CN110661621A - Mixed encryption and decryption method based on HMAC, AES and RSA - Google Patents

Mixed encryption and decryption method based on HMAC, AES and RSA Download PDF

Info

Publication number
CN110661621A
CN110661621A CN201810689818.7A CN201810689818A CN110661621A CN 110661621 A CN110661621 A CN 110661621A CN 201810689818 A CN201810689818 A CN 201810689818A CN 110661621 A CN110661621 A CN 110661621A
Authority
CN
China
Prior art keywords
file
hmac
rsa
digital signature
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810689818.7A
Other languages
Chinese (zh)
Inventor
王成杰
陈俊波
戴计生
李程
李益
文宇良
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CRRC Zhuzhou Institute Co Ltd
Original Assignee
CRRC Zhuzhou Institute Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CRRC Zhuzhou Institute Co Ltd filed Critical CRRC Zhuzhou Institute Co Ltd
Priority to CN201810689818.7A priority Critical patent/CN110661621A/en
Publication of CN110661621A publication Critical patent/CN110661621A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3249Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme

Abstract

The invention discloses a mixed encryption and decryption method based on HMAC, AES and RSA, which comprises the following steps: randomly generating an HMAC key, generating an HMAC message digest by using an HMAC SHA-256 algorithm, and writing the HMAC key and the HMAC message digest into a plaintext file to obtain a plaintext authentication file; encrypting the plaintext authentication file by using an AES algorithm to generate a ciphertext file; and carrying out digital signature on the ciphertext file by using an RSA algorithm to generate an encrypted target file. The invention can decompile, prevent the plaintext file from being stolen, prevent the unauthorized target code from operating and attacking the system, ensure the safe operation of the system and can ensure the integrity and reliability of the data to a great extent.

Description

Mixed encryption and decryption method based on HMAC, AES and RSA
Technical Field
The invention relates to the technical field of information security, in particular to a hybrid encryption and decryption method based on HMAC, AES and RSA.
Background
Software development engineers write a large amount of software each year, which flows to the manufacturing and debugging, after-sales departments in the form of binary objects. Since the circulation link is open, the binary object code may be stolen and compiled reversely or stolen, and the property of the company is lost. And if the system runs software which is not authenticated, the system can be attacked maliciously, the running environment is tampered, the whole system is crashed, and major accidents can be caused directly to a real-time control platform. For this reason, encryption of software and authentication of software running on the system become very urgent tasks.
In the network information transmission process, information security is an important issue. There are two main basic attacks on the information security content: passive attacks and active attacks. Passive attacks are the acquisition of the content of the information or the analysis of the traffic flow, the main method of dealing with passive attacks is the use of encryption and decryption techniques on the messages. Data encryption technology is an important technology for ensuring the security of network information. The encryption algorithm converts information from plaintext to ciphertext, and uses ciphertext transmission in information propagation, making it difficult for an eavesdropper to obtain useful information. The transmitted information is transmitted in a ciphertext mode to prevent a third party from stealing the information, so that the confidentiality of the information is protected, and the information is prevented from being tampered. The active attack is to falsify the tampered information, and the method for preventing the active attack is to use an authentication technology.
In order to realize security of information transmission, it is highly desirable to develop a hybrid encryption/decryption technique using an encryption/decryption technique and an authentication technique.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides a mixed encryption method based on HMAC, AES and RSA, which comprises the following steps:
randomly generating an HMAC key, generating an HMAC message digest by using an HMAC SHA-256 algorithm, and writing the HMAC key and the HMAC message digest into a plaintext file to obtain a plaintext authentication file;
encrypting the plaintext authentication file by using an AES algorithm to generate a ciphertext file;
and carrying out digital signature on the ciphertext file by using an RSA algorithm to generate an encrypted target file.
In one embodiment, the method for generating the encrypted target file by digitally signing the ciphertext file by using the RSA algorithm comprises the following steps:
carrying out digital signature on the ciphertext file by using an RSA algorithm to obtain an RSA digital signature;
writing the RSA digital signature into the ciphertext file, and writing a file header into the initial position of the ciphertext file to obtain an encrypted target file;
the file header comprises an encryption authentication type of HMAC, AES and RSA, a position offset of the HMAC key in the plaintext authentication file, a byte length of the HMAC key, a position offset of the RSA digital signature in the encryption target file and a byte length of the RSA digital signature.
In one embodiment, the HMAC key includes a time and a random number.
The invention also provides a mixed decryption method based on HMAC, AES and RSA, which comprises the following steps:
acquiring an RSA public key, and authenticating an RSA digital signature in an encrypted target file;
when the RSA digital signature passes the authentication, obtaining an AES key, and decrypting a ciphertext file in the encrypted target file to obtain a plaintext authentication file;
obtaining an HMAC key, and authenticating the HMAC message digest in the plaintext authentication file by using an HMAC SHA-256 algorithm;
and when the HMAC message digest passes the authentication, obtaining a plaintext file in the plaintext authentication file.
In one embodiment, the obtaining of the RSA public key and the authentication of the RSA digital signature in the encrypted target file comprises the following steps:
obtaining an RSA public key, and calculating an RSA signature by using an RSA algorithm;
acquiring the position offset of the RSA digital signature in the encrypted target file and the byte length of the RSA digital signature from the file header of the encrypted target file;
acquiring the RSA digital signature from the encrypted target file according to the position offset of the RSA digital signature in the encrypted target file and the byte length of the RSA digital signature;
and comparing and authenticating the calculated RSA signature with the RSA digital signature.
In one embodiment, obtaining an HMAC key, and authenticating the HMAC message digest in the plaintext authentication file using an HMAC SHA-256 algorithm includes the following steps:
acquiring the position offset of the HMAC key in the plaintext authentication file and the byte length of the HMAC key from the file header of the encrypted target file;
acquiring the HMAC key from the plaintext authentication file according to the position offset of the HMAC key in the plaintext authentication file and the byte length of the HMAC key, and calculating an HMAC digest by using an HMACSHA-256 algorithm;
and comparing and authenticating the calculated HMAC digest with the HMAC message digest in the plaintext authentication file.
In one embodiment, the method further comprises the following steps:
acquiring an encryption authentication type from a file header of the encryption target file;
and when the encryption authentication types are judged to be HMAC, AES and RSA, authenticating the RSA digital signature in the encryption target file.
In one embodiment, the decryption process is exited when it is determined that the cryptographic authentication type lacks any one of HMAC, AES, and RSA.
In one embodiment, the decryption process is exited when the RSA digital signature is not authenticated.
In one embodiment, the decryption process is exited when the HMAC message digest is not authenticated.
One or more embodiments of the present invention may have the following advantages over the prior art:
1) the encryption and decryption hybrid method can encrypt the plaintext file, and after the encrypted target file is stolen, a stealer cannot disassemble the file through reverse engineering, so that the plaintext file can be prevented from being stolen.
2) The encryption and decryption mixed method can be used for carrying out RSA signature authentication on the encrypted target file and carrying out authentication on the decrypted plaintext file, can prevent the unauthorized target code from running and attacking the system, and ensures the safe running of the system.
3) In the encryption and decryption mixing method, the integrity and the reliability of data can be ensured to the utmost extent by authenticating both the plaintext file and the ciphertext file.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention. In the drawings:
fig. 1 is a schematic diagram of an encryption system according to a first embodiment of the present invention;
fig. 2 is a flowchart of a hybrid encryption method based on HMAC, AES, and RSA according to a first embodiment of the present invention;
FIG. 3 is a diagram illustrating a hybrid encryption process for object codes according to a first embodiment of the present invention;
FIG. 4 is a flowchart of a hybrid decryption method based on HMAC, AES and RSA according to a first embodiment of the invention;
fig. 5 is a schematic interface diagram of PC-side encryption software according to a second embodiment of the present invention;
fig. 6 is a flowchart of a hybrid decryption method based on HMAC, AES, and RSA according to a second embodiment of the present invention.
Detailed Description
The following detailed description of the embodiments of the present invention will be provided with reference to the drawings and examples, so that how to apply the technical means to solve the technical problems and achieve the technical effects can be fully understood and implemented. It should be noted that, as long as there is no conflict, the embodiments and the features of the embodiments of the present invention may be combined with each other, and the technical solutions formed are within the scope of the present invention.
Example one
Fig. 1 is a schematic diagram of an encryption system according to a first embodiment of the present invention.
As shown in fig. 1, the encryption system mainly includes encryption software on the PC side and decryption software on the embedded system side. The workflow of the encryption system is as follows.
Firstly, the program object code is encrypted and a message authentication code is generated by using the encryption software of the PC terminal, and finally, the encrypted object code is generated.
And secondly, storing the encrypted object code into an external memory and writing the encrypted object code into the embedded system through a bus.
It should be noted that the way of flashing the encrypted object code to the embedded controller in the embedded system may be determined by a specific method of flashing the program by the controller. The embodiment of the invention provides the combined use of three algorithms of HMAC, AES and RSA. The HMAC key is passed with the encrypted file. The transmission modes of the AES key and the RSA public key are not limited, and can be 1) the configuration of encryption software at the PC end and decryption software at the embedded system end through configuration files; 2) and the AES key and the RSA public key are solidified in the encryption software at the PC terminal and the decryption software at the embedded system terminal.
And finally, using decryption software of the embedded system end to authenticate and decrypt the message of the encrypted target code, and determining whether to run the program according to an authentication result.
The following first describes the workflow of the encryption software on the PC side.
Fig. 2 is a flowchart of a hybrid encryption method based on HMAC, AES, and RSA according to a first embodiment of the present invention. As shown in fig. 2, the following steps S201-S203 may be included.
In step S201, an HMAC key is randomly generated, an HMAC message digest is generated using an HMAC SHA-256 algorithm, and the HMAC key and the HMAC message digest are written into a plaintext file to obtain a plaintext authentication file. Wherein the HMAC key includes a time and a random number. In a specific implementation, the length of the HMAC key is not limited, and may be determined according to actual needs. The random mode for generating the HMAC key is not limited, and is determined according to actual needs.
In step S202, the plaintext authentication file is encrypted by using the AES algorithm, and a ciphertext file is generated.
In step S203, the ciphertext file is digitally signed using the RSA algorithm to generate an encryption target file.
Specifically, firstly, the RSA algorithm is used to digitally sign the ciphertext file to obtain the RSA digital signature. Secondly, writing the RSA digital signature into the ciphertext file, and writing the file header into the initial position of the ciphertext file to obtain the encrypted target file.
The file header comprises the encryption authentication types of the HMAC, the AES and the RSA, the position offset of the HMAC key in the plaintext authentication file, the byte length of the HMAC key, the position offset of the RSA digital signature in the encryption target file and the byte length of the RSA digital signature.
It should be noted that the plaintext file may be an embedded controller program (i.e., program object code) file, but is not limited to the embedded controller program file, and may also be other files, such as audio/video files, pictures, and text.
In order to more clearly understand the hybrid encryption method based on HMAC, AES, and RSA according to the embodiment of the present invention, the following description will take the program object code as an example.
Fig. 3 is a schematic diagram of a hybrid encryption process of object codes according to an embodiment of the present invention.
As shown in fig. 3, first, HMAC authentication is performed on the program object code (plaintext) before encryption. Specifically, an HMAC key is randomly generated by using encryption software at the PC terminal, an HMAC message digest is generated for a program object code by using an HMAC SHA-256 algorithm, and the HMAC key and the HMAC message digest are written into a program object code file to form a program object code authentication file.
The data format of the random HMAC key is time + random number, which is specifically shown in table 1:
TABLE 1 HMAC Key data Format
Byte sequence number Content providing method and apparatus
0 Year of year
1 Moon cake
2 Day(s)
3 Time of flight
4 Is divided into
5 Second of
6~7 Millisecond (ms)
8~31 PC generated random number
Table 1 is merely used to illustrate the data format of the HMAC key. In a specific implementation, the length of the HMAC key is not limited to 31 bytes, and the length of the HMAC key is not limited and can be determined according to actual needs. The random method for generating the HMAC key is not limited to the method shown in table 1, and the random method for generating the HMAC key is not limited and is determined according to actual needs.
Secondly, the AES algorithm is adopted to carry out integral encryption on a program object code authentication file formed by the program object code (plaintext), the HMAC key and the HMAC message digest, and a program ciphertext is generated.
And finally, carrying out digital signature on the program ciphertext by utilizing an RSA algorithm, writing the RSA digital signature into the program ciphertext file, and writing a file header in the initial position of the program ciphertext file to generate an encrypted target code.
The file header mainly contains (1) encryption authentication types of HMAC, AES and RSA; (2) the position offset of the HMAC key in the program object code authentication file and the byte length of the HMAC key; (3) the location offset of the RSA digital signature in the encryption target code file and the byte length of the RSA digital signature.
By adopting the encryption mixing method provided by the embodiment of the invention, the program object code can be encrypted, and after the encrypted object code is stolen, a stealer cannot disassemble the encrypted object code through reverse engineering, so that the program object code can be stolen.
The workflow of the decryption software on the embedded system side is described next.
Fig. 4 is a flowchart of a hybrid decryption method based on HMAC, AES, and RSA according to a first embodiment of the present invention. As shown in fig. 4, the following steps S401-S409 may be included.
In step S401, an encryption authentication type is acquired from the file header of the encryption target file. The encryption target file may be an encryption target code.
In step S402, it is determined whether or not the encryption authentication types are HMAC, AES, and RSA, and if so, the process proceeds to step S403, and if not, the process proceeds to step S409.
In step S403, the RSA public key is acquired, and the RSA digital signature in the encryption target file is authenticated. Specifically, step S403 may include the following sub-steps: obtaining an RSA public key, and calculating an RSA signature by using an RSA algorithm; acquiring the position offset of the RSA digital signature in the encrypted target file and the byte length of the RSA digital signature from the file header of the encrypted target file; acquiring an RSA digital signature from an encrypted target file according to the position offset of the RSA digital signature in the encrypted target file and the byte length of the RSA digital signature; and comparing and authenticating the calculated RSA signature with the RSA digital signature.
In step S404, it is determined whether the RSA digital signature passes the authentication, and if so, the process proceeds to step S405, and if not, the process proceeds to step S409.
In step S405, an AES key is obtained, and the ciphertext file in the encryption target file is decrypted to obtain the plaintext authentication file.
In step S406, an HMAC key is obtained, and the HMAC message digest in the plaintext authentication file is authenticated using the HMAC SHA-256 algorithm. Specifically, step S406 may include the following sub-steps: acquiring the position offset of the HMAC key in the plaintext authentication file and the byte length of the HMAC key from the file header of the encrypted target file; acquiring an HMAC key from the plaintext authentication file according to the position offset of the HMAC key in the plaintext authentication file and the byte length of the HMAC key, and calculating an HMAC digest by using an HMACSHA-256 algorithm; and comparing and authenticating the calculated HMAC digest with the HMAC message digest in the plaintext authentication file.
In step S407, it is determined whether the HMAC message digest is authenticated, and if so, the process proceeds to step S408, and if not, the process proceeds to step S409.
In step S408, a plaintext file among the plaintext authentication files is obtained.
In step S409, the decryption process is exited.
The mixed decryption method can be used for carrying out RSA signature authentication on the encrypted target file and carrying out authentication on the decrypted plaintext file, can prevent the target code which is not authenticated from running and attacking the system, and ensures the safe running of the system. Moreover, the integrity and the reliability of the data can be ensured to the utmost extent by authenticating both the plaintext file and the ciphertext file.
Example two
The second embodiment of the invention provides a mixed encryption and decryption method for processors with different computing capabilities.
Fig. 5 is a schematic interface diagram of PC-side encryption software according to a second embodiment of the present invention. As shown in fig. 5, the user may select at least one of the encryption authentication types HMAC, AES, and RSA according to processors of different computing capabilities. Then clicking a 'browse' key to select a plaintext file to be encrypted, and clicking an 'encrypt' key to generate an encrypted target file.
For example, the user selects only two encryption authentication types, HMAC and AES. And at the PC terminal, randomly generating an HMAC key, generating an HMAC message digest by using an HMAC SHA-256 algorithm, and writing the HMAC key and the HMAC message digest into a plaintext file to obtain a plaintext authentication file. And encrypting the plaintext authentication file by using an AES algorithm to generate a ciphertext file. And writing a file header in the initial position of the ciphertext file to obtain an encrypted target file. The file header comprises the encryption authentication types of the HMAC and the AES, the position offset of the HMAC key in the plaintext authentication file and the byte length of the HMAC key.
Alternatively, the user selects only two encryption authentication types of AES and RSA. At the PC end, encrypting the plaintext file by using an AES algorithm to generate a ciphertext file. And carrying out digital signature on the ciphertext file by using an RSA algorithm to generate an encrypted target file. And writing the RSA digital signature into the ciphertext file, and writing the RSA digital signature into a file header at the initial position of the ciphertext file to obtain the encrypted target file. The file header comprises encryption authentication types of AES and RSA, position offset of the RSA digital signature in the encryption target file and byte length of the RSA digital signature.
Fig. 6 is a flowchart of a hybrid decryption method based on HMAC, AES, and RSA according to a second embodiment of the present invention. As shown in fig. 6, the following steps S601-S612 may be included.
In step S601, the encryption authentication type is acquired from the file header in the encryption target file. The encryption target file may be an encryption target code.
In step S602, it is determined whether the acquired encryption authentication type includes at least one of an HMAC, an AES, and an RSA, if so, step S603 is performed, and if not, step S612 is performed.
In step S603, it is determined whether the acquired encryption authentication type includes RSA, if so, the process proceeds to step S604, and if not, the process proceeds to step S606.
In step S604, the RSA public key is acquired, and signature authentication is performed on the encryption target file.
In step S605, it is determined whether or not the RSA signature authentication has passed, and if so, the process proceeds to step S606, and if not, the process proceeds to step S612.
In step S606, it is determined whether the acquired encryption authentication type includes AES, if so, the process proceeds to step S607, and if not, the process proceeds to step S608.
In step S607, the AES key is obtained, and the ciphertext file is decrypted to obtain the plaintext authentication file.
In step S608, it is determined whether the acquired encryption type includes HMAC, and if so, the process proceeds to step S609, and if not, the process proceeds to step S612.
In step S609, an HMAC key is obtained, and the plaintext authentication file is authenticated using the HMAC SHA-256 algorithm. Specifically, reading the HMAC key, calculating an HMAC digest by using an HMAC SHA-256 algorithm, and comparing the calculated HMAC digest with an HMAC message digest in the plaintext authentication file to authenticate the plaintext authentication file.
In step S610, it is determined whether the plaintext authentication file passes the authentication, if so, the process proceeds to step S611, and if not, the process proceeds to step S612.
In step S611, a plaintext file among the plaintext authentication files is obtained, and the program is executed and booted.
In step S612, the decryption process is exited.
By adopting the encryption and decryption mixing method of the second embodiment of the invention, at least one encryption authentication type of HMAC, AES and RSA can be selected according to the options of the user, and the encryption and decryption can be flexibly carried out aiming at processors with different computing capacities.
Although the embodiments of the present invention have been described above, the above description is only for the convenience of understanding the present invention, and is not intended to limit the present invention. It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (10)

1. A mixed encryption method based on HMAC, AES and RSA is characterized by comprising the following steps:
randomly generating an HMAC key, generating an HMAC message digest by using an HMAC SHA-256 algorithm, and writing the HMAC key and the HMAC message digest into a plaintext file to obtain a plaintext authentication file;
encrypting the plaintext authentication file by using an AES algorithm to generate a ciphertext file;
and carrying out digital signature on the ciphertext file by using an RSA algorithm to generate an encrypted target file.
2. The hybrid encryption method according to claim 1, wherein the ciphertext file is digitally signed using an RSA algorithm to generate an encrypted target file, comprising the steps of:
carrying out digital signature on the ciphertext file by using an RSA algorithm to obtain an RSA digital signature;
writing the RSA digital signature into the ciphertext file, and writing a file header into the initial position of the ciphertext file to obtain an encrypted target file;
the file header comprises an encryption authentication type of HMAC, AES and RSA, a position offset of the HMAC key in the plaintext authentication file, a byte length of the HMAC key, a position offset of the RSA digital signature in the encryption target file and a byte length of the RSA digital signature.
3. The hybrid encryption method of claim 1 or 2, wherein the HMAC key comprises a time and a random number.
4. A mixed decryption method based on HMAC, AES and RSA is characterized by comprising the following steps:
acquiring an RSA public key, and authenticating an RSA digital signature in an encrypted target file;
when the RSA digital signature passes the authentication, obtaining an AES key, and decrypting a ciphertext file in the encrypted target file to obtain a plaintext authentication file;
obtaining an HMAC key, and authenticating the HMAC message digest in the plaintext authentication file by using an HMAC SHA-256 algorithm;
and when the HMAC message digest passes the authentication, obtaining a plaintext file in the plaintext authentication file.
5. The hybrid decryption method of claim 4, wherein obtaining the RSA public key to authenticate the RSA digital signature in the encrypted target document, comprises:
obtaining an RSA public key, and calculating an RSA signature by using an RSA algorithm;
acquiring the position offset of the RSA digital signature in the encrypted target file and the byte length of the RSA digital signature from the file header of the encrypted target file;
acquiring the RSA digital signature from the encrypted target file according to the position offset of the RSA digital signature in the encrypted target file and the byte length of the RSA digital signature;
and comparing and authenticating the calculated RSA signature with the RSA digital signature.
6. The hybrid decryption method of claim 4, wherein the step of obtaining an HMAC key and authenticating the HMAC message digest in the plaintext authentication file using an HMAC SHA-256 algorithm comprises the steps of:
acquiring the position offset of the HMAC key in the plaintext authentication file and the byte length of the HMAC key from the file header of the encrypted target file;
acquiring the HMAC key from the plaintext authentication file according to the position offset of the HMAC key in the plaintext authentication file and the byte length of the HMAC key, and calculating an HMAC digest by using an HMACSHA-256 algorithm;
and comparing and authenticating the calculated HMAC digest with the HMAC message digest in the plaintext authentication file.
7. The hybrid decryption method of claim 4, further comprising the steps of:
acquiring an encryption authentication type from a file header of the encryption target file;
and when the encryption authentication types are judged to be HMAC, AES and RSA, authenticating the RSA digital signature in the encryption target file.
8. The hybrid decryption method of claim 7, further comprising the steps of:
and when the encryption authentication type is judged to lack any one of the HMAC, the AES and the RSA, exiting the decryption process.
9. The hybrid decryption method of claim 4, further comprising the steps of:
when the RSA digital signature is not authenticated, the decryption process is exited.
10. The hybrid decryption method of claim 4, further comprising the steps of:
and when the HMAC message digest is not authenticated, exiting the decryption process.
CN201810689818.7A 2018-06-28 2018-06-28 Mixed encryption and decryption method based on HMAC, AES and RSA Pending CN110661621A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810689818.7A CN110661621A (en) 2018-06-28 2018-06-28 Mixed encryption and decryption method based on HMAC, AES and RSA

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810689818.7A CN110661621A (en) 2018-06-28 2018-06-28 Mixed encryption and decryption method based on HMAC, AES and RSA

Publications (1)

Publication Number Publication Date
CN110661621A true CN110661621A (en) 2020-01-07

Family

ID=69026318

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810689818.7A Pending CN110661621A (en) 2018-06-28 2018-06-28 Mixed encryption and decryption method based on HMAC, AES and RSA

Country Status (1)

Country Link
CN (1) CN110661621A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115941773A (en) * 2022-11-02 2023-04-07 广州市南方人力资源评价中心有限公司 Project transaction method, system, terminal device and medium based on cloud service sharing
CN116015981A (en) * 2023-03-21 2023-04-25 深圳市星火数控技术有限公司 Sewing numerical control file data encryption method
CN117592093A (en) * 2024-01-19 2024-02-23 成都四方伟业软件股份有限公司 File encryption method, decryption method, encryption device and decryption device

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101340653A (en) * 2008-08-07 2009-01-07 四川长城天讯数码技术有限公司 Copyright protection method and system for downloading data by portable terminal
CN103684794A (en) * 2013-12-25 2014-03-26 华南理工大学 Communication data encryption and decryption method based on DES (Data Encryption Standard), RSA and SHA-1 (Secure Hash Algorithm) encryption algorithms
CN103905207A (en) * 2014-04-23 2014-07-02 福建联迪商用设备有限公司 Method and system for unifying APK signature
CN103944903A (en) * 2014-04-23 2014-07-23 福建联迪商用设备有限公司 Multi-party authorized APK signature method and system
US20160134642A1 (en) * 2014-11-10 2016-05-12 Blulnk Ltd. Secure content and encryption methods and techniques
CN107688463A (en) * 2017-09-21 2018-02-13 杭州全维技术股份有限公司 A kind of method of embedded device version file packing

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101340653A (en) * 2008-08-07 2009-01-07 四川长城天讯数码技术有限公司 Copyright protection method and system for downloading data by portable terminal
CN103684794A (en) * 2013-12-25 2014-03-26 华南理工大学 Communication data encryption and decryption method based on DES (Data Encryption Standard), RSA and SHA-1 (Secure Hash Algorithm) encryption algorithms
CN103905207A (en) * 2014-04-23 2014-07-02 福建联迪商用设备有限公司 Method and system for unifying APK signature
CN103944903A (en) * 2014-04-23 2014-07-23 福建联迪商用设备有限公司 Multi-party authorized APK signature method and system
US20160134642A1 (en) * 2014-11-10 2016-05-12 Blulnk Ltd. Secure content and encryption methods and techniques
CN107688463A (en) * 2017-09-21 2018-02-13 杭州全维技术股份有限公司 A kind of method of embedded device version file packing

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115941773A (en) * 2022-11-02 2023-04-07 广州市南方人力资源评价中心有限公司 Project transaction method, system, terminal device and medium based on cloud service sharing
CN116015981A (en) * 2023-03-21 2023-04-25 深圳市星火数控技术有限公司 Sewing numerical control file data encryption method
CN116015981B (en) * 2023-03-21 2023-06-23 深圳市星火数控技术有限公司 Sewing numerical control file data encryption method
CN117592093A (en) * 2024-01-19 2024-02-23 成都四方伟业软件股份有限公司 File encryption method, decryption method, encryption device and decryption device
CN117592093B (en) * 2024-01-19 2024-04-05 成都四方伟业软件股份有限公司 File encryption method, decryption method, encryption device and decryption device

Similar Documents

Publication Publication Date Title
Idrees et al. Secure automotive on-board protocols: A case of over-the-air firmware updates
US8484486B2 (en) Integrated cryptographic security module for a network node
CN108566381A (en) A kind of security upgrading method, device, server, equipment and medium
CN110460439A (en) Information transferring method, device, client, server-side and storage medium
US8495383B2 (en) Method for the secure storing of program state data in an electronic device
CN106980794A (en) TrustZone-based file encryption and decryption method and device and terminal equipment
CN108199847B (en) Digital security processing method, computer device, and storage medium
CN111274611A (en) Data desensitization method, device and computer readable storage medium
CN106055936A (en) Method and device for encryption/decryption of executable program data package
EP4258593A1 (en) Ota update method and apparatus
CN112332975A (en) Internet of things equipment secure communication method and system
CN110598429B (en) Data encryption storage and reading method, terminal equipment and storage medium
CN103457932A (en) Data safety storage method and system under cloud computing environment
CN112953974B (en) Data collision method, device, equipment and computer readable storage medium
CN110661621A (en) Mixed encryption and decryption method based on HMAC, AES and RSA
US20210248245A1 (en) Calculation device, calculation method, calculation program and calculation system
CN104104650B (en) data file access method and terminal device
CN111181944B (en) Communication system, information distribution method, device, medium, and apparatus
CN111008400A (en) Data processing method, device and system
CN113365264A (en) Block chain wireless network data transmission method, device and system
CN113542187A (en) File uploading and downloading method and device, computer device and medium
CN101325486B (en) Method and apparatus for transferring field permission cryptographic key
CN113672955B (en) Data processing method, system and device
CN113569265B (en) Data processing method, system and device
CN109784072A (en) Security file management method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20200107

WD01 Invention patent application deemed withdrawn after publication