CN110532129A - A kind of method, apparatus, equipment and the storage medium of file encryption storage - Google Patents

A kind of method, apparatus, equipment and the storage medium of file encryption storage Download PDF

Info

Publication number
CN110532129A
CN110532129A CN201910823621.2A CN201910823621A CN110532129A CN 110532129 A CN110532129 A CN 110532129A CN 201910823621 A CN201910823621 A CN 201910823621A CN 110532129 A CN110532129 A CN 110532129A
Authority
CN
China
Prior art keywords
encryption
information
offset
configuration
encrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910823621.2A
Other languages
Chinese (zh)
Inventor
尹钻兴
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201910823621.2A priority Critical patent/CN110532129A/en
Publication of CN110532129A publication Critical patent/CN110532129A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/08Error detection or correction by redundancy in data representation, e.g. by using checking codes
    • G06F11/10Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's
    • G06F11/1004Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's to protect a block of data words, e.g. CRC or checksum
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1408Protection against unauthorised use of memory or access to memory by using cryptography
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1458Protection against unauthorised use of memory or access to memory by checking the subject access rights

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Quality & Reliability (AREA)
  • Storage Device Security (AREA)

Abstract

A kind of method that the embodiment of the present application discloses file encryption storage increases the cipher round results to configuration file for reducing configuration file by the probability of attack and analysis.The method of a kind of disaggregated model training provided by the embodiments of the present application, comprising: obtain at least one configuration information of configuration file;At least one configuration information is encrypted by the first Encryption Algorithm, to obtain the first encryption information;Dynamic Link Library Function is generated according to the first encryption information, for carrying out encryption storage to configuration file.The embodiment of the present application also provides corresponding device, equipment and storage medium.

Description

A kind of method, apparatus, equipment and the storage medium of file encryption storage
Technical field
The invention relates to field of computer technology, and in particular to a kind of method, apparatus of file encryption storage is set Standby and storage medium.
Background technique
Currently, being usually that configuration file is stored as to dat format in clear text manner for the storage mode of configuration file Or simply stored using Lightweight Database (sqlite, SQLite), attacker attempts to pass through different sides in order to prevent Formula enters to read to configuration text and parsing, causes configuration file by malicious attack, therefore uses the exclusive or (xor, XOR) of single Or the stream cipher algorithm (rivestcipher4, RC4) that key length can be changed encrypts configuration file.
It however, current cipher mode is too simple, can be analyzed, configuration file can not be played preferably easily Encryption effect.
Summary of the invention
The embodiment of the present application provides method, apparatus, equipment and the storage medium of a kind of file encryption storage, for dropping Low configuration file increases the cipher round results to configuration file by the probability of attack and analysis.
In a first aspect, the embodiment of the present application provides a kind of method of disaggregated model training, comprising:
Obtain at least one configuration information of configuration file;
At least one described configuration information is encrypted by the first Encryption Algorithm, to obtain the first encryption information;
Dynamic Link Library Function is generated according to first encryption information, to deposit for carrying out encryption to the configuration file Storage.
In a kind of possible design, in the first possible implementation of the first aspect of the embodiment of the present application, lead to It crosses the first Encryption Algorithm to encrypt at least one described configuration information, to obtain the first encryption information, comprising:
At least one described configuration information is encrypted by the second Encryption Algorithm, to obtain at least one list items, Wherein, each configuration information corresponds to a list items, and second Encryption Algorithm is included in first Encryption Algorithm;
In the configuration item table for the first offset that the write-in of at least one described list items is located in storage medium, described the One offset is obtained according to the second offset with offset increment, and second offset is the storage location of random key;
At least one described list table is encrypted using random key described at least one, to obtain the second encryption letter Breath;
First key is generated according at least one described random key, for encrypting to second encryption information After obtain the first encryption information.
In a kind of possible design, in second of possible implementation of the first aspect of the embodiment of the present application, root Dynamic Link Library Function is generated according to first encryption information, comprising:
C source file is generated according to first encryption information;
Dynamic base entrance function is written into the C source file and Magic number, to obtain Dynamic Link Library Function, wherein institute Magic number is stated for the list at the first offset obtained by verifying after the Dynamic Link Library Function is decrypted The legitimacy of the corresponding configuration information of table.
In a kind of possible design, in the third possible implementation of the first aspect of the embodiment of the present application, In Before in the configuration item table for the first offset that the write-in of at least one described list items is located in storage medium, further includes:
Each list items and the random key are converted into the first list item information by exclusive or algorithm;
Accordingly, the write-in of at least one described list items is located to the configuration item table of the first offset in storage medium In, comprising:
In the configuration item table for the first offset that first list item information write-in is located in storage medium.
In a kind of possible design, in the 4th kind of possible implementation of the first aspect of the embodiment of the present application, In Before at least one configuration information for obtaining configuration file, further includes:
Random number is obtained from random seed generator by random algorithm, for generating the random key;
The random key is written at the second offset in the storage medium.
Second aspect, the embodiment of the present application provide a kind of encryption storage device, which includes:
Acquiring unit, for obtaining at least one configuration information of configuration file;
Encryption unit, for passing through the first Encryption Algorithm at least one configuration information described in acquiring unit acquisition It is encrypted, to obtain the first encryption information;
Generation unit, first encryption information for being obtained according to the encryption unit generate dynamic link library letter Number, for carrying out encryption storage to the configuration file.
In a kind of possible design, in the first possible implementation of the second aspect of the embodiment of the present application, institute State encryption unit, comprising:
First encrypting module, for carrying out cyclic redundancy school at least one described configuration information by the second Encryption Algorithm Encryption is tested, to obtain at least one list items, wherein each configuration information corresponds to a list items, and second encryption is calculated Method is included in first Encryption Algorithm;
First writing module is located at for the write-in of at least one list items described in obtaining first encrypting module and deposits In the configuration item table of the first offset in storage media, first offset is obtained according to the second offset with offset increment, Second offset is the storage location of random key;
Second encrypting module, for being added using random key described at least one at least one described list table It is close, to obtain the second encryption information;
First generation module, for generating first key according at least one described random key, for described the Second encryption information that two encrypting modules obtain obtains the first encryption information after being encrypted.
In a kind of possible design, in second of possible implementation of the second aspect of the embodiment of the present application, institute State generation unit, comprising:
Second generation module, for generating C source file according to first encryption information;
Second writing module, the C source file and Magic number write-in dynamic for obtaining second generation module Library entrance function, to obtain Dynamic Link Library Function, wherein the Magic number is for verifying to the Dynamic Link Library Function The legitimacy of the corresponding configuration information of the list table at rear acquired first offset is decrypted.
In a kind of possible design, in second of possible implementation of the second aspect of the embodiment of the present application, institute State encryption storage device further include:
Converting unit, at least one list items write-in to be located in storage medium in first writing module The first offset configuration item table in front of, each list items and the random key are converted by exclusive or algorithm First list item information;Accordingly, first writing module includes:
Submodule is written, for first list item information write-in to be located to the configuration of the first offset in storage medium In item table.
In a kind of possible design, in the third possible implementation of the second aspect of the embodiment of the present application, institute State encryption storage device further include:
First acquisition unit, for leading to before at least one configuration information that the acquiring unit obtains configuration file It crosses random algorithm and obtains random number from random seed generator, for generating the random key;
First writing unit is obtained for the first acquisition unit to be written at the second offset in the storage medium The random key got.
The third aspect, the embodiment of the present application provide a kind of encrypted memory device, which includes:
It include: input/output (I/O) interface, processor and memory,
Program instruction is stored in memory;
Processor is for executing the program instruction stored in memory, for realizing such as above-mentioned first aspect, first party The method of any one possible implementation of face.
The application fourth aspect provides a kind of computer readable storage medium, and meter is stored in computer readable storage medium Calculation machine executable instruction, any one can the side of being able to achieve for executing such as first aspect, first aspect for computer executable instructions The method of formula.
5th aspect of the embodiment of the present application provides a kind of computer program product comprising instruction, when it is in computer Or when being run on processor, so that the method that computer or processor execute any of the above-described aspect.
As can be seen from the above technical solutions, the embodiment of the present application has the advantage that
In the embodiment of the present application, after being encrypted by the first Encryption Algorithm at least one configuration information, according to first Encryption information generates Dynamic Link Library Function, allows to carry out encryption storage to configuration file according to Dynamic Link Library Function, Even with identical Configuration Values, which is also different, so the Dynamic Link Library Function generated can not yet Together, so that the cipher round results to configuration file be significantly enhanced, a possibility that configuration file is by malicious attack is reduced.
Detailed description of the invention
In order to illustrate the technical solutions in the embodiments of the present application or in the prior art more clearly, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of application for those of ordinary skill in the art without creative efforts, can be with It obtains other drawings based on these drawings.
Fig. 1 is in the embodiment of the present application to the schematic diagram of a scenario of file storage;
Fig. 2 is one embodiment schematic diagram of the method for the file encryption storage provided in the embodiment of the present application;
Fig. 3 is another embodiment schematic diagram of the method for the file encryption storage provided in the embodiment of the present application;
Fig. 4 is the flow chart of the method for the encryption storage provided in the embodiment of the present application;
Fig. 5 is the schematic diagram of the CRC macrodefinition header file provided in the embodiment of the present application;
Fig. 6 is the encryption storage device one embodiment schematic diagram provided in the embodiment of the present application;
Fig. 7 is encryption storage device another embodiment schematic diagram provided in the embodiment of the present application;
Fig. 8 is encryption storage device another embodiment schematic diagram provided in the embodiment of the present application;
Fig. 9 is the structural schematic diagram of encrypted memory device provided by the embodiments of the present application.
Specific embodiment
The embodiment of the present application provides method, apparatus, equipment and the storage medium of a kind of file encryption storage, for dropping Low configuration file increases the cipher round results to configuration file by the probability of attack and analysis.
Below in conjunction with the attached drawing in the embodiment of the present application, technical solutions in the embodiments of the present application carries out clear, complete Site preparation description, it is clear that the described embodiments are only a part but not all of the embodiments of the present application.Based on this Embodiment in application, every other reality obtained by those of ordinary skill in the art without making creative efforts Example is applied, shall fall in the protection scope of this application.
The description and claims of this application and term " first ", " second ", " third ", " in above-mentioned attached drawing The (if present)s such as four " are to be used to distinguish similar objects, without being used to describe a particular order or precedence order.It should manage The data that solution uses in this way are interchangeable under appropriate circumstances, so as to embodiments herein described herein can in addition to Here the sequence other than those of diagram or description is implemented.In addition, term " includes " and " having " and their any deformation, Be intended to cover it is non-exclusive include, for example, containing the process, method of a series of steps or units, system, product or setting It is standby those of to be not necessarily limited to be clearly listed step or unit, but may include be not clearly listed or for these mistakes The intrinsic other step or units of journey, method, product or equipment.The name or volume that step is carried out occurred in this application Number, it is not meant to that the step in method flow must be executed according to the indicated time/logic sequencing of name or number Suddenly, named or number process step can change execution order according to the technical purpose to be realized, as long as can reach Identical or similar technical effect.
The method that the embodiment of the present application is proposed is mainly used in the scene stored to text.As shown in Figure 1, for this Apply in embodiment to the schematic diagram of a scenario of file storage.From figure 1 it appears that may include multiple configuration texts in client Part, such as: configuration file 1, configuration file 2 or configuration file 3, wherein each configuration text includes configuration information, client The contents such as self information, it should be understood that in practice can also include such as other configurations of configuration file 4, configuration file 5 File.In order to avoid attacker is entered to read and be parsed by different modes to configuration text, cause configuration file by malice Attack is all usually at present to be encrypted using the XOR or RC4 of single to configuration file, but these cipher modes are too simple, It can be analyzed easily, preferable encryption can not be played the role of to configuration file.
Therefore to solve the above-mentioned problems, the embodiment of the present application provides a kind of method of file encryption storage, and this method can The configuration information in configuration file is encrypted with the first Encryption Algorithm, and obtained first encryption information is generated into dynamic Library function is linked, realizes that the encryption to configuration file stores, improves the effect of file encryption, reduce a possibility that being attacked.
To facilitate a better understanding of the scheme that the embodiment of the present application is proposed, below to the detailed process in the present embodiment into Row is introduced, referring to Fig. 2, one embodiment schematic diagram of the method for the file encryption storage provided in the embodiment of the present application, This method comprises:
201, at least one configuration information of configuration file is obtained.
In the present embodiment, configuration information may include section name, key name and entry value in configuration file.Wherein, section name refers to Fixed is a certain major class, such as: " preventing from debugging " this major class;And some specific side that key name is then specifically designated in a certain major class Method, such as: the method for " preventing software breakpoint from debugging " in " preventing from debugging " this major class;Entry value is then to specify currentitem The percentage whether opened or opened is indicated usually using numerical value, such as " 0 " indicates to close.
202, at least one described configuration information is encrypted by the first Encryption Algorithm, to obtain the first encryption letter Breath.
In the present embodiment, after getting at least one configuration information in configuration file, the first encryption calculation can be used These configuration informations are encrypted in method, and the first mentioned Encryption Algorithm, which can be, carries out first layer encryption using CRC It uses stored random key to carry out secondary encryption and Tertiary infilling after removal plaintext, adds to obtain encrypted first Confidential information.It specifically may refer to embodiment described in Fig. 3 to be understood.
203, Dynamic Link Library Function is generated according to first encryption information, for adding to the configuration file Close storage.
In the present embodiment, Dynamic Link Library Function can be a kind of other program tune of supply with static call or dynamic call Function.Wherein, using dynamic base, in compiling link executable file, it is only necessary to link the dynamic chain The introducing library file of library function is connect, the function code and data in the Dynamic Link Library Function do not copy to executable file In, when executable program operation, just goes to load required Dynamic Link Library Function, which is mapped to In the address space of process, derived function in Dynamic Link Library Function is then accessed.In addition, in described executable file Face contains above-mentioned described configuration file.
Therefore, Dynamic Link Library Function is generated after obtaining the first encryption information, so that only needing in application process quiet State or dynamic link are into required product, such as: certain software, so that encryption storage is carried out to the configuration file in the product, It prevents from maliciously being analyzed and used, realizes the effect of efficient cryptographic.
In the embodiment of the present application, after being encrypted by the first Encryption Algorithm at least one configuration information, according to first Encryption information generates Dynamic Link Library Function, allows to carry out encryption storage to configuration file according to Dynamic Link Library Function, Even with identical Configuration Values, which is also different, so the Dynamic Link Library Function generated can not yet Together, so that the cipher round results to configuration file be significantly enhanced, a possibility that configuration file is by malicious attack is reduced.
In order to make it easy to understand, further the detailed process in the embodiment of the present application will be specifically introduced below, ask It is another embodiment schematic diagram of the method for file encryption storage provided by the embodiments of the present application refering to Fig. 3, Fig. 3.
301, at least one configuration information of configuration file is obtained.
In the present embodiment, configuration information may include section name, key name and entry value in configuration file.Wherein, section name refers to Fixed is a certain major class, such as: " preventing from debugging " this major class;And some specific side that key name is then specifically designated in a certain major class Method, such as: the method for " preventing software breakpoint from debugging " in " preventing from debugging " this major class;Entry value is then to specify currentitem The percentage whether opened or opened is indicated usually using numerical value, such as " 0 " indicates to close.
Optionally, in further embodiments, before at least one configuration information for obtaining configuration file, can also lead to It crosses random algorithm and obtains random number from random seed generator, can make using random number as a part in random key It can be random key distribution memory in storage medium, that is, in storage medium after corresponding random key must be generated The random key is written at second offset.
It should be understood that above-mentioned mentioned random seed generator can be the random seed generator of OpenSSL, or The included random seed generator of system, in practical applications, it is also possible to be other random seed generators, in the application Specific introduction will not be done in embodiment.In addition, the position of the second mentioned offset can be the position of 0x40, it can also be such as 0x50,0x60 etc. others position, can be customized according to actual needs, will be not specifically limited in the embodiment of the present application.
302, at least one described configuration information is encrypted by the second Encryption Algorithm, to obtain at least one list , wherein each configuration information corresponds to a list items.
In the present embodiment, the second Encryption Algorithm belongs to one of first Encryption Algorithm, as cyclic redundancy checks (cyclic Redundancy check, CRC) algorithm, it is encrypted, is made by the verification that the second Encryption Algorithm carries out cyclic redundancy to configuration information It obtains the information in obtained list items to eliminate in plain text, realizes first layer encryption.
It specifically, can be for the section name and key name progress first layer in each configuration information after obtaining configuration information Encryption, to obtain corresponding list items, i.e., [section name CRC, key name CRC, entry value].It is to be appreciated that due to section name and item Name is character string, so need to do the cleartext information that first layer encryption removes de-redundancy using the second Encryption Algorithm, in addition, due to Entry value is numerical character, and encrypted meaning is not only without the loss that acts on but also can cause performance, so the embodiment of the present application In mainly the section name in configuration information, key name are encrypted using the second Encryption Algorithm.
303, in the configuration item table for the first offset that the write-in of at least one list items is located in storage medium, described the One offset is obtained according to the second offset with offset increment, and second offset is the storage location of random key.
In the present embodiment, since the storage location of the second offset has stored random key, one is often being obtained After a list items, the list items can be written in the configuration item table of the first offset for being located at storage medium.It should be understood that First offset is obtained according to the second offset and offset increment, one list items of every write-in, then the column being written into The offset of list item will increase corresponding offset increment on the position of the offset of previous list items accordingly, that is, Say one list items of every write-in, the offset of the 0x40 for the increase 0x40+ random key that offset can be additional, which can be with It presets according to actual needs, purpose is mainly so that configuration information is in discontinuously arranged in memory, because of distinct program Different random keys can be inputted, even if can also make encrypted configuration information also can be different with value with a.
In further embodiments, in the first offset being located at the write-in of at least one described list items in storage medium Configuration item table in front of, can also include: to be converted into each list items and the random key by exclusive or algorithm First list item information;Accordingly, the write-in of at least one described list items is located to the configuration of the first offset in storage medium In item table, comprising: in the configuration item table for the first offset that first list item information write-in is located in storage medium.It can be with It is understood as, which can be expressed as [section name CRC exclusive or random key, key name CRC exclusive or random key, (item Value-random key-particular value) exclusive or random key], after obtaining first list item information, the configuration item table can be filled.
304, at least one described list table is encrypted using random key described at least one, is added with obtaining second Confidential information.
In the present embodiment, for each list items, encrypted using a random key.Due to random key have with Machine further enhances the effect of encryption so that obtained second encryption information also can not be identical after encryption.
305, first key is generated according at least one described random key, for carrying out to second encryption information The first encryption information is obtained after encryption.
In the present embodiment, first key can be made of at least one random key, be such as combined into 128 with secret Key obtains the first final encryption to carry out whole encryption to the second all encryption information using the first key with this Information, so that the configuration information in storage medium completes the process repeatedly encrypted.
306, Dynamic Link Library Function is generated according to first encryption information, for adding to the configuration file Close storage.
In the present embodiment, Dynamic Link Library Function can be a kind of other program tune of supply with static call or dynamic call Function.Wherein, using dynamic base, in compiling link executable file, it is only necessary to link the dynamic chain The introducing library file of library function is connect, the function code and data in the Dynamic Link Library Function do not copy to executable file In, when executable program operation, just goes to load required Dynamic Link Library Function, which is mapped to In the address space of process, derived function in Dynamic Link Library Function is then accessed.In addition, in described executable file Face contains above-mentioned described configuration file.
Therefore, Dynamic Link Library Function is generated after obtaining the first encryption information, so that only needing in application process quiet State or dynamic link are into required product, such as: certain software, so that encryption storage is carried out to the configuration file in the product, It prevents from maliciously being analyzed and used, realizes the effect of efficient cryptographic.
Specifically, in further embodiments, generating the Dynamic Link Library Function can be used following manner: i.e. according to institute It states the first encryption information and generates C source file;Dynamic base entrance function is written into the C source file and Magic number, to obtain dynamic Link library function.It can be understood as, the really CRC macrodefinition header file that C source file refers to can reach higher concealment, So that malicious user can not be truncated to the purpose of corresponding configuration information;And the Magic number is mainly used for verifying to institute State the legal of the corresponding configuration information of the list table that Dynamic Link Library Function is decrypted at rear acquired first offset Property, that is, whether be used to verify the configuration information after decrypting meets expected some fixed characters, such as: testioa, if symbol It closes, then can illustrate that encrypted configuration information meets expected configuration information, not by malicious attack or modification.
Specifically referring to FIG. 4, the flow chart of the method for the encryption storage provided in the embodiment of the present application.It can be with from Fig. 4 Find out, firstly, being random key distribution initial memory in storage medium, and the deviation post of the 0x40 in initial memory is filled out Enter random key.Secondly, configuration file is obtained, by parsing the available configuration information therein of configuration file, such as: section name, Key name and entry value, to be encrypted by CRC algorithm shown in Fig. 3 to section name therein, key name, so that encrypted section Configuration item table is written after forming corresponding list items with entry value in name, key name, traverses to all configuration item tables, by different Or each list items and random key are converted into the first list item information by algorithm, such as: [section name CRC exclusive or random key, key name CRC exclusive or random key, (entry value-random key-particular value) exclusive or random key], in this way, can be by the first list item information Write-in is accordingly written in the configuration item table of the first offset, to fill the configuration item table.In addition, every increase by one first partially Shifting amount can all increase certain offset increment on the basis of previous offset, and first offset is according to secret What the offset and offset increment of key obtained, the offset of random key as shown in Figure 4 is 0x40+ random key %0x40, First offset of first the first list item information so in configuration item table is then cheap increment+0x40+ random key % 0x40, and so on traversal complete entire configuration item table.Therefore, the configuration item table of the first list item information can be filled at this In, for each the first list item information, accidental enciphering can be carried out with each pre-stored random key, to obtain two The list items or configuration item of secondary encryption.In addition, in the process can also the corresponding CRC macrodefinition header file of dynamic generation for decrypting It uses, the schematic diagram of CRC macrodefinition header file as shown in Figure 5.After this, it is also necessary to by pre-stored random key into Row is combined into 128 keys, i.e., first key shown in Fig. 3, thus using 128 first keys after combination to secondary Encrypted configuration item carries out the encryption of third time, after obtaining encrypted memory and memory size, by inciting somebody to action third time After encrypted information generates C source file, enter in conjunction with write-in dynamic bases such as random Magic number 1, Magic number 2 or random Magic numbers 3 Mouth function is inserted into some memory bytes during traversal encryption storage, eventually by calling in a manner of machine code CLEXE compiling generates Dynamic Link Library Function, so that only needing either statically or dynamically to be linked to required production in application process In product, such as: certain software prevents from maliciously being analyzed and used to carry out encryption storage to the configuration file in the product, realizes The effect of efficient cryptographic.
In the embodiment of the present application, confidence is matched at least one by the second Encryption Algorithm, random key and first key After breath carries out three layers of encryption, Dynamic Link Library Function is generated according to the first encryption information, is allowed to according to dynamic link library letter Several pairs of configuration files carry out encryption storage, and even with identical Configuration Values, which is also different, so raw At Dynamic Link Library Function also can be different, so that the cipher round results to configuration file be significantly enhanced, reduce configuration file A possibility that by malicious attack.
It is above-mentioned that mainly scheme provided by the embodiments of the present application is described from the angle of method.It can be understood that being Realization above-mentioned function contains and executes the corresponding hardware configuration of each function and/or software module.Those skilled in the art answer This is readily appreciated that, in conjunction with each exemplary module and algorithm steps of embodiment description disclosed herein, the application It can be realized with the combining form of hardware or hardware and computer software.Some function is actually with hardware or computer software The mode of hardware is driven to execute, the specific application and design constraint depending on technical solution.Professional technician can be with Each specific application is used different methods to achieve the described function, but this realization is it is not considered that exceed this Shen Range please.
The embodiment of the present application can carry out the division of functional module according to above method example to device, for example, can be right The each functional module of each function division is answered, two or more functions can also be integrated in a processing module. Above-mentioned integrated module both can take the form of hardware realization, can also be realized in the form of software function module.It needs Illustrate, is schematical, only a kind of logical function partition to the division of module in the embodiment of the present application, it is practical to realize When there may be another division manner.
The encryption storage device in the embodiment of the present application is described in detail below, referring to Fig. 6, Fig. 6 is the application The encryption storage device one embodiment schematic diagram provided in embodiment, the encryption storage device may include:
Acquiring unit 401, for obtaining at least one configuration information of configuration file;
Encryption unit 402, for by the first Encryption Algorithm to the acquiring unit 401 obtain described at least one match Confidence breath is encrypted, to obtain the first encryption information;
Generation unit 403, first encryption information for being obtained according to the encryption unit 402 generate dynamic link Library function, for carrying out encryption storage to the configuration file.
Optionally, on the basis of the embodiment corresponding to above-mentioned Fig. 6, referring to Fig. 7, being provided by the embodiments of the present application Another embodiment schematic diagram of storage device is encrypted, which may include:
First encrypting module 4021, it is superfluous for recycle at least one described configuration information by the second Encryption Algorithm Remaining verification encryption, to obtain at least one list items, wherein each configuration information corresponds to a list items, and described second adds Close algorithm is included in first Encryption Algorithm;
First writing module 4022 is write at least one list items described in obtaining first encrypting module 4021 Enter to be located in the configuration item table of the first offset in storage medium, first offset increases according to the second offset and offset It measures, second offset is the storage location of random key;
Second encrypting module 4023, for being carried out using at least one described random key at least one described list table Encryption, to obtain the second encryption information;
First generation module 4024, for generating first key according at least one described random key, for institute It states after second encryption information that the second encrypting module obtains is encrypted and obtains the first encryption information.
Optionally, on the basis of the embodiment corresponding to above-mentioned Fig. 7, referring to Fig. 8, being provided by the embodiments of the present application Another embodiment schematic diagram of storage device is encrypted, which may include:
Second generation module 4031, for generating C source file according to first encryption information;
Second writing module 4032, the C source file and Magic number for obtaining second generation module 4031 Dynamic base entrance function is written, to obtain Dynamic Link Library Function, wherein the Magic number is for verifying to the dynamic chain Connect the legitimacy for the corresponding configuration information of the list table that library function is decrypted at rear acquired first offset.
Optionally, on the basis of above-mentioned Fig. 7 or Fig. 8 corresponding embodiment, encryption storage provided by the embodiments of the present application In another embodiment of device, the encryption storage device further include: converting unit, in first writing module by institute It, will by exclusive or algorithm before stating in the configuration item table of the first offset of at least one list items write-in in storage medium Each list items and the random key are converted into the first list item information;Accordingly, first writing module includes: to write Enter submodule, in the configuration item table of the first offset for first list item information write-in to be located in storage medium.
Optionally, on the basis of above-mentioned Fig. 7 embodiment corresponding to Fig. 8, encryption storage provided by the embodiments of the present application In another embodiment of device, the encryption storage device further include: first acquisition unit, for being obtained in the acquiring unit Before at least one configuration information of configuration file, random number is obtained from random seed generator by random algorithm, with In the generation random key;First writing unit, for described the to be written at the second offset in the storage medium The random key that one acquiring unit is got.
In the embodiment of the present application, the acquiring unit 401 is obtained extremely using the first Encryption Algorithm by encryption unit 402 After a few configuration information is encrypted, generation unit 403 generates Dynamic Link Library Function according to the first encryption information, so that can To carry out encryption storage to configuration file according to Dynamic Link Library Function, even with identical Configuration Values, the first encryption letter Breath is also different, so the Dynamic Link Library Function generated also can be different, so that the encryption to configuration file be significantly enhanced Effect reduces a possibility that configuration file is by malicious attack.
The encryption storage device in the embodiment of the present application is described from the angle of modular functionality entity above, below The encrypted memory device in the embodiment of the present application is described from the angle of hardware handles.Fig. 9 is that the embodiment of the present application provides Encrypted memory device structural schematic diagram, which may include above-mentioned described encryption storage device etc., The encrypted memory device can generate bigger difference because configuration or performance are different, which may include at least One processor 501, communication line 507, memory 503 and at least one communication interface 504.
Processor 501 can be a general central processor (central processing unit, CPU), micro process Device, application-specific integrated circuit (application-specific integrated circuit, server I C) or one Or it is multiple for controlling the integrated circuit of application scheme program execution.
Communication line 507 may include an access, and information is transmitted between said modules.
Communication interface 504, using the device of any transceiver one kind, for other devices or communication, such as Ethernet, wireless access network (radio access network, RAN), WLAN (wireless local area Networks, WLAN) etc..
Memory 503 can be read-only memory (read-only memory, ROM) or can store static information and instruction Other kinds of static memory, random access memory (random access memory, RAM) or letter can be stored The other kinds of dynamic storage device of breath and instruction, memory, which can be, to be individually present, and communication line 507 and processor are passed through It is connected.Memory can also be integrated with processor.
Wherein, memory 503 be used for store execution application scheme computer executed instructions, and by processor 501 Control executes.Processor 501 is for executing the computer executed instructions stored in memory 503, to realize that the application is above-mentioned The method for the file encryption storage that embodiment provides.
Optionally, the computer executed instructions in the embodiment of the present application can also be referred to as application code, the application Embodiment is not especially limited this.
In the concrete realization, as one embodiment, which may include multiple processors, such as Fig. 9 In processor 501 and processor 502.Each of these processors can be monokaryon (single-CPU) processing Device is also possible to multicore (multi-CPU) processor.Here processor can refer to one or more devices, circuit, And/or the processing core for handling data (such as computer program instructions).
In the concrete realization, as one embodiment, which can also include output equipment 505 and input Equipment 506.Output equipment 505 and processor 501 communicate, and can show information in many ways.Input equipment 506 and processing Device 501 communicates, and can receive the input of user in many ways.For example, input equipment 506 can be mouse, touch panel device Or sensing device etc..
Above-mentioned encrypted memory device can be a fexible unit either dedicated unit.In the concrete realization, The encrypted memory device can be desktop computer, portable computer, nas server, wireless terminal device, embedded equipment or have figure The device of similar structures in 9.The embodiment of the present application does not limit the type of the encrypted memory device.
In the embodiment of the present application, processor 501 included by the encrypted memory device is also with the following functions:
Obtain at least one configuration information of configuration file;
At least one described configuration information is encrypted by the first Encryption Algorithm, to obtain the first encryption information;
Dynamic Link Library Function is generated according to first encryption information, to deposit for carrying out encryption to the configuration file Storage.
In some embodiments of the present application, which can also be specifically used for,
At least one described configuration information is encrypted by the second Encryption Algorithm, to obtain at least one list items, Wherein, each configuration information corresponds to a list items, and second Encryption Algorithm is included in first Encryption Algorithm;
In the configuration item table for the first offset that the write-in of at least one described list items is located in storage medium, described the One offset is obtained according to the second offset with offset increment, and second offset is the storage location of random key;
At least one described list table is encrypted using random key described at least one, to obtain the second encryption letter Breath;
First key is generated according at least one described random key, for encrypting to second encryption information After obtain the first encryption information.
In some embodiments of the present application, which can also be specifically used for,
C source file is generated according to first encryption information;
Dynamic base entrance function is written into the C source file and Magic number, to obtain Dynamic Link Library Function, wherein institute Magic number is stated for the list at the first offset obtained by verifying after the Dynamic Link Library Function is decrypted The legitimacy of the corresponding configuration information of table.
In the embodiment of the present application, processor 501 included by the computer equipment is also with the following functions:
Before in the configuration item table for the first offset that the write-in of at least one described list items is located in storage medium, Each list items and the random key are converted into the first list item information by exclusive or algorithm;
Accordingly, the write-in of at least one described list items is located to the configuration item table of the first offset in storage medium In, comprising:
In the configuration item table for the first offset that first list item information write-in is located in storage medium.In the application Some embodiments in, which can also be specifically used for,
Before at least one configuration information for obtaining configuration file, obtained from random seed generator by random algorithm Random number is taken, for generating the random key;
The random key is written at the second offset in the storage medium.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description, The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In several embodiments provided herein, it should be understood that disclosed system, device and method can be with It realizes by another way.For example, the apparatus embodiments described above are merely exemplary, for example, the division of unit, Only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components can be with In conjunction with or be desirably integrated into another system, or some features can be ignored or not executed.Another point, it is shown or discussed Mutual coupling, direct-coupling or communication connection can be through some interfaces, the INDIRECT COUPLING of device or unit or Communication connection can be electrical property, mechanical or other forms.
Unit may or may not be physically separated as illustrated by the separation member, shown as a unit Component may or may not be physical unit, it can and it is in one place, or may be distributed over multiple networks On unit.It can some or all of the units may be selected to achieve the purpose of the solution of this embodiment according to the actual needs.
It, can also be in addition, each functional unit in each embodiment of the application can integrate in one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list Member both can take the form of hardware realization, can also realize in the form of software functional units.
It, can if integrated unit is realized in the form of SFU software functional unit and when sold or used as an independent product To be stored in a computer readable storage medium.Based on this understanding, the technical solution of the application substantially or Say that all or part of the part that contributes to existing technology or the technical solution can embody in the form of software products Out, which is stored in a storage medium, including some instructions are used so that a computer equipment The all or part of (can be personal computer, server or the network equipment etc.) execution each embodiment method of the application Step.And storage medium above-mentioned include: USB flash disk, it is mobile hard disk, read-only memory (read-only memory, ROM), random Access various Jie that can store program code such as memory (random access memory, RAM), magnetic or disk Matter.
Above embodiments are only to illustrate the technical solution of the application, rather than its limitations;Although with reference to the foregoing embodiments The application is described in detail, those skilled in the art should understand that: it still can be to aforementioned each implementation Technical solution documented by example is modified or equivalent replacement of some of the technical features;And these modification or Replacement, the spirit and scope of each embodiment technical solution of the application that it does not separate the essence of the corresponding technical solution.

Claims (10)

1. a kind of method of file encryption storage characterized by comprising
Obtain at least one configuration information of configuration file;
At least one described configuration information is encrypted by the first Encryption Algorithm, to obtain the first encryption information;
Dynamic Link Library Function is generated according to first encryption information, for carrying out encryption storage to the configuration file.
2. the method according to claim 1, wherein by the first Encryption Algorithm to it is described at least one match confidence Breath is encrypted, to obtain the first encryption information, comprising:
At least one described configuration information is encrypted by the second Encryption Algorithm, to obtain at least one list items, wherein Each configuration information corresponds to a list items, and second Encryption Algorithm is included in first Encryption Algorithm;
In the configuration item table for the first offset that the write-in of at least one described list items is located in storage medium, described first partially Shifting amount is obtained according to the second offset with offset increment, and second offset is the storage location of random key;
At least one described list table is encrypted using random key described at least one, to obtain the second encryption information;
First key is generated according at least one described random key, for obtaining after encrypting to second encryption information To the first encryption information.
3. according to the method described in claim 2, it is characterized in that, generating dynamic link library letter according to first encryption information Number, comprising:
C source file is generated according to first encryption information;
Dynamic base entrance function is written into the C source file and Magic number, to obtain Dynamic Link Library Function, wherein the evil spirit The list table pair at first offset obtained by art word is used to verify after the Dynamic Link Library Function is decrypted The legitimacy for the configuration information answered.
4. according to the method any in claim 2 to 3, which is characterized in that be written by least one described list items Before in the configuration item table of the first offset in storage medium, further includes:
Each list items and the random key are converted into the first list item information by exclusive or algorithm;
Accordingly, in the configuration item table for the first offset write-in of at least one described list items being located in storage medium, packet It includes:
In the configuration item table for the first offset that first list item information write-in is located in storage medium.
5. according to the method any in claim 2 to 4, which is characterized in that at least one in acquisition configuration file is matched Before confidence breath, further includes:
Random number is obtained from random seed generator by random algorithm, for generating the random key;
The random key is written at the second offset in the storage medium.
6. a kind of encryption storage device characterized by comprising
Acquiring unit, for obtaining at least one configuration information of configuration file;
Encryption unit, for being carried out by the first Encryption Algorithm at least one configuration information described in acquiring unit acquisition Encryption, to obtain the first encryption information;
Generation unit, first encryption information for being obtained according to the encryption unit generate Dynamic Link Library Function, with For carrying out encryption storage to the configuration file.
7. encryption storage device according to claim 6, the encryption unit, comprising:
First encrypting module adds for carrying out cyclic redundancy check at least one described configuration information by the second Encryption Algorithm It is close, to obtain at least one list items, wherein each configuration information corresponds to a list items, the second Encryption Algorithm packet It includes in first Encryption Algorithm;
First writing module is located at storage for the write-in of at least one list items described in obtaining first encrypting module and is situated between In the configuration item table of the first offset in matter, first offset is obtained according to the second offset with offset increment, described Second offset is the storage location of random key;
Second encrypting module, for being encrypted using random key described at least one at least one described list table, with Obtain the second encryption information;
First generation module is used to generate first key according at least one described random key, for adding to described second Second encryption information that close module obtains obtains the first encryption information after being encrypted.
8. encryption storage device according to claim 7, the generation unit, comprising:
Second generation module, for generating C source file according to first encryption information;
Second writing module, the C source file for obtaining second generation module enter with Magic number write-in dynamic base Mouth function, to obtain Dynamic Link Library Function, wherein the Magic number is carried out for verifying to the Dynamic Link Library Function The legitimacy of the corresponding configuration information of the list table at first offset obtained by after decryption.
9. a kind of encrypted memory device, which is characterized in that the encrypted memory device includes: input/output (I/O) interface, place Device and memory are managed,
Program instruction is stored in the memory;
The processor executes the side as described in any in claim 1 to 5 for executing the program instruction stored in memory Method.
10. a kind of computer readable storage medium, including instruction, which is characterized in that when described instruction is on encrypted memory device When operation, so that the encrypted memory device executes the method as described in one in claim 1 to 5.
CN201910823621.2A 2019-09-02 2019-09-02 A kind of method, apparatus, equipment and the storage medium of file encryption storage Pending CN110532129A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910823621.2A CN110532129A (en) 2019-09-02 2019-09-02 A kind of method, apparatus, equipment and the storage medium of file encryption storage

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910823621.2A CN110532129A (en) 2019-09-02 2019-09-02 A kind of method, apparatus, equipment and the storage medium of file encryption storage

Publications (1)

Publication Number Publication Date
CN110532129A true CN110532129A (en) 2019-12-03

Family

ID=68666159

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910823621.2A Pending CN110532129A (en) 2019-09-02 2019-09-02 A kind of method, apparatus, equipment and the storage medium of file encryption storage

Country Status (1)

Country Link
CN (1) CN110532129A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112486542A (en) * 2020-12-10 2021-03-12 卡斯柯信号有限公司 Configuration file generation and updating method and system based on dynamic link library

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101819618A (en) * 2010-03-19 2010-09-01 杨筑平 File encryption method
CN103177222A (en) * 2011-12-23 2013-06-26 腾讯科技(深圳)有限公司 Processing method for file shell adding and shell removing and device thereof
CN104268480A (en) * 2014-10-10 2015-01-07 重庆邮电大学 XML (extensive markup language) configuration file security protection processing method and system
JP2015056090A (en) * 2013-09-13 2015-03-23 株式会社日立ソリューションズ File access control device, file access control program, and file access control method
CN105184181A (en) * 2015-06-15 2015-12-23 北京天诚同创电气有限公司 File encryption method, file decryption method and file encryption device
CN106357690A (en) * 2016-11-08 2017-01-25 浙江中控技术股份有限公司 Data transmission method, data sending device and data receiving device
CN106446715A (en) * 2016-10-11 2017-02-22 武汉斗鱼网络科技有限公司 File encryption method and device
CN108009440A (en) * 2017-11-23 2018-05-08 重庆金融资产交易所有限责任公司 Date storage method, querying method, device, storage medium and computer equipment
CN108256342A (en) * 2018-01-12 2018-07-06 武汉斗鱼网络科技有限公司 Encryption method, device and the decryption method of Shader files, device
CN108830096A (en) * 2018-06-21 2018-11-16 广州华多网络科技有限公司 Data processing method, device, electronic equipment and storage medium

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101819618A (en) * 2010-03-19 2010-09-01 杨筑平 File encryption method
CN103177222A (en) * 2011-12-23 2013-06-26 腾讯科技(深圳)有限公司 Processing method for file shell adding and shell removing and device thereof
JP2015056090A (en) * 2013-09-13 2015-03-23 株式会社日立ソリューションズ File access control device, file access control program, and file access control method
CN104268480A (en) * 2014-10-10 2015-01-07 重庆邮电大学 XML (extensive markup language) configuration file security protection processing method and system
CN105184181A (en) * 2015-06-15 2015-12-23 北京天诚同创电气有限公司 File encryption method, file decryption method and file encryption device
CN106446715A (en) * 2016-10-11 2017-02-22 武汉斗鱼网络科技有限公司 File encryption method and device
CN106357690A (en) * 2016-11-08 2017-01-25 浙江中控技术股份有限公司 Data transmission method, data sending device and data receiving device
CN108009440A (en) * 2017-11-23 2018-05-08 重庆金融资产交易所有限责任公司 Date storage method, querying method, device, storage medium and computer equipment
CN108256342A (en) * 2018-01-12 2018-07-06 武汉斗鱼网络科技有限公司 Encryption method, device and the decryption method of Shader files, device
CN108830096A (en) * 2018-06-21 2018-11-16 广州华多网络科技有限公司 Data processing method, device, electronic equipment and storage medium

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112486542A (en) * 2020-12-10 2021-03-12 卡斯柯信号有限公司 Configuration file generation and updating method and system based on dynamic link library

Similar Documents

Publication Publication Date Title
CN111131278B (en) Data processing method and device, computer storage medium and electronic equipment
JP2004534333A (en) Integrated protection method and system for distributed data processing in computer networks
CN106685905A (en) Systems and methods of encrypted transmission of web pages
CN108830096B (en) Data processing method and device, electronic equipment and storage medium
WO2020065460A1 (en) Computer-implemented system and method for transferring access to digital resource
CN108462686A (en) Acquisition methods, device, terminal device and the storage medium of dynamic key
CN110278115A (en) Hot update method and device
US20150172044A1 (en) Order-preserving encryption system, encryption device, decryption device, encryption method, decryption method, and programs thereof
CN107222759A (en) Method, system, equipment and the medium of media file encryption and decryption
CN1551559A (en) Method and device for organising public key based on user_defined identification code cryptographic system
CN110210591A (en) A kind of wiring method, computer installation and the computer readable storage medium of intellective IC card personal data
CN111935197A (en) Bidding document encryption and decryption method and device
CN102833077A (en) Encryption and decryption methods of remote card-issuing data transmission of financial IC (Integrated Circuit) card and financial social security IC card
Saračević et al. Encryption based on Ballot, Stack permutations and Balanced Parentheses using Catalan-keys
Gimenez-Aguilar et al. Zephyrus: An information hiding mechanism leveraging Ethereum data fields
CN108829396A (en) Method, the method for script execution, relevant apparatus and the system of script compiling
US11568076B2 (en) Computer-implemented method of transferring a data string from an application to a data protection device
Haunts Applied Cryptography in .NET and Azure Key Vault
CN110532129A (en) A kind of method, apparatus, equipment and the storage medium of file encryption storage
US20170085371A1 (en) System and method for an enhanced xor cipher through extensions
EP3413509B1 (en) Cmac computation using white-box implementations with external encodings
CN104657631B (en) The processing method and processing device of the channel information of application
CN110474967B (en) Block chain experiment system and method
CN112597453A (en) Program code encryption and decryption method and device
CN107040370A (en) Use the Montgomery Algorithm of random addition chain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20191203