CN113301036A - Communication encryption method and device, equipment and storage medium - Google Patents
Communication encryption method and device, equipment and storage medium Download PDFInfo
- Publication number
- CN113301036A CN113301036A CN202110540713.7A CN202110540713A CN113301036A CN 113301036 A CN113301036 A CN 113301036A CN 202110540713 A CN202110540713 A CN 202110540713A CN 113301036 A CN113301036 A CN 113301036A
- Authority
- CN
- China
- Prior art keywords
- random number
- data
- encrypted
- module
- cryptographic algorithm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000006854 communication Effects 0.000 title claims abstract description 61
- 238000004891 communication Methods 0.000 title claims abstract description 60
- 238000000034 method Methods 0.000 title claims abstract description 42
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 125
- 238000012545 processing Methods 0.000 claims description 10
- 238000004458 analytical method Methods 0.000 claims description 6
- 238000004590 computer program Methods 0.000 claims description 5
- 238000004806 packaging method and process Methods 0.000 claims description 4
- 230000005540 biological transmission Effects 0.000 claims description 2
- 239000000203 mixture Substances 0.000 abstract description 4
- 238000010586 diagram Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000007796 conventional method Methods 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Abstract
The application discloses a communication encryption method, which comprises the steps of obtaining a public key from a server, generating a random number with a fixed length, encrypting request data by using the random number as a secret key and using a symmetric cryptographic algorithm to obtain encrypted request data, encrypting the random number by using an asymmetric cryptographic algorithm corresponding to the public key to obtain an encrypted random number, sending the encrypted random number and the encrypted request data to the server and waiting for receiving encrypted return data. Therefore, the network communication encryption method with the mixture of the asymmetric cryptographic algorithm and the symmetric cryptographic algorithm is adopted, the security of communication data is ensured when the asymmetric cryptographic algorithm and the symmetric cryptographic algorithm are used for encryption, and the performance is ensured by using the symmetric cryptographic algorithm for encryption.
Description
Technical Field
The present disclosure relates to the field of communication encryption technologies, and in particular, to a communication encryption method and apparatus, a device, and a storage medium.
Background
With the rapid development of computer technology, network communication has become an important guarantee for social development. Since there are many sensitive data on the network, even the state is confidential, it is inevitable to attract various human attacks (such as information disclosure, information theft, data tampering, data deletion and addition, computer viruses, etc.) from all over the world. The encryption protection of network communication data has become an essential component of network communication. Currently, there are two main types of network communication data encryption methods: symmetric cryptographic algorithms and asymmetric cryptographic algorithms. The encryption key and the decryption key of the symmetric cryptographic algorithm are the same, the symmetric cryptographic algorithm is simple and quick to use, and the encryption and decryption efficiency is high. The asymmetric cryptographic algorithm has two keys: the public key and the private key are a pair, the public key can be disclosed to the outside, the private key is only used by an owner and is not disclosed, and if the public key is used for encrypting data, the data can be decrypted only by using the corresponding private key; if the data is signed using a private key, the signature can only be verified with the corresponding public key. The asymmetric cryptographic algorithm is high in safety, and data cannot be solved without a secret key even if the data is intercepted in the midway in the encrypted data transmission process.
Existing communication encryption uses one of either asymmetric or symmetric. In the symmetric cryptographic algorithm, because the encryption key and the decryption key are the same, the key needs to be transmitted in the communication process or fixed keys are used at both communication ends, so that the key is easily intercepted or illegally obtained and data is decrypted; in addition, even if the key is not acquired, if a hacker intercepts and acquires a large amount of communication data encrypted by using the same key, the probability that the password is decrypted is relatively high, and thus the data is decrypted. Asymmetric cryptographic algorithms have the disadvantage of being slow and not suitable for large data volume calculations.
Disclosure of Invention
In view of the above, the present disclosure provides a communication encryption method for a client, including:
acquiring a public key from a server;
generating a random number of a fixed length;
encrypting the request data by using the random number as a key and using a symmetric cryptographic algorithm to obtain encrypted request data;
encrypting the random number by using an asymmetric cryptographic algorithm corresponding to the public key to obtain an encrypted random number;
and sending the encrypted random number and the encrypted request data to the server and waiting for receiving encrypted return data.
In one possible implementation manner, the method further includes:
acquiring the encrypted return data from the server;
and decrypting the encrypted return data by using the random number as a key and using a symmetric cryptographic algorithm to obtain the return data.
In one possible implementation, the symmetric cryptographic algorithm includes at least one of 3DES, AES, and SM 4.
In one possible implementation, the asymmetric cryptographic algorithm includes at least one of RSA, SM2, ECC, and DSA;
according to another aspect of the present disclosure, there is provided a communication encryption method for a server, including:
receiving encryption request data and an encryption random number sent by a client;
decrypting the encrypted random number by using a private key of an asymmetric cryptographic algorithm to obtain a random number;
decrypting the encrypted request data by using the random number as a key and using a symmetric cryptographic algorithm to obtain request data;
analyzing and processing the request data to obtain return data;
encrypting the return data by using the symmetric cryptographic algorithm by taking the random number as a key to obtain encrypted return data;
and sending the encrypted return data to the client.
In a possible implementation manner, the analyzing the request data to obtain the return data includes:
acquiring an identifier in the request data;
searching corresponding target data according to the identifier;
and packaging the target data to obtain the return data.
According to another aspect of the present disclosure, there is provided a communication encryption apparatus for a client, characterized by a public key obtaining module, a random number generating module, a symmetric cipher encryption module, an asymmetric cipher encryption module, and a data transmitting module;
the public key acquisition module is configured to acquire a public key from a server;
the random number generation module is configured to generate a random number with a fixed length;
the symmetric cipher encryption module is configured to encrypt request data by using a symmetric cipher algorithm with the random number as a key to obtain encrypted request data;
the asymmetric cipher encryption module is configured to encrypt the random number by using an asymmetric cipher algorithm corresponding to the public key to obtain an encrypted random number;
the data sending module is configured to send the encrypted random number and the encrypted request data to the server and wait for receiving encrypted return data.
According to another aspect of the present disclosure, a communication encryption apparatus for a server is provided, which is characterized by comprising a data receiving module, a first decryption module, a second decryption module, an analysis processing module, a data encryption module and a data returning module;
the data receiving module is configured to receive encrypted request data and an encrypted random number sent by a client;
the first decryption module is configured to decrypt the encrypted random number by using a private key of an asymmetric cryptographic algorithm to obtain a random number;
the second decryption module is configured to decrypt the encrypted request data by using a symmetric cryptographic algorithm with the random number as a key to obtain request data;
the analysis processing module is configured to analyze and process the request data to obtain return data;
the data encryption module is configured to encrypt the return data by using the symmetric cryptographic algorithm with the random number as a key to obtain encrypted return data;
the data return module is configured to send the encrypted return data to the client.
According to another aspect of the present disclosure, there is provided a communication encryption device for a client, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to carry out any of the methods described above when the executable instructions are executed.
According to another aspect of the present disclosure, there is provided a non-transitory computer readable storage medium having computer program instructions stored thereon, wherein the computer program instructions, when executed by a processor, implement the method of any of the preceding claims.
The method comprises the steps of obtaining a public key from a server, generating a random number with a fixed length, encrypting request data by using the random number as a secret key and using a symmetric cryptographic algorithm to obtain encrypted request data, encrypting the random number by using an asymmetric cryptographic algorithm corresponding to the public key to obtain an encrypted random number, sending the encrypted random number and the encrypted request data to the server and waiting for receiving encrypted return data. Therefore, the network communication encryption method with the mixture of the asymmetric cryptographic algorithm and the symmetric cryptographic algorithm is adopted, the security of communication data is ensured when the asymmetric cryptographic algorithm and the symmetric cryptographic algorithm are used for encryption, and the performance is ensured by using the symmetric cryptographic algorithm for encryption.
Other features and aspects of the present disclosure will become apparent from the following detailed description of exemplary embodiments, which proceeds with reference to the accompanying drawings.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate exemplary embodiments, features, and aspects of the disclosure and, together with the description, serve to explain the principles of the disclosure.
Fig. 1 shows a flow chart of a communication encryption method for a client of an embodiment of the present disclosure;
fig. 2 shows a flowchart of a communication encryption method for a server according to an embodiment of the present disclosure;
FIG. 3 illustrates a schematic diagram of a communication encryption method of an embodiment of the present disclosure;
fig. 4 shows a block diagram of a communication encryption apparatus for a client of an embodiment of the present disclosure;
fig. 5 shows a block diagram of a communication encryption apparatus for a server side according to an embodiment of the present disclosure;
fig. 6 shows a block diagram of a communication encryption device for a client according to an embodiment of the present disclosure.
Detailed Description
Various exemplary embodiments, features and aspects of the present disclosure will be described in detail below with reference to the accompanying drawings. In the drawings, like reference numbers can indicate functionally identical or similar elements. While the various aspects of the embodiments are presented in drawings, the drawings are not necessarily drawn to scale unless specifically indicated.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature. In the description of the present invention, "a plurality" means two or more unless specifically defined otherwise.
The word "exemplary" is used exclusively herein to mean "serving as an example, embodiment, or illustration. Any embodiment described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments.
Furthermore, in the following detailed description, numerous specific details are set forth in order to provide a better understanding of the present disclosure. It will be understood by those skilled in the art that the present disclosure may be practiced without some of these specific details. In some instances, methods, means, elements and circuits that are well known to those skilled in the art have not been described in detail so as not to obscure the present disclosure.
Fig. 1 shows a flowchart of a communication encryption method for a client according to an embodiment of the present disclosure.
As shown in fig. 1, the communication encryption method for a client includes:
step S100, obtaining a public key from a server, step S200, generating a random number with a fixed length, step S300, encrypting request data by using a symmetric cryptographic algorithm with the random number as a secret key to obtain encrypted request data, step S400, encrypting the random number by using an asymmetric cryptographic algorithm corresponding to the public key to obtain an encrypted random number, and step S500, sending the encrypted random number and the encrypted request data to the server and waiting for receiving encrypted return data.
The method comprises the steps of obtaining a public key from a server, generating a random number with a fixed length, encrypting request data by using the random number as a secret key and using a symmetric cryptographic algorithm to obtain encrypted request data, encrypting the random number by using an asymmetric cryptographic algorithm corresponding to the public key to obtain an encrypted random number, sending the encrypted random number and the encrypted request data to the server and waiting for receiving encrypted return data. Therefore, the network communication encryption method with the mixture of the asymmetric cryptographic algorithm and the symmetric cryptographic algorithm is adopted, the security of communication data is ensured when the asymmetric cryptographic algorithm and the symmetric cryptographic algorithm are used for encryption, and the performance is ensured by using the symmetric cryptographic algorithm for encryption.
In particular, in one possible implementation, the symmetric cryptographic algorithm includes at least one of 3DES, AES, and SM 4. The asymmetric cryptographic algorithm includes at least one of RSA, SM2, ECC, and DSA. Wherein, the symmetric cryptographic algorithm and the asymmetric cryptographic algorithm can be selected at will. For example, the symmetric cipher algorithm uses AES algorithm, and the asymmetric cipher algorithm uses RSA algorithm, wherein the key length of AES algorithm is 64 bytes, and the key length of RSA algorithm can use 1024 bits or 2048 bits. Referring to fig. 1, step S100 is performed to obtain the public key from the server. 1024-bit public keys of the RSA algorithm are stored locally in the server, and the 1024-bit public keys are obtained from the server.
Further, referring to fig. 1, step S200 is performed to generate a random number of a fixed length.
In one possible implementation, if the symmetric encryption algorithm to be used is AES, a 64-byte random number R is generated.
It should be noted that the length of the random number is determined according to the symmetric cryptographic algorithm to be used.
In another possible implementation, using a 3DES symmetric cryptographic algorithm, the 3DES key length N is 24 bytes, and the random number length is 24 bytes.
In another possible implementation, using the SM4 symmetric cipher algorithm, the SM4 key length N is 16 bytes, and the random number length is 16 bytes.
Further, referring to fig. 1, step S300 is executed to encrypt the request data by using a symmetric cryptographic algorithm with the random number as a key to obtain encrypted request data.
In a possible implementation manner, if the symmetric encryption algorithm used is AES, a random number R of 64 bytes is generated, then the R is used to encrypt the request data by the AES algorithm, and the encrypted request data is obtained after the encryption is completed.
It should be noted that, the encryption using the AES algorithm may use a conventional technical means in the art, and the detailed description of the present application is omitted. Likewise, when the 3DES algorithm or the SM4 algorithm is used, the conventional technical means in the field can be used, and the detailed description of the disclosure is omitted.
Further, referring to fig. 1, step S400 is executed to encrypt the random number by using an asymmetric cryptographic algorithm corresponding to the public key to obtain an encrypted random number.
In a possible implementation manner, an RSA1024 algorithm is used, that is, an RSA algorithm with a secret key of 1024 bits is used, a 1024-bit public key of the RSA algorithm is locally stored in the server, the 1024-bit public key is obtained from the server, a 64-byte random number R is generated by using an AES as a symmetric encryption algorithm, and the random number R is encrypted by using the 1024-bit public key to obtain an encrypted random number.
Further, referring to fig. 1, step S500 is executed to send the encrypted random number and the encrypted request data to the server and wait for receiving the encrypted return data.
In a possible implementation manner, an RSA1024 algorithm is used, that is, an RSA algorithm with a secret key of 1024 bits is used, a 1024-bit public key of the RSA algorithm is locally stored in the server, the 1024-bit public key is obtained from the server, the symmetric encryption algorithm used is AES, a random number R of 64 bytes is generated, the request data is encrypted by using R through the AES, encrypted request data is obtained after encryption is completed, and the random number R is encrypted by using the 1024-bit public key to obtain an encrypted random number. And after the encryption request data and the encryption random number are obtained, the encryption request data and the encryption random number are sent to the server side.
Further, in a possible implementation manner, the encrypted return data is obtained from the server, and the encrypted return data is decrypted by using a symmetric cryptographic algorithm with the random number as a key to obtain the return data. For example, after the server finishes processing, the server sends the encrypted return data, and after receiving the encrypted return data, the server decrypts the encrypted return data by using the random number R to obtain the return data.
It should be noted that, although the communication encryption method for the client in the present application is described above by taking the above steps as examples, those skilled in the art can understand that the present disclosure should not be limited thereto. In fact, the user can flexibly set the communication encryption method for the client according to personal preference and/or actual application scene, as long as the required functions are achieved.
In this way, a public key is obtained from the server side, a random number with a fixed length is generated, the random number is used as a secret key to encrypt request data by using a symmetric cryptographic algorithm to obtain encrypted request data, an asymmetric cryptographic algorithm corresponding to the public key is used to encrypt the random number to obtain an encrypted random number, and the encrypted random number and the encrypted request data are sent to the server side and wait for receiving encrypted return data. Therefore, the network communication encryption method with the mixture of the asymmetric cryptographic algorithm and the symmetric cryptographic algorithm is adopted, the security of communication data is ensured when the asymmetric cryptographic algorithm and the symmetric cryptographic algorithm are used for encryption, and the performance is ensured by using the symmetric cryptographic algorithm for encryption.
Further, referring to fig. 2, according to another aspect of the present disclosure, there is provided a communication encryption method for a server, including:
step S600, receiving encrypted request data and an encrypted random number sent by a client, decrypting the encrypted random number by using a private key of an asymmetric cryptographic algorithm to obtain a random number, step S700, decrypting the encrypted request data by using the symmetric cryptographic algorithm by using the random number as a key to obtain request data, step S800, analyzing the request data to obtain return data, step S900, encrypting the return data by using the symmetric cryptographic algorithm by using the random number as a key to obtain encrypted return data, and sending the encrypted return data to the client.
Specifically, referring to fig. 2, step S600 is executed to receive the encrypted request data and the encrypted random number sent by the client, and decrypt the encrypted random number using the private key of the asymmetric cryptographic algorithm to obtain the random number.
In a possible implementation manner, the asymmetric cryptographic algorithm is RSA1024, that is, the RSA algorithm with a secret key of 1024 bits, and after receiving the encryption request data and the encrypted random number sent by the client, the encrypted random number is decrypted by using a 1024-bit private key to obtain a random number R, where the random number R is 64 bytes.
It should be noted that the RSA algorithm can be used for decryption by conventional techniques in the art, and the details are not repeated herein.
Further, referring to fig. 2, step S700 is executed to decrypt the encrypted request data using a symmetric cryptographic algorithm with the random number as a key to obtain the request data.
In a possible implementation manner, the asymmetric cryptographic algorithm is RSA1024, that is, the RSA algorithm with a secret key of 1024 bits, and after receiving the encrypted request data and the encrypted random number sent by the client, the encrypted random number is decrypted by using a 1024-bit private key to obtain a random number R, where if the random number R is 64 bytes, the corresponding symmetric cryptographic algorithm is an AES algorithm, and then the received encrypted request data is decrypted by using the AES algorithm to obtain the request data.
Further, referring to fig. 2, step S800 is executed to analyze the request data to obtain the return data.
In a possible implementation manner, the analyzing the request data to obtain the return data includes: and acquiring the identifier in the request data, searching corresponding target data according to the identifier, and packaging the target data to obtain return data. For example, the asymmetric cryptographic algorithm is RSA1024, that is, the RSA algorithm with a secret key of 1024 bits, decrypts the encrypted random number using a 1024-bit private key after receiving the encrypted request data and the encrypted random number sent by the client, to obtain a random number R, where the random number R is 64 bytes, the corresponding symmetric cryptographic algorithm is an AES algorithm, then decrypts the received encrypted request data using the AES algorithm to obtain the request data, the valid character of the request data is a list request ID, searches for the list data corresponding to the request ID in the database, and packages the list data to obtain the return data.
Further, referring to fig. 2, step S900 is executed to encrypt the return data by using a symmetric cryptographic algorithm with the random number as a key to obtain encrypted return data, and send the encrypted return data to the client.
In a possible implementation manner, the analyzing the request data to obtain the return data includes: and acquiring the identifier in the request data, searching corresponding target data according to the identifier, and packaging the target data to obtain return data. For example, the asymmetric cryptographic algorithm is RSA1024, that is, the RSA algorithm with a secret key of 1024 bits, decrypts the encrypted random number using a 1024-bit private key after receiving the encrypted request data and the encrypted random number sent by the client, to obtain a random number R, where the random number R is 64 bytes, the corresponding symmetric cryptographic algorithm is an AES algorithm, then decrypts the received encrypted request data using the AES algorithm to obtain the request data, the valid character of the request data is a list request ID, searches for the list data corresponding to the request ID in the database, and packages the list data to obtain the return data. Then, the AES algorithm is used to encrypt the return data with the 64-byte random number R as a key to obtain encrypted return data, see fig. 3, and then the encrypted return data is sent to the client.
Further, according to another aspect of the present disclosure, there is also provided a communication encryption apparatus 100 for a client. Since the operation principle of the communication encryption device 100 for a client according to the embodiment of the present disclosure is the same as or similar to that of the communication encryption method for a client according to the embodiment of the present disclosure, repeated descriptions are omitted. Referring to fig. 4, the communication encryption apparatus 100 for a client according to the embodiment of the present disclosure includes a public key obtaining module 110, a random number generating module 120, a symmetric cipher encryption module 130, an asymmetric cipher encryption module 140, and a data transmitting module 150;
a public key obtaining module 110 configured to obtain a public key from a server;
a random number generation module 120 configured to generate a random number of a fixed length;
a symmetric cipher encryption module 130 configured to encrypt the request data by using a symmetric cipher algorithm with the random number as a key to obtain encrypted request data;
the asymmetric cipher encryption module 140 is configured to encrypt the random number by using an asymmetric cipher algorithm corresponding to the public key to obtain an encrypted random number;
and a data sending module 150 configured to send the encrypted random number and the encrypted request data to the server and wait for receiving the encrypted return data.
Further, according to another aspect of the present disclosure, a communication encryption apparatus 200 for a server is also provided. Since the operation principle of the communication encryption device 200 for the server according to the embodiment of the present disclosure is the same as or similar to that of the communication encryption method for the server according to the embodiment of the present disclosure, repeated descriptions are omitted. Referring to fig. 5, the communication encryption apparatus 200 for a server according to the embodiment of the present disclosure includes a data receiving module 210, a first decryption module 220, a second decryption module 230, an analysis processing module 240, a data encryption module 250, and a data returning module 260;
a data receiving module 210 configured to receive encrypted request data and an encrypted random number sent by a client;
a first decryption module 220 configured to decrypt the encrypted random number using a private key of the asymmetric cryptographic algorithm to obtain a random number;
the second decryption module 230 is configured to decrypt the encrypted request data by using a symmetric cryptographic algorithm with the random number as a key to obtain the request data;
the analysis processing module 240 is configured to analyze and process the request data to obtain return data;
the data encryption module 250 is configured to encrypt the return data by using a symmetric cryptographic algorithm with a random number as a key to obtain encrypted return data;
a data return module 260 configured to send the encrypted return data to the client.
Still further, according to another aspect of the present disclosure, there is also provided a communication encryption device 300 for a client. Referring to fig. 6, a communication encryption device 300 for a client according to an embodiment of the present disclosure includes a processor 310 and a memory 320 for storing instructions executable by the processor 310. Wherein the processor 310 is configured to execute the executable instructions to implement any of the aforementioned communication encryption methods for the client.
Here, it should be noted that the number of the processors 310 may be one or more. Meanwhile, in the communication encryption device 300 for a client according to the embodiment of the present disclosure, an input device 330 and an output device 340 may be further included. The processor 310, the memory 320, the input device 330, and the output device 340 may be connected via a bus, or may be connected via other methods, which is not limited herein.
The memory 320 is a computer-readable storage medium that can be used to store software programs, computer-executable programs, and various modules, such as: the program or the module corresponding to the communication encryption method for the client side in the embodiment of the disclosure. The processor 310 executes various functional applications and data processing of the communication encryption device 300 for the client by executing software programs or modules stored in the memory 320.
The input device 330 may be used to receive input numbers or signals. Wherein the signal may be a key signal generated in connection with user settings and function control of the device/terminal/server. The output device 340 may include a display device such as a display screen.
According to another aspect of the present disclosure, there is also provided a non-transitory computer readable storage medium having stored thereon computer program instructions which, when executed by the processor 310, implement any of the aforementioned communication encryption methods for a client.
Having described embodiments of the present disclosure, the foregoing description is intended to be exemplary, not exhaustive, and not limited to the disclosed embodiments. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments. The terminology used herein is chosen in order to best explain the principles of the embodiments, the practical application, or improvements made to the technology in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein.
Claims (10)
1. A communication encryption method for a client, comprising:
acquiring a public key from a server;
generating a random number of a fixed length;
encrypting the request data by using the random number as a key and using a symmetric cryptographic algorithm to obtain encrypted request data;
encrypting the random number by using an asymmetric cryptographic algorithm corresponding to the public key to obtain an encrypted random number;
and sending the encrypted random number and the encrypted request data to the server and waiting for receiving encrypted return data.
2. The client-side communication encryption method according to claim 1, further comprising:
acquiring the encrypted return data from the server;
and decrypting the encrypted return data by using the random number as a key and using a symmetric cryptographic algorithm to obtain the return data.
3. The client communication encryption method of claim 1, wherein the symmetric cryptographic algorithm comprises at least one of 3DES, AES, and SM 4.
4. The client communication encryption method according to claim 1, wherein the asymmetric cryptographic algorithm includes at least one of RSA, SM2, ECC, and DSA.
5. A communication encryption method for a server, comprising:
receiving encryption request data and an encryption random number sent by a client;
decrypting the encrypted random number by using a private key of an asymmetric cryptographic algorithm to obtain a random number;
decrypting the encrypted request data by using the random number as a key and using a symmetric cryptographic algorithm to obtain request data;
analyzing and processing the request data to obtain return data;
encrypting the return data by using the symmetric cryptographic algorithm by taking the random number as a key to obtain encrypted return data;
and sending the encrypted return data to the client.
6. The server-side communication encryption method according to claim 5, wherein analyzing the request data to obtain return data comprises:
acquiring an identifier in the request data;
searching corresponding target data according to the identifier;
and packaging the target data to obtain the return data.
7. A communication encryption device for a client is characterized by comprising a public key acquisition module, a random number generation module, a symmetric password encryption module, an asymmetric password encryption module and a data transmission module;
the public key acquisition module is configured to acquire a public key from a server;
the random number generation module is configured to generate a random number with a fixed length;
the symmetric cipher encryption module is configured to encrypt request data by using a symmetric cipher algorithm with the random number as a key to obtain encrypted request data;
the asymmetric cipher encryption module is configured to encrypt the random number by using an asymmetric cipher algorithm corresponding to the public key to obtain an encrypted random number;
the data sending module is configured to send the encrypted random number and the encrypted request data to the server and wait for receiving encrypted return data.
8. A communication encryption device for a server is characterized by comprising a data receiving module, a first decryption module, a second decryption module, an analysis processing module, a data encryption module and a data return module;
the data receiving module is configured to receive encrypted request data and an encrypted random number sent by a client;
the first decryption module is configured to decrypt the encrypted random number by using a private key of an asymmetric cryptographic algorithm to obtain a random number;
the second decryption module is configured to decrypt the encrypted request data by using a symmetric cryptographic algorithm with the random number as a key to obtain request data;
the analysis processing module is configured to analyze and process the request data to obtain return data;
the data encryption module is configured to encrypt the return data by using the symmetric cryptographic algorithm with the random number as a key to obtain encrypted return data;
the data return module is configured to send the encrypted return data to the client.
9. A communication encryption device for a client, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to implement the method of any one of claims 1 to 4 when executing the executable instructions.
10. A non-transitory computer readable storage medium having computer program instructions stored thereon, wherein the computer program instructions, when executed by a processor, implement the method of any of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110540713.7A CN113301036A (en) | 2021-05-18 | 2021-05-18 | Communication encryption method and device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110540713.7A CN113301036A (en) | 2021-05-18 | 2021-05-18 | Communication encryption method and device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113301036A true CN113301036A (en) | 2021-08-24 |
Family
ID=77322659
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110540713.7A Pending CN113301036A (en) | 2021-05-18 | 2021-05-18 | Communication encryption method and device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113301036A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114679299A (en) * | 2022-02-24 | 2022-06-28 | 广东电网有限责任公司 | Communication protocol encryption method, device, computer equipment and storage medium |
| CN114826569A (en) * | 2022-03-28 | 2022-07-29 | 北京沃东天骏信息技术有限公司 | Information processing method, server, client and storage medium |
| CN115225352A (en) * | 2022-06-30 | 2022-10-21 | 厦门职行力信息科技有限公司 | Hybrid encryption method and system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101964793A (en) * | 2010-10-08 | 2011-02-02 | 上海银联电子支付服务有限公司 | Method and system for transmitting data between terminal and server and sign-in and payment method |
| CN109088889A (en) * | 2018-10-16 | 2018-12-25 | 深信服科技股份有限公司 | A kind of SSL encipher-decipher method, system and computer readable storage medium |
| CN109150923A (en) * | 2018-11-06 | 2019-01-04 | 江苏怡通数码科技有限公司 | Transmitted data on network security processing based on Hybrid Encryption |
| CN110213041A (en) * | 2019-04-26 | 2019-09-06 | 五八有限公司 | Data ciphering method, decryption method, device, electronic equipment and storage medium |
| CN112738024A (en) * | 2020-12-09 | 2021-04-30 | 杭州安恒信息技术股份有限公司 | Encryption authentication method, system, storage medium and device |
-
2021
- 2021-05-18 CN CN202110540713.7A patent/CN113301036A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101964793A (en) * | 2010-10-08 | 2011-02-02 | 上海银联电子支付服务有限公司 | Method and system for transmitting data between terminal and server and sign-in and payment method |
| CN109088889A (en) * | 2018-10-16 | 2018-12-25 | 深信服科技股份有限公司 | A kind of SSL encipher-decipher method, system and computer readable storage medium |
| CN109150923A (en) * | 2018-11-06 | 2019-01-04 | 江苏怡通数码科技有限公司 | Transmitted data on network security processing based on Hybrid Encryption |
| CN110213041A (en) * | 2019-04-26 | 2019-09-06 | 五八有限公司 | Data ciphering method, decryption method, device, electronic equipment and storage medium |
| CN112738024A (en) * | 2020-12-09 | 2021-04-30 | 杭州安恒信息技术股份有限公司 | Encryption authentication method, system, storage medium and device |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114679299A (en) * | 2022-02-24 | 2022-06-28 | 广东电网有限责任公司 | Communication protocol encryption method, device, computer equipment and storage medium |
| CN114679299B (en) * | 2022-02-24 | 2024-03-15 | 广东电网有限责任公司 | Communication protocol encryption method, device, computer equipment and storage medium |
| CN114826569A (en) * | 2022-03-28 | 2022-07-29 | 北京沃东天骏信息技术有限公司 | Information processing method, server, client and storage medium |
| CN115225352A (en) * | 2022-06-30 | 2022-10-21 | 厦门职行力信息科技有限公司 | Hybrid encryption method and system |
| CN115225352B (en) * | 2022-06-30 | 2024-04-23 | 厦门职行力信息科技有限公司 | Hybrid encryption method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11677729B2 (en) | Secure multi-party protocol | |
| CN113301036A (en) | Communication encryption method and device, equipment and storage medium | |
| CN106452770B (en) | Data encryption method, data decryption method, device and system | |
| CN113691502B (en) | Communication method, device, gateway server, client and storage medium | |
| US20160285635A1 (en) | Secure communication of data between devices | |
| CN110690956B (en) | Bidirectional authentication method and system, server and terminal | |
| JP2007506392A (en) | Data communication security mechanisms and methods | |
| CN112434336A (en) | Block chain-based electronic medical record sharing method, device and system and storage medium | |
| CN112597523B (en) | File processing method, file conversion encryption machine, terminal, server and medium | |
| CN111639357B (en) | Encryption network disk system and authentication method and device thereof | |
| CN115276978A (en) | Data processing method and related device | |
| CN114501431A (en) | Message transmission method and device, storage medium and electronic equipment | |
| CN109495522A (en) | Data encryption and transmission method and device | |
| CN112966287A (en) | Method, system, device and computer readable medium for acquiring user data | |
| CN116049802B (en) | Application single sign-on method, system, computer equipment and storage medium | |
| CN114785527B (en) | Data transmission method, device, equipment and storage medium | |
| CN106972928B (en) | Bastion machine private key management method, device and system | |
| CN112769759B (en) | Information processing method, information gateway, server and medium | |
| CN114745115A (en) | Information transmission method and device, computer equipment and storage medium | |
| CN113946862A (en) | Data processing method, device and equipment and readable storage medium | |
| CN114124440A (en) | Secure transmission method, device, computer equipment and storage medium | |
| JP7454020B2 (en) | Method and system for enabling secure processing of data using processing applications | |
| CN114007218B (en) | Authentication method, authentication system, terminal and digital identity authentication functional entity | |
| CN113452654B (en) | Data decryption method | |
| US10491385B2 (en) | Information processing system, information processing method, and recording medium for improving security of encrypted communications |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210824 |