CN112714120B - Chained data encryption and decryption method and separated storage method of encrypted data - Google Patents
Chained data encryption and decryption method and separated storage method of encrypted data Download PDFInfo
- Publication number
- CN112714120B CN112714120B CN202011554042.1A CN202011554042A CN112714120B CN 112714120 B CN112714120 B CN 112714120B CN 202011554042 A CN202011554042 A CN 202011554042A CN 112714120 B CN112714120 B CN 112714120B
- Authority
- CN
- China
- Prior art keywords
- data
- block
- chain
- encrypted
- chained
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Abstract
The invention discloses a chain data encryption method, which comprises the following steps: s100: manufacturing a chain type data head; s200: and making encrypted data chain blocks, combining the encrypted data chain blocks in sequence, and placing a chain data head in front of the first encrypted data chain block to form a complete data encryption chain. The data is encrypted by adopting a chained data encryption method, so that the problem of difficult key maintenance when the data is encrypted by only using a symmetric algorithm and the problem of low efficiency when the large data is encrypted by an asymmetric encryption algorithm are avoided.
Description
Technical Field
The invention relates to the technical field of computer information security, in particular to a chained data encryption and decryption method and a separated storage method.
Background
The development of networks and big data brings great convenience and improvement of social efficiency, and meanwhile, the risks of data leakage and information tampering are increased. The hysteresis of social management and data ethical specifications leads to a certain degree of out-of-control of data risks, and active and safe data storage becomes especially important in the face of increasingly serious data security problems.
In the prior art, data encryption generally adopts a symmetric encryption technology, when symmetric encryption is performed, decryption uses the same key as encryption, and the actual data security depends on the strength and security of the key. In order to avoid the leakage of the symmetric key, the key is usually stored in an asymmetric encryption manner, the asymmetric encryption is completed by using a pair of keys with different decryption and encryption, so that the problem that the same key is easy to leak is effectively avoided, but the asymmetric encryption algorithm has large complex operation amount and low efficiency, and is rarely directly used for the encryption of large data volume.
The data and the key of the conventional encryption have no correlation, and when the data volume is large, how to correctly match the key and the ciphertext is also a problem to be solved. In order to prevent unauthorized data tampering, digital signature and digital envelope technologies are generally adopted, and the conventional digital signature and digital envelope technologies have some limitations in the case of large data volume, for example, when the data volume reaches several G, the encryption and decryption process of a general system is very long; if the strategy of splitting and parallel processing is adopted for the data, the integrity of the data is difficult to ensure; the use of a hash algorithm to generate the digest can ensure integrity, but it increases the amount of more enormous computation, and in some important scenarios, the encryption strength is still insufficient.
Disclosure of Invention
The invention aims to provide a chained data encryption and decryption method and a separated storage method, which can improve the processing efficiency of big data, enhance the encryption strength, ensure the integrity of the data and transform the data into a data encryption scheme with lower cost, and are used for solving the problems of high cost and low efficiency of the conventional encryption method in the scene of coping with large data volume.
In order to achieve the purpose, the invention adopts the following technical scheme:
a chained data encryption method, comprising the steps of:
s100: manufacturing a chain type data head;
s200: and making encrypted data chain blocks, combining the encrypted data chain blocks in sequence, and placing a chain data head in front of the first encrypted data chain block to form a complete data encryption chain.
And S100: making a chain type data head specifically comprises: the basic field of the chained data head comprises: a seed key generated randomly; the public key of the data sender; encryption algorithm and parameters used when block data is encrypted; the sequence number of the first data block in the current chain; and finally encrypting the fields by using a public key of a receiver to obtain the fields as a chained data header.
And S200: making encrypted data chain blocks, combining the encrypted data chain blocks in sequence, and placing a chain data head in front of the first encrypted data chain block to form a complete data encryption chain, which specifically comprises the following steps:
s201: cutting the original data according to any length to obtain block data;
s202: symmetrically encrypting the block data serial number by using a seed key to obtain a block encrypted data head;
s203: generating a block symmetric key required by block encryption by using the block data serial number and the seed key as parameters;
s204: symmetrically encrypting the data of the block by using a block symmetric key to obtain a block encrypted data main body;
s205: using a sender private key signature block encrypted data main body as a block encrypted data tail part;
s206: combining the head part of the block encrypted data, the main body of the block encrypted data and the tail part of the block encrypted data into an encrypted data chain block in sequence;
s207: and repeatedly executing S202-S206 until all the data blocks are encrypted, combining the encrypted data chain blocks in sequence, and placing a chain data head in front of the first encrypted data chain block to form a complete data encryption chain.
The invention also provides a separate storage method for chain data encryption, which can solve the problem of single machine capacity limitation in the traditional data encryption mode, and the method comprises the following steps:
s301: cutting the data encryption chain by taking the encryption data block as a unit to obtain a left chain segment with a chain type data head and a right chain segment without the chain type data head;
s302: decrypting the content of the chained data head, decrypting the serial number value of the first data chained block of the right chain segment, and updating the value of the serial number value into the corresponding field of the decrypted chained data head;
s303: and encrypting the content of the decrypted chained data head with the updated value by using a public key of a receiver, taking the new chained data head as the chained data head of the right chain segment, and physically realizing separate storage of the left chain segment and the right chain segment.
The invention also provides a chain data decryption method, which supports concurrent decryption of data and improves the efficiency in a large-scale data scene, and the chain data decryption method comprises the following steps:
s401: decrypting the chained data head by using a private key of a data receiving party, and acquiring a seed secret key and a serial number of a first chained block from the chained data head;
s402: decrypting the block sequence number value by using the seed key, and generating a block symmetric key by using the seed key and the block sequence as parameters;
s403: acquiring the serial number of the first data chain block from the chain data head, and taking the serial number as a target position serial number;
s404: when the block serial number of the decrypted data is matched with the serial number of the current position, the data of the encrypted data body decrypted by using the block symmetric key is stored in the decrypted data, then the serial number of the position is increased by taking one as a reference, and the operation of the current step is repeated until all the encrypted blocks are decrypted.
Further comprising a step S405, said
S405: and the data integrity is confirmed by the signature at the tail part of the block encryption data in the data decryption process.
Compared with the prior art, the invention has the beneficial effects that:
the chain data encryption method can improve the efficiency and enhance the encryption strength in the encryption and decryption operation of large-scale data, can separate storage to break through the upper limit of the capacity, ensures the integrity of the data, has lower modification cost, and can effectively reduce the risks of data leakage and information tampering caused by improper use of a conventional encryption mode.
Drawings
FIG. 1: a chain data encryption implementation step;
FIG. 2: a chain encrypted data logical structure;
Detailed Description
The present invention will be further described with reference to the following examples, which are intended to illustrate only some, but not all, of the embodiments of the present invention. Based on the embodiments of the present invention, other embodiments used by those skilled in the art without any creative effort belong to the protection scope of the present invention.
Example 1:
referring to fig. 1 and 2, the technical solution of the present invention will be fully described below with reference to the accompanying drawings.
The following contents are the implementation process of the chain data encryption method of the invention:
step 1, a random seed key KO is generated, and an asymmetric cryptographic public-private key pair (example key bit number: 1024 bits, format: PKCS #8, output: PEM/Base 64):
[ the following contents are random seed Key KO ]
5fe06fc09ee7c9a319cd4eeb6210c392
[ asymmetric encryption public key KU ] as follows
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDR3tFs/2NpQ4cPf1SS0j5GruMAU5Kzq9vp2Z3dofsiuFQgZH4wxlY5iIoEhNIDpVMO91k6z0ia8zY7Y4zSWVW1Uk8IXIjd9n4RmOoc2YvzJva79hg5RVj/lR3ZfZ7d1JTXteAWArxOGEflF062MLn7AMoAIgOR66QUhvyJKS1CbwIDAQAB
-----END PUBLIC KEY-----
[ asymmetric encryption private key KS ] as follows
-----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBANHe0Wz/Y2lDhw9/VJLSPkau4wBTkrOr2+nZnd2h+yK4VCBkfjDGVjmIigSE0gOlUw73WTrPSJrzNjtjjNJZVbVSTwhciN32fhGY6hzZi/Mm9rv2GDlFWP+VHdl9nt3UlNe14BYCvE4YR+UXTrYwufsAygAiA5HrpBSG/IkpLUJvAgMBAAECgYEAogCKzsWRWmcq8ZaLlU4/jlZfmhfpDVJjTm+SgcwQzKtXHS4Vjtb7Jiw0xeo1J2VN6SacNV5eoGWPfmaJBLK7CfZdkXU9ywlAvy8hbxFmq/ydA6D+kJS1Kn/3lMy2K5P6iLGUjvm7YcEMmvH27ka1D4xiDIRZ6YUfneHra9XyeUkCQQD8SRUg0CTz4CQ6fBD9Dn+Uuaj/WEwuCt9TQY0fOmqQylc9kqhbvJSmNZDCpwSW9ki+dCfZPSj/PsBMDhnNQRCVAkEA1PXdMj4AdnH7CFRMTmFmVj4a7H8TCE62Qv5gS4hPz5vnAgzN6iYCQyzXQAtyrn12PugLiKue7X5EPyzumcYx8wJADsJPxB2pK8M/G1TKwaMpf4/k/RszSbZFHl/FW8BVH6dWtzlvM/6yS47yqxCOSi6aTtoIwsK7NUN8iHaCt+lIiQJASHGS24KH+cLwWHcEti0f+PqLgiQAP3U3Pzb1Xvxx2ff475OXgK2JW3ynhJvgWUdIsEGTmtx25edsI+mPCTSIzQJAU70XdCNxn76iwtdlrJj4T1kp5Ackp8ldgatarKPfWVmrJasVVbj3AaYIpbJzIMyQQO4zD97AMjYwcg2bXBia5g==
-----END PRIVATE KEY-----
Step 2, generating a head H1 of the chain encrypted packet, and describing the content of the H1 packet by using a JSON data format:
description of the parameters: the KO value is a seed key, the KU value is an asymmetric public key of a data encryptor, the FA value is a serial number of a data block in a current chain, and the CT value is a block data volume symmetric encryption parameter;
encrypt H1 data with asymmetric public key KU, i.e., H1' RSA _ ENC (KU, H1, "PKCS1_ PADDING") has a value of ]
s0gy7l0JhRF+6AHUiIssXOgTiW99pxb0m+qCyz0cnAQrr6PSZtoJtvMH0JAp5dzRMQfJ+j7JSHY7EK9BkANTPT9DfSa6vf3iOTnlJ8RSzDtjLTFm47mLlYZN5dfVSCA1xNrjSCKAx1GR5UMigaoyOdsfXcCPnrnvgcHp+ZxYkp86Orc1gg8AvpCKX1xk0OuKhXiMiymJxRMiE4gVNiENDu6Yt6WYS7Dj52mfqGKQ4RhtuIecPfoQ/B3BNmqccEtarnLg6kDJdIKHnRNp70TmlzCvdRMf8xHWZivmLN8fkwYMymi2LoJ5BxgJJRIRTCJegu5T0NIqSfr6U3PSWVVa6SEZOjqjHBFDLNZi8Y70nBLEjBlUCmDbPvdbKk2j1XdTAgpRU92kQ+P+yCuUwENpduN46KxqlHvsIV6V3Ow5oGBAS9Vfntt+aadXLN/5PgOrVlopVhuFpgwSJ9OyZtiiqogJqioiw+8shcJ2yebEFwvXklzcK3WDLcgrMW12mwRkLv9j2g==
Step 3, acquiring original data, and segmenting the original data according to any size:
to facilitate the presentation of the results, it is assumed here that the obtained content to be encrypted is plain text data in the following quotation marks
“The quick brown fox jumps over the lazy dog”
[ JSON data Format description of segmented data content ] below
Description of the parameters: the value of D1 is the content of the first data block, the value of D2 is the content of the second data block, and similarly, the value of DN is the content of the Nth data block (the value of N is the sequence number of the data block, the same applies hereinafter).
Step 4, generating a block data symmetric encryption key, assuming that the algorithm for generating the block key is to use SHA256 to calculate a hash value after splicing the serial numbers of the blocks end to end of the seed key, that is, KN is SHA256(N + KO + N), then the encryption keys of the first 3 blocks of data are respectively:
K1=“f451445ced4c67dec772be53b6c633e640a099ade3f05e27f98400ea457d4dbf”K2=“46298509a82608fe3b599f842ae9a71f097f8d86166c5cce2ae1753265ab90bf”K3=“f0cc3d05c83a3ca463a18fd0c8e5d84de97099afee1321cbbba26a6e2537eddb”
step 5, according to the symmetric encryption parameters described in the packet header H1, the nth data block DN is encrypted by using KN as a key, that is, DN' is AES _ ENC (KN, DN, "ECB",128), and the result after encrypting the first 3 data blocks is:
D1’=“3LonLc1GmimEqi6TQ1HjQQ==”
D2’=“sEw8AkSpTqQ4PPxAv2Dejg==”
D3=“04cadUJDnqofX3IRtIyd591DegzUBR3buSsuPeFOm6Q=”
generating the encrypted data chunk header, this example assumes that the algorithm for generating the chunk header is to encrypt the data chunk sequence number using the seed key, i.e. HDN — AES _ ENC (KO, N, "ECB",128), then the headers of the first 3 encrypted data chunks are:
HD1=“rYhTkcnY4UXuBR+t7Ueazw==”
HD2=“yEC74De/aNNJHLoS+dAphQ==”
HD3=“ChVgtuBAaG4Fi1rpHBU53Q==”
generating an encrypted data chunk tail, this example assumes that the algorithm generating the data chunk tail is to calculate an MD5 value of the encrypted data, i.e. EDN is MD5 (DN', 32), then the tail of the first 3 encrypted data chunks is:
ED1=“f5280982d5f3d37f0b2d6a82ca196493”
ED2=“fe783413b88b6fef4456c8ecf9c47732”
ED3=“dad7ea7f43dbdec38f79920d7d85cf77”
step 8, merging the encrypted data blocks to generate an encrypted data chain, where the basic rule is that the encrypted data chain header sequentially combines the encrypted data chain block values, that is, END ═ data chain header + [ 1 st encrypted data chain block ] + [ 2 nd encrypted data chain block ] + [ N encrypted data chain block ], and each data block is separated by a specific separator, in this example, assuming "@" is used as the separator, the final encoded data encryption chain is:
H1@HD1@D1’@ED1@HD2@D2’@ED2@HDN@DN’@EDN
replace the above demonstration data to obtain the encrypted data chain result of this example
s0gy7l0JhRF+6AHUiIssXOgTiW99pxb0m+qCyz0cnAQrr6PSZtoJtvMH0JAp5dzRMQfJ+j7JSHY7EK9BkANTPT9DfSa6vf3iOTnlJ8RSzDtjLTFm47mLlYZN5dfVSCA1xNrjSCKAx1GR5UMigaoyOdsfXcCPnrnvgcHp+ZxYkp86Orc1gg8AvpCKX1xk0OuKhXiMiymJxRMiE4gVNiENDu6Yt6WYS7Dj52mfqGKQ4RhtuIecPfoQ/B3BNmqccEtarnLg6kDJdIKHnRNp70TmlzCvdRMf8xHWZivmLN8fkwYMymi2LoJ5BxgJJRIRTCJegu5T0NIqSfr6U3PSWVVa6SEZOjqjHBFDLNZi8Y70nBLEjBlUCmDbPvdbKk2j1XdTAgpRU92kQ+P+yCuUwENpduN46KxqlHvsIV6V3Ow5oGBAS9Vfntt+aadXLN/5PgOrVlopVhuFpgwSJ9OyZtiiqogJqioiw+8shcJ2yebEFwvXklzcK3WDLcgrMW12mwRkLv9j2g==@rYhTkcnY4UXuBR+t7Ueazw==@3LonLc1GmimEqi6TQ1HjQQ==@f5280982d5f3d37f0b2d6a82ca196493@yEC74De/aNNJHLoS+dAphQ==@sEw8AkSpTqQ4PPxAv2Dejg==@fe783413b88b6fef4456c8ecf9c47732@ChVgtuBAaG4Fi1rpHBU53Q==@04cadUJDnqofX3IRtIyd591DegzUBR3buSsuPeFOm6Q=@dad7ea7f43dbdec38f79920d7d85cf77
Example 2:
the following content is the implementation process of the separate storage method of the chained encrypted data of the invention:
step 1, in this example, the data encryption chain is divided in units of encrypted data blocks, in this example, "@" is used as a separator of each chain block, that is, the position of a cut point is a position of 3x +1 "@" symbols (x is a positive integer greater than 0), and assuming that x is 2, the data is divided from the position of the 7 th "@" in this example;
[ As a result of cutting the encrypted data chain ] as described above
[ left chain segment-head with encrypted data chain ]
s0gy7l0JhRF+6AHUiIssXOgTiW99pxb0m+qCyz0cnAQrr6PSZtoJtvMH0JAp5dzRMQfJ+j7JSHY7EK9BkANTPT9DfSa6vf3iOTnlJ8RSzDtjLTFm47mLlYZN5dfVSCA1xNrjSCKAx1GR5UMigaoyOdsfXcCPnrnvgcHp+ZxYkp86Orc1gg8AvpCKX1xk0OuKhXiMiymJxRMiE4gVNiENDu6Yt6WYS7Dj52mfqGKQ4RhtuIecPfoQ/B3BNmqccEtarnLg6kDJdIKHnRNp70TmlzCvdRMf8xHWZivmLN8fkwYMymi2LoJ5BxgJJRIRTCJegu5T0NIqSfr6U3PSWVVa6SEZOjqjHBFDLNZi8Y70nBLEjBlUCmDbPvdbKk2j1XdTAgpRU92kQ+P+yCuUwENpduN46KxqlHvsIV6V3Ow5oGBAS9Vfntt+aadXLN/5PgOrVlopVhuFpgwSJ9OyZtiiqogJqioiw+8shcJ2yebEFwvXklzcK3WDLcgrMW12mwRkLv9j2g==@rYhTkcnY4UXuBR+t7Ueazw==@3LonLc1GmimEqi6TQ1HjQQ==@f5280982d5f3d37f0b2d6a82ca196493@yEC74De/aNNJHLoS+dAphQ==@sEw8AkSpTqQ4PPxAv2Dejg==@fe783413b88b6fef4456c8ecf9c47732
[ Right chain segment-head of non-encrypted data chain ]
ChVgtuBAaG4Fi1rpHBU53Q==@04cadUJDnqofX3IRtIyd591DegzUBR3buSsuPeFOm6Q=@dad7ea7f43dbdec38f79920d7d85cf77
Step 2, the data before the first separator of the left chain segment is the head of the encrypted data chain, and the head of the data chain is decrypted by using the receiving private key to obtain the following data:
the KO value in the data is a seed key, the KU value is an asymmetric public key of a data encryptor, the FA value is a serial number of a data block in a current chain, and CT is a block data volume symmetric encryption parameter;
step 3, the part before the first delimiter of the right segment is an encryption chain block header HDN, and decryption is performed using information obtained by the data chain header, and in this example, it is assumed that an algorithm for generating the block header is to encrypt a data block sequence number using a seed key, that is, N is AES _ DEC (KO, HDN, "ECB",128), and a value of N is 3;
step 4, updating the value of N obtained in the previous step into the corresponding field of the decrypted chained data header, and obtaining an updated data chain header H3 as follows:
encrypt H3 data using asymmetric public key KU, i.e., H3 ═
RSA _ ENC (KU, H3, "PKCS1_ PADDING") has a value of ]
gkX7v8rS6fLnllg2lWcgdLhGW4kDmQtu4vdOn6nT70xDmfcqKK+6HdtqNWlvzn8Tt4wQTUiiys5F7oLpoQOU2fZR0awTl80d3p5VgqNw6l9XyeGWJwHVJke0msjoGknAwFx1nZGBOMcKTXlz77Abvg94c/4ErT2t6f/OhePkCKo6OgST5c7pfCsycgDPum+7MdgB2hId2HtkEaGjZ7H5GakaXQ3vPGzUCRxzIOTVrVoVpF0J4f/yQilfOfO17p/tsjlF5HQK60aH1yqd7MOA26zD1WOPAaYGy7jIg8s/uGGLtL1fcPBp15gHYG43qB+IkBvCAbnYFbSZ19eo8qo83mb6OjpVkjoIMnkI3P1q9UTnK8fJ6CaAl1F6yMWflFkmg4zhLYD/0dBUuFFDUDBw5mYqHvFEb035RqjGLG11nWksVgYY8kBK0e9LUQW7/cytQ5PByX9/Fixv1aeL36YbtFsORrKhDyOMbVxh9hOsCyhHl6EYO5DLYh4NIte3cqvv7/qGbw==
And (5) connecting the data head of the right chain segment with a separation symbol, and then connecting the data head with the data chain head H3 to form a complete right chain segment structure, wherein the left chain segment and the right chain segment can be physically stored in a separated manner.
Example 3:
the chain data decryption method of the invention supports concurrent decryption of data, improves the efficiency in large-scale data scene, and comprises the following specific implementation processes:
step 1, this example is exemplified in connection with the above encrypted data chain result, where the data before the first delimiter of the encrypted data segment is the encrypted data chain header, and the data chain header is decrypted by using the receiving private key to obtain the following data:
the KO value in the data is a seed key, the KU value is an asymmetric public key of a data encryptor, the FA value is a serial number of a data block in a current chain, and CT is a block data volume symmetric encryption parameter;
cutting a left chain segment obtained by removing the head of the data chain from the encrypted data chain, wherein the cutting unit is 3 times of the position of the separation symbol, and the data chain segments cut according to different sizes can be subjected to concurrent decryption to improve the efficiency;
step 3, acquiring a seed key and a sequence number of a first chain block from the decrypted data chain head, decrypting a block sequence number value by using the seed key, and generating a block symmetric key by using the seed key and the block sequence as parameters; in this example, assuming that the algorithm for generating the block key is that the serial numbers of the first and last spliced blocks of the seed key are used to calculate the hash value with SHA256, that is, KN is SHA256(N + KO + N), the encryption keys of the first 3 blocks of data are:
K1=
“f451445ced4c67dec772be53b6c633e640a099ade3f05e27f98400ea457d4dbf”K2=“46298509a82608fe3b599f842ae9a71f097f8d86166c5cce2ae1753265ab90bf”K3=“f0cc3d05c83a3ca463a18fd0c8e5d84de97099afee1321cbbba26a6e2537eddb”
step 4, the nth data block DN is decrypted using KN as a key, i.e. DN AES _ DEC (KN, DN', "ECB",128), and the result after decryption of the first 3 data blocks is:
step 5, reading the sequence number of the first data link block from the head of the decrypted data link as a position sequence number, merging the decrypted data into the decrypted data when the block sequence number of the decrypted data is found to be matched with the current position sequence number, then incrementally increasing the position sequence number by taking 1 as a reference, repeating the current step operation until all the encrypted blocks are decrypted, and finally obtaining the content of the original decrypted data:
“The quick brown fox jumps over the lazy dog”
during the data decryption process, the integrity of the data can be confirmed by verifying the tail part of the encrypted data of the block, so that illegal tampering can be prevented;
the above description is only a preferred embodiment of the present invention, and the present invention is not limited thereto. It will be apparent to those skilled in the art that various modifications and improvements can be made without departing from the spirit and substance of the invention, and these modifications and improvements are also considered to be within the scope of the invention.
Claims (5)
1. A method for chained data encryption, comprising the steps of:
s100: manufacturing a chain type data head;
s200: making encrypted data chain blocks, combining the encrypted data chain blocks in sequence, and placing a chain data head in front of the first encrypted data chain block to form a complete data encryption chain, wherein the encrypted data chain block encryption method comprises the following steps:
s201: cutting the original data according to any length to obtain block data;
s202: symmetrically encrypting the block data serial number by using a seed key to obtain a block encrypted data head;
s203: generating a block symmetric key required by block encryption by using the block data serial number and the seed key as parameters;
s204: symmetrically encrypting the data of the block by using a block symmetric key to obtain a block encrypted data main body;
s205: using a sender private key signature block encrypted data main body as a block encrypted data tail part;
s206: combining the head part of the block encrypted data, the main body of the block encrypted data and the tail part of the block encrypted data into an encrypted data chain block in sequence;
s207: and repeatedly executing S202-S206 until all the data blocks are encrypted, combining the encrypted data chain blocks in sequence, and placing a chain data head in front of the first encrypted data chain block to form a complete data encryption chain.
2. The chained data encryption method according to claim 1, wherein the S100: making a chain type data head specifically comprises: the basic field of the chained data head comprises: a seed key generated randomly; the public key of the data sender; encryption algorithm and parameters used when block data is encrypted; the sequence number of the first data block in the current chain; and finally encrypting the fields by using a public key of a receiver to obtain the fields as a chained data header.
3. A method for separately storing chained encrypted data, comprising the chained data encryption method of any one of claims 1-2, and specifically comprising the steps of:
s301: cutting the data encryption chain by taking the encryption data block as a unit to obtain a left chain segment with a chain type data head and a right chain segment without the chain type data head;
s302: decrypting the content of the chained data head, decrypting the serial number value of the first data chained block of the right chain segment, and updating the value of the serial number value into the corresponding field of the decrypted chained data head;
s303: and encrypting the content of the decrypted chained data head with the updated value by using a public key of a receiver, taking the new chained data head as the chained data head of the right chain segment, and physically realizing separate storage of the left chain segment and the right chain segment.
4. A chained data decryption method, comprising the chained data encryption method of any of claims 1-2, and specifically comprising the steps of:
s401: decrypting the chained data head by using a private key of a data receiving party, and acquiring a seed secret key and a serial number of a first chained block from the chained data head;
s402: decrypting the block sequence number value by using the seed key, and generating a block symmetric key by using the seed key and the block sequence as parameters;
s403: acquiring the serial number of the first data chain block from the chain data head, and taking the serial number as a target position serial number;
s404: when the block serial number of the decrypted data is matched with the serial number of the current position, the data of the encrypted data body decrypted by using the block symmetric key is stored in the decrypted data, then the serial number of the position is increased by taking one as a reference, and the operation of the current step is repeated until all the encrypted blocks are decrypted.
5. The chained data decryption method of claim 4, further comprising step S405, wherein S405: and the data integrity is confirmed by the signature at the tail part of the block encryption data in the data decryption process.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011554042.1A CN112714120B (en) | 2020-12-24 | 2020-12-24 | Chained data encryption and decryption method and separated storage method of encrypted data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011554042.1A CN112714120B (en) | 2020-12-24 | 2020-12-24 | Chained data encryption and decryption method and separated storage method of encrypted data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112714120A CN112714120A (en) | 2021-04-27 |
| CN112714120B true CN112714120B (en) | 2021-10-29 |
Family
ID=75545425
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011554042.1A Active CN112714120B (en) | 2020-12-24 | 2020-12-24 | Chained data encryption and decryption method and separated storage method of encrypted data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112714120B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113378200B (en) * | 2021-06-28 | 2022-02-22 | 江苏翔晟信息技术股份有限公司 | Electronic contract file grouping encryption system and method based on separated storage |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101047500A (en) * | 2006-03-28 | 2007-10-03 | 华为技术有限公司 | Method for transmitting ciphered data pack in gradual network |
| CN111654511A (en) * | 2020-07-13 | 2020-09-11 | 中国银行股份有限公司 | Chained data encryption method, chained data decryption method and corresponding systems |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| AU2002364752C1 (en) * | 2001-12-19 | 2010-05-13 | Irdeto Access B.V. | Digital content distribution system |
| JP5233175B2 (en) * | 2007-06-08 | 2013-07-10 | ソニー株式会社 | Content distribution system, distribution server, terminal, and content distribution method |
| JPWO2010055658A1 (en) * | 2008-11-13 | 2012-04-12 | パナソニック株式会社 | Content decryption processing apparatus, content decryption processing method, and integrated circuit |
| CN109587132B (en) * | 2018-11-29 | 2021-03-26 | 南京苏宁软件技术有限公司 | Data transmission method and device based on alliance chain |
-
2020
- 2020-12-24 CN CN202011554042.1A patent/CN112714120B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101047500A (en) * | 2006-03-28 | 2007-10-03 | 华为技术有限公司 | Method for transmitting ciphered data pack in gradual network |
| CN111654511A (en) * | 2020-07-13 | 2020-09-11 | 中国银行股份有限公司 | Chained data encryption method, chained data decryption method and corresponding systems |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112714120A (en) | 2021-04-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100468438C (en) | Encryption and decryption method for realizing hardware and software binding | |
| US11184164B2 (en) | Secure crypto system attributes | |
| CN109067814B (en) | Media data encryption method, system, device and storage medium | |
| CN111654511A (en) | Chained data encryption method, chained data decryption method and corresponding systems | |
| CN102664740B (en) | Remote-authorization-based bidding document encryption and decryption method | |
| US20220360441A1 (en) | Data encryption and decryption method, device, storage medium and encrypted file | |
| GB2528959A (en) | Encoder, decoder and method | |
| Paterson et al. | Padding oracle attacks on the ISO CBC mode encryption standard | |
| CN116232762B (en) | Encryption data transmission method based on quantum key | |
| CN114826656A (en) | Trusted data link transmission method and system | |
| CN112714120B (en) | Chained data encryption and decryption method and separated storage method of encrypted data | |
| Pradhan et al. | Cryptography encryption technique using circular bit rotation in binary field | |
| CN114338648A (en) | SFTP multi-terminal file secure transmission method and system based on state cryptographic algorithm | |
| CN109633693A (en) | The anti-fraud schemes of Beidou II navigation system based on domestic password | |
| WO2018102382A1 (en) | Method and system for switching public keys in ciphertexts | |
| Patil et al. | Performance evaluation of hybrid cryptography algorithm for secure sharing of text & images | |
| US20080219448A1 (en) | Multiple-layers encryption/decryption and distribution of copyrighted contents | |
| US7436966B2 (en) | Secure approach to send data from one system to another | |
| CN112398655B (en) | File transmission method, server and computer storage medium | |
| CN1226691C (en) | Method for multiple encryption of file and simultaneous sealing/unsealing | |
| CN104796254A (en) | ECC-based official document transferring method | |
| CN103634113B (en) | Encryption and decryption method and device with user/equipment identity authentication | |
| CN106059748A (en) | Lightweight data secure storage method based on block security regeneration codes | |
| CN112367159A (en) | Medical data safety storage oriented hybrid encryption and decryption method and system | |
| CN111310211A (en) | Method for encrypting database by using SM4 algorithm |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |