encryption storage provided by the embodiments of the present application refering to Fig. 3, Fig. 3.
301, at least one configuration information of configuration file is obtained.
In the present embodiment, configuration information may include section name, key name and entry value in configuration file.Wherein, section name refers to
Fixed is a certain major class, such as: " preventing from debugging " this major class;And some specific side that key name is then specifically designated in a certain major class
Method, such as: the method for " preventing software breakpoint from debugging " in " preventing from debugging " this major class;Entry value is then to specify currentitem
The percentage whether opened or opened is indicated usually using numerical value, such as " 0 " indicates to close.
Optionally, in further embodiments, before at least one configuration information for obtaining configuration file, can also lead to
It crosses random algorithm and obtains random number from random seed generator, can make using random number as a part in random key
It can be random key distribution memory in storage medium, that is, in storage medium after corresponding random key must be generated
The random key is written at second offset.
It should be understood that above-mentioned mentioned random seed generator can be the random seed generator of OpenSSL, or
The included random seed generator of system, in practical applications, it is also possible to be other random seed generators, in the application
Specific introduction will not be done in embodiment.In addition, the position of the second mentioned offset can be the position of 0x40, it can also be such as
0x50,0x60 etc. others position, can be customized according to actual needs, will be not specifically limited in the embodiment of the present application.
302, at least one described configuration information is encrypted by the second Encryption Algorithm, to obtain at least one list
, wherein each configuration information corresponds to a list items.
In the present embodiment, the second Encryption Algorithm belongs to one of first Encryption Algorithm, as cyclic redundancy checks (cyclic
Redundancy check, CRC) algorithm, it is encrypted, is made by the verification that the second Encryption Algorithm carries out cyclic redundancy to configuration information
It obtains the information in obtained list items to eliminate in plain text, realizes first layer encryption.
It specifically, can be for the section name and key name progress first layer in each configuration information after obtaining configuration information
Encryption, to obtain corresponding list items, i.e., [section name CRC, key name CRC, entry value].It is to be appreciated that due to section name and item
Name is character string, so need to do the cleartext information that first layer encryption removes de-redundancy using the second Encryption Algorithm, in addition, due to
Entry value is numerical character, and encrypted meaning is not only without the loss that acts on but also can cause performance, so the embodiment of the present application
In mainly the section name in configuration information, key name are encrypted using the second Encryption Algorithm.
303, in the configuration item table for the first offset that the write-in of at least one list items is located in storage medium, described the
One offset is obtained according to the second offset with offset increment, and second offset is the storage location of random key.
In the present embodiment, since the storage location of the second offset has stored random key, one is often being obtained
After a list items, the list items can be written in the configuration item table of the first offset for being located at storage medium.It should be understood that
First offset is obtained according to the second offset and offset increment, one list items of every write-in, then the column being written into
The offset of list item will increase corresponding offset increment on the position of the offset of previous list items accordingly, that is,
Say one list items of every write-in, the offset of the 0x40 for the increase 0x40+ random key that offset can be additional, which can be with
It presets according to actual needs, purpose is mainly so that configuration information is in discontinuously arranged in memory, because of distinct program
Different random keys can be inputted, even if can also make encrypted configuration information also can be different with value with a.
In further embodiments, in the first offset being located at the write-in of at least one described list items in storage medium
Configuration item table in front of, can also include: to be converted into each list items and the random key by exclusive or algorithm
First list item information;Accordingly, the write-in of at least one described list items is located to the configuration of the first offset in storage medium
In item table, comprising: in the configuration item table for the first offset that first list item information write-in is located in storage medium.It can be with
It is understood as, which can be expressed as [section name CRC exclusive or random key, key name CRC exclusive or random key, (item
Value-random key-particular value) exclusive or random key], after obtaining first list item information, the configuration item table can be filled.
304, at least one described list table is encrypted using random key described at least one, is added with obtaining second
Confidential information.
In the present embodiment, for each list items, encrypted using a random key.Due to random key have with
Machine further enhances the effect of encryption so that obtained second encryption information also can not be identical after encryption.
305, first key is generated according at least one described random key, for carrying out to second encryption information
The first encryption information is obtained after encryption.
In the present embodiment, first key can be made of at least one random key, be such as combined into 128 with secret
Key obtains the first final encryption to carry out whole encryption to the second all encryption information using the first key with this
Information, so that the configuration information in storage medium completes the process repeatedly encrypted.
306, Dynamic Link Library Function is generated according to first encryption information, for adding to the configuration file
Close storage.
In the present embodiment, Dynamic Link Library Function can be a kind of other program tune of supply with static call or dynamic call
Function.Wherein, using dynamic base, in compiling link executable file, it is only necessary to link the dynamic chain
The introducing library file of library function is connect, the function code and data in the Dynamic Link Library Function do not copy to executable file
In, when executable program operation, just goes to load required Dynamic Link Library Function, which is mapped to
In the address space of process, derived function in Dynamic Link Library Function is then accessed.In addition, in described executable file
Face contains above-mentioned described configuration file.
Therefore, Dynamic Link Library Function is generated after obtaining the first encryption information, so that only needing in application process quiet
State or dynamic link are into required product, such as: certain software, so that encryption storage is carried out to the configuration file in the product,
It prevents from maliciously being analyzed and used, realizes the effect of efficient cryptographic.
Specifically, in further embodiments, generating the Dynamic Link Library Function can be used following manner: i.e. according to institute
It states the first encryption information and generates C source file;Dynamic base entrance function is written into the C source file and Magic number, to obtain dynamic
Link library function.It can be understood as, the really CRC macrodefinition header file that C source file refers to can reach higher concealment,
So that malicious user can not be truncated to the purpose of corresponding configuration information;And the Magic number is mainly used for verifying to institute
State the legal of the corresponding configuration information of the list table that Dynamic Link Library Function is decrypted at rear acquired first offset
Property, that is, whether be used to verify the configuration information after decrypting meets expected some fixed characters, such as: testioa, if symbol
It closes, then can illustrate that encrypted configuration information meets expected configuration information, not by malicious attack or modification.
Specifically referring to FIG. 4, the flow chart of the method for the encryption storage provided in the embodiment of the present application.It can be with from Fig. 4
Find out, firstly, being random key distribution initial memory in storage medium, and the deviation post of the 0x40 in initial memory is filled out
Enter random key.Secondly, configuration file is obtained, by parsing the available configuration information therein of configuration file, such as: section name,
Key name and entry value, to be encrypted by CRC algorithm shown in Fig. 3 to section name therein, key name, so that encrypted section
Configuration item table is written after forming corresponding list items with entry value in name, key name, traverses to all configuration item tables, by different
Or each list items and random key are converted into the first list item information by algorithm, such as: [section name CRC exclusive or random key, key name
CRC exclusive or random key, (entry value-random key-particular value) exclusive or random key], in this way, can be by the first list item information
Write-in is accordingly written in the configuration item table of the first offset, to fill the configuration item table.In addition, every increase by one first partially
Shifting amount can all increase certain offset increment on the basis of previous offset, and first offset is according to secret
What the offset and offset increment of key obtained, the offset of random key as shown in Figure 4 is 0x40+ random key %0x40,
First offset of first the first list item information so in configuration item table is then cheap increment+0x40+ random key %
0x40, and so on traversal complete entire configuration item table.Therefore, the configuration item table of the first list item information can be filled at this
In, for each the first list item information, accidental enciphering can be carried out with each pre-stored random key, to obtain two
The list items or configuration item of secondary encryption.In addition, in the process can also the corresponding CRC macrodefinition header file of dynamic generation for decrypting
It uses, the schematic diagram of CRC macrodefinition header file as shown in Figure 5.After this, it is also necessary to by pre-stored random key into
Row is combined into 128 keys, i.e., first key shown in Fig. 3, thus using 128 first keys after combination to secondary
Encrypted configuration item carries out the encryption of third time, after obtaining encrypted memory and memory size, by inciting somebody to action third time
After encrypted information generates C source file, enter in conjunction with write-in dynamic bases such as random Magic number 1, Magic number 2 or random Magic numbers 3
Mouth function is inserted into some memory bytes during traversal encryption storage, eventually by calling in a manner of machine code
CLEXE compiling generates Dynamic Link Library Function, so that only needing either statically or dynamically to be linked to required production in application process
In product, such as: certain software prevents from maliciously being analyzed and used to carry out encryption storage to the configuration file in the product, realizes
The effect of efficient cryptographic.
In the embodiment of the present application, confidence is matched at least one by the second Encryption Algorithm, random key and first key
After breath carries out three layers of encryption, Dynamic Link Library Function is generated according to the first encryption information, is allowed to according to dynamic link library letter
Several pairs of configuration files carry out encryption storage, and even with identical Configuration Values, which is also different, so raw
At Dynamic Link Library Function also can be different, so that the cipher round results to configuration file be significantly enhanced, reduce configuration file
A possibility that by malicious attack.
It is above-mentioned that mainly scheme provided by the embodiments of the present application is described from the angle of method.It can be understood that being
Realization above-mentioned function contains and executes the corresponding hardware configuration of each function and/or software module.Those skilled in the art answer
This is readily appreciated that, in conjunction with each exemplary module and algorithm steps of embodiment description disclosed herein, the application
It can be realized with the combining form of hardware or hardware and computer software.Some function is actually with hardware or computer software
The mode of hardware is driven to execute, the specific application and design constraint depending on technical solution.Professional technician can be with
Each specific application is used different methods to achieve the described function, but this realization is it is not considered that exceed this Shen
Range please.
The embodiment of the present application can carry out the division of functional module according to above method example to device, for example, can be right
The each functional module of each function division is answered, two or more functions can also be integrated in a processing module.
Above-mentioned integrated module both can take the form of hardware realization, can also be realized in the form of software function module.It needs
Illustrate, is schematical, only a kind of logical function partition to the division of module in the embodiment of the present application, it is practical to realize
When there may be another division manner.
The encryption storage device in the embodiment of the present application is described in detail below, referring to Fig. 6, Fig. 6 is the application
The encryption storage device one embodiment schematic diagram provided in embodiment, the encryption storage device may include:
Acquiring unit 401, for obtaining at least one configuration information of configuration file;
Encryption unit 402, for by the first Encryption Algorithm to the acquiring unit 401 obtain described at least one match
Confidence breath is encrypted, to obtain the first encryption information;
Generation unit 403, first encryption information for being obtained according to the encryption unit 402 generate dynamic link
Library function, for carrying out encryption storage to the configuration file.
Optionally, on the basis of the embodiment corresponding to above-mentioned Fig. 6, referring to Fig. 7, being provided by the embodiments of the present application
Another embodiment schematic diagram of storage device is encrypted, which may include:
First encrypting module 4021, it is superfluous for recycle at least one described configuration information by the second Encryption Algorithm
Remaining verification encryption, to obtain at least one list items, wherein each configuration information corresponds to a list items, and described second adds
Close algorithm is included in first Encryption Algorithm;
First writing module 4022 is write at least one list items described in obtaining first encrypting module 4021
Enter to be located in the configuration item table of the first offset in storage medium, first offset increases according to the second offset and offset
It measures, second offset is the storage location of random key;
Second encrypting module 4023, for being carried out using at least one described random key at least one described list table
Encryption, to obtain the second encryption information;
First generation module 4024, for generating first key according at least one described random key, for institute
It states after second encryption information that the second encrypting module obtains is encrypted and obtains the first encryption information.
Optionally, on the basis of the embodiment corresponding to above-mentioned Fig. 7, referring to Fig. 8, being provided by the embodiments of the present application
Another embodiment schematic diagram of storage device is encrypted, which may include:
Second generation module 4031, for generating C source file according to first encryption information;
Second writing module 4032, the C source file and Magic number for obtaining second generation module 4031
Dynamic base entrance function is written, to obtain Dynamic Link Library Function, wherein the Magic number is for verifying to the dynamic chain
Connect the legitimacy for the corresponding configuration information of the list table that library function is decrypted at rear acquired first offset.
Optionally, on the basis of above-mentioned Fig. 7 or Fig. 8 corresponding embodiment, encryption storage provided by the embodiments of the present application
In another embodiment of device, the encryption storage device further include: converting unit, in first writing module by institute
It, will by exclusive or algorithm before stating in the configuration item table of the first offset of at least one list items write-in in storage medium
Each list items and the random key are converted into the first list item information;Accordingly, first writing module includes: to write
Enter submodule, in the configuration item table of the first offset for first list item information write-in to be located in storage medium.
Optionally, on the basis of above-mentioned Fig. 7 embodiment corresponding to Fig. 8, encryption storage provided by the embodiments of the present application
In another embodiment of device, the encryption storage device further include: first acquisition unit, for being obtained in the acquiring unit
Before at least one configuration information of configuration file, random number is obtained from random seed generator by random algorithm, with
In the generation random key;First writing unit, for described the to be written at the second offset in the storage medium
The random key that one acquiring unit is got.
In the embodiment of the present application, the acquiring unit 401 is obtained extremely using the first Encryption Algorithm by encryption unit 402
After a few configuration information is encrypted, generation unit 403 generates Dynamic Link Library Function according to the first encryption information, so that can
To carry out encryption storage to configuration file according to Dynamic Link Library Function, even with identical Configuration Values, the first encryption letter
Breath is also different, so the Dynamic Link Library Function generated also can be different, so that the encryption to configuration file be significantly enhanced
Effect reduces a possibility that configuration file is by malicious attack.
The encryption storage device in the embodiment of the present application is described from the angle of modular functionality entity above, below
The encrypted memory device in the embodiment of the present application is described from the angle of hardware handles.Fig. 9 is that the embodiment of the present application provides
Encrypted memory device structural schematic diagram, which may include above-mentioned described encryption storage device etc.,
The encrypted memory device can generate bigger difference because configuration or performance are different, which may include at least
One processor 501, communication line 507, memory 503 and at least one communication interface 504.
Processor 501 can be a general central processor (central processing unit, CPU), micro process
Device, application-specific integrated circuit (application-specific integrated circuit, server I C) or one
Or it is multiple for controlling the integrated circuit of application scheme program execution.
Communication line 507 may include an access, and information is transmitted between said modules.
Communication interface 504, using the device of any transceiver one kind, for other devices or communication, such as
Ethernet, wireless access network (radio access network, RAN), WLAN (wireless local area
Networks, WLAN) etc..
Memory 503 can be read-only memory (read-only memory, ROM) or can store static information and instruction
Other kinds of static memory, random access memory (random access memory, RAM) or letter can be stored
The other kinds of dynamic storage device of breath and instruction, memory, which can be, to be individually present, and communication line 507 and processor are passed through
It is connected.Memory can also be integrated with processor.
Wherein, memory 503 be used for store execution application scheme computer executed instructions, and by processor 501
Control executes.Processor 501 is for executing the computer executed instructions stored in memory 503, to realize that the application is above-mentioned
The method for the file encryption storage that embodiment provides.
Optionally, the computer executed instructions in the embodiment of the present application can also be referred to as application code, the application
Embodiment is not especially limited this.
In the concrete realization, as one embodiment, which may include multiple processors, such as Fig. 9
In processor 501 and processor 502.Each of these processors can be monokaryon (single-CPU) processing
Device is also possible to multicore (multi-CPU) processor.Here processor can refer to one or more devices, circuit,
And/or the processing core for handling data (such as computer program instructions).
In the concrete realization, as one embodiment, which can also include output equipment 505 and input
Equipment 506.Output equipment 505 and processor 501 communicate, and can show information in many ways.Input equipment 506 and processing
Device 501 communicates, and can receive the input of user in many ways.For example, input equipment 506 can be mouse, touch panel device
Or sensing device etc..
Above-mentioned encrypted memory device can be a fexible unit either dedicated unit.In the concrete realization,
The encrypted memory device can be desktop computer, portable computer, nas server, wireless terminal device, embedded equipment or have figure
The device of similar structures in 9.The embodiment of the present application does not limit the type of the encrypted memory device.
In the embodiment of the present application, processor 501 included by the encrypted memory device is also with the following functions:
Obtain at least one configuration information of configuration file;
At least one described configuration information is encrypted by the first Encryption Algorithm, to obtain the first encryption information;
Dynamic Link Library Function is generated according to first encryption information, to deposit for carrying out encryption to the configuration file
Storage.
In some embodiments of the present application, which can also be specifically used for,
At least one described configuration information is encrypted by the second Encryption Algorithm, to obtain at least one list items,
Wherein, each configuration information corresponds to a list items, and second Encryption Algorithm is included in first Encryption Algorithm;
In the configuration item table for the first offset that the write-in of at least one described list items is located in storage medium, described the
One offset is obtained according to the second offset with offset increment, and second offset is the storage location of random key;
At least one described list table is encrypted using random key described at least one, to obtain the second encryption letter
Breath;
First key is generated according at least one described random key, for encrypting to second encryption information
After obtain the first encryption information.
In some embodiments of the present application, which can also be specifically used for,
C source file is generated according to first encryption information;
Dynamic base entrance function is written into the C source file and Magic number, to obtain Dynamic Link Library Function, wherein institute
Magic number is stated for the list at the first offset obtained by verifying after the Dynamic Link Library Function is decrypted
The legitimacy of the corresponding configuration information of table.
In the embodiment of the present application, processor 501 included by the computer equipment is also with the following functions:
Before in the configuration item table for the first offset that the write-in of at least one described list items is located in storage medium,
Each list items and the random key are converted into the first list item information by exclusive or algorithm;
Accordingly, the write-in of at least one described list items is located to the configuration item table of the first offset in storage medium
In, comprising:
In the configuration item table for the first offset that first list item information write-in is located in storage medium.In the application
Some embodiments in, which can also be specifically used for,
Before at least one configuration information for obtaining configuration file, obtained from random seed generator by random algorithm
Random number is taken, for generating the random key;
The random key is written at the second offset in the storage medium.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description,
The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In several embodiments provided herein, it should be understood that disclosed system, device and method can be with
It realizes by another way.For example, the apparatus embodiments described above are merely exemplary, for example, the division of unit,
Only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components can be with
In conjunction with or be desirably integrated into another system, or some features can be ignored or not executed.Another point, it is shown or discussed
Mutual coupling, direct-coupling or communication connection can be through some interfaces, the INDIRECT COUPLING of device or unit or
Communication connection can be electrical property, mechanical or other forms.
Unit may or may not be physically separated as illustrated by the separation member, shown as a unit
Component may or may not be physical unit, it can and it is in one place, or may be distributed over multiple networks
On unit.It can some or all of the units may be selected to achieve the purpose of the solution of this embodiment according to the actual needs.
It, can also be in addition, each functional unit in each embodiment of the application can integrate in one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list
Member both can take the form of hardware realization, can also realize in the form of software functional units.
It, can if integrated unit is realized in the form of SFU software functional unit and when sold or used as an independent product
To be stored in a computer readable storage medium.Based on this understanding, the technical solution of the application substantially or
Say that all or part of the part that contributes to existing technology or the technical solution can embody in the form of software products
Out, which is stored in a storage medium, including some instructions are used so that a computer equipment
The all or part of (can be personal computer, server or the network equipment etc.) execution each embodiment method of the application
Step.And storage medium above-mentioned include: USB flash disk, it is mobile hard disk, read-only memory (read-only memory, ROM), random
Access various Jie that can store program code such as memory (random access memory, RAM), magnetic or disk
Matter.
Above embodiments are only to illustrate the technical solution of the application, rather than its limitations;Although with reference to the foregoing embodiments
The application is described in detail, those skilled in the art should understand that: it still can be to aforementioned each implementation
Technical solution documented by example is modified or equivalent replacement of some of the technical features;And these modification or
Replacement, the spirit and scope of each embodiment technical solution of the application that it does not separate the essence of the corresponding technical solution.
Claims (10)
1. a kind of method of file encryption storage characterized by comprising
Obtain at least one configuration information of configuration file;
At least one described configuration information is encrypted by the first Encryption Algorithm, to obtain the first encryption information;
Dynamic Link Library Function is generated according to first encryption information, for carrying out encryption storage to the configuration file.
2. the method according to claim 1, wherein by the first Encryption Algorithm to it is described at least one match confidence
Breath is encrypted, to obtain the first encryption information, comprising:
At least one described configuration information is encrypted by the second Encryption Algorithm, to obtain at least one list items, wherein
Each configuration information corresponds to a list items, and second Encryption Algorithm is included in first Encryption Algorithm;
In the configuration item table for the first offset that the write-in of at least one described list items is located in storage medium, described first partially
Shifting amount is obtained according to the second offset with offset increment, and second offset is the storage location of random key;
At least one described list table is encrypted using random key described at least one, to obtain the second encryption information;
First key is generated according at least one described random key, for obtaining after encrypting to second encryption information
To the first encryption information.
3. according to the method described in claim 2, it is characterized in that, generating dynamic link library letter according to first encryption information
Number, comprising:
C source file is generated according to first encryption information;
Dynamic base entrance function is written into the C source file and Magic number, to obtain Dynamic Link Library Function, wherein the evil spirit
The list table pair at first offset obtained by art word is used to verify after the Dynamic Link Library Function is decrypted
The legitimacy for the configuration information answered.
4. according to the method any in claim 2 to 3, which is characterized in that be written by least one described list items
Before in the configuration item table of the first offset in storage medium, further includes:
Each list items and the random key are converted into the first list item information by exclusive or algorithm;
Accordingly, in the configuration item table for the first offset write-in of at least one described list items being located in storage medium, packet
It includes:
In the configuration item table for the first offset that first list item information write-in is located in storage medium.
5. according to the method any in claim 2 to 4, which is characterized in that at least one in acquisition configuration file is matched
Before confidence breath, further includes:
Random number is obtained from random seed generator by random algorithm, for generating the random key;
The random key is written at the second offset in the storage medium.
6. a kind of encryption storage device characterized by comprising
Acquiring unit, for obtaining at least one configuration information of configuration file;
Encryption unit, for being carried out by the first Encryption Algorithm at least one configuration information described in acquiring unit acquisition
Encryption, to obtain the first encryption information;
Generation unit, first encryption information for being obtained according to the encryption unit generate Dynamic Link Library Function, with
For carrying out encryption storage to the configuration file.
7. encryption storage device according to claim 6, the encryption unit, comprising:
First encrypting module adds for carrying out cyclic redundancy check at least one described configuration information by the second Encryption Algorithm
It is close, to obtain at least one list items, wherein each configuration information corresponds to a list items, the second Encryption Algorithm packet
It includes in first Encryption Algorithm;
First writing module is located at storage for the write-in of at least one list items described in obtaining first encrypting module and is situated between
In the configuration item table of the first offset in matter, first offset is obtained according to the second offset with offset increment, described
Second offset is the storage location of random key;
Second encrypting module, for being encrypted using random key described at least one at least one described list table, with
Obtain the second encryption information;
First generation module is used to generate first key according at least one described random key, for adding to described second
Second encryption information that close module obtains obtains the first encryption information after being encrypted.
8. encryption storage device according to claim 7, the generation unit, comprising:
Second generation module, for generating C source file according to first encryption information;
Second writing module, the C source file for obtaining second generation module enter with Magic number write-in dynamic base
Mouth function, to obtain Dynamic Link Library Function, wherein the Magic number is carried out for verifying to the Dynamic Link Library Function
The legitimacy of the corresponding configuration information of the list table at first offset obtained by after decryption.
9. a kind of encrypted memory device, which is characterized in that the encrypted memory device includes: input/output (I/O) interface, place
Device and memory are managed,
Program instruction is stored in the memory;
The processor executes the side as described in any in claim 1 to 5 for executing the program instruction stored in memory
Method.
10. a kind of computer readable storage medium, including instruction, which is characterized in that when described instruction is on encrypted memory device
When operation, so that the encrypted memory device executes the method as described in one in claim 1 to 5.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910823621.2A CN110532129A (en) | 2019-09-02 | 2019-09-02 | A kind of method, apparatus, equipment and the storage medium of file encryption storage |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910823621.2A CN110532129A (en) | 2019-09-02 | 2019-09-02 | A kind of method, apparatus, equipment and the storage medium of file encryption storage |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110532129A true CN110532129A (en) | 2019-12-03 |
Family
ID=68666159
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910823621.2A Pending CN110532129A (en) | 2019-09-02 | 2019-09-02 | A kind of method, apparatus, equipment and the storage medium of file encryption storage |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110532129A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112486542A (en) * | 2020-12-10 | 2021-03-12 | 卡斯柯信号有限公司 | Configuration file generation and updating method and system based on dynamic link library |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101819618A (en) * | 2010-03-19 | 2010-09-01 | 杨筑平 | File encryption method |
CN103177222A (en) * | 2011-12-23 | 2013-06-26 | 腾讯科技(深圳)有限公司 | Processing method for file shell adding and shell removing and device thereof |
CN104268480A (en) * | 2014-10-10 | 2015-01-07 | 重庆邮电大学 | XML (extensive markup language) configuration file security protection processing method and system |
JP2015056090A (en) * | 2013-09-13 | 2015-03-23 | 株式会社日立ソリューションズ | File access control device, file access control program, and file access control method |
CN105184181A (en) * | 2015-06-15 | 2015-12-23 | 北京天诚同创电气有限公司 | File encryption method, file decryption method and file encryption device |
CN106357690A (en) * | 2016-11-08 | 2017-01-25 | 浙江中控技术股份有限公司 | Data transmission method, data sending device and data receiving device |
CN106446715A (en) * | 2016-10-11 | 2017-02-22 | 武汉斗鱼网络科技有限公司 | File encryption method and device |
CN108009440A (en) * | 2017-11-23 | 2018-05-08 | 重庆金融资产交易所有限责任公司 | Date storage method, querying method, device, storage medium and computer equipment |
CN108256342A (en) * | 2018-01-12 | 2018-07-06 | 武汉斗鱼网络科技有限公司 | Encryption method, device and the decryption method of Shader files, device |
CN108830096A (en) * | 2018-06-21 | 2018-11-16 | 广州华多网络科技有限公司 | Data processing method, device, electronic equipment and storage medium |
-
2019
- 2019-09-02 CN CN201910823621.2A patent/CN110532129A/en active Pending
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101819618A (en) * | 2010-03-19 | 2010-09-01 | 杨筑平 | File encryption method |
CN103177222A (en) * | 2011-12-23 | 2013-06-26 | 腾讯科技(深圳)有限公司 | Processing method for file shell adding and shell removing and device thereof |
JP2015056090A (en) * | 2013-09-13 | 2015-03-23 | 株式会社日立ソリューションズ | File access control device, file access control program, and file access control method |
CN104268480A (en) * | 2014-10-10 | 2015-01-07 | 重庆邮电大学 | XML (extensive markup language) configuration file security protection processing method and system |
CN105184181A (en) * | 2015-06-15 | 2015-12-23 | 北京天诚同创电气有限公司 | File encryption method, file decryption method and file encryption device |
CN106446715A (en) * | 2016-10-11 | 2017-02-22 | 武汉斗鱼网络科技有限公司 | File encryption method and device |
CN106357690A (en) * | 2016-11-08 | 2017-01-25 | 浙江中控技术股份有限公司 | Data transmission method, data sending device and data receiving device |
CN108009440A (en) * | 2017-11-23 | 2018-05-08 | 重庆金融资产交易所有限责任公司 | Date storage method, querying method, device, storage medium and computer equipment |
CN108256342A (en) * | 2018-01-12 | 2018-07-06 | 武汉斗鱼网络科技有限公司 | Encryption method, device and the decryption method of Shader files, device |
CN108830096A (en) * | 2018-06-21 | 2018-11-16 | 广州华多网络科技有限公司 | Data processing method, device, electronic equipment and storage medium |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112486542A (en) * | 2020-12-10 | 2021-03-12 | 卡斯柯信号有限公司 | Configuration file generation and updating method and system based on dynamic link library |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111131278B (en) | Data processing method and device, computer storage medium and electronic equipment | |
JP2004534333A (en) | Integrated protection method and system for distributed data processing in computer networks | |
CN106685905A (en) | Systems and methods of encrypted transmission of web pages | |
CN108830096B (en) | Data processing method and device, electronic equipment and storage medium | |
WO2020065460A1 (en) | Computer-implemented system and method for transferring access to digital resource | |
CN108462686A (en) | Acquisition methods, device, terminal device and the storage medium of dynamic key | |
CN110278115A (en) | Hot update method and device | |
US20150172044A1 (en) | Order-preserving encryption system, encryption device, decryption device, encryption method, decryption method, and programs thereof | |
CN107222759A (en) | Method, system, equipment and the medium of media file encryption and decryption | |
CN1551559A (en) | Method and device for organising public key based on user_defined identification code cryptographic system | |
CN110210591A (en) | A kind of wiring method, computer installation and the computer readable storage medium of intellective IC card personal data | |
CN111935197A (en) | Bidding document encryption and decryption method and device | |
CN102833077A (en) | Encryption and decryption methods of remote card-issuing data transmission of financial IC (Integrated Circuit) card and financial social security IC card | |
Saračević et al. | Encryption based on Ballot, Stack permutations and Balanced Parentheses using Catalan-keys | |
Gimenez-Aguilar et al. | Zephyrus: An information hiding mechanism leveraging Ethereum data fields | |
CN108829396A (en) | Method, the method for script execution, relevant apparatus and the system of script compiling | |
US11568076B2 (en) | Computer-implemented method of transferring a data string from an application to a data protection device | |
Haunts | Applied Cryptography in .NET and Azure Key Vault | |
CN110532129A (en) | A kind of method, apparatus, equipment and the storage medium of file encryption storage | |
US20170085371A1 (en) | System and method for an enhanced xor cipher through extensions | |
EP3413509B1 (en) | Cmac computation using white-box implementations with external encodings | |
CN104657631B (en) | The processing method and processing device of the channel information of application | |
CN110474967B (en) | Block chain experiment system and method | |
CN112597453A (en) | Program code encryption and decryption method and device | |
CN107040370A (en) | Use the Montgomery Algorithm of random addition chain |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191203 |