CN114239014A - File processing method and device based on offline device and electronic device - Google Patents

File processing method and device based on offline device and electronic device Download PDF

Info

Publication number
CN114239014A
CN114239014A CN202111537845.0A CN202111537845A CN114239014A CN 114239014 A CN114239014 A CN 114239014A CN 202111537845 A CN202111537845 A CN 202111537845A CN 114239014 A CN114239014 A CN 114239014A
Authority
CN
China
Prior art keywords
target
password
feature code
file
encrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111537845.0A
Other languages
Chinese (zh)
Inventor
张定平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Baidu Netcom Science and Technology Co Ltd
Original Assignee
Beijing Baidu Netcom Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Baidu Netcom Science and Technology Co Ltd filed Critical Beijing Baidu Netcom Science and Technology Co Ltd
Priority to CN202111537845.0A priority Critical patent/CN114239014A/en
Publication of CN114239014A publication Critical patent/CN114239014A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2137Time limited access, e.g. to a computer or data

Abstract

The disclosure provides a file processing method and device based on offline equipment, electronic equipment and a storage medium, and relates to the technical field of computers, in particular to the technical field of information security. The specific implementation scheme is as follows: responding to an instruction of opening an encrypted file through a target application program, and acquiring an encrypted password adopted by the encrypted file, wherein the encrypted file is obtained by encrypting an original file through an original password, and the encrypted password is obtained by encrypting the original password through a preset public key; acquiring a target private key corresponding to a preset public key based on the device information of the offline device; decrypting the encrypted password by using the target private key to obtain an original password; and decrypting the encrypted file by using the original password to obtain the original file. According to the method and the device, a user does not need to input the password manually, the technical problem that the processing efficiency is low due to complex operation is solved, and the technical effect of improving the processing efficiency is achieved.

Description

File processing method and device based on offline device and electronic device
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a file processing method and apparatus based on an offline device, an electronic device, and a storage medium.
Background
In order to ensure data security, important files are generally encrypted, and when the encrypted files need to be used, corresponding keys are needed for decryption. In general, a user can manually input a password to decrypt an encrypted file, and in order to prevent large-area leakage of data, different passwords need to be randomly generated for each file, so that the user is very complicated to use, and therefore, the related technology has the technical problem of low processing efficiency due to complicated operation.
Disclosure of Invention
The disclosure provides a file processing method and device based on offline equipment, electronic equipment and a storage medium.
According to a first aspect of the present disclosure, there is provided an offline device-based file processing method, including: responding to an instruction of opening an encrypted file through a target application program, and acquiring an encrypted password adopted by the encrypted file, wherein the encrypted file is obtained by encrypting an original file through an original password, and the encrypted password is obtained by encrypting the original password through a preset public key; acquiring a target private key corresponding to a preset public key based on the device information of the offline device; decrypting the encrypted password by using the target private key to obtain an original password; and decrypting the encrypted file by using the original password to obtain the original file.
According to a second aspect of the present disclosure, there is provided an offline device-based file processing apparatus, including: the password acquisition module is used for responding to an instruction of opening an encrypted file through a target application program and acquiring an encrypted password adopted by the encrypted file, wherein the encrypted file is obtained by encrypting an original file through an original password, and the encrypted password is obtained by encrypting the original password through a preset public key; the private key acquisition module is used for determining a target private key corresponding to a preset public key based on the device information of the off-line device; the password decryption module is used for decrypting the encrypted password by using the target private key to obtain an original password; and the file decryption module is used for decrypting the encrypted file by using the original password to obtain the original file.
According to a third aspect of the present disclosure, there is provided an electronic device comprising: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of the offline device-based file processing methods of the first aspect.
According to a fourth aspect of the present disclosure, there is provided a non-transitory computer readable storage medium storing computer instructions for causing a computer to perform the method of any one of the methods of the offline device-based file processing method of the first aspect.
According to a fifth aspect of the present disclosure, there is provided a computer program product comprising a computer program which, when executed by a processor, implements the method of any one of the offline device-based file processing methods of the first aspect.
In the embodiment of the disclosure, the operation steps can be simplified, and the technical effect of improving the processing efficiency is achieved.
It should be understood that the statements in this section do not necessarily identify key or critical features of the embodiments of the present disclosure, nor do they limit the scope of the present disclosure. Other features of the present disclosure will become apparent from the following description.
Drawings
The drawings are included to provide a better understanding of the present solution and are not to be construed as limiting the present disclosure. Wherein:
FIG. 1 is a flow chart of a method of file processing based on an offline device according to an embodiment of the present disclosure;
FIG. 2 is a flow chart of a file processing method based on an offline device according to a preferred embodiment of the present disclosure;
FIG. 3 is a schematic structural diagram of a file processing apparatus based on an offline device according to an embodiment of the present disclosure;
FIG. 4 shows a schematic block diagram of an example electronic device 400 that may be used to implement embodiments of the present disclosure.
Detailed Description
Exemplary embodiments of the present disclosure are described below with reference to the accompanying drawings, in which various details of the embodiments of the disclosure are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the present disclosure. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
Fig. 1 is a flowchart of a file processing method based on an offline device according to an embodiment of the present disclosure, as shown in fig. 1, the method includes the following steps:
step S101, responding to an instruction of opening an encrypted file through a target application program, and acquiring an encrypted password adopted by the encrypted file, wherein the encrypted file is obtained by encrypting an original file through an original password, and the encrypted password is obtained by encrypting the original password through a preset public key.
In particular, the target application may be a specific application for opening the encrypted protected file when working on a designated offline device. The original password may be a plaintext password for decrypting the encrypted file. The encrypted password may be a ciphertext obtained by encrypting the original password by using a preset public key. The encryption password may be appended to the encrypted file and sent along with the file, i.e., the encryption password is bound to the encrypted file. When a user needs to use the encrypted file in the offline device, the encrypted file can be opened through the target application program, at this time, the target application program can acquire an instruction for opening the encrypted file, and in response to the instruction, the encrypted password attached to the encrypted file is read first. In addition, the information attached to the encrypted file is not limited to the encryption password, but may also include but is not limited to password valid information, so that the encrypted file cannot be decrypted after exceeding the validity period limited in the valid information.
In an alternative embodiment, any mature encryption algorithm may be used to encrypt the original file through the original password to obtain the encrypted file, for example, if the original file may be a single file, the binary data or text may be directly encrypted; the encrypted file may be a compressed file and may be encrypted using an encryption algorithm following within the compression protocol.
In an alternative embodiment, the binding of the encryption password to the encrypted file may include but is not limited to the following:
the first method is as follows: for a New Technology File System (NTFS), the encryption key may be written into the spare data stream of the File. The second method comprises the following steps: the encryption password may be written directly to the end of the file in binary form. The third method comprises the following steps: if the file is a compressed packet, the encryption password can be added to the compressed packet in the form of a file, but the file of the encryption password is not encrypted.
Step S102, obtaining a target private key corresponding to a preset public key based on the device information of the off-line device.
Specifically, the device information of the offline device may include, but is not limited to, a motherboard number, a system installation time, a hard disk number, and the like. The preset public key and the target private key may be an asymmetric key pair determined by combining the device information of the offline device, so that after the authorization certificate in the offline device is read, the feature code may be determined based on the device information of the offline device, and then the authorization certificate is decrypted by using the feature code to obtain the target private key corresponding to the preset public key. Wherein, the feature code includes but is not limited to: a board number, system installation time, a hard disk number, and the like, and a result obtained by a function operation thereof. The target private key may be a key for decrypting a file encrypted by the preset public key.
In an optional embodiment, the feature code extraction module is included in the target application program on the offline device, and is used for extracting the feature codes on the offline device, and the feature code extraction module must be issued with the target program, and in order to prevent the target program from being exposed, the feature code extraction module is generally implemented in languages such as C + + or Rust, and is directly compiled into machine code, so as to increase cracking cost. Meanwhile, the feature code extraction module carries out Hash calculation on the calling program when the feature code extraction module is called, and compares the Hash value with the built-in Hash, and if the Hash value is not matched, the calling is failed; if the hash values match, it may be invoked. The Hash calculation may include, but is not limited to, for example, a Message Digest Algorithm (Message-Digest Algorithm, MD5 for short) or SHA256(Secure Hash Algorithm 256), where SHA256 is a Message Digest Algorithm with a Message Digest length of 256.
And S103, decrypting the encrypted password by using the target private key to obtain an original password.
Specifically, the target private key is stored in a memory of the offline device, and after the private key is obtained, the private key can be used to decrypt an encrypted password encrypted by using a preset public key, so as to obtain an original password. It should be noted that the original password is a plaintext password.
And step S104, decrypting the encrypted file by using the original password to obtain the original file.
Specifically, the encrypted file is decrypted by the original password, it should be noted that, because the encryption mode is different, the corresponding decryption mode may also be different, and here, the decryption mode for decryption depends on the encryption mode of the encrypted file.
It should be noted that the encrypted password, the target private key, and the original password all belong to sensitive information, and can only be stored in the memory of the offline device in the whole process, and transmission or persistence in any form cannot be performed.
In the above embodiment, the present disclosure may obtain the encrypted password from the encrypted file through the target application program, obtain the target private key based on the offline device information, decrypt the encrypted password by using the target private key to obtain the original password, and decrypt the encrypted file by using the principle password to obtain the original file. It is easy to notice that this disclosure can utilize the target application program to carry out decryption processing to the encrypted file in response to the instruction of opening the encrypted file through the target application program, need not user manual input password, has solved complex operation, leads to the lower technical problem of treatment effeciency, and then has reached the technological effect who improves treatment effeciency. In addition, in the method provided by the disclosure, the user does not need to know the original password, the risk of artificial leakage is reduced, and the technical effect of improving the safety is achieved.
Optionally, based on the device information of the offline device, the obtaining of the target private key corresponding to the preset public key includes: extracting a feature code of the off-line equipment based on the equipment information of the off-line equipment; reading a target certificate stored in the offline device, wherein the target certificate is obtained by encrypting a target private key through a feature code; and decrypting the target certificate by using the feature code to obtain a target private key.
Specifically, the device information may include, but is not limited to, a motherboard number, a system installation time, a hard disk number, and the like of the offline device. The feature code may include, but is not limited to, a motherboard number, a system installation time, a hard disk number, and other information, and a result obtained by performing a function operation on the information. The target certificate can be obtained by encrypting the feature code by using a target private key at the server side, and then the certificate is transmitted to the offline device in any form, and encryption transmission is not needed in the transmission process. And then, decrypting the target certificate by using the feature code to obtain a target private key.
In the above optional embodiment, the private key is obtained from the authorization certificate encrypted by the feature code, so that the original file can be obtained only when the target application program, the encrypted file and the offline device are provided, and therefore, if the target certificate is leaked in the transmission process, the original file is difficult to obtain by other people because the encrypted file is stored in the offline device, and further, the technical effect of improving the security is achieved.
Optionally, before responding to the instruction of opening the encrypted file by the target application, the method further includes: extracting a feature code of the off-line equipment through the target equipment; uploading the feature code to a target server through target equipment, wherein the target server is used for encrypting a target private key based on the feature code to generate a target certificate; receiving a target certificate returned by a target server through target equipment; the target certificate is stored to the offline device by the target device.
Specifically, the target device may be a device for extracting a feature code of the offline device, and may be connected to the offline device and the target server. The target equipment encrypts the feature code in an asymmetric encryption mode after acquiring the equipment information of the off-line equipment and generating the feature code based on the equipment information, transmits the acquired ciphertext to the target server, decrypts the ciphertext by using a corresponding private key to obtain the feature code, and encrypts the target private key by using the feature code to generate the target certificate. Then, the target certificate is transmitted to the offline device in any transmission form. In an alternative embodiment, the target certificate returned by the target server may be accepted by the target device, and then the target device may transmit the authorization certificate to the offline device.
It should be noted that after the offline device obtains the target certificate, the connection with the target device is disconnected.
In the optional embodiment, after the offline device acquires the target certificate, the connection with the target device is disconnected, so that the feature code of the offline device is prevented from being extracted through the target device under the condition that other people acquire the target device, the possibility of leakage of the feature code is reduced, and the technical effect of improving the safety is achieved.
Optionally, in a case that the target device includes a first device and a second device, the first device is configured to extract the feature code, and the second device is configured to upload the feature code to the target server, receive a target certificate returned by the target server, and store the target certificate to the offline device.
Specifically, the first device may be configured to extract a feature code of the offline device, but is not connected to the target server, extract the feature code from the first device, encrypt the feature code by using an asymmetric encryption algorithm, obtain a ciphertext, transmit the ciphertext to the second device, transmit the ciphertext to the target server, receive a target certificate returned by the server, and store the certificate in the offline device.
In the optional embodiment, the first device for extracting the feature code is not connected with the server, so that the possibility of leakage of the feature code is further reduced, and the technical effect of improving the safety is further achieved.
Optionally, the feature code is transmitted encrypted by the target device.
Specifically, the feature code may be encrypted in an asymmetric encryption manner, and then a ciphertext obtained by the encryption may be used for transmission.
In the optional embodiment, encryption transmission is adopted, so that the technical effect of improving the safety is achieved.
Optionally, the extracting the feature code of the offline device includes: performing hash calculation on the target application program to obtain a target hash value of the target application program; matching the target hash value with a preset hash value of the target application program, wherein the preset hash value is stored in the offline device; and in response to the successful matching of the target hash value and the preset hash value, extracting the feature code of the offline equipment.
Specifically, a preset hash value is built in the target application program, in the decryption process, after the hash value built in the feature extraction module in the application program is obtained in the target application program, an operation is performed based on the hash value, for example, MD5 or SHA256, to obtain a target hash value, and the hash value is matched with the preset hash value, and if the matching is successful, the extraction of the offline device feature code may be continued.
In the optional embodiment, the target application program is verified by using the algorithm, so that the possibility that other personnel also obtain the original data if the feature extraction module is leaked is reduced, and the technical effect of improving the safety is further achieved.
Optionally, before extracting the feature code of the offline device, the method further includes: obtaining the effective time corresponding to the encrypted file; verifying the effective time to obtain a verification result of the effective time, wherein the verification result is used for representing whether the effective time exceeds the preset time; and in response to the verification result that the valid time does not exceed the preset time, extracting the feature code.
Specifically, the valid time may be information attached to the original file during encryption, which represents the valid time of the encrypted file, and the encrypted file cannot be decrypted after the valid time is exceeded. And acquiring real-time, if the real-time does not exceed the effective time, passing the verification, and if the real-time exceeds the effective time, failing to pass the verification and failing to decrypt the encrypted file.
In the above optional embodiment, the encrypted file is verified in combination with the valid time, and after the valid time is exceeded, the encrypted file cannot be decrypted, so that the technical effect of improving the security is achieved.
Optionally, the encrypted password, the target private key, and the original password are stored in a memory of the offline device.
In particular, since the encrypted password, the target private key and the original password are all sensitive information, they must not be transmitted or persisted in any way in order to be revealed.
In the optional embodiment, the sensitive information is stored in the memory, so that the possibility of sensitive information leakage is further reduced, and the technical effect of improving the safety is further achieved.
Optionally, the encryption password used for obtaining the encrypted file includes at least one of the following: extracting an encryption password from a preset data stream of the encrypted file; extracting an encryption password from the tail of the encrypted file; and extracting the encryption password from the compression packet in which the encryption file is positioned.
In particular, for new technology file systems, the encryption password may be written into the alternate data stream of the file. The encryption password may be written directly to the end of the file in binary form. If the file is a compressed packet, the encryption password can be added to the compressed packet in the form of a file, but the file of the encryption password is not encrypted.
In the optional embodiment, a plurality of encryption modes are provided, so that the technical effect of improving the applicability is achieved.
In a preferred embodiment, as shown in fig. 2, the device including the feature code extraction module is connected to the offline-operation device, or the feature code extraction module is installed on the offline-operation device, so as to extract the device feature code. If the feature code extraction module and the certificate granting module belong to the same program on the same device, the extracted feature codes can be directly encrypted and uploaded to a server; if the two modules are separated on different devices, the feature codes are required to be encrypted and transmitted to prevent the feature codes from being leaked. The encrypted transmission can adopt asymmetric encryption, namely, the feature code extraction module encrypts the feature code by using a public key and then outputs an encryption result to the certificate granting module. And after receiving the feature code, the server for authorization uses the feature code to symmetrically encrypt the authorization private key, and the encrypted data is an authorization certificate. The encrypted authorization private key will be used for decryption of the encrypted file encryption password. After receiving the authorization certificate returned by the server, the certificate granting module can place the certificate in any transmission form into the offline operation equipment, namely, the certificate deployment is completed. The transmission process does not need encryption, and because the authorization certificate is bound with the specified offline working equipment, adverse effects can not be caused even if the authorization certificate is leaked.
According to an embodiment of the present disclosure, an embodiment of a file processing apparatus based on an offline device is also provided, and a specific implementation manner in this embodiment is similar to or the same as that in the foregoing embodiment as an alternative embodiment, and details are not repeated here.
Fig. 3 is a schematic structural diagram of a file processing apparatus based on an offline device according to an embodiment of the present disclosure, and as shown in fig. 3, the apparatus includes:
and a password obtaining module 31, configured to obtain an encrypted password used by the encrypted file in response to an instruction to open the encrypted file through the target application, where the encrypted file is obtained by encrypting the original file through the original password, and the encrypted password is obtained by encrypting the original password through a preset public key.
The private key obtaining module 32 is configured to determine a target private key corresponding to the preset public key based on the device information of the offline device.
And the password decryption module 33 is configured to decrypt the encrypted password with the target private key to obtain an original password.
And the file decryption module 34 is configured to decrypt the encrypted file with the original password to obtain the original file.
In the above embodiment, the present disclosure may obtain the encrypted password from the encrypted file through the target application program, obtain the target private key based on the offline device information, decrypt the encrypted password by using the target private key to obtain the original password, and decrypt the encrypted file by using the principle password to obtain the original file. It is easy to notice that this disclosure can utilize the target application program to carry out decryption processing to the encrypted file in response to the instruction of opening the encrypted file through the target application program, need not user manual input password, has solved complex operation, leads to the lower technical problem of treatment effeciency, and then has reached the technological effect who improves treatment effeciency. In addition, in the device that this disclosure provided, the user need not to know original password, has reduced the risk of artificially revealing, has reached the technological effect who improves the security.
Optionally, the private key obtaining module includes: the feature code extraction unit is used for extracting the feature code of the off-line equipment based on the equipment information of the off-line equipment; the certificate reading unit is used for reading a target certificate stored in the off-line equipment, wherein the target certificate is obtained by encrypting a target private key through a feature code; and the key decryption unit is used for decrypting the target certificate by using the feature code to obtain a target private key.
Optionally, the apparatus further comprises: the feature code extraction module is also used for extracting the feature codes of the off-line equipment through the target equipment; the system comprises a feature code uploading module, a target server and a feature code processing module, wherein the feature code uploading module is used for uploading a feature code to the target server through target equipment, and the target server is used for encrypting a target private key based on the feature code to generate a target certificate; the certificate receiving module is used for receiving a target certificate returned by the target server through the target equipment; and the certificate storage module is used for storing the target certificate to the offline equipment through the target equipment.
Optionally, in a case that the target device includes a first device and a second device, the first device is configured to extract the feature code, and the second device is configured to upload the feature code to the target server, receive a target certificate returned by the target server, and store the target certificate to the offline device.
Optionally, the feature code is transmitted encrypted by the target device.
Optionally, the feature code extracting unit includes: the hash calculation subunit is used for performing hash calculation on the target application program to obtain a target hash value of the target application program; the hash matching sub-unit is used for matching the target hash value with a preset hash value of the target application program, wherein the preset hash value is stored in the off-line equipment; and the feature code extraction subunit is used for responding to the successful matching of the target hash value and the preset hash value and extracting the feature code of the off-line equipment.
Optionally, the apparatus further comprises: the time acquisition module is used for acquiring the effective time corresponding to the encrypted file; the time verification module is used for verifying the effective time to obtain a verification result of the effective time, wherein the verification result is used for representing whether the effective time exceeds the preset time; the feature code extraction unit is further used for extracting the feature code in response to the verification result that the valid time does not exceed the preset time.
Optionally, the encrypted password, the target private key, and the original password are stored in a memory of the offline device.
Optionally, the encryption password used for obtaining the encrypted file includes at least one of the following: extracting an encryption password from a preset data stream of the encrypted file; extracting an encryption password from the tail of the encrypted file; and extracting the encryption password from the compression packet in which the encryption file is positioned.
The present disclosure also provides an electronic device, a readable storage medium, and a computer program product according to embodiments of the present disclosure.
FIG. 4 shows a schematic block diagram of an example electronic device 400 that may be used to implement embodiments of the present disclosure. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular phones, smart phones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be examples only, and are not meant to limit implementations of the disclosure described and/or claimed herein.
As shown in fig. 4, the apparatus 400 includes a computing unit 401 that can perform various appropriate actions and processes according to a computer program stored in a Read Only Memory (ROM)402 or a computer program loaded from a storage unit 408 into a Random Access Memory (RAM) 403. In the RAM 403, various programs and data required for the operation of the device 400 can also be stored. The computing unit 401, ROM 402, and RAM 403 are connected to each other via a bus 404. An input/output (I/O) interface 405 is also connected to bus 404.
A number of components in device 400 are connected to I/O interface 405, including: an input unit 406 such as a keyboard, a mouse, or the like; an output unit 407 such as various types of displays, speakers, and the like; a storage unit 408 such as a magnetic disk, optical disk, or the like; and a communication unit 409 such as a network card, modem, wireless communication transceiver, etc. The communication unit 409 allows the device 400 to exchange information/data with other devices via a computer network, such as the internet, and/or various telecommunication networks.
Computing unit 401 may be a variety of general and/or special purpose processing components with processing and computing capabilities. Some examples of the computing unit 401 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various dedicated Artificial Intelligence (AI) computing chips, various computing units running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, and so forth. The computing unit 401 executes the respective methods and processes described above, for example, a file processing method based on an offline device. For example, in some embodiments, an offline device-based file processing method may be implemented as a computer software program tangibly embodied in a machine-readable medium, such as storage unit 408. In some embodiments, part or all of the computer program may be loaded and/or installed onto the device 400 via the ROM 402 and/or the communication unit 409. When loaded into RAM 403 and executed by computing unit 401, may perform one or more of the steps of an offline device-based file processing method described above. Alternatively, in other embodiments, the computing unit 401 may be configured to perform an offline device-based file processing method by any other suitable means (e.g., by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuitry, Field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), system on a chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
Program code for implementing the methods of the present disclosure may be written in any combination of one or more programming languages. These program codes may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the program codes, when executed by the processor or controller, cause the functions/operations specified in the flowchart and/or block diagram to be performed. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), Wide Area Networks (WANs), and the Internet.
The computer system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server may be a cloud server, a server of a distributed system, or a server with a combined blockchain.
It should be understood that various forms of the flows shown above may be used, with steps reordered, added, or deleted. For example, the steps described in the present disclosure may be executed in parallel, sequentially, or in different orders, as long as the desired results of the technical solutions disclosed in the present disclosure can be achieved, and the present disclosure is not limited herein.
The above detailed description should not be construed as limiting the scope of the disclosure. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present disclosure should be included in the scope of protection of the present disclosure.

Claims (17)

1. A file processing method based on offline equipment comprises the following steps:
responding to an instruction of opening an encrypted file through a target application program, and acquiring an encrypted password adopted by the encrypted file, wherein the encrypted file is obtained by encrypting an original file through an original password, and the encrypted password is obtained by encrypting the original password through a preset public key;
acquiring a target private key corresponding to the preset public key based on the device information of the off-line device;
decrypting the encrypted password by using the target private key to obtain the original password;
and decrypting the encrypted file by using the original password to obtain the original file.
2. The method of claim 1, wherein obtaining the target private key corresponding to the preset public key based on the device information of the offline device comprises:
extracting a feature code of the off-line equipment based on the equipment information of the off-line equipment;
reading a target certificate stored in the offline device, wherein the target certificate is obtained by encrypting the target private key through the feature code;
and decrypting the target certificate by using the feature code to obtain the target private key.
3. The method of claim 2, further comprising, prior to responding to an instruction to open the encrypted file by a target application:
extracting the feature code of the off-line equipment through target equipment;
uploading the feature code to a target server through the target device, wherein the target server is used for encrypting the target private key based on the feature code to generate the target certificate;
receiving, by the target device, the target certificate returned by the target server;
storing, by the target device, the target certificate to the offline device.
4. The method of claim 3, wherein, in a case that the target device comprises a first device and a second device, the first device is configured to extract the feature code, and the second device is configured to upload the feature code to the target server, receive the target certificate returned by the target server, and store the target certificate to the offline device.
5. A method according to claim 3 or 4, wherein the feature code is transmitted encrypted by the target device.
6. The method of claim 2, wherein extracting the feature code of the offline device comprises:
performing hash calculation on the target application program to obtain a target hash value of the target application program;
matching the target hash value with a preset hash value of the target application program, wherein the preset hash value is stored in the offline device;
and in response to the fact that the target hash value is successfully matched with the preset hash value, extracting the feature code of the off-line equipment.
7. The method of claim 2, further comprising, prior to extracting the feature code of the offline device:
obtaining the effective time corresponding to the encrypted file;
verifying the effective time to obtain a verification result of the effective time, wherein the verification result is used for representing whether the effective time exceeds preset time;
and in response to the verification result that the valid time does not exceed the preset time, extracting the feature code.
8. The method of claim 1, wherein the encrypted password, the target private key, and the original password are stored in a memory of the offline device.
9. The method according to any one of claims 1 to 8, wherein the encryption password used for obtaining the encrypted file comprises at least one of:
extracting the encrypted password from a preset data stream of the encrypted file;
extracting the encrypted password from the tail of the encrypted file;
and extracting the encryption password from the compression packet in which the encryption file is located.
10. An offline device-based file processing apparatus, comprising:
the password acquisition module is used for responding to an instruction of opening an encrypted file through a target application program and acquiring an encrypted password adopted by the encrypted file, wherein the encrypted file is obtained by encrypting an original file through an original password, and the encrypted password is obtained by encrypting the original password through a preset public key;
the private key acquisition module is used for determining a target private key corresponding to the preset public key based on the equipment information of the off-line equipment;
the password decryption module is used for decrypting the encrypted password by using the target private key to obtain the original password;
and the file decryption module is used for decrypting the encrypted file by using the original password to obtain the original file.
11. The apparatus of claim 10, wherein the private key acquisition module comprises:
a feature code extracting unit, configured to extract a feature code of the offline device based on the device information of the offline device;
the certificate reading unit is used for reading a target certificate stored in the offline device, wherein the target certificate is obtained by encrypting the target private key through the feature code;
and the key decryption unit is used for decrypting the target certificate by using the feature code to obtain the target private key.
12. The apparatus of claim 11, further comprising:
the feature code extraction module is further used for extracting the feature code of the off-line equipment through the target equipment;
the feature code uploading module is used for uploading the feature code to a target server through the target device, wherein the target server is used for encrypting the target private key based on the feature code to generate the target certificate;
the certificate receiving module is used for receiving the target certificate returned by the target server through the target equipment;
and the certificate storage module is used for storing the target certificate to the offline equipment through the target equipment.
13. The apparatus of claim 11, wherein the feature code extraction unit comprises:
the hash calculation subunit is configured to perform hash calculation on the target application program to obtain a target hash value of the target application program;
a hash matching subunit, configured to match the target hash value with a preset hash value of the target application, where the preset hash value is stored in the offline device;
and the feature code extraction subunit is used for responding to the successful matching of the target hash value and the preset hash value and extracting the feature code of the off-line equipment.
14. The apparatus of claim 11, further comprising:
the time acquisition module is used for acquiring the effective time corresponding to the encrypted file;
the time verification module is used for verifying the effective time to obtain a verification result of the effective time, wherein the verification result is used for representing whether the effective time exceeds preset time;
the feature code extracting unit is further configured to extract the feature code in response to the verification result being that the valid time does not exceed the preset time.
15. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-8.
16. A non-transitory computer readable storage medium having stored thereon computer instructions for causing the computer to perform the method of any one of claims 1-8.
17. A computer program product comprising a computer program which, when executed by a processor, implements the method according to any one of claims 1-8.
CN202111537845.0A 2021-12-15 2021-12-15 File processing method and device based on offline device and electronic device Pending CN114239014A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111537845.0A CN114239014A (en) 2021-12-15 2021-12-15 File processing method and device based on offline device and electronic device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111537845.0A CN114239014A (en) 2021-12-15 2021-12-15 File processing method and device based on offline device and electronic device

Publications (1)

Publication Number Publication Date
CN114239014A true CN114239014A (en) 2022-03-25

Family

ID=80847133

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111537845.0A Pending CN114239014A (en) 2021-12-15 2021-12-15 File processing method and device based on offline device and electronic device

Country Status (1)

Country Link
CN (1) CN114239014A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115174195A (en) * 2022-06-30 2022-10-11 中国第一汽车股份有限公司 Database file processing method, encryption terminal and decryption terminal

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115174195A (en) * 2022-06-30 2022-10-11 中国第一汽车股份有限公司 Database file processing method, encryption terminal and decryption terminal

Similar Documents

Publication Publication Date Title
CN115795513A (en) File encryption method, file decryption method, file encryption device, file decryption device and equipment
CN114363088B (en) Method and device for requesting data
CN113630412B (en) Resource downloading method, resource downloading device, electronic equipment and storage medium
CN111181920A (en) Encryption and decryption method and device
CN114139176A (en) Industrial internet core data protection method and system based on state secret
CN112987942B (en) Method, device and system for inputting information by keyboard, electronic equipment and storage medium
CN114239014A (en) File processing method and device based on offline device and electronic device
CN115442164B (en) Multi-user log encryption and decryption method, device, equipment and storage medium
CN114363094B (en) Data sharing method, device, equipment and storage medium
CN114884714B (en) Task processing method, device, equipment and storage medium
CN113794706B (en) Data processing method and device, electronic equipment and readable storage medium
CN109936448A (en) A kind of data transmission method and device
CN113422832B (en) File transmission method, device, equipment and storage medium
CN115484080A (en) Data processing method, device and equipment of small program and storage medium
CN112825093A (en) Security baseline checking method, host, server, electronic device and storage medium
CN112565156A (en) Information registration method, device and system
CN114024780B (en) Node information processing method and device based on Internet of things equipment
CN114282237B (en) Communication method, device, equipment and storage medium
CN115580489B (en) Data transmission method, device, equipment and storage medium
CN112615712B (en) Data processing method, related device and computer program product
US20190012469A1 (en) Data processing method and data processing system
CN117670341A (en) Authentication method, device, equipment and storage medium for payment terminal
CN113783705A (en) Zero knowledge proof method, verification terminal, equipment and storage medium of key
CN117375814A (en) Data storage method, device, system, equipment and storage medium
CN115296825A (en) Authentication method based on random number, first terminal, device and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination