CN112636909A - Key identification conversion method, system and medium - Google Patents
Key identification conversion method, system and medium Download PDFInfo
- Publication number
- CN112636909A CN112636909A CN202011558799.8A CN202011558799A CN112636909A CN 112636909 A CN112636909 A CN 112636909A CN 202011558799 A CN202011558799 A CN 202011558799A CN 112636909 A CN112636909 A CN 112636909A
- Authority
- CN
- China
- Prior art keywords
- key
- type
- data
- pkcs
- standard
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000006243 chemical reaction Methods 0.000 title claims abstract description 55
- 238000000034 method Methods 0.000 title claims abstract description 26
- VBMOHECZZWVLFJ-GXTUVTBFSA-N (2s)-2-[[(2s)-6-amino-2-[[(2s)-6-amino-2-[[(2s,3r)-2-[[(2s,3r)-2-[[(2s)-6-amino-2-[[(2s)-2-[[(2s)-6-amino-2-[[(2s)-2-[[(2s)-2-[[(2s)-2,6-diaminohexanoyl]amino]-5-(diaminomethylideneamino)pentanoyl]amino]propanoyl]amino]hexanoyl]amino]propanoyl]amino]hexan Chemical compound NC(N)=NCCC[C@@H](C(O)=O)NC(=O)[C@H](CCCCN)NC(=O)[C@H](CCCCN)NC(=O)[C@H]([C@@H](C)O)NC(=O)[C@H]([C@H](O)C)NC(=O)[C@H](CCCCN)NC(=O)[C@H](C)NC(=O)[C@H](CCCCN)NC(=O)[C@H](C)NC(=O)[C@H](CCCN=C(N)N)NC(=O)[C@@H](N)CCCCN VBMOHECZZWVLFJ-GXTUVTBFSA-N 0.000 claims description 65
- 108010068904 lysyl-arginyl-alanyl-lysyl-alanyl-lysyl-threonyl-threonyl-lysyl-lysyl-arginine Proteins 0.000 claims description 65
- 101150069304 ASN1 gene Proteins 0.000 claims description 13
- 238000004590 computer program Methods 0.000 claims description 3
- 230000006870 function Effects 0.000 description 7
- 238000012795 verification Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 150000003839 salts Chemical class 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a key identification conversion method, which comprises the steps of judging a data structure of a key and an encrypted object of the key; if the data structure of the key is the key of the first structure, analyzing the key of the first structure to obtain identification information, and judging whether an encrypted object of the key is a first encrypted object; if the encrypted object is the first encrypted object, acquiring the identification information, and decrypting the data of the key according to the identification information; otherwise, the encrypted object of the key is a second encrypted object, the ciphertext and the offset information in the second encrypted object are analyzed, and the data of the key are decrypted according to the ciphertext and the offset information; judging the type of a key, and analyzing the key according to the type of the key; by the mode, the method and the device can identify and analyze the unknown key, and support key information reading and format conversion in various formats.
Description
Technical Field
The present invention relates to the field of key technology, and in particular, to a method, system and medium for identifying and converting keys.
Background
The key is used as a key parameter input in a plaintext and ciphertext conversion algorithm, the expression forms of the key are various, the following standards are inconsistent, and the same key can have various formats.
The inconsistent key format presents certain difficulties in the storage and use of keys that may otherwise fall into invalid data if a record descriptive document associated with the key is lost, requiring a professional possessing a higher cryptographic signature to identify the type of key and continue use. In addition, the private key of the asymmetric key may be stored in an encrypted manner by using a certain means, but there are various ways of encryption. When different users and programs use the key, the key may not be normally used because the encryption mode of the key is different. This also presents certain difficulties in the storage and use of keys.
The existing method for identifying the key is an encryption mode that a key user determines whether a private key is encrypted or not from a record description document of the key and acquires the key; an algorithm for obtaining a key from a record specification document of the key; acquiring the format of the key from the record description document of the key; analyzing corresponding key data by using a specified key analysis algorithm according to the algorithm and the format of the acquired key; then, data encryption and decryption operations are carried out; or the key using personnel do not pay attention to whether the key is encrypted or not and the algorithm and the coding format of the key, directly record the using mode and directly carry out encryption and decryption signature verification operation.
The use of the key depends on the record of the corresponding document, and once the record document is lost or damaged or the corresponding document is inconvenient to transmit, a user may not know the use mode of the key, so that the key cannot be used and becomes invalid data.
Disclosure of Invention
The invention mainly solves the technical problems that the existing key identification method depends on description documents and needs manual operation, the corresponding key description documents need to be checked aiming at each key, the formats of the existing keys are inconsistent, and the format conversion of the keys cannot be automatically carried out on each key.
In order to solve the technical problems, the invention adopts a technical scheme that: provided is a key identification conversion method, including:
judging a data structure of the key and an encrypted object of the key;
if the data structure of the key is the key of the first structure, analyzing the key of the first structure to obtain identification information, and judging whether an encrypted object of the key is a first encrypted object;
if the encrypted object is the first encrypted object, acquiring the identification information, and decrypting the data of the key according to the identification information;
otherwise, the encrypted object of the key is a second encrypted object, the ciphertext and the offset information in the second encrypted object are analyzed, and the data of the key are decrypted according to the ciphertext and the offset information;
and judging the type of the key, and analyzing the key according to the type of the key.
Preferably, the step of analyzing the key of the first structure to obtain the identification information further includes:
analyzing the key of the first structure according to the syntax of the first structure;
acquiring a data value of an object identifier in the key of the first structure;
and searching the identification information according to the data value.
Further, the decrypting the data of the key according to the identification information includes
Generating a first key corresponding to data of the key through a PBE algorithm by using a password; and decrypting the encrypted object of the key by using the first key to obtain a plaintext.
Preferably, the step of parsing the key according to the type of the key further includes:
matching an object template of the key corresponding to the type of the key according to the type of the key, and matching a plurality of standards of the type of the key through the object template of the key;
analyzing the key through an object template of the key, and extracting first data in the key;
and calculating the public key of the secret key through a private key in the secret key according to an algorithm matched with the type of the secret key.
Further, after the step of analyzing the key according to the type of the key, whether the format of the key needs to be converted is judged, and if so, the format of the key is converted through a conversion command.
Further, the types of keys include RSA keys, DSA keys, and SM2 keys; the object template of the key corresponding to the RSA key comprises a PKCS #1 standard template and a PKCS #8 standard template;
the object template of the key corresponding to the DSA key comprises an OpenSSL type template and a PKCS #8 standard template;
the object templates of the keys corresponding to the SM2 key comprise an SM2 algorithm specification template, a PKCS #8 standard template and a Hex format template.
The invention also provides a key identification conversion system, comprising: the device comprises a judgment module, a decryption module and a key analysis module;
the judgment module judges key information, wherein the key information comprises a data structure of a key, an encryption mode of the key and the type of the key;
the decryption module decrypts the key data according to the encryption mode of the key judged by the judgment module;
and the key analysis module carries out key analysis operation according to the type of the key judged by the judgment module.
The judgment module comprises a first judgment module, a second judgment module and a third judgment module;
the first judgment module judges whether the data structure of the key is the key of the ASN1 structure;
the second judging module judges whether the encryption mode of the key is an OpenSSL encryption mode or a PKCS #5 encryption mode;
the third judging module judges whether the type of the key is an RSA key, a DSA key or an SM2 key.
The key analysis module also comprises a first conversion module, a second conversion module and a third conversion module;
when the type of the key is an RSA key, the first conversion module converts a PKCS #1 standard key and a PKCS #8 standard key into each other;
when the type of the key is a DSA key, the second conversion module converts an OpenSSL type key and a PKCS #8 standard key into each other;
when the type of the key is the SM2 key, the third conversion module converts the key of the SM2 algorithm specification, the PKCS #8 standard key, and the Hex format key to each other.
The present invention provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the key identification conversion method described above.
The invention has the beneficial effects that:
1. the key identification conversion method provided by the invention can analyze and decrypt by judging the data structure of the key, the encryption object of the key and the type of the key, can identify and read various keys, and supports the conversion of the keys in various formats;
2. according to the key identification conversion system, the judgment module judges and distinguishes the key information, the analysis module analyzes the key, corresponding documents do not need to be manually used for comparison, the key analysis efficiency is improved, the analysis module analyzes the key, error judgment generated when corresponding documents are manually used for comparison is reduced, and a plurality of key formats can be converted through the conversion module;
3. the computer-readable storage medium provided by the invention automatically judges the key information through the codes in the computer equipment, analyzes the keys after judgment, does not need to check the corresponding key description document for each key, improves the efficiency, and automatically completes the conversion of different keys without manual operation through code conversion.
Drawings
Fig. 1 is a flowchart of a key identification conversion method according to embodiment 1 of the present invention;
fig. 2 is a schematic diagram of a key identification and conversion system according to embodiment 2 of the present invention.
Detailed Description
The following detailed description of the preferred embodiments of the present invention, taken in conjunction with the accompanying drawings, will make the advantages and features of the invention easier to understand by those skilled in the art, and thus will clearly and clearly define the scope of the invention.
In the description of the present invention, it should be noted that the terms "first", "second", and "third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance. In the description of the present invention, it should be noted that the RSA public key cryptosystem is a cryptosystem that uses different encryption keys and decryption keys, and "deriving a decryption key from a known encryption key is computationally infeasible";
SM2 is an elliptic curve public key cryptographic algorithm;
OpenSSL provides rich functions for an Open Secure Sockets Layer (Open Secure Sockets Layer) and supports various standards;
OpenSSL provides cryptographic protection functions for private keys in the standard so that keys can be securely stored and distributed.
DSA (digital Signal Algorithm) is a variant of the Schnorr and ElGamal Signature algorithms, available from NIST, USA as DSS (digital Signal Standard). DSA is based on the integer finite field discrete logarithm problem, which is a more advanced way of verification, used as a digital signature. Not only public key, private key, but also digital signature. The private key is encrypted to generate a digital signature, the public key verifies the data and the signature, and if the data and the signature are not matched, the verification is considered to be failed. The digital signature has the function of verifying that the data is not modified in the transmission process, and is upgrading of one-way encryption.
PKCS #1 is an RSA Cryptographic Standard, an RSA Cryptography Standard, which defines the format and attributes of the RSA public and private keys, and the underlying algorithms of encryption, decryption, signing, and filling.
PKCS #8 is Private-Key Information Syntax Standard, a Standard related to a Private Key format, which does not support only RSA but also various types of Private keys unlike PKCS # 1. The PKCS #8 private key file format does not specify the type of the private key algorithm from beginning to end, and the algorithm type is identified in the data. The private key in PKCS #8 also supports encryption.
Pkcs #5 is a password-based cryptographic standard, a representation of a key;
the Hex file format is a file format which can be programmed into a singlechip and executed by the singlechip, the Hex file generation modes are various, a C program or an assembler program can be compiled by different compilers to generate Hex, and the Hex file format further has a Hex format private key (which is widely used) formed by converting a D value and a Q value of algorithm key data into a 16-system private key.
X509 is the format standard for public key certificates in cryptography; OID is (Object Identifier) is an Object;
asymmetric encryption: asymmetric encryption algorithms require two keys: public keys (public keys for short) and private keys (private keys for short). The public key and the private key are a pair, and if data is encrypted by the public key, the data can be decrypted only by the corresponding private key. This algorithm is called asymmetric encryption algorithm because two different keys are used for encryption and decryption. Such as RSA, SM2, DSA algorithms, all have a public key and a private key, and this pair of keys exists in pairs, and each private key corresponds to a corresponding public key, or vice versa, if encryption is required, the public key is used for encryption, and only the corresponding private key can decrypt the encrypted private key. If the signature is needed, the signature is carried out by using the private key of the user, and the signature can be verified only by the corresponding public key. The public key is public, and can be obtained by anyone, and the private key is stored and only owned by the person. The public key may be computed from the private key, but the private key may not be computed with the public key.
In addition, the invention mainly studies the expression form of the key. The keys are RSA, DSA, SM2, etc. and may have several expression forms, which constitute various standards of the keys. Private keys for RSA, for example, have two standards, Pkcs #1 and Pkcs # 8. Although the representation forms are different, the key data participating in the encryption and decryption operations are consistent, and this is also the basis for the key to be converted between different standard formats.
PBE (Password Based Encryption) is an Encryption algorithm Based on passwords, and is characterized in that passwords are used for replacing keys, the passwords are managed by users, and the security of data is ensured by adopting methods such as random number hash multiple Encryption and the like. The PBE algorithm is not directly encrypted with a password in the encryption process, but an encrypted key is generated by the password, and this function is performed by a KDF function in the PBE algorithm. The KDF function is realized by the following steps: firstly, a password input by a user is disturbed by salt to generate a quasi-secret key, then the quasi-secret key is iterated for multiple times by a hash function to generate a final encryption key, after the secret key is generated, the PBE algorithm selects a symmetric encryption algorithm to encrypt data, and the symmetric encryption algorithms such as DES, 3DES, RC5 and the like can be selected.
The first data embodiment in the key is key data of the key; the first structure is an ASN1 structure, and the first encryption object is an encryption object of PKCS #5 standard; the second encryption object is an OpenSSL password encrypted encryption object.
The embodiment of the invention comprises the following steps:
example 1:
the present embodiment provides a key identification conversion method, please refer to fig. 1, which includes:
s100, inputting a secret key of an unknown type by a user; judging the structure of the input key data, and analyzing the key data according to the key data structure; judging the type of the encrypted object according to the template, and encrypting or decrypting the key;
judging whether the input data is the key data of the ASN1 structure according to the ASN1 grammar structure;
if the data is the data of the ASN1 structure, the data of the ASN1 structure is analyzed and read by using the ASN1 syntax structure; acquiring a data value of an object identifier in the ASN1 data, and searching identification information corresponding to the data value according to the data value;
the identification information comprises the version of the algorithm and the version of the standard;
the ASN1 syntax structure can be understood as a key-value pair combination, but the scope of the key is fixed, for example, 01 is boolean type data, the following data is also true or false, 05 represents the following data is null, 06 represents object identifier, the following data is also an object identifier, the meaning of the object identifiers is also fixed and is public, the value is an enumeration type, and after the value is obtained, the public data can be viewed to obtain the algorithm or standard corresponding to the value.
Judging whether the object is an encrypted object of a PKCS #5 standard or not according to the PKCS #5 standard object module;
if the encrypted object is the PKCS #5 standard, acquiring the identification information in the ASN1 and judging whether the encrypted object is the PKCS #5 standard; carrying out decryption and encryption operation according to the identification information;
generating a key corresponding to the password by using a password, such as a character string type password, 'mypwd', and a PBE algorithm, decrypting an encrypted object of PKCS #5 standard, and acquiring a plaintext;
generating a key corresponding to the password by using a password, such as a character string type password, 'mypwd', and a PBE algorithm, encrypting a plaintext, and acquiring a ciphertext;
if the format of the key is found to be pkcs #5 standard, the key is encrypted using a password, and if the key is to be used, decryption is required. For example, if the key is not secured, the key may be encrypted with a password, and the key is not available to others. Plain text refers to a key that is not password encrypted.
This step is a step of password-encrypting a key that has not been password-encrypted or decrypting a key that has been password-encrypted.
Entering RSA analysis step;
s200, if the data is not the data of the ASN1 structure, entering the next step for judgment;
judging whether the object is an encrypted object encrypted based on an OpenSSL password or not according to a built-in OpenSSL encrypted object template; if the encrypted object is encrypted based on the OpenSSL password, analyzing ciphertext and offset information in the OpenSSL encrypted object according to a built-in OpenSSL encrypted object template; carrying out decryption and encryption operation according to the ciphertext and the offset message;
using the provided password, for example, in the form of a character string, 'mypwd', generating a key corresponding to the password using a PBE algorithm, decrypting the encrypted object, and obtaining a plaintext;
using a provided password, such as a character string form, "mypwd", generating a key corresponding to the password by using a PBE algorithm, encrypting a plaintext object, and acquiring a ciphertext;
and entering an RSA analysis step.
If the format of the key is found to be the OpenSSL standard, the key is encrypted by using a password, and if the key is used, decryption is required. For example, if the key is not secured, the key may be encrypted with a password, and the key is not available to others. Plain text refers to a key that is not password encrypted.
This step is also a step of password-encrypting a key that has not been password-encrypted or decrypting a key that has been password-encrypted.
S300, if the encrypted object is not the encrypted object encrypted based on the OpenSSL password, directly ending the process;
s400, carrying out RSA analysis, and judging whether the RSA key and the RSA key are of the type according to a built-in RSA key object template which comprises a PKCS #1 standard and a PKCS #8 standard;
in the case of the PKCS #1 standard and the PKCS #8 standard, the RSA key is used,
judging whether the public key is the public key of the X509 standard or not, and judging whether the public key is the public key of the X509 standard or not according to a built-in X509 standard object template;
analyzing a public key according to a built-in X509 standard object template, and extracting key data;
and generating a public key for exporting the X509 standard according to the built-in X509 standard object template according to the key data. Corresponding to the encryption of the public key of X509.
Judging whether the RSA key is in a PKCS #1 standard or a PKCS #8 standard according to the template;
analyzing data according to a built-in RSA key object template to analyze key data in the key;
for the key, the key has the most critical number, namely the key data, and the key data is operated by the number. Different types of algorithms differ in key data. For example, in RSA, the key is mainly the (n, d) value, and the rest are structural descriptions, and various standard keys can be generated according to (n, d);
converting the key type through a conversion command openssl PKCS8-topk8-in form PEM-in private, peer-out form peer-noncrypt-out PKCS8. peer (PKCS #1 standard key and PKCS #8 standard key interchange);
and extracting the public key according to the private key in the secret key. According to the RSA algorithm, if the private key is known, the public key can be calculated. The same is true for DSA, SM 2.
DSA analysis is carried out, and whether the DSA key and the DSA key are of the type is judged according to a built-in DSA key object template which comprises an OpenSSL type template and a PKCS #8 standard template;
if the type of the public key is OpenSSL and the PKCS #8 standard, the public key is a DSA key, whether the public key is a public key of the X509 standard is judged, and whether the public key is the public key of the X509 standard is judged according to a built-in X509 standard object template;
analyzing a public key according to a built-in X509 standard object template, and extracting key data;
and generating a public key for exporting the X509 standard according to the built-in X509 standard object template according to the key data. Corresponding to the encryption of the public key of X509.
Judging that the DSA key is of an OpenSSL type or a PKCS #8 standard according to the template;
resolving according to a built-in DSA key object template to resolve key data in the key;
converting the OpenSSL type key into a PKCS #1 standard key through a conversion command opensssl gener-out private. pem, and converting the PKCS #1 standard key into a PKCS #8 standard key through opensssl rsa-in PKCS8.pem-out PKCS1. pem; converting the key type (OpenSSL type key and PKCS #8 standard key conversion); and extracting the public key according to the private key in the secret key. According to the DSA algorithm, if the private key is known, the public key can be calculated.
Performing SM2 analysis, wherein the SM2 key object template comprises three templates of GMT 0010-2012SM2 cryptographic algorithm encryption signature message syntax specification, pdf specification key, PKCS #8 standard key and Hex format key according to a built-in SM2 key object template, and judging whether the type of the SM2 key and the type of the SM2 key;
if the key is an SM2 type, PKCS #8 standard key or Hex format key, the key is an SM2 key, whether the key is a public key of the X509 standard is judged, and whether the key is the public key of the X509 standard is judged according to a built-in X509 standard object template;
analyzing a public key according to a built-in X509 standard object template, and extracting key data;
and generating a public key for exporting the X509 standard according to the built-in X509 standard object template according to the key data. Corresponding to the encryption of the public key of X509.
Judging whether the SM2 key is an SM2 type or a PKCS #8 standard key or a Hex format key according to the template;
resolving according to a built-in SM2 key object template to resolve key data;
converting the key type according to a specified format through a conversion command (mutual conversion of three formats of a cryptographic algorithm, namely GMT 0010 and 2012SM2 encryption signature message syntax specification, pdf specification key, PKCS #8 standard key and Hex format key); and extracting the public key according to the private key in the secret key. According to the SM2 algorithm, if the private key is known, the public key can be calculated.
When the built-in template comprises a template for analyzing PKCS #8 standard, the analysis comprises the following steps:
judging whether the key is a PKCS #8 standard key or not according to a built-in PKCS #8 standard object template;
analyzing the key according to a built-in PKCS #8 standard object template, and extracting key data in the key;
and deriving a key of the PKCS #8 standard according to the built-in PKCS #8 standard object template according to the key data.
When the built-in template comprises a template for analyzing PKCS #1 standard, the analysis comprises the following steps:
judging whether the key is the key of the PKCS #1 standard according to a built-in PKCS #1 standard object template;
resolving the key according to a built-in PKCS #1 standard object template, and extracting key data;
and deriving the key of the PKCS #1 standard according to the built-in PKCS #1 standard object template according to the key data.
Example 2:
based on the same inventive concept as the key identification conversion method in the foregoing embodiment, the present embodiment provides a key identification conversion system, please refer to fig. 2, which includes: the device comprises a judgment module, a decryption module and a key analysis module;
the judgment module judges the key information, wherein the key information comprises a data structure of a key, an encryption mode of the key and the type of the key;
the decryption module decrypts the key data according to the encryption mode of the key judged by the judgment module;
the key analysis module analyzes the key according to the key type judged by the judgment module;
the judgment module comprises a first judgment module, a second judgment module and a third judgment module;
the first judgment module judges whether the data structure of the key is the key of the ASN1 structure;
the second judgment module judges whether the encryption mode of the key is an OpenSSL encryption mode or a PKCS #5 encryption mode;
the third judging module judges whether the type of the key is an RSA key or a DSA key or an SM2 key.
The key analysis module also comprises a first conversion module, a second conversion module and a third conversion module;
the first conversion module is used for mutually converting the PKCS #1 standard key and the PKCS #8 standard key when the key type is RSA;
the second conversion module is used for mutually converting an OpenSSL type key and a PKCS #8 standard key when the key type is DSA;
the third conversion module is used for mutually converting the key of the SM2 algorithm specification, the PKCS #8 standard key and the Hex format key when the key type is SM 2.
Based on the same inventive concept as the method in the previous embodiment, the present embodiment provides a computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, implements the steps of a key identification conversion method as disclosed in the previous embodiment.
The numbers of the embodiments disclosed in the embodiments of the present invention are merely for description, and do not represent the merits of the embodiments.
It will be understood by those skilled in the art that all or part of the steps of implementing the above embodiments may be implemented by hardware, and a program that can be implemented by the hardware and can be instructed by the program to be executed by the relevant hardware may be stored in a computer readable storage medium, where the storage medium may be a read-only memory, a magnetic or optical disk, and the like.
The above description is only an embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes performed by the present specification and drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (10)
1. A key identification conversion method, comprising the steps of:
judging a data structure of the key and an encrypted object of the key;
if the data structure of the key is the key of the first structure, analyzing the key of the first structure to obtain identification information, and judging whether an encrypted object of the key is a first encrypted object;
if the encrypted object is the first encrypted object, acquiring the identification information, and decrypting the data of the key according to the identification information;
otherwise, the encrypted object of the key is a second encrypted object, the ciphertext and the offset information in the second encrypted object are analyzed, and the data of the key are decrypted according to the ciphertext and the offset information;
and judging the type of the key, and analyzing the key according to the type of the key.
2. The key identification conversion method according to claim 1, wherein: the step of analyzing the key of the first structure to obtain the identification information further includes:
analyzing the key of the first structure according to the syntax of the first structure;
acquiring a data value of an object identifier in the key of the first structure;
and searching the identification information according to the data value.
3. The key identification conversion method according to claim 1 or 2, characterized in that: the decrypting the data of the key according to the identification information comprises
Generating a first key corresponding to data of the key through a PBE algorithm by using a password; and decrypting the encrypted object of the key by using the first key to obtain a plaintext.
4. The key identification conversion method according to claim 1, wherein: the step of parsing the key according to the type of the key further includes:
matching an object template of the key corresponding to the type of the key according to the type of the key, and matching a plurality of standards of the type of the key through the object template of the key;
analyzing the key through an object template of the key, and extracting first data in the key;
and calculating the public key of the secret key through a private key in the secret key according to an algorithm matched with the type of the secret key.
5. The key identification conversion method according to claim 4, wherein: and after the step of analyzing the key according to the type of the key, judging whether the format of the key needs to be converted, and if so, converting the format of the key through a conversion command.
6. The key identification conversion method according to claim 1, wherein: the types of keys include RSA keys, DSA keys, and SM2 keys; the object template of the key corresponding to the RSA key comprises a PKCS #1 standard template and a PKCS #8 standard template;
the object template of the key corresponding to the DSA key comprises an OpenSSL type template and a PKCS #8 standard template;
the object templates of the keys corresponding to the SM2 key comprise an SM2 algorithm specification template, a PKCS #8 standard template and a Hex format template.
7. A key identification conversion system, comprising: the device comprises a judgment module, a decryption module and a key analysis module;
the judgment module judges key information, wherein the key information comprises a data structure of a key, an encryption mode of the key and the type of the key;
the decryption module decrypts the key data according to the encryption mode of the key judged by the judgment module;
and the key analysis module carries out key analysis operation according to the type of the key judged by the judgment module.
8. The key identification conversion system according to claim 7, wherein:
the judgment module comprises a first judgment module, a second judgment module and a third judgment module;
the first judgment module judges whether the data structure of the key is the key of the ASN1 structure;
the second judging module judges whether the encryption mode of the key is an OpenSSL encryption mode or a PKCS #5 encryption mode;
the third judging module judges whether the type of the key is an RSA key, a DSA key or an SM2 key.
9. The key identification conversion system according to claim 7, wherein:
the key analysis module also comprises a first conversion module, a second conversion module and a third conversion module;
when the type of the key is an RSA key, the first conversion module converts a PKCS #1 standard key and a PKCS #8 standard key into each other;
when the type of the key is a DSA key, the second conversion module converts an OpenSSL type key and a PKCS #8 standard key into each other;
when the type of the key is the SM2 key, the third conversion module converts the key of the SM2 algorithm specification, the PKCS #8 standard key, and the Hex format key to each other.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the key identification translation method according to any one of the preceding claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011558799.8A CN112636909A (en) | 2020-12-25 | 2020-12-25 | Key identification conversion method, system and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011558799.8A CN112636909A (en) | 2020-12-25 | 2020-12-25 | Key identification conversion method, system and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112636909A true CN112636909A (en) | 2021-04-09 |
Family
ID=75324808
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011558799.8A Pending CN112636909A (en) | 2020-12-25 | 2020-12-25 | Key identification conversion method, system and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112636909A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113301167A (en) * | 2021-06-30 | 2021-08-24 | 深圳市雪球科技有限公司 | Cross-specification sharing method, device and equipment of digital key |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105933110A (en) * | 2016-04-20 | 2016-09-07 | 北京信安世纪科技有限公司 | Algorithm identification method and device based on smart key device |
| CN108880806A (en) * | 2018-08-01 | 2018-11-23 | 深圳三角形科技有限公司 | Encryption and decryption method, chip and readable storage medium storing program for executing |
| CN111191252A (en) * | 2018-11-15 | 2020-05-22 | 航天信息股份有限公司 | Encryption and decryption method and device for smart card operating system and storage medium |
-
2020
- 2020-12-25 CN CN202011558799.8A patent/CN112636909A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105933110A (en) * | 2016-04-20 | 2016-09-07 | 北京信安世纪科技有限公司 | Algorithm identification method and device based on smart key device |
| CN108880806A (en) * | 2018-08-01 | 2018-11-23 | 深圳三角形科技有限公司 | Encryption and decryption method, chip and readable storage medium storing program for executing |
| CN111191252A (en) * | 2018-11-15 | 2020-05-22 | 航天信息股份有限公司 | Encryption and decryption method and device for smart card operating system and storage medium |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113301167A (en) * | 2021-06-30 | 2021-08-24 | 深圳市雪球科技有限公司 | Cross-specification sharing method, device and equipment of digital key |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110300112B (en) | Block chain key hierarchical management method | |
| US10129034B2 (en) | Signature delegation | |
| US10243939B2 (en) | Key distribution in a distributed computing environment | |
| EP2417546B1 (en) | Combined authentication of a device and a user | |
| US7961915B2 (en) | System and method for authenticated and privacy preserving biometric identification systems | |
| KR101658501B1 (en) | Digital signature service system based on hash function and method thereof | |
| US6553494B1 (en) | Method and apparatus for applying and verifying a biometric-based digital signature to an electronic document | |
| US8325994B2 (en) | System and method for authenticated and privacy preserving biometric identification systems | |
| EP3435591A1 (en) | 1:n biometric authentication, encryption, signature system | |
| US8995653B2 (en) | Generating a secret key from an asymmetric private key | |
| US10237249B2 (en) | Key revocation | |
| CN108632031B (en) | Key generation device and method, encryption device and method | |
| US7849308B2 (en) | Data generating device and control method thereof, data analyzing device and control method thereof, data processing system, program and machine-readable storage medium | |
| GB2404263A (en) | An access method for portable secure informaton | |
| CN111079178B (en) | Method for desensitizing and backtracking trusted electronic medical record | |
| US10230532B2 (en) | Entity authentication in network | |
| CN112636909A (en) | Key identification conversion method, system and medium | |
| Wang | Public key cryptography standards: PKCS | |
| CN117795901A (en) | Generating digital signature shares | |
| Modares et al. | Make a Secure Connection Using Elliptic Curve Digital Signature | |
| US20220029829A1 (en) | Authentication system, client, and server | |
| CN114095150B (en) | Identity authentication method, device, equipment and readable storage medium | |
| WO2018119293A1 (en) | Key distribution in a distributed computing environment | |
| TWI405450B (en) | Password authentication method | |
| CN114844643A (en) | Method for acquiring adapter signature based on bilinear mapping and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210409 |
|
| RJ01 | Rejection of invention patent application after publication |