CN113505377A - Method for integrating SM4 data encryption and decryption technology based on software framework - Google Patents
Method for integrating SM4 data encryption and decryption technology based on software framework Download PDFInfo
- Publication number
- CN113505377A CN113505377A CN202110571414.XA CN202110571414A CN113505377A CN 113505377 A CN113505377 A CN 113505377A CN 202110571414 A CN202110571414 A CN 202110571414A CN 113505377 A CN113505377 A CN 113505377A
- Authority
- CN
- China
- Prior art keywords
- data
- encryption
- decryption
- mark
- passwords
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F40/00—Handling natural language data
- G06F40/10—Text processing
- G06F40/12—Use of codes for handling textual entities
- G06F40/14—Tree-structured documents
- G06F40/143—Markup, e.g. Standard Generalized Markup Language [SGML] or Document Type Definition [DTD]
Abstract
The invention discloses a method for integrating SM4 data encryption and decryption technology based on a software framework, which comprises the following steps; the method comprises the following steps: creating an encryption and decryption configuration file, and configuring automatic encryption and decryption, an encryption password, a ciphertext prefix and a ciphertext suffix in the file through an encryption and decryption tool; the invention relates to a method for integrating SM4 data encryption and decryption technology based on a software framework, which integrates the software framework and an SM4 cryptographic algorithm to provide a standard program marking language and a uniform algorithm, a developer only needs to mark data needing encryption and decryption, the data items are checked when a system runs to encrypt or decrypt the marked data, on one hand, plaintext retrieval is carried out during user interaction, the data is automatically decrypted and compared in the integrated framework, the developer can complete retrieval without decrypting the data first, the production efficiency and the data retrieval accuracy are improved, on the other hand, the safety protection of the data is achieved, and sensitive data leakage is avoided.
Description
Technical Field
The invention relates to the field of application of domestic passwords, in particular to a method for integrating a domestic password SM4 data encryption and decryption technology based on a software framework.
Background
The national cipher is a domestic cipher algorithm identified by the national cipher bureau, and corresponding to the national cipher algorithm, the algorithms such as DES, AES and the like are widely used, and the algorithm is called international algorithm, and the national cipher mainly comprises SM1, SM2, SM3 and SM 4. The key length and the packet length are both 128 bits, and the domestic cryptographic algorithm is an important basis for ensuring the network security of China to be independently controllable. At present, China also popularizes the application of the national cryptographic algorithm vigorously and obtains good results, software and hardware cryptographic products supporting the national cryptographic algorithm at present comprise a plurality of types such as SSL gateways, digital certificate authentication systems, key management systems, financial data encryption machines, signature verification servers, intelligent cryptographic keys, intelligent IC cards and PCI cryptographic cards, but software and hardware products such as common operating systems, browsers, network equipment and load balancing equipment still do not support the national cryptographic algorithm and are limited by the compatibility of the national cryptographic algorithm. The scheme particularly relates to a method for integrating the SM4 data encryption and decryption technology based on a software framework.
In software development, a cryptographic algorithm is used, a developer is required to call the algorithm to complete encryption or decryption of data every time, the developer is required to master a complex algorithm process, learning cost is increased, development efficiency is reduced, and the condition that data encryption and decryption processing are inconsistent in the whole software running environment causes system running errors or decryption failure occurs.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: in software development, a cryptographic algorithm is used, a developer is required to call the algorithm to complete encryption or decryption of data every time, the developer is required to master a complex algorithm process, learning cost is increased, development efficiency is reduced, and the condition that data encryption and decryption processing are inconsistent in the whole software running environment causes system running errors or decryption failure occurs.
The invention solves the technical problems through the following technical scheme, and provides a method for integrating the SM4 data encryption and decryption technology based on a software framework, which comprises the following steps:
the method comprises the following steps: creating an encryption and decryption configuration file, configuring automatic encryption and decryption, an encryption password, a ciphertext prefix and a ciphertext suffix in the file through an encryption and decryption tool, and setting whether to start encryption and decryption on the whole program, wherein the configuration file is covered by an encryption and decryption mark, and if the data has a mark, the mark description is preferentially used;
step two: data is encrypted and decrypted and marked, data items needing encryption or decryption are marked in input and output data objects, and whether encryption or decryption is carried out or not can be expanded in the marking options;
step three: establishing a data interaction interceptor, intercepting data during data input, output and storage, checking whether a data item has a mark, calling a tool function according to the mark to encrypt and decrypt the data, processing a complex data structure by the interceptor, disassembling layer by layer according to the mark, and finally encrypting and decrypting the data type of the character string;
step four: the data can be intercepted for many times when the program runs, the processed data is cached by utilizing the process ID, whether the processed data exists in the cache is firstly checked during secondary interception, if the processed data exists in the cache, the processing is skipped, the data is ensured to be encrypted only once, and if the processed data is encrypted for many times, data errors can be caused;
step five: processing a plurality of encryption and decryption passwords, if a plurality of passwords exist for different types of data, using an encryption and decryption mark for expansion, and preferentially using the passwords in the mark when encrypting and decrypting the data items after the interception by an interceptor, so that different types of data can use different passwords, and the passwords used for encryption and decryption are ensured to be the same;
step six: and (3) data tampering verification, namely splicing a plurality of data items, encrypting the spliced data items to obtain a ciphertext, storing the ciphertext together, and calling a tool data verification function from the plaintext spliced by the data items to be verified and the ciphertext stored before to obtain a result of whether the data is tampered.
Preferably, the encryption and decryption tool in the first step is used for providing encryption password generation, an encryption algorithm, a decryption algorithm and a data check function.
Preferably, the data item specified in the second step means that encryption and only decryption or both encryption and decryption are required.
Preferably, the processing of the main complex data structure in the third step includes page data, list data, KEY-VALUE structure and the combination of these structures.
Preferably, in the fifth step, different encryption and decryption passwords may exist for different data types of the whole software program.
Preferably, the specific processing steps of the method for integrating the cryptographic SM4 data encryption and decryption technology based on the software framework are as follows:
a1: configuring automatic encryption and decryption, an encryption password, a ciphertext prefix and a ciphertext suffix in the file through an encryption and decryption tool, and setting whether to start encryption and decryption on the whole process, wherein the configuration file is covered by an encryption and decryption mark, and if the data has a mark, mark description is preferentially used;
a2: data items which need to be encrypted and only need to be decrypted or both need to be encrypted and decrypted are marked in the input data object and the output data object, and whether encryption and decryption are required or not can be expanded in a marking option;
a3: intercepting during data input, output and storage, checking whether a data item has a mark, calling a tool function according to the mark to encrypt and decrypt the data, processing the page data, the list data and the KEY-VALUE structure by an interceptor, disassembling layer by layer according to the mark, and finally encrypting and decrypting the data type of the character string;
a4: the method comprises the steps that when a program runs, the data can be intercepted for many times, processed data is cached by using a process ID, whether the cache exists or not is checked firstly during secondary interception, if the cache exists, processing is skipped to ensure that the data is encrypted only once, if the data is encrypted for many times, data errors can be caused, when multiple passwords exist for different types of data, an encryption and decryption mark is used for expansion, and when the interceptor intercepts the data item, the passwords in the mark are preferentially used, so that the different types of data can use different passwords, and the passwords used for encryption and decryption are ensured to be the same;
a5: and when data tampering verification is carried out, a tool data verification function is called by a plaintext spliced by the data items to be verified and the previously stored ciphertext to obtain a result of whether the data is tampered.
Compared with the prior art, the invention has the following advantages:
the software framework is integrated with the SM4 cryptographic algorithm to provide a standard program marking language and a unified algorithm, a developer only needs to mark data needing encryption and decryption, the data items are checked during system operation, and the marked data are encrypted or decrypted.
Drawings
Fig. 1 is a schematic flow chart of a method for integrating the cryptographic SM4 data encryption and decryption technology based on a software framework.
Detailed Description
The following examples are given for the detailed implementation and specific operation of the present invention, but the scope of the present invention is not limited to the following examples.
As shown in fig. 1, the present embodiment provides a technical solution: a method for integrating SM4 data encryption and decryption technologies based on a software framework comprises the following steps:
the method comprises the following steps: creating an encryption and decryption configuration file, configuring automatic encryption and decryption, an encryption password, a ciphertext prefix and a ciphertext suffix in the file through an encryption and decryption tool, and setting whether to start encryption and decryption on the whole program, wherein the configuration file is covered by an encryption and decryption mark, and if the data has a mark, the mark description is preferentially used;
step two: data is encrypted and decrypted and marked, data items needing encryption or decryption are marked in input and output data objects, and whether encryption or decryption is carried out or not can be expanded in the marking options;
step three: establishing a data interaction interceptor, intercepting data during data input, output and storage, checking whether a data item has a mark, calling a tool function according to the mark to encrypt and decrypt the data, processing a complex data structure by the interceptor, disassembling layer by layer according to the mark, and finally encrypting and decrypting the data type of the character string;
step four: the data can be intercepted for many times when the program runs, the processed data is cached by utilizing the process ID, whether the processed data exists in the cache is firstly checked during secondary interception, if the processed data exists in the cache, the processing is skipped, the data is ensured to be encrypted only once, and if the processed data is encrypted for many times, data errors can be caused;
step five: processing a plurality of encryption and decryption passwords, if a plurality of passwords exist for different types of data, using an encryption and decryption mark for expansion, and preferentially using the passwords in the mark when encrypting and decrypting the data items after the interception by an interceptor, so that different types of data can use different passwords, and the passwords used for encryption and decryption are ensured to be the same;
step six: and (3) data tampering verification, namely splicing a plurality of data items, encrypting the spliced data items to obtain a ciphertext, storing the ciphertext together, and calling a tool data verification function from the plaintext spliced by the data items to be verified and the ciphertext stored before to obtain a result of whether the data is tampered.
And in the first step, the encryption and decryption tool is used for providing an encryption password generation function, an encryption algorithm, a decryption algorithm and a data verification function.
The data item specified in the second step means that encryption and decryption are required or both are required.
The processing of the main complex data structure in step three includes page data, list data, KEY-VALUE structure and the combination of these structures.
In step five, different data types may have different encryption and decryption passwords for the whole software program
The method for integrating the SM4 data encryption and decryption technology based on the software framework specifically comprises the following processing steps:
a1: configuring automatic encryption and decryption, an encryption password, a ciphertext prefix and a ciphertext suffix in the file through an encryption and decryption tool, and setting whether to start encryption and decryption on the whole process, wherein the configuration file is covered by an encryption and decryption mark, and if the data has a mark, mark description is preferentially used;
a2: data items which need to be encrypted and only need to be decrypted or both need to be encrypted and decrypted are marked in the input data object and the output data object, and whether encryption and decryption are required or not can be expanded in a marking option;
a3: intercepting during data input, output and storage, checking whether a data item has a mark, calling a tool function according to the mark to encrypt and decrypt the data, processing the page data, the list data and the KEY-VALUE structure by an interceptor, disassembling layer by layer according to the mark, and finally encrypting and decrypting the data type of the character string;
a4: the method comprises the steps that when a program runs, the data can be intercepted for many times, processed data is cached by using a process ID, whether the cache exists or not is checked firstly during secondary interception, if the cache exists, processing is skipped to ensure that the data is encrypted only once, if the data is encrypted for many times, data errors can be caused, when multiple passwords exist for different types of data, an encryption and decryption mark is used for expansion, and when the interceptor intercepts the data item, the passwords in the mark are preferentially used, so that the different types of data can use different passwords, and the passwords used for encryption and decryption are ensured to be the same;
a5: and when data tampering verification is carried out, a tool data verification function is called by a plaintext spliced by the data items to be verified and the previously stored ciphertext to obtain a result of whether the data is tampered.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In the description of the present invention, "a plurality" means at least two, e.g., two, three, etc., unless specifically limited otherwise.
Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made to the above embodiments by those of ordinary skill in the art within the scope of the present invention.
Claims (6)
1. A method for integrating SM4 data encryption and decryption technology based on a software framework is characterized by comprising the following steps:
the method comprises the following steps: creating an encryption and decryption configuration file, configuring automatic encryption and decryption, an encryption password, a ciphertext prefix and a ciphertext suffix in the file through an encryption and decryption tool, and setting whether to start encryption and decryption on the whole program, wherein the configuration file is covered by an encryption and decryption mark, and if the data has a mark, the mark description is preferentially used;
step two: data is encrypted and decrypted and marked, data items needing encryption or decryption are marked in input and output data objects, and whether encryption or decryption is carried out or not can be expanded in the marking options;
step three: establishing a data interaction interceptor, intercepting data during data input, output and storage, checking whether a data item has a mark, calling a tool function according to the mark to encrypt and decrypt the data, processing a complex data structure by the interceptor, disassembling layer by layer according to the mark, and finally encrypting and decrypting the data type of the character string;
step four: the data can be intercepted for many times when the program runs, the processed data is cached by utilizing the process ID, whether the processed data exists in the cache is firstly checked during secondary interception, if the processed data exists in the cache, the processing is skipped, the data is ensured to be encrypted only once, and if the processed data is encrypted for many times, data errors can be caused;
step five: processing a plurality of encryption and decryption passwords, if a plurality of passwords exist for different types of data, using an encryption and decryption mark for expansion, and preferentially using the passwords in the mark when encrypting and decrypting the data items after the interception by an interceptor, so that different types of data can use different passwords, and the passwords used for encryption and decryption are ensured to be the same;
step six: and (3) data tampering verification, namely splicing a plurality of data items, encrypting the spliced data items to obtain a ciphertext, storing the ciphertext together, and calling a tool data verification function from the plaintext spliced by the data items to be verified and the ciphertext stored before to obtain a result of whether the data is tampered.
2. The method for integrating the SM4 data encryption and decryption technology based on the software framework as claimed in claim 1, wherein: the first encryption and decryption tool is used for providing encryption password generation, an encryption algorithm, a decryption algorithm and a data check function.
3. The method for integrating the SM4 data encryption and decryption technology based on the software framework as claimed in claim 1, wherein: the data item specified in the second step means that encryption and decryption are required or both are required.
4. The method for integrating the SM4 data encryption and decryption technology based on the software framework as claimed in claim 1, wherein: the processing of the main complex data structure in the third step includes page data, list data, KEY-VALUE structure and the combination of these structures.
5. The method for integrating the SM4 data encryption and decryption technology based on the software framework as claimed in claim 1, wherein: in the fifth step, different encryption and decryption passwords may exist for different data types of the whole software program.
6. The method for integrating the SM4 data encryption and decryption technology based on the software framework as claimed in claim 1, wherein: the method for integrating the SM4 data encryption and decryption technology based on the software framework comprises the following specific processing steps:
a1: configuring automatic encryption and decryption, an encryption password, a ciphertext prefix and a ciphertext suffix in the file through an encryption and decryption tool, and setting whether to start encryption and decryption on the whole process, wherein the configuration file is covered by an encryption and decryption mark, and if the data has a mark, mark description is preferentially used;
a2: data items which need to be encrypted and only need to be decrypted or both need to be encrypted and decrypted are marked in the input data object and the output data object, and whether encryption and decryption are required or not can be expanded in a marking option;
a3: intercepting during data input, output and storage, checking whether a data item has a mark, calling a tool function according to the mark to encrypt and decrypt the data, processing the page data, the list data and the KEY-VALUE structure by an interceptor, disassembling layer by layer according to the mark, and finally encrypting and decrypting the data type of the character string;
a4: the method comprises the steps that when a program runs, the data can be intercepted for many times, processed data is cached by using a process ID, whether the cache exists or not is checked firstly during secondary interception, if the cache exists, processing is skipped to ensure that the data is encrypted only once, if the data is encrypted for many times, data errors can be caused, when multiple passwords exist for different types of data, an encryption and decryption mark is used for expansion, and when the interceptor intercepts the data item, the passwords in the mark are preferentially used, so that the different types of data can use different passwords, and the passwords used for encryption and decryption are ensured to be the same;
a5: and when data tampering verification is carried out, a tool data verification function is called by a plaintext spliced by the data items to be verified and the previously stored ciphertext to obtain a result of whether the data is tampered.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110571414.XA CN113505377A (en) | 2021-05-25 | 2021-05-25 | Method for integrating SM4 data encryption and decryption technology based on software framework |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110571414.XA CN113505377A (en) | 2021-05-25 | 2021-05-25 | Method for integrating SM4 data encryption and decryption technology based on software framework |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113505377A true CN113505377A (en) | 2021-10-15 |
Family
ID=78009349
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110571414.XA Pending CN113505377A (en) | 2021-05-25 | 2021-05-25 | Method for integrating SM4 data encryption and decryption technology based on software framework |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113505377A (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104363091A (en) * | 2014-12-01 | 2015-02-18 | 国家计算机网络与信息安全管理中心 | Encryption and decryption method capable of automatically retrieving keys and selecting algorithms |
| CN105373744A (en) * | 2015-10-29 | 2016-03-02 | 成都卫士通信息产业股份有限公司 | Method for encrypting extended file system based on Linux |
| CN105740726A (en) * | 2016-02-02 | 2016-07-06 | 上海宝朔科技有限公司 | Extended information encryption method and system |
| US9444795B1 (en) * | 2013-09-27 | 2016-09-13 | Amazon Technologies, Inc. | Robot mitigation |
| CN108830095A (en) * | 2018-06-20 | 2018-11-16 | 中国银行股份有限公司 | A kind of data encryption/decryption method and device |
| CN109189367A (en) * | 2018-06-28 | 2019-01-11 | 重庆小雨点小额贷款有限公司 | A kind of data processing method, device, server and storage medium |
| CN109818969A (en) * | 2019-03-06 | 2019-05-28 | 电子科技大学成都学院 | Cryptographic algorithm encrypting and deciphering system |
| CN111625843A (en) * | 2019-07-23 | 2020-09-04 | 方盈金泰科技(北京)有限公司 | Data transparent encryption and decryption system suitable for big data platform |
-
2021
- 2021-05-25 CN CN202110571414.XA patent/CN113505377A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9444795B1 (en) * | 2013-09-27 | 2016-09-13 | Amazon Technologies, Inc. | Robot mitigation |
| CN104363091A (en) * | 2014-12-01 | 2015-02-18 | 国家计算机网络与信息安全管理中心 | Encryption and decryption method capable of automatically retrieving keys and selecting algorithms |
| CN105373744A (en) * | 2015-10-29 | 2016-03-02 | 成都卫士通信息产业股份有限公司 | Method for encrypting extended file system based on Linux |
| CN105740726A (en) * | 2016-02-02 | 2016-07-06 | 上海宝朔科技有限公司 | Extended information encryption method and system |
| CN108830095A (en) * | 2018-06-20 | 2018-11-16 | 中国银行股份有限公司 | A kind of data encryption/decryption method and device |
| CN109189367A (en) * | 2018-06-28 | 2019-01-11 | 重庆小雨点小额贷款有限公司 | A kind of data processing method, device, server and storage medium |
| CN109818969A (en) * | 2019-03-06 | 2019-05-28 | 电子科技大学成都学院 | Cryptographic algorithm encrypting and deciphering system |
| CN111625843A (en) * | 2019-07-23 | 2020-09-04 | 方盈金泰科技(北京)有限公司 | Data transparent encryption and decryption system suitable for big data platform |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10439804B2 (en) | Data encrypting system with encryption service module and supporting infrastructure for transparently providing encryption services to encryption service consumer processes across encryption service state changes | |
| US8694467B2 (en) | Random number based data integrity verification method and system for distributed cloud storage | |
| US9537657B1 (en) | Multipart authenticated encryption | |
| CN101112035B (en) | File encryption/decryption method and device | |
| CN108345806B (en) | Hardware encryption card and encryption method | |
| CN1985466B (en) | Method of delivering direct proof private keys in signed groups to devices using a distribution CD | |
| US20230283456A1 (en) | Database encryption key management | |
| CN109409045B (en) | Safety protection method and device for automatic login account of browser | |
| US11240008B2 (en) | Key management method, security chip, service server and information system | |
| CN111884986B (en) | Data encryption processing method and device and storage medium | |
| CN101019369A (en) | Method of delivering direct proof private keys to devices using an on-line service | |
| WO2022028289A1 (en) | Data encryption method and apparatus, data decryption method and apparatus, terminal, and storage medium | |
| US11755499B2 (en) | Locally-stored remote block data integrity | |
| CN113849847B (en) | Method, apparatus and medium for encrypting and decrypting sensitive data | |
| CN103116730A (en) | Deciphering method and system of data protection application programming interface (DPAPI) enciphered data | |
| WO2019120038A1 (en) | Encrypted storage of data | |
| CN113906715A (en) | Device data protection based on network topology | |
| US20210266175A1 (en) | Device for data encryption and integrity | |
| AU2015202697A1 (en) | Agent for providing security cloud service and security token device for security cloud service | |
| CN111008400A (en) | Data processing method, device and system | |
| GB2503769A (en) | Encrypted key stretching and checking using header, metadata or filenames | |
| CN111338841A (en) | Data processing method, device, equipment and storage medium | |
| CN113505377A (en) | Method for integrating SM4 data encryption and decryption technology based on software framework | |
| EP3337083A1 (en) | Method for secure management of secrets in a hierarchical multi-tenant environment | |
| US9178855B1 (en) | Systems and methods for multi-function and multi-purpose cryptography |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20211015 |