CN113225297B - Data hybrid encryption method, device and equipment - Google Patents

Data hybrid encryption method, device and equipment Download PDF

Info

Publication number
CN113225297B
CN113225297B CN202010071628.6A CN202010071628A CN113225297B CN 113225297 B CN113225297 B CN 113225297B CN 202010071628 A CN202010071628 A CN 202010071628A CN 113225297 B CN113225297 B CN 113225297B
Authority
CN
China
Prior art keywords
data
encrypted
data segments
encryption
segments
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010071628.6A
Other languages
Chinese (zh)
Other versions
CN113225297A (en
Inventor
张高旭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Gridsum Technology Co Ltd
Original Assignee
Beijing Gridsum Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Gridsum Technology Co Ltd filed Critical Beijing Gridsum Technology Co Ltd
Priority to CN202010071628.6A priority Critical patent/CN113225297B/en
Publication of CN113225297A publication Critical patent/CN113225297A/en
Application granted granted Critical
Publication of CN113225297B publication Critical patent/CN113225297B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0464Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload using hop-by-hop encryption, i.e. wherein an intermediate entity decrypts the information and re-encrypts it before forwarding it
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention provides a data hybrid encryption method, which comprises the following steps: dividing data to be encrypted into M data segments; selecting N data segments from the M data segments, wherein N is less than or equal to M; encrypting the N data segments into an encrypted text according to a preset second encryption algorithm; assembling the rest M-N data segments into plaintext data blocks; calculating a signature based on the data information of the N data segments; and combining the encrypted text, the data information, the signature and the plaintext data block to obtain encrypted data. Meanwhile, the embodiment of the invention also provides a corresponding data hybrid encryption device and data hybrid encryption equipment. The embodiment of the invention is suitable for the field of data encryption.

Description

Data hybrid encryption method, device and equipment
Technical Field
The present invention relates to the field of data encryption, and in particular, to a data hybrid encryption method, a data hybrid encryption apparatus, a data hybrid encryption device, and a corresponding storage medium.
Background
In the development process of the internet, more and more applications select an open application development interface, and the possibility of participation is provided for third-party developers. By utilizing the development interface provided by the open platform, a third-party developer can conveniently access own application to the open platform, so that common users can enjoy abundant platform services, the user adhesion of the platform is improved, and the market share is finally enlarged.
The open platform not only needs to provide abundant platform services, but also needs to guarantee the safety of the services, and ensures that the services used by common users are all safe services. The security has to be mentioned, and the data transmission between the application developed by the third-party developer and the open platform often involves important private data, and once the private data is stolen by a "conscious person", the unpredictable effect is caused, and how to ensure the security of the transmitted data becomes the first consideration of the open platform. The current encryption mode has the following defects:
although the message digest algorithm is high in efficiency, the plaintext and the digest information are required to be transmitted together during data transmission, so that important privacy information cannot be hidden, and the message digest algorithm is easy to break through;
although the common encryption algorithm guarantees the security and important privacy data in the data transmission process, when the content of the encrypted data is very large, the encryption and decryption efficiency is obviously reduced, and the time consumption is obviously increased.
Disclosure of Invention
The embodiment of the invention aims to provide a data hybrid encryption method and a data hybrid encryption device, which are used for at least solving the problem of low encryption efficiency in the prior art.
In order to achieve the above object, the present invention provides a data hybrid encryption method, including:
dividing data to be encrypted into M data segments;
selecting N data segments from the M data segments, wherein N is less than or equal to M;
encrypting the N data segments into an encrypted text according to a preset second encryption algorithm; assembling the remaining M-N data segments into plaintext data blocks; calculating a signature based on the data information of the N data segments;
and combining the encrypted text, the data information, the signature and the plaintext data block to obtain encrypted data.
Optionally, before dividing the data to be encrypted into M data segments, the encryption method further includes:
acquiring the file size of the data to be encrypted;
judging whether the size of the file is smaller than a set threshold value or not;
if the file size is smaller than the set threshold value, encrypting the data to be encrypted according to a preset first encryption algorithm, and not executing subsequent steps; otherwise, executing the step of dividing the data to be encrypted.
Optionally, the encrypting the N data segments into an encrypted text includes:
adding the offset of the data segment corresponding to each data segment to the front part of each data segment in the N data segments to obtain N new data blocks;
and encrypting the N new data blocks by using a second encryption algorithm to obtain the encrypted text.
Optionally, the calculating a signature based on the data information of the segmented data to be encrypted includes:
calculating the signature according to data information based on the segmented data to be encrypted by using a message digest algorithm; the data information comprises a key of the second encryption algorithm and at least one of the following:
the data segment offset value is a value of the offset of N data segments corresponding to the N data segments, N initial values of the data segments corresponding to the N data segments, and N offset values of the data segments corresponding to the N data segments.
Optionally, the assembling the remaining M-N unencrypted data segments into a plaintext data block includes:
and assembling the remaining M-N unencrypted data segments according to the offset of each data segment to obtain the plaintext data block.
Optionally, before dividing the data to be encrypted into M data segments, the encryption method further includes:
the value of M is randomly generated, and the value of N is randomly generated within the range of [1, M ].
Optionally, before dividing the data to be encrypted into M data segments, the encryption method further includes:
acquiring an M value input by a user, and displaying the M value to the user, wherein the serial numbers of the M icons are different from each other;
acquiring the selection of the M icons by the user, and acquiring the number N of the icons selected by the user and the respective serial numbers of the N icons;
and the respective serial numbers of the N icons correspond to the serial numbers of the data segments needing to be encrypted.
In a second aspect of the present invention, there is also provided a data hybrid encryption apparatus, including:
the segmentation module is used for segmenting data to be encrypted into M data segments;
the selection module is used for selecting N data segments from the M data segments to encrypt, wherein N is less than or equal to M;
the encryption module is used for encrypting the N data segments into an encrypted text according to a preset second encryption algorithm;
the signature calculation module is used for calculating a signature based on the data information of the segmented data to be encrypted;
the plaintext module is used for assembling the remaining M-N unencrypted data segments into plaintext data blocks;
and the combination module is used for combining the encrypted text, the data information, the signature and the plaintext data block to obtain encrypted data.
In a third aspect of the present invention, there is also provided a data hybrid encryption device, including at least one processor, and at least one memory and a bus connected to the processor; the processor and the memory complete mutual communication through the bus; the processor is used for calling the program instructions in the memory to execute the data hybrid encryption method.
In a fourth aspect of the present invention, there is also provided a storage medium having stored thereon computer program instructions which, when executed by a processor, implement the aforementioned data hybrid encryption method.
According to the technical scheme, the encryption of the whole data is avoided, the whole data is divided into different data segments according to a certain rule, and the marked data segments are encrypted, so that the encryption and decryption efficiency is improved, the encryption and decryption time is reduced, and the flexibility of parameter setting in the encryption and decryption is improved.
Additional features and advantages of embodiments of the invention will be set forth in the detailed description which follows.
Drawings
The accompanying drawings, which are included to provide a further understanding of the embodiments of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the embodiments of the invention and do not limit the embodiments. In the drawings:
FIG. 1 is a schematic diagram of a data hybrid encryption method according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a hybrid data encryption device provided in an embodiment of the present invention;
fig. 3 is a schematic diagram of a data hybrid encryption device according to an embodiment of the present invention.
Detailed Description
The following detailed description of embodiments of the invention refers to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the present invention, are given by way of illustration and explanation only, not limitation.
In the embodiments of the present invention, unless otherwise specified, the use of directional terms such as "upper, lower, top, and bottom" is generally used with respect to the orientation shown in the drawings or the positional relationship of the components with respect to each other in the vertical, or gravitational direction.
Fig. 1 is a schematic diagram of a data hybrid encryption method according to an embodiment of the present invention, and as shown in fig. 1, the data hybrid encryption method includes: (ii) a
Dividing data to be encrypted into M data segments;
selecting N data segments from the M data segments, wherein N is less than or equal to M, and both N and M are positive integers;
encrypting the N data segments into an encrypted text according to a preset second encryption algorithm; assembling the rest M-N data segments into plaintext data blocks; calculating a signature based on the data information of the N data segments;
and combining the encrypted text, the data information, the signature and the plaintext data block to obtain encrypted data.
Therefore, the problems of long encryption time and low encryption efficiency caused by integral encryption of large data to be encrypted can be solved, and the method is suitable for various encryption occasions; meanwhile, the user-defined encryption rule can be provided for the party needing encryption to select.
Specifically, in the present embodiment, the data to be encrypted is divided into a plurality of segments, and the sizes of the segments may be equal or different, and the segments may be divided according to a fixed size or randomly generated segment size value. And encrypting N sections in the divided M sections, wherein N is less than or equal to M, and when N = M, the N section is completely encrypted. And encrypting the selected N sections of data by using a preset encryption mode to obtain an encrypted text. After the data to be encrypted is divided into M segments, each segment has its own data segment length L, data segment initial value I and data segment offset O, which are important for data recovery of the original plaintext data at the receiving side, and therefore need to be sent to the receiving end. In order to prevent the above information from being tampered during transmission, its signature needs to be calculated for verification by the receiving party. And for the remaining M-N sections of unencrypted data, directly transmitting the data in a plaintext mode. The calculation sequence of the encrypted text, the data information, the signature and the plaintext data block is not limited by the description sequence of the characters, and the three can be acquired in parallel or exchanged according to the actually completed flow. And combining the signature, the encrypted text and the plaintext data block into encrypted data, so as to finish the encryption process.
In one embodiment provided by the present invention, before dividing the data to be encrypted into M segments, the encryption method further includes: acquiring the file size of the data to be encrypted; judging whether the size of the file is smaller than a set threshold value or not; if the file size is smaller than the set threshold, encrypting the data to be encrypted according to a preset first encryption algorithm; otherwise, executing the step of dividing the data to be encrypted. The present embodiment includes determining the encryption/decryption efficiency threshold value before performing the encryption method described above. Here, the encryption/decryption efficiency threshold is a threshold above which the data encryption/decryption efficiency is lowered. The encryption and decryption efficiency boundary value is an experiment acquisition value, the encryption and decryption calculation is carried out on the texts with different file sizes for multiple times, the time consumption of each encryption and decryption is recorded, and the obvious encryption and decryption time consumption of the text data exceeding a certain file size is found to be longer and longer. And taking the certain file size obtained here as an encryption and decryption efficiency boundary value. When the size of the file of the data to be encrypted is smaller than the encryption/decryption efficiency threshold, encrypting the data to be encrypted by adopting a preset first encryption algorithm without performing the steps of dividing the data to be encrypted into M data and subsequent steps thereof. The first Encryption algorithm herein includes a message digest algorithm HMAC and a symmetric Encryption algorithm such as AES (Advanced Encryption Standard). The whole data to be encrypted is encrypted by using the encryption key, and the encrypted data is decrypted by adopting the same decryption mode on the decryption side. According to the embodiment, through the judgment step of setting the preset encryption and decryption efficiency boundary value, a simple encryption algorithm is adopted for the small data to be encrypted, and the segmented encryption mode is adopted for the big data to be encrypted, so that the encryption complication of the small file is avoided, and the whole encryption efficiency is favorably improved.
In an embodiment provided by the present invention, the encrypting the N data segments into an encrypted text according to a preset second encryption algorithm includes: adding the offset of the data segment corresponding to each data segment to the front part of each data segment in the N data segments to obtain N new data blocks; and encrypting the N new data blocks by using a second encryption algorithm to obtain the encrypted text. The method specifically comprises the following steps: the data segments and their corresponding offsets are first combined, i.e., F (O) 1 ,D 1 ),F(O 2 ,D 2 ),…,F(O N ,D N ) And obtaining N new data blocks, wherein O represents the offset of the data segment, D represents the data segment, and encrypting the N data blocks by adopting a second encryption algorithm, wherein the second encryption algorithm is preferably a symmetric encryption algorithm, such as AES. The encrypted text thus obtained not only contains the encrypted data, but also contains the offsets (equivalent to serial numbers) of the respective data segments corresponding to the encrypted data, so that the receiver can combine the received multiple data segments in sequence to obtain complete transmitted data.
In an embodiment of the present invention, the calculating a signature based on data information of the divided data to be encrypted includes: calculating the signature based on the data information of the segmented data to be encrypted by using a message digest algorithm; the data information includes a key of the second encryption algorithm and at least one of: and the length of N data segments corresponding to the N data segments, the initial value of the N data segments and the offset of the N data segments. In the transmission of encrypted data, it is not only necessaryThe received data is ensured to be restored at the receiving end, and whether the data is tampered or not needs to be verified, so that signature verification needs to be carried out on the data information at the receiving end. And generating a signature according to the data information by adopting a message digest algorithm in the generation of the data signature at the transmitting end. The message digest algorithm is preferably a HASH algorithm, and the data information includes: and the key of the second encryption algorithm, and at least one of the length of N data segments corresponding to the N segments of data, the initial value of the N data segments and the offset of the N data segments. The signature may be calculated, for example, using the following algorithm: HASH (O) 1 ,O 2 ,…O N Key) to obtain a signature SIGN, wherein: o is the offset of the data segment, and key is the key of the second encryption algorithm. Or obtaining the signature SIGN by HASH (L, I, O, key), where L is the length of the data segment and I is the initial value of the data segment, and each includes N values, i.e. L 1 —L N And I 1 —I N . Because the rest M-N data are sent in a clear text, the data restoration of the receiving end can be ensured only by sending the information of the N data (the length of the data segment, the initial value of the data segment and the offset of the data segment). The user can also select to abstract the information of the M sections of data according to the requirement.
In an embodiment provided by the present invention, the assembling the remaining M-N data segments into a plaintext data block includes: and assembling the residual M-N data segments according to the offset of each data segment to obtain the plaintext data block. For the remaining M-N unselected data segments, i.e. plaintext data segments, to be reassembled into plaintext data blocks according to the offset of the data segments, in order to recover the plaintext data at the receiving end, the sequence of the plaintext data is crucial, so the offset O of the data segment, i.e. the aforementioned O, needs to be added to the front of the segmented data segments 1 、O 2 、···、O N (ii) a The assembly here can be carried out by means of the aforementioned F (O, D). The offset O of the data segment reflects the sequence of each data segment, and the original plaintext of the data to be encrypted can be restored at the receiving end by the offset of the decrypted encrypted data segment and the offset of the data segment of the plaintext field.
In one embodiment provided by the present invention, before dividing the data to be encrypted into M data segments, the encryption method further includes: the value of M is randomly generated, and the value of N is randomly generated within the range of [1, M ]. When the third-party developer selects encryption according to the rule set by the open platform, the values of M and N do not need to be set by itself, and the values of M and N are automatically generated within a preset range, which may be a numerical range, for example: setting the range of M to be 3 to 10, by a random number generation algorithm, a value can be obtained, and then a value of N is generated, the value of N ranges from 1 to M. Through the implementation mode, not only can the dynamic changes of M and N be realized, the encryption rules are enriched, but also the cracking probability can be reduced.
In one embodiment provided by the present invention, before dividing the data to be encrypted into M data segments, the encryption method further includes: acquiring an M value input by a user, and displaying the M value to the user, wherein the serial numbers of the M icons are different from each other; acquiring the selection of the M icons by the user, and acquiring the number N of the icons selected by the user and the respective serial numbers of the N icons; and the respective serial numbers of the N icons correspond to the serial numbers of the data segments needing to be encrypted. As an alternative to the previous embodiment, when the third-party developer selects encryption according to the rule set by the open platform, a selection interface may be provided for the user to select, and obtain M selected by the user, where M is the number of data segments that need to be divided, where the obtaining may be performed by an input device, and then display M icons to the user for selection by the user, and select the above icons on the user interface by the user, where the icons have different serial numbers, and the user selects data segments to be encrypted through the user graphical interface, that is, obtains the selection of the M icons by the user, thereby obtaining the number N of icons selected by the user, and the serial numbers of N icons, that is, the serial numbers of data segments that need to be encrypted, and then processes the N selected data segments by applying the aforementioned encryption method to generate corresponding signatures, encrypted texts, and plaintext data blocks, and complete encryption. Through the embodiment, encryption is carried out according to M and N defined by the user, and the personalized requirements of the user are met.
Fig. 2 is a schematic diagram of a data hybrid encryption apparatus according to an embodiment of the present invention, and as shown in fig. 2, in an embodiment of the present invention, there is also provided a data hybrid encryption apparatus, where the encryption apparatus includes:
the segmentation module is used for segmenting data to be encrypted into M data segments;
the selection module is used for selecting N data segments in the M data segments, wherein N is less than or equal to M;
the encryption module is used for encrypting the N data segments into an encrypted text according to a preset second encryption algorithm;
the signature calculation module is used for calculating a signature based on the data information of the segmented data to be encrypted;
the plaintext module is used for assembling the remaining M-N data segments into plaintext data blocks;
and the combination module is used for combining the encrypted text, the data information, the signature and the plaintext data block to obtain encrypted data.
The modules and methods in the above devices correspond to each other, and the technical details and advantageous effects thereof are not described herein again.
Fig. 3 is a schematic diagram of a data hybrid encryption device according to an embodiment of the present invention, as shown in fig. 3, in an embodiment of the present invention, a data hybrid encryption device is further provided, which includes at least one processor, and at least one memory and a bus connected to the processor; the processor and the memory complete mutual communication through the bus; the processor is configured to call program instructions in the memory to perform the aforementioned data hybrid encryption method. The processor may include, but is not limited to, a general purpose processor, a special purpose processor, a conventional processor, a plurality of microprocessors, a controller, a microcontroller, an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) circuit, any other type of Integrated Circuit (IC), a state machine, and the like. In a common scenario, the device is preferably a server.
In one embodiment provided by the present invention, computer program instructions are stored thereon, which when executed by a processor, implement the steps of the aforementioned data hybrid encryption method.
The decryption method of the embodiment of the invention is arranged corresponding to the encryption method, and the specific steps are roughly as follows: after receiving L (data information), I (data information), O (data information), SIGN (SIGNATURE), CIPHERTEXT (encrypted text) and MTEXT (plaintext data block), the receiver obtains SIGNATURE through HASH (L, I, O, key) by using the same data information, data information sequence and key as those of the encryptor, compares SIGNATU with SIGN, and if the two are equal, the SIGNATURE passes; obtaining a data block plaintext D through AES (SIGN, CIPHERTEXT, key) after the signature passes 1 、D 2 …D N Since the first 4 bytes of each data block are all O 1 、O 2 …O N And the following bytes are actual data blocks, and the actual data blocks and the plaintext data blocks MTEXT are restored into original data in sequence, so that original plaintext is obtained.
According to the technical scheme, based on the existing encryption mode, the encryption of the whole data is avoided, the complete data is divided into different data sections according to a certain rule, and the marked data sections are encrypted, so that the encryption and decryption efficiency is improved, the encryption and decryption time is reduced, the flexibility of parameter setting in the encryption and decryption is improved, and the method has good practicability.
Although the embodiments of the present invention have been described in detail with reference to the accompanying drawings, the embodiments of the present invention are not limited to the specific details of the above embodiments, and various simple modifications can be made to the technical solution of the embodiments of the present invention within the technical idea of the embodiments of the present invention, and these simple modifications all belong to the protection scope of the embodiments of the present invention.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a device includes one or more processors (CPUs), memory, and a bus. The device may also include input/output interfaces, network interfaces, and the like.
By the technical scheme, the importing rules among the column data can be flexibly configured, the flexibility of data importing is improved, and the importing of the unstructured data can be completed.
While the embodiments of the present invention have been described in detail with reference to the accompanying drawings, the embodiments of the present invention are not limited to the details of the above embodiments, and various simple modifications can be made to the technical solution of the embodiments of the present invention within the technical idea of the embodiments of the present invention, and the simple modifications are within the scope of the embodiments of the present invention.
It should be noted that the various features described in the above embodiments may be combined in any suitable manner without departing from the scope of the invention. In order to avoid unnecessary repetition, the embodiments of the present invention will not be described separately for the various possible combinations.
Those skilled in the art can understand that all or part of the steps in the method for implementing the above embodiments may be implemented by a program, where the program is stored in a storage medium and includes several instructions to enable a single chip, a chip, or a processor (processor) to execute all or part of the steps in the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk, and various media capable of storing program codes.
In addition, any combination of the various embodiments of the present invention is also possible, and the same should be considered as disclosed in the embodiments of the present invention as long as it does not depart from the spirit of the embodiments of the present invention.

Claims (9)

1. A hybrid encryption method for data, the encryption method comprising:
dividing data to be encrypted into M data segments;
selecting N data segments from the M data segments, wherein N is less than or equal to M;
encrypting the N data segments into an encrypted text according to a preset second encryption algorithm; assembling the remaining M-N data segments into plaintext data blocks; calculating a signature based on the data information of the N data segments;
the encrypting the N data segments into an encrypted text according to a preset second encryption algorithm includes: adding the offset of the data segment corresponding to each data segment to the front part of each data segment in the N data segments to obtain N new data blocks; encrypting the N new data blocks by using the second encryption algorithm to obtain the encrypted text;
and combining the encrypted text, the plaintext data block, the data information and the signature to obtain encrypted data.
2. The encryption method according to claim 1, wherein before dividing the data to be encrypted into M data segments, the encryption method further comprises:
acquiring the file size of the data to be encrypted;
judging whether the size of the file is smaller than a set threshold value or not;
if the file size is smaller than the set threshold, encrypting the data to be encrypted according to a preset first encryption algorithm; otherwise, executing the step of dividing the data to be encrypted into M data segments and the subsequent steps.
3. The encryption method of claim 1, wherein said computing a signature based on the data information of the N data segments comprises:
calculating the signature based on the data information of the N data segments by using a message digest algorithm; the data information includes a key of the second encryption algorithm and at least one of:
n data segments corresponding to the N data segments,
n data segment initial values corresponding to the N data segments,
and the offsets of the N data segments corresponding to the N data segments.
4. The encryption method according to claim 1, wherein said assembling the remaining M-N data segments into a plaintext data block comprises:
and assembling the residual M-N data segments according to the offset of each data segment to obtain the plaintext data block.
5. The encryption method according to any one of claims 1 to 4, wherein before the data to be encrypted is divided into M data segments, the encryption method further comprises:
the value of M is randomly generated, and the value of N is randomly generated within a range of [1, M ].
6. The encryption method according to any one of claims 1 to 4, wherein before the data to be encrypted is divided into M data segments, the encryption method further comprises:
acquiring an M value input by a user, and displaying the M value to the user, wherein the serial numbers of the M icons are different from each other;
acquiring the selection of the M icons by the user, and acquiring the number N of the icons selected by the user and the respective serial numbers of the N icons;
and the respective serial numbers of the N icons correspond to the serial numbers of the data segments needing to be encrypted.
7. A hybrid data encryption device, the encryption device comprising:
the segmentation module is used for segmenting data to be encrypted into M data segments;
the selection module is used for selecting N data segments in the M data segments, wherein N is less than or equal to M;
the encryption module is used for encrypting the N data segments into an encrypted text according to a preset second encryption algorithm; the method comprises the following steps: adding the offset of the data segment corresponding to each data segment to the front part of each data segment in the N data segments to obtain N new data blocks; encrypting the N new data blocks by using the second encryption algorithm to obtain the encrypted text;
the plaintext module is used for assembling the remaining M-N data segments into plaintext data blocks;
the signature calculation module is used for calculating a signature based on the data information of the N data segments;
and the combination module is used for combining the encrypted text, the data information, the signature and the plaintext data block to obtain encrypted data.
8. A data hybrid encryption device is characterized by comprising at least one processor, at least one memory and a bus, wherein the memory and the bus are connected with the processor; the processor and the memory complete mutual communication through the bus; the processor is configured to call program instructions in the memory to perform the data hybrid encryption method of any one of claims 1 to 6.
9. A storage medium having stored thereon computer program instructions which, when executed by a processor, implement the data hybrid encryption method of any one of claims 1 to 6.
CN202010071628.6A 2020-01-21 2020-01-21 Data hybrid encryption method, device and equipment Active CN113225297B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010071628.6A CN113225297B (en) 2020-01-21 2020-01-21 Data hybrid encryption method, device and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010071628.6A CN113225297B (en) 2020-01-21 2020-01-21 Data hybrid encryption method, device and equipment

Publications (2)

Publication Number Publication Date
CN113225297A CN113225297A (en) 2021-08-06
CN113225297B true CN113225297B (en) 2023-02-17

Family

ID=77085311

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010071628.6A Active CN113225297B (en) 2020-01-21 2020-01-21 Data hybrid encryption method, device and equipment

Country Status (1)

Country Link
CN (1) CN113225297B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113660234A (en) * 2021-08-10 2021-11-16 中和易茂科技服务(北京)有限公司 Data encryption transmission and decryption method, memory and processor
CN114679254A (en) * 2022-05-30 2022-06-28 深圳联友科技有限公司 Plaintext processing method and device and terminal equipment
CN115378590B (en) * 2022-10-27 2023-02-07 国网浙江义乌市供电有限公司 Energy data safe storage method and system based on block chain
CN117135624A (en) * 2023-10-27 2023-11-28 中国铁道科学研究院集团有限公司通信信号研究所 Vehicle-mounted data wireless downloading method and system based on hybrid encryption and decryption algorithm

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101882995B (en) * 2009-05-06 2013-08-07 中兴通讯股份有限公司 Data sending, receiving and transmitting method and device thereof
CN103345609B (en) * 2013-06-06 2016-08-10 深圳市大成天下信息技术有限公司 A kind of text encipher-decipher method and encryption and decryption equipment
CN106257858A (en) * 2015-06-19 2016-12-28 中兴通讯股份有限公司 The data ciphering method of a kind of remote storage device, Apparatus and system
CN107193686A (en) * 2016-03-15 2017-09-22 伊姆西公司 Method and apparatus for data backup
CN107733904A (en) * 2017-10-24 2018-02-23 郑州云海信息技术有限公司 A kind of method, apparatus and platform of virtual-machine data encryption and decryption
CN109784071A (en) * 2018-12-28 2019-05-21 易票联支付有限公司 A kind of encryption method of picture, decryption method and processing system

Also Published As

Publication number Publication date
CN113225297A (en) 2021-08-06

Similar Documents

Publication Publication Date Title
CN113225297B (en) Data hybrid encryption method, device and equipment
WO2021239059A1 (en) Key rotation method, device, electronic apparatus, and medium
EP3134994B1 (en) Method of obfuscating data
CN109543434B (en) Block chain information encryption method, decryption method, storage method and device
CN111245597A (en) Key management method, system and equipment
CN103067160A (en) Method and system of generation of dynamic encrypt key of encryption secure digital memory card (SD)
CN112804133B (en) Encryption group chat method and system based on blockchain technology
CN111404892B (en) Data supervision method and device and server
JPWO2020165932A1 (en) Information processing equipment, secret calculation method and program
CN114417364A (en) Data encryption method, federal modeling method, apparatus and computer device
CN111246407B (en) Data encryption and decryption method and device for short message transmission
CN113688399A (en) Firmware digital signature protection method and device, computer equipment and storage medium
CN111245771A (en) Instant message encryption and decryption method, device, equipment and storage medium
CN117240625B (en) Tamper-resistant data processing method and device and electronic equipment
CN108234466A (en) Information encryption communication method, device, computing device and storage medium
CN117201120A (en) Information encryption method, device, computer equipment and storage medium
CN108964899B (en) Method and device for timing encryption of dynamic formula and multiple synchronous dynamic passwords
CN113542187A (en) File uploading and downloading method and device, computer device and medium
CN111949996A (en) Generation method, encryption method, system, device and medium of security private key
CN112039921B (en) Verification method for parking access, parking user terminal and node server
CN114553557A (en) Key calling method, key calling device, computer equipment and storage medium
CN116032509A (en) Mail encryption and decryption method and device
CN113672954A (en) Feature extraction method and device and electronic equipment
CN106487509A (en) A kind of method for generating key and host equipment
CN106998250A (en) The method that mobile phone dynamically manages computer operating system login password

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant