CN113301027A - Encrypted data transmission system and method based on e-mail - Google Patents
Encrypted data transmission system and method based on e-mail Download PDFInfo
- Publication number
- CN113301027A CN113301027A CN202110516638.0A CN202110516638A CN113301027A CN 113301027 A CN113301027 A CN 113301027A CN 202110516638 A CN202110516638 A CN 202110516638A CN 113301027 A CN113301027 A CN 113301027A
- Authority
- CN
- China
- Prior art keywords
- key
- encryption algorithm
- file key
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/42—Mailbox-related aspects, e.g. synchronisation of mailboxes
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention belongs to the technical field of e-mail transmission, and provides an e-mail-based encrypted data transmission system and method, wherein the system comprises: the system comprises a key pair generation module, an issuing module, a ciphertext file key generation module, a primary plaintext file key extraction module, an encryption key generation module, an encryption module, a sending module, a synchronization module, a unique address generation module, a judgment module, a secondary plaintext file key extraction module, a decryption key generation module and a decryption module; the method comprises the following steps: generating a public key and a private key of an asymmetric encryption algorithm; issuing a public key and a private key of an asymmetric encryption algorithm to a security center; generating a cipher text file key; and performing plaintext file key extraction once. The encrypted data transmission system and method based on the e-mail ensure the safety of the e-mail in the transmission process and prevent the e-mail information from being revealed and tampered; the cross-domain withdrawal of the mail is realized, and the friendliness and convenience of user operation are improved.
Description
Technical Field
The invention relates to the technical field of e-mail transmission, in particular to an encrypted data transmission system and method based on e-mails.
Background
Electronic mail is a communication method for providing information exchange by electronic means, and is the most widely used service of the internet. Through the e-mail system of the network, the user can contact with the network user at any corner of the world in a very quick way (the user can send the E-mail to any specified destination in the world within a few seconds) at very low cost (the user only needs to bear the internet fee regardless of the sending position), and the existence of the e-mail greatly facilitates the communication between people and promotes the development of the society.
In the existing transmission process of the electronic mail, a sending end directly sends the plaintext content of the mail to a receiving end, if the electronic mail is intercepted or stolen, the danger of information leakage and tampering exists, and the electronic mail has great potential safety hazard; in addition, the sent e-mail can only be withdrawn from the mailbox in the mail system, and the e-mail cannot be withdrawn from the mailbox outside the mail system, so that the use limitation exists.
Disclosure of Invention
Aiming at the defects in the prior art, the encrypted data transmission system and method based on the e-mail ensure the safety in the mail transmission process and prevent the mail information from being leaked and tampered; the cross-domain withdrawal of the mail is realized, and the friendliness and convenience of user operation are improved.
In order to solve the technical problems, the invention provides the following technical scheme:
an e-mail based encrypted data transmission system comprising:
the key pair generation module is used for generating a public key and a private key of the security center asymmetric encryption algorithm, a public key and a private key of the sending end symmetric encryption algorithm and a public key and a private key of the receiving end asymmetric encryption algorithm;
the issuing module is used for issuing the public key and the private key of the asymmetric encryption algorithm of the security center, the public key and the private key of the symmetric encryption algorithm of the sending end and the public key and the private key of the asymmetric encryption algorithm of the receiving end to the security center, issuing the public key and the private key of the symmetric encryption algorithm of the sending end to the sending end and issuing the public key and the private key of the asymmetric encryption algorithm of the receiving end to the receiving end;
the ciphertext file key generating module is used for generating a ciphertext file key according to a public key of an asymmetric encryption algorithm of the security center;
the primary plaintext file key extraction module is used for extracting a primary plaintext file key according to a private key of the asymmetric encryption algorithm of the sending end;
the encryption key generation module is used for generating an encryption key of the mail from the acquired primary plaintext file key according to an encryption key generation rule;
the encryption module is used for encrypting the mail content by taking the encryption key as the encryption key of a symmetric encryption algorithm;
a sending module, which is used for sending the encrypted mail content;
a synchronization module for synchronizing mail status;
the unique address generating module is used for generating a unique address of the mail content according to the mail state and the generating rule of the unique address;
the judging module is used for judging the state of the unique address;
the secondary plaintext file key extraction module is used for extracting a secondary plaintext file key according to a private key of an asymmetric encryption algorithm of a receiving end under the condition that the unique address is effective;
the decryption key generation module is used for generating a decryption key of the mail from the acquired secondary plaintext file key according to a decryption key generation rule;
and the decryption module is used for decrypting the mail content by taking the decryption key as the decryption key of the symmetric encryption algorithm.
Further, the ciphertext file key generating module includes:
the plaintext file key generation module is used for generating a plaintext file key through a hash algorithm of the security center;
the system comprises a plaintext file key encryption module based on a security center, a ciphertext file key generation module and a ciphertext file key generation module, wherein the plaintext file key encryption module is used for encrypting a plaintext file key through a public key of an asymmetric encryption algorithm of the security center to obtain a ciphertext file key;
and the storage module is used for storing the cipher text file key.
Further, the once plaintext file key extraction module includes:
the primary ciphertext file key decryption module is used for decrypting the stored ciphertext file key for the first time through a private key of an asymmetric encryption algorithm of the security center to obtain a stored plaintext file key;
the plaintext file key encryption module is used for encrypting the stored plaintext file key through a public key of an asymmetric encryption algorithm of the sending end to obtain a ciphertext file key to be sent;
the cipher text file key sending module is used for sending the cipher text file key;
and the ciphertext file key decryption module based on the sending end is used for decrypting the received ciphertext file key through the private key of the asymmetric encryption algorithm of the sending end to obtain a once-extracted plaintext file key.
Further, the secondary plaintext file key extraction module includes:
the secondary ciphertext file key decryption module is used for secondarily decrypting the stored ciphertext file key through a private key of an asymmetric encryption algorithm of the security center to obtain a stored plaintext file key;
a plaintext file key encryption module based on the receiving end, which is used for encrypting the stored plaintext file key through a public key of an asymmetric encryption algorithm of the receiving end to obtain a ciphertext file key to be sent;
a ciphertext file key sending module based on a receiving end, which is used for sending a ciphertext file key;
and the receiving end-based ciphertext file key decryption module is used for decrypting the received ciphertext file key through a private key of an asymmetric encryption algorithm of the receiving end to obtain a secondarily extracted plaintext file key.
The invention also provides an encrypted data transmission method based on the e-mail, which comprises the following steps:
generating a public key and a private key of a security center asymmetric encryption algorithm, a public key and a private key of a sending end symmetric encryption algorithm and a public key and a private key of a receiving end asymmetric encryption algorithm;
issuing a public key and a private key of an asymmetric encryption algorithm of a security center, a public key and a private key of a symmetric encryption algorithm of a sending end and a public key and a private key of an asymmetric encryption algorithm of a receiving end to the security center, issuing the public key and the private key of the symmetric encryption algorithm of the sending end to the sending end, and issuing the public key and the private key of the asymmetric encryption algorithm of the receiving end to the receiving end;
generating a cipher text file key according to a public key of an asymmetric encryption algorithm of a security center;
performing plaintext file key extraction once according to a private key of the asymmetric encryption algorithm of the sending end;
generating an encryption key of the mail by the acquired primary plaintext file key according to an encryption key generation rule;
encrypting the mail content by taking the encryption key as an encryption key of a symmetric encryption algorithm;
sending the encrypted mail content;
synchronizing the mail state;
generating a unique address of the mail content according to the mail state and the generating rule of the unique address;
judging the state of the unique address;
under the condition that the unique address is effective, extracting a secondary plaintext file key according to a private key of an asymmetric encryption algorithm of a receiving end;
generating a decryption key of the mail by the acquired secondary plaintext file key according to a decryption key generation rule;
and the decryption key is used as the decryption key of the symmetric encryption algorithm to decrypt the mail content.
Further, the process of generating the ciphertext file key includes:
generating a plaintext file key through a hash algorithm of a security center;
encrypting a plaintext file key through a public key of an asymmetric encryption algorithm of a security center to obtain a ciphertext file key;
and storing the cipher text file key.
Further, the process of performing plaintext file key extraction once includes:
decrypting the stored cipher text file key once through a private key of an asymmetric encryption algorithm of the security center to obtain a stored plaintext file key;
encrypting the stored plaintext file key through a public key of an asymmetric encryption algorithm of a sending end to obtain a ciphertext file key to be sent;
sending the cipher text file key;
and decrypting the received ciphertext file key by using a private key of an asymmetric encryption algorithm of the sending end to obtain a once-extracted plaintext file key.
Further, the process of performing secondary plaintext file key extraction under the condition that the unique address is valid includes:
carrying out secondary decryption on the stored ciphertext file key through a private key of an asymmetric encryption algorithm of the security center to obtain a stored plaintext file key;
encrypting the stored plaintext file key through a public key of an asymmetric encryption algorithm of a receiving end to obtain a ciphertext file key to be sent;
sending the cipher text file key;
and decrypting the received ciphertext file key by using a private key of an asymmetric encryption algorithm of the receiving end to obtain a plaintext file key extracted twice.
According to the technical scheme, the invention has the beneficial effects that: the method comprises the steps that a ciphertext file key is generated through a ciphertext file key generation module, a plaintext file key extraction module carries out plaintext file key extraction once, after an encryption key of a mail is generated, the mail content is encrypted and sent, a unique address is generated at the same time, under the condition that the unique address is effective, a plaintext file key extraction module carries out plaintext file key extraction twice, after a decryption key of the mail is generated, the mail content is decrypted, the safety in the mail transmission process is guaranteed, and mail information is prevented from being leaked and tampered; if the mail is withdrawn, the unique address is generated through the withdrawal state of the mail, at the moment, the unique address is in an invalid state, and the secondary plaintext file key cannot be extracted through the secondary plaintext file key extraction module, so that the content of the mail cannot be read no matter the mailbox in the mail system and the mailbox outside the mail system, cross-domain withdrawal of the mail is realized, and the friendliness and convenience of user operation are improved.
Drawings
In order to more clearly illustrate the detailed description of the invention or the technical solutions in the prior art, the drawings that are needed in the detailed description of the invention or the prior art will be briefly described below. Throughout the drawings, like elements or portions are generally identified by like reference numerals. In the drawings, elements or portions are not necessarily drawn to scale.
FIG. 1 is a block diagram of the system of the present invention;
FIG. 2 is a flow chart of the method of the present invention.
Detailed Description
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings. The following examples are only for illustrating the technical solutions of the present invention more clearly, and therefore are only examples, and the protection scope of the present invention is not limited thereby.
Referring to fig. 1, the encrypted data transmission system based on the e-mail provided in this embodiment includes a key pair generation module, an issuing module, a ciphertext file key generation module, a primary plaintext file key extraction module, an encryption key generation module, an encryption module, a sending module, a synchronization module, a unique address generation module, a judgment module, a secondary plaintext file key extraction module, a decryption key generation module, and a decryption module.
The key pair generation module is used for generating a public key and a private key of a security center asymmetric encryption algorithm, a public key and a private key of a sending end symmetric encryption algorithm and a public key and a private key of a receiving end asymmetric encryption algorithm, wherein the asymmetric encryption algorithm can be an international encryption algorithm or a national encryption algorithm, for example, an SHA1 encryption algorithm in the international encryption algorithm or an SM2 encryption algorithm in the national encryption algorithm is selected.
The issuing module is used for issuing the public key and the private key of the asymmetric encryption algorithm of the security center, the public key and the private key of the symmetric encryption algorithm of the sending end and the public key and the private key of the asymmetric encryption algorithm of the receiving end to the security center, issuing the public key and the private key of the symmetric encryption algorithm of the sending end to the sending end and issuing the public key and the private key of the asymmetric encryption algorithm of the receiving end to the receiving end.
The ciphertext file key generating module is used for generating a ciphertext file key according to a public key of an asymmetric encryption algorithm of the security center, and when an SHA1 encryption algorithm is selected, the ciphertext file key is generated through the public key of the SHA 1; when the SM2 encryption algorithm is selected, a ciphertext file key is generated through the public key of the SM2, and the security of the ciphertext file key is enhanced.
The primary plaintext file key extraction module is used for extracting a plaintext file key according to a private key of the transmitting end asymmetric encryption algorithm, and when the SHA1 encryption algorithm is selected, the private key of the transmitting end asymmetric encryption algorithm is the private key of the SHA 1; when the SM2 encryption algorithm is selected, the private key of the asymmetric encryption algorithm of the transmitting end is the private key of the SM 2.
The encryption key generation module is used for generating an encryption key of the mail according to the encryption key generation rule by using the acquired primary plaintext file key, and the encryption key generation rule combines the acquired primary plaintext file key, the mailbox account number for sending the mail and the time for sending the mail to form the encryption key of the mail.
The encryption module is used for encrypting the mail content by taking the encryption key as the encryption key of a symmetric encryption algorithm, and when the international encryption algorithm is selected, the symmetric encryption algorithm selects an AES encryption algorithm; when the national encryption algorithm is selected, the symmetric encryption algorithm selects the SM4 encryption algorithm, so that the security of the mail in the transmission process is ensured, and the mail information is prevented from being leaked and tampered.
And the sending module is used for sending the encrypted mail content.
The synchronization module is used for synchronizing the mail state, and the mail state comprises a delivery state after transmission and a withdrawal state after transmission.
The unique address generation module is used for generating a unique address of mail content according to a mail state and a unique address generation rule, wherein the unique address generation rule is that a public domain name, a security center login account and a mail unique identifier are combined to form the unique address, the security center login account is an account which is registered in advance by a user, and when the mail is in a delivery state, the mail unique identifier is 1, namely the mail is in an effective state; when the mail is in the withdrawing state, the mail unique identifier is 0, namely the mail is in the invalid state.
The judging module is used for judging the state of the unique address, and when the unique identifier of the mail in the unique address is 1, the unique address is in an effective state; when the unique identifier of the mail in the unique address is 0, the unique address is in an invalid state, and the secondary plaintext file key cannot be extracted through the secondary plaintext file key extraction module, so that the content of the mail cannot be read no matter in a mailbox in the mail system or a mailbox outside the mail system, cross-domain withdrawal of the mail is realized, and the friendliness and convenience of user operation are improved.
The secondary plaintext file key extraction module is used for extracting a secondary plaintext file key according to a private key of an asymmetric encryption algorithm of the receiving terminal under the condition that the unique address is effective, and when an SHA1 encryption algorithm is selected, the private key of the asymmetric encryption algorithm of the receiving terminal is the private key of SHA 1; when the SM2 encryption algorithm is selected, the private key of the asymmetric encryption algorithm at the receiving end is the private key of the SM 2.
The decryption key generation module is used for generating a decryption key of the mail according to the obtained secondary plaintext file key and a decryption key generation rule, wherein the decryption key generation rule is used for combining the obtained secondary plaintext file key, a mailbox account number for sending the mail and the time for sending the mail to form a decryption key of the mail, and the mailbox account number for sending the mail and the time for sending the mail can be directly obtained from the received mail.
The decryption module is used for decrypting the mail content by taking the decryption key as the decryption key of the symmetric encryption algorithm, and when the international encryption algorithm is selected, the symmetric encryption algorithm selects the AES encryption algorithm; when selecting a national encryption algorithm, the symmetric encryption algorithm selects the SM4 encryption algorithm.
In this embodiment, the ciphertext file key generation module includes a plaintext file key generation module, a plaintext file key encryption module based on a security center, and a storage module.
The plaintext file key generation module is used for generating a plaintext file key through a hash algorithm of the security center, and when the international encryption algorithm is selected, the hash algorithm can select an MD5 encryption algorithm; when the national encryption algorithm is selected, the hash algorithm selects the SM3 encryption algorithm.
And the plaintext file key encryption module based on the security center is used for encrypting the plaintext file key through the public key of the asymmetric encryption algorithm of the security center to obtain the ciphertext file key.
The storage module is used for storing the cipher text file key, and the security of the cipher text file key in the process of confidentiality is improved.
In this embodiment, the primary plaintext file key extraction module includes a primary ciphertext file key decryption module, a plaintext file key encryption module based on the sending end, a ciphertext file key sending module based on the sending end, and a ciphertext file key decryption module based on the sending end.
The primary ciphertext file key decryption module is used for decrypting the stored ciphertext file key once through the private key of the asymmetric encryption algorithm of the security center to obtain the stored plaintext file key, namely performing primary decryption through the private key of the asymmetric encryption algorithm SHA1 or SM2 of the security center.
The plaintext file key encryption module based on the sending end is used for encrypting the stored plaintext file key through the public key of the asymmetric encryption algorithm of the sending end to obtain a ciphertext file key to be sent, namely encrypting through the public key of the asymmetric encryption algorithm SHA1 or SM2 of the sending end to ensure the safety of sending the ciphertext file key to the sending end.
And the ciphertext file key sending module based on the sending end is used for sending the ciphertext file key.
The ciphertext file key decryption module based on the sending end is used for decrypting the received ciphertext file key through the private key of the asymmetric encryption algorithm of the sending end to obtain a plaintext file key extracted once, and when the sending end receives the ciphertext file key, the ciphertext file key is decrypted through the private key of the asymmetric encryption algorithm SHA1 or SM2 of the sending end.
In this embodiment, the secondary plaintext file key extraction module includes a secondary ciphertext file key decryption module, a plaintext file key encryption module based on the receiving end, a ciphertext file key transmission module based on the receiving end, and a ciphertext file key decryption module based on the receiving end.
The secondary ciphertext file key decryption module is used for secondarily decrypting the stored ciphertext file key through the private key of the asymmetric encryption algorithm of the security center to obtain the stored plaintext file key, namely secondarily decrypting through the private key of the asymmetric encryption algorithm SHA1 or SM2 of the security center.
The plaintext file key encryption module based on the receiving end is used for encrypting the stored plaintext file key through the public key of the asymmetric encryption algorithm of the receiving end to obtain a ciphertext file key to be sent, namely encrypting through the public key of the asymmetric encryption algorithm SHA1 or SM2 of the receiving end to ensure the safety of sending the ciphertext file key to the receiving end.
And the ciphertext file key sending module based on the receiving end is used for sending the ciphertext file key.
The receiving end-based ciphertext file key decryption module is used for decrypting the received ciphertext file key through the private key of the asymmetric encryption algorithm of the receiving end to obtain a plaintext file key extracted twice, and when the receiving end receives the ciphertext file key, the receiving end decrypts the ciphertext file key through the private key of the asymmetric encryption algorithm SHA1 or SM2 of the receiving end.
Referring to fig. 2, an e-mail-based encrypted data transmission method includes:
and generating a public key and a private key of the asymmetric encryption algorithm of the security center, a public key and a private key of the symmetric encryption algorithm of the sending terminal and a public key and a private key of the asymmetric encryption algorithm of the receiving terminal, wherein the asymmetric encryption algorithm can be an international encryption algorithm or a national encryption algorithm, for example, an SHA1 encryption algorithm in the international encryption algorithm or an SM2 encryption algorithm in the national encryption algorithm is selected.
The public key and the private key of the asymmetric encryption algorithm of the security center, the public key and the private key of the symmetric encryption algorithm of the sending end and the public key and the private key of the asymmetric encryption algorithm of the receiving end are issued to the security center, the public key and the private key of the symmetric encryption algorithm of the sending end are issued to the sending end, and the public key and the private key of the asymmetric encryption algorithm of the receiving end are issued to the receiving end.
Generating a cipher text file key according to a public key of an asymmetric encryption algorithm of the security center, and generating the cipher text file key through the public key of SHA1 when an SHA1 encryption algorithm is selected; when the SM2 encryption algorithm is selected, a ciphertext file key is generated through the public key of the SM2, and the security of the ciphertext file key is enhanced.
Performing plaintext file key extraction once according to a private key of a sending-end asymmetric encryption algorithm, wherein when an SHA1 encryption algorithm is selected, the private key of the sending-end asymmetric encryption algorithm is the private key of SHA 1; when the SM2 encryption algorithm is selected, the private key of the asymmetric encryption algorithm of the transmitting end is the private key of the SM 2.
And generating an encryption key of the mail by the acquired primary plaintext file key according to an encryption key generation rule, wherein the encryption key generation rule combines the acquired primary plaintext file key, a mailbox account number for sending the mail and the time for sending the mail to form the encryption key of the mail.
Encrypting the mail content by taking the encryption key as an encryption key of a symmetric encryption algorithm, and selecting an AES (advanced encryption standard) encryption algorithm by the symmetric encryption algorithm when the international encryption algorithm is selected; when the national encryption algorithm is selected, the symmetric encryption algorithm selects the SM4 encryption algorithm, so that the security of the mail in the transmission process is ensured, and the mail information is prevented from being leaked and tampered.
And sending the encrypted mail content.
And synchronizing the mail state, wherein the mail state comprises a delivery state after transmission and a withdrawal state after transmission.
Generating a unique address of mail content according to a unique address generation rule by the mail state, wherein the unique address generation rule is that a public domain name, a security center login account and a mail unique identifier are combined to form a unique address, the security center login account is an account pre-registered by a user, and when the mail is in a delivery state, the mail unique identifier is 1, namely the mail is in an effective state; when the mail is in the withdrawing state, the mail unique identifier is 0, namely the mail is in the invalid state.
Judging the state of the unique address, wherein when the unique identifier of the mail in the unique address is 1, the unique address is in an effective state; when the unique identifier of the mail in the unique address is 0, the unique address is in an invalid state, and the secondary plaintext file key cannot be extracted through the secondary plaintext file key extraction module, so that the content of the mail cannot be read no matter in a mailbox in the mail system or a mailbox outside the mail system, cross-domain withdrawal of the mail is realized, and the friendliness and convenience of user operation are improved.
Under the condition that the unique address is effective, secondary plaintext file key extraction is carried out according to a private key of an asymmetric encryption algorithm of the receiving end, and when an SHA1 encryption algorithm is selected, the private key of the asymmetric encryption algorithm of the receiving end is the private key of SHA 1; when the SM2 encryption algorithm is selected, the private key of the asymmetric encryption algorithm at the receiving end is the private key of the SM 2.
And generating a decryption key of the mail according to the acquired secondary plaintext file key and a decryption key generation rule, wherein the decryption key generation rule is that the acquired secondary plaintext file key, a mailbox account number for sending the mail and the time for sending the mail are combined to form the decryption key of the mail, and the mailbox account number for sending the mail and the time for sending the mail can be directly acquired from the received mail.
The decryption key is used as a decryption key of a symmetric encryption algorithm to decrypt the mail content, and when the international encryption algorithm is selected, the symmetric encryption algorithm selects an AES encryption algorithm; when selecting a national encryption algorithm, the symmetric encryption algorithm selects the SM4 encryption algorithm.
In this embodiment, the process of generating the ciphertext file key includes:
generating a plaintext file key through a hash algorithm of a security center, wherein the hash algorithm can select an MD5 encryption algorithm; when the national encryption algorithm is selected, the hash algorithm selects the SM3 encryption algorithm.
And encrypting the plaintext file key through the public key of the asymmetric encryption algorithm of the security center to obtain the ciphertext file key.
And the cipher text file key is stored, so that the security of the cipher text file key in the process of confidentiality is improved.
In this embodiment, the process of performing plaintext file key extraction once includes:
and decrypting the stored cipher text file key once through the private key of the asymmetric encryption algorithm of the security center to obtain the stored plaintext file key, namely decrypting once through the private key of the asymmetric encryption algorithm SHA1 or SM2 of the security center.
The stored plaintext file key is encrypted through the public key of the asymmetric encryption algorithm of the sending end to obtain a ciphertext file key to be sent, namely, the public key of the asymmetric encryption algorithm SHA1 or SM2 of the sending end is used for encrypting to ensure the safety of the ciphertext file key when the ciphertext file key is sent to the sending end.
And sending the cipher text file key.
And decrypting the received ciphertext file key by using the private key of the asymmetric encryption algorithm of the sending end to obtain a plaintext file key extracted once, and decrypting the ciphertext file key by using the private key of the asymmetric encryption algorithm SHA1 or SM2 of the sending end when the sending end receives the ciphertext file key.
In this embodiment, the process of performing secondary plaintext file key extraction when the unique address is valid includes:
and secondarily decrypting the stored cipher text file key by using the private key of the asymmetric encryption algorithm of the security center to obtain the stored plaintext file key, namely secondarily decrypting by using the private key of the asymmetric encryption algorithm SHA1 or SM2 of the security center.
The stored plaintext file key is encrypted through the public key of the asymmetric encryption algorithm of the receiving end to obtain a ciphertext file key to be sent, namely, the public key of the asymmetric encryption algorithm SHA1 or SM2 of the receiving end is used for encrypting to ensure the safety of the ciphertext file key when the ciphertext file key is sent to the receiving end.
And sending the cipher text file key.
And decrypting the received ciphertext file key by using the private key of the asymmetric encryption algorithm of the receiving terminal to obtain a plaintext file key extracted twice, and decrypting the ciphertext file key by using the private key of the asymmetric encryption algorithm SHA1 or SM2 of the receiving terminal when the receiving terminal receives the ciphertext file key.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; such modifications and substitutions do not depart from the spirit and scope of the present invention, and they should be construed as being included in the following claims and description.
Claims (8)
1. An encrypted data transmission system based on electronic mail, comprising:
the key pair generation module is used for generating a public key and a private key of the security center asymmetric encryption algorithm, a public key and a private key of the sending end symmetric encryption algorithm and a public key and a private key of the receiving end asymmetric encryption algorithm;
the issuing module is used for issuing the public key and the private key of the asymmetric encryption algorithm of the security center, the public key and the private key of the symmetric encryption algorithm of the sending end and the public key and the private key of the asymmetric encryption algorithm of the receiving end to the security center, issuing the public key and the private key of the symmetric encryption algorithm of the sending end to the sending end and issuing the public key and the private key of the asymmetric encryption algorithm of the receiving end to the receiving end;
the ciphertext file key generating module is used for generating a ciphertext file key according to a public key of an asymmetric encryption algorithm of the security center;
the primary plaintext file key extraction module is used for extracting a primary plaintext file key according to a private key of the asymmetric encryption algorithm of the sending end;
the encryption key generation module is used for generating an encryption key of the mail from the acquired primary plaintext file key according to an encryption key generation rule;
the encryption module is used for encrypting the mail content by taking the encryption key as the encryption key of a symmetric encryption algorithm;
a sending module, which is used for sending the encrypted mail content;
a synchronization module for synchronizing mail status;
the unique address generating module is used for generating a unique address of the mail content according to the mail state and the generating rule of the unique address;
the judging module is used for judging the state of the unique address;
the secondary plaintext file key extraction module is used for extracting a secondary plaintext file key according to a private key of an asymmetric encryption algorithm of a receiving end under the condition that the unique address is effective;
the decryption key generation module is used for generating a decryption key of the mail from the acquired secondary plaintext file key according to a decryption key generation rule;
and the decryption module is used for decrypting the mail content by taking the decryption key as the decryption key of the symmetric encryption algorithm.
2. The system of claim 1, wherein the ciphertext file key generation module comprises:
the plaintext file key generation module is used for generating a plaintext file key through a hash algorithm of the security center;
the system comprises a plaintext file key encryption module based on a security center, a ciphertext file key generation module and a ciphertext file key generation module, wherein the plaintext file key encryption module is used for encrypting a plaintext file key through a public key of an asymmetric encryption algorithm of the security center to obtain a ciphertext file key;
and the storage module is used for storing the cipher text file key.
3. The encrypted e-mail-based data transmission system according to claim 2, wherein said once plaintext file key extraction module comprises:
the primary ciphertext file key decryption module is used for decrypting the stored ciphertext file key for the first time through a private key of an asymmetric encryption algorithm of the security center to obtain a stored plaintext file key;
the plaintext file key encryption module is used for encrypting the stored plaintext file key through a public key of an asymmetric encryption algorithm of the sending end to obtain a ciphertext file key to be sent;
the cipher text file key sending module is used for sending the cipher text file key;
and the ciphertext file key decryption module based on the sending end is used for decrypting the received ciphertext file key through the private key of the asymmetric encryption algorithm of the sending end to obtain a once-extracted plaintext file key.
4. The encrypted e-mail-based data transmission system according to claim 2, wherein the secondary clear text file key extraction module comprises:
the secondary ciphertext file key decryption module is used for secondarily decrypting the stored ciphertext file key through a private key of an asymmetric encryption algorithm of the security center to obtain a stored plaintext file key;
a plaintext file key encryption module based on the receiving end, which is used for encrypting the stored plaintext file key through a public key of an asymmetric encryption algorithm of the receiving end to obtain a ciphertext file key to be sent;
a ciphertext file key sending module based on a receiving end, which is used for sending a ciphertext file key;
and the receiving end-based ciphertext file key decryption module is used for decrypting the received ciphertext file key through a private key of an asymmetric encryption algorithm of the receiving end to obtain a secondarily extracted plaintext file key.
5. An encrypted data transmission method based on an e-mail is characterized by comprising the following steps:
generating a public key and a private key of a security center asymmetric encryption algorithm, a public key and a private key of a sending end symmetric encryption algorithm and a public key and a private key of a receiving end asymmetric encryption algorithm;
issuing a public key and a private key of an asymmetric encryption algorithm of a security center, a public key and a private key of a symmetric encryption algorithm of a sending end and a public key and a private key of an asymmetric encryption algorithm of a receiving end to the security center, issuing the public key and the private key of the symmetric encryption algorithm of the sending end to the sending end, and issuing the public key and the private key of the asymmetric encryption algorithm of the receiving end to the receiving end;
generating a cipher text file key according to a public key of an asymmetric encryption algorithm of a security center;
performing plaintext file key extraction once according to a private key of the asymmetric encryption algorithm of the sending end;
generating an encryption key of the mail by the acquired primary plaintext file key according to an encryption key generation rule;
encrypting the mail content by taking the encryption key as an encryption key of a symmetric encryption algorithm;
sending the encrypted mail content;
synchronizing the mail state;
generating a unique address of the mail content according to the mail state and the generating rule of the unique address;
judging the state of the unique address;
under the condition that the unique address is effective, extracting a secondary plaintext file key according to a private key of an asymmetric encryption algorithm of a receiving end;
generating a decryption key of the mail by the acquired secondary plaintext file key according to a decryption key generation rule;
and the decryption key is used as the decryption key of the symmetric encryption algorithm to decrypt the mail content.
6. The method for transmitting encrypted data based on electronic mail according to claim 5, wherein the process of generating the cipher text file key comprises:
generating a plaintext file key through a hash algorithm of a security center;
encrypting a plaintext file key through a public key of an asymmetric encryption algorithm of a security center to obtain a ciphertext file key;
and storing the cipher text file key.
7. The method of claim 6, wherein the process of performing a plaintext file key extraction comprises:
decrypting the stored cipher text file key once through a private key of an asymmetric encryption algorithm of the security center to obtain a stored plaintext file key;
encrypting the stored plaintext file key through a public key of an asymmetric encryption algorithm of a sending end to obtain a ciphertext file key to be sent;
sending the cipher text file key;
and decrypting the received ciphertext file key by using a private key of an asymmetric encryption algorithm of the sending end to obtain a once-extracted plaintext file key.
8. The method for transmitting encrypted data based on electronic mail according to claim 6, wherein said second plaintext file key extraction in case that the unique address is valid comprises:
carrying out secondary decryption on the stored ciphertext file key through a private key of an asymmetric encryption algorithm of the security center to obtain a stored plaintext file key;
encrypting the stored plaintext file key through a public key of an asymmetric encryption algorithm of a receiving end to obtain a ciphertext file key to be sent;
sending the cipher text file key;
and decrypting the received ciphertext file key by using a private key of an asymmetric encryption algorithm of the receiving end to obtain a plaintext file key extracted twice.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110516638.0A CN113301027B (en) | 2021-05-12 | 2021-05-12 | Encrypted data transmission system and method based on e-mail |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110516638.0A CN113301027B (en) | 2021-05-12 | 2021-05-12 | Encrypted data transmission system and method based on e-mail |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113301027A true CN113301027A (en) | 2021-08-24 |
| CN113301027B CN113301027B (en) | 2023-04-07 |
Family
ID=77321498
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110516638.0A Active CN113301027B (en) | 2021-05-12 | 2021-05-12 | Encrypted data transmission system and method based on e-mail |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113301027B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114024665A (en) * | 2021-09-14 | 2022-02-08 | 天聚地合(苏州)数据股份有限公司 | Random key and card number generation method and device |
| CN114221927A (en) * | 2021-12-17 | 2022-03-22 | 成都国泰网信科技有限公司 | Mail encryption service system and method based on national encryption algorithm |
| CN116032509A (en) * | 2021-10-27 | 2023-04-28 | 中移系统集成有限公司 | Mail encryption and decryption method and device |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2003098869A1 (en) * | 2002-05-06 | 2003-11-27 | Rhandeev Singh | A method of processing electronic mail |
| JP2004078559A (en) * | 2002-08-19 | 2004-03-11 | Nedekkusu:Kk | Encryption mail communication method and encryption mail system |
| CN102170419A (en) * | 2010-02-25 | 2011-08-31 | 北京邮电大学 | A secure mail client system and a method thereof |
| CN106973008A (en) * | 2017-05-26 | 2017-07-21 | 无锡云商通科技有限公司 | A kind of selectivity recalls the implementation method of mail |
| CN107181754A (en) * | 2017-06-06 | 2017-09-19 | 江苏信源久安信息科技有限公司 | A kind of method that many people of network file encryption and decryption mandate are shared |
| US20170364892A1 (en) * | 2001-03-16 | 2017-12-21 | Universal Secure Registry, Llc | Universal secure registry |
| CN108011885A (en) * | 2017-12-07 | 2018-05-08 | 北京科技大学 | A kind of E-mail encryption method and system based on group cipher system |
| CN108737443A (en) * | 2018-06-14 | 2018-11-02 | 北京大学 | A kind of concealment mail address method based on cryptographic algorithm |
| EP3506571A1 (en) * | 2017-12-27 | 2019-07-03 | Netbuilder S.R.L. | System and method for registering an electronic mobile device to a server and automatic process of digital mail room |
| CN111901229A (en) * | 2020-08-06 | 2020-11-06 | 成都卫士通信息产业股份有限公司 | Mail withdrawing method and device, electronic equipment and readable storage medium |
-
2021
- 2021-05-12 CN CN202110516638.0A patent/CN113301027B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170364892A1 (en) * | 2001-03-16 | 2017-12-21 | Universal Secure Registry, Llc | Universal secure registry |
| WO2003098869A1 (en) * | 2002-05-06 | 2003-11-27 | Rhandeev Singh | A method of processing electronic mail |
| JP2004078559A (en) * | 2002-08-19 | 2004-03-11 | Nedekkusu:Kk | Encryption mail communication method and encryption mail system |
| CN102170419A (en) * | 2010-02-25 | 2011-08-31 | 北京邮电大学 | A secure mail client system and a method thereof |
| CN106973008A (en) * | 2017-05-26 | 2017-07-21 | 无锡云商通科技有限公司 | A kind of selectivity recalls the implementation method of mail |
| CN107181754A (en) * | 2017-06-06 | 2017-09-19 | 江苏信源久安信息科技有限公司 | A kind of method that many people of network file encryption and decryption mandate are shared |
| CN108011885A (en) * | 2017-12-07 | 2018-05-08 | 北京科技大学 | A kind of E-mail encryption method and system based on group cipher system |
| EP3506571A1 (en) * | 2017-12-27 | 2019-07-03 | Netbuilder S.R.L. | System and method for registering an electronic mobile device to a server and automatic process of digital mail room |
| CN108737443A (en) * | 2018-06-14 | 2018-11-02 | 北京大学 | A kind of concealment mail address method based on cryptographic algorithm |
| CN111901229A (en) * | 2020-08-06 | 2020-11-06 | 成都卫士通信息产业股份有限公司 | Mail withdrawing method and device, electronic equipment and readable storage medium |
Non-Patent Citations (2)
| Title |
|---|
| 张啸农等: "一种企业安全电子邮件系统的设计与实现", 《计算机技术与发展》 * |
| 张啸农等: "一种企业安全电子邮件系统的设计与实现", 《计算机技术与发展》, no. 10, 10 October 2006 (2006-10-10) * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114024665A (en) * | 2021-09-14 | 2022-02-08 | 天聚地合(苏州)数据股份有限公司 | Random key and card number generation method and device |
| CN116032509A (en) * | 2021-10-27 | 2023-04-28 | 中移系统集成有限公司 | Mail encryption and decryption method and device |
| CN114221927A (en) * | 2021-12-17 | 2022-03-22 | 成都国泰网信科技有限公司 | Mail encryption service system and method based on national encryption algorithm |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113301027B (en) | 2023-04-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113301027B (en) | Encrypted data transmission system and method based on e-mail | |
| CN107888560B (en) | Mail safe transmission system and method for mobile intelligent terminal | |
| US8499156B2 (en) | Method for implementing encryption and transmission of information and system thereof | |
| CA2278670C (en) | Encryption and decryption method and apparatus | |
| CN111464301B (en) | Key management method and system | |
| CN105025019B (en) | A kind of data safety sharing method | |
| CN103546421A (en) | Network work communication security and secrecy system on basis of PKI (public key infrastructure) technology and method for implementing network work communication security and secrecy system | |
| CN107579903B (en) | Picture message secure transmission method and system based on mobile device | |
| CN106605419A (en) | Method and system for secure SMS communications | |
| CN112055022A (en) | High-efficiency and high-security network file transmission double encryption method | |
| CN106549858B (en) | Instant messaging encryption method based on identification password | |
| CN100521600C (en) | Method of ensuring safety of electronic mail | |
| CN102523563B (en) | Multimedia messaging service (MMS) encrypting method based on identity-based cryptograph (IBC) technology | |
| CN111541603B (en) | Independent intelligent safety mail terminal and encryption method | |
| CN104486756A (en) | Encryption and decryption method and system for secret letter short message | |
| KR101513195B1 (en) | Mail forwarding method for enhancing security using gateway sever | |
| JPH0969831A (en) | Cipher communication system | |
| CN110493259A (en) | A kind of encrypting and deciphering system and method ensureing cloud electronic data security | |
| CN108882182B (en) | Short message encryption and decryption device | |
| KR20140033824A (en) | Encryption systems and methods using hash value as symmetric key in the smart device | |
| CN110881019A (en) | Secure communication terminal, secure communication system and communication method thereof | |
| EP3337083A1 (en) | Method for secure management of secrets in a hierarchical multi-tenant environment | |
| CN111541652B (en) | System for improving security of secret information keeping and transmission | |
| CN114172694A (en) | E-mail encryption and decryption method, system and storage medium | |
| CN113656814A (en) | Equipment key safety management method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |