CN114844640A - Encryption and decryption method based on RSA algorithm - Google Patents
Encryption and decryption method based on RSA algorithm Download PDFInfo
- Publication number
- CN114844640A CN114844640A CN202110137486.3A CN202110137486A CN114844640A CN 114844640 A CN114844640 A CN 114844640A CN 202110137486 A CN202110137486 A CN 202110137486A CN 114844640 A CN114844640 A CN 114844640A
- Authority
- CN
- China
- Prior art keywords
- authorization
- file
- private key
- key
- service system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/302—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3249—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
Abstract
The invention provides an encryption and decryption method based on an RSA algorithm, which comprises the following steps: the authorized party generates a public and private key, the authorized party stores the private key, and the public key is placed in the service system; step two: the authorization party encrypts the authorization information through a private key; step three: generating an authorization file from the encrypted ciphertext; step four: uploading the authorization file to a service system; step five: verifying and decrypting the authorization file through a public key in a service system; step six: obtaining authorization information in an authorization file; step seven: and performing service logic control according to the authorization information. The invention adopts an asymmetric encryption mode, increases the security and the non-tamper property of the authorization file, reduces the risk of disclosure by a public key mode and a private key mode, and meets the requirements of the security and the uniqueness of the authorization file.
Description
Technical Field
The invention relates to an encryption and decryption method based on an RSA algorithm, and belongs to the technical field of information security.
Background
At present, symmetric encryption algorithms such as DES and AES are used for encrypting and decrypting the authorization file. However, as the risk of information leakage gradually increases, the traditional symmetric encryption algorithm encrypts the authorization file, and if any end leaks the secret key, the authorization file becomes no longer secure. The prior art implementation is as follows:
encryption by an authorized party: get to a symmetric encryption key such as AES. And encrypting the authorization information to obtain a ciphertext, writing the ciphertext into the authorization file, and generating the authorization file.
And (3) decryption by the service system side: and the application system receives the authorization file, decrypts the ciphertext through the secret key, receives the decrypted authorization information and verifies the authorization information.
In any party of the method, the authorization information can be revealed or the authorization file can be imitated when the secret key is scattered or spread, and the safety cannot be guaranteed.
Disclosure of Invention
In order to solve the above problems, the present invention provides an encryption and decryption method based on RSA algorithm, the specific technical scheme is as follows,
an encryption and decryption method based on RSA algorithm comprises the following steps:
the method comprises the following steps: the authorized party generates a public and private key, the authorized party stores the private key, and the public key is placed in the service system;
step two: the authorization party encrypts the authorization information through a private key;
step three: generating an authorization file from the encrypted ciphertext;
step four: uploading the authorization file to a service system;
step five: verifying and decrypting the authorization file through a public key in a service system;
step six: obtaining authorization information in an authorization file;
step seven: and performing service logic control according to the authorization information.
Preferably, the specific method for the authorizer to generate the authorization file is as follows: loading the content of a private key file through FileInputStream in jdk1.8, generating an RSAPrivateKey object through the private key, then generating a Cipher object through a Cipher.
Further, the specific method for the service system to obtain the authorization information is as follows: key, and load to the memory of the business system, obtain the ciphertext content of the authorization file, load the public key file content through FileInputStream type in jdk1.8, generate RSAPublic Key object through the public key, then generate Cipher object through Cipher.
The invention uses RSA encryption mode to encrypt the authorization file, the RSA encryption is divided into public key and private key, the authorized party generates public and private key pair, the private key is held by the authorized file generating party. The public key is a public key as the name implies, and is generally placed in a service system without special confidentiality. The private key is used for encrypting the signature of the authorization file to ensure the source uniqueness of the authorization file, the public key is put into a business system, and the public and private keys are pairing keys. When the authorization file is signed with the private key, only the public key can be verified. The security and the uniqueness of the authorization file can be ensured as long as the private key is ensured not to be leaked. The asymmetric encryption mode increases the security and the non-tamper property of the authorization file, reduces the risk of disclosure by a public key mode and a private key mode, and meets the requirements of the security and the uniqueness of the authorization file.
Drawings
Fig. 1 is a flowchart of the encryption and decryption method based on RSA algorithm according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Abbreviations and key term definitions:
RSA: an asymmetric encryption algorithm. The RSA asymmetric encryption is divided into a public key and a private key, the private key is kept at an authorizer, and the public key is placed in a business system.
DES, AES: a symmetric encryption algorithm.
As shown in fig. 1, an encryption and decryption method based on RSA algorithm includes the following steps:
the method comprises the following steps: the authorization party generates a public and private key, the authorization party stores a private key, and the public key is placed in the service system;
step two: the authorization party encrypts the authorization information through a private key;
step three: generating an authorization file from the encrypted ciphertext;
step four: uploading the authorization file to a service system;
step five: verifying and decrypting the authorization file through a public key in a service system;
step six: obtaining authorization information in an authorization file;
step seven: and performing service logic control according to the authorization information.
The specific method for the authorization party to generate the authorization file comprises the following steps: loading the content of a private key file through FileInputStream in jdk1.8, generating an RSAPrivateKey object through the private key, then generating a Cipher object through a Cipher.
The specific method for the service system to obtain the authorization information comprises the following steps: key, and load to the memory of the business system, obtain the ciphertext content of the authorization file, load the public key file content through FileInputStream type in jdk1.8, generate RSAPublic Key object through the public key, then generate Cipher object through Cipher. And converting the authorization information into an authorization object, and performing logic processing of service authorization.
Specific examples are as follows: when a certain service system is deployed to a client site, a manufacturer is required to authorize the service system. The manufacturer firstly generates an RSA public and private key pair, a public key is placed in a service system, and a private key is stored in the manufacturer. After the service system is deployed, the service system can normally operate only if authorization is required. At this time, the manufacturer signs and encrypts the authorization information according to the private key of the manufacturer, writes the ciphertext into the authorization file, and sends the authorization file to the client. After the client receives the authorization file, the authorization file is uploaded to a service system, the service system receives the ciphertext in the authorization file, and verification and decryption are performed according to a public key in the service system, so that authorization information is obtained. And then the service system finds the conformity according to the authorization information, the service system can normally operate, otherwise, the service system does not normally operate.
In the process of generating the authorization file of the authorization party, the private key is used for carrying out signature encryption on the authorization file, in the process of authorization verification of the service system party, the public key is used for carrying out verification decryption, if the verification is passed, the authorization file is proved to be valid, and then service logic processing is carried out. The asymmetric encryption mode increases the security and the non-tamper property of the authorization file, reduces the risk of disclosure by a public key mode and a private key mode, and meets the requirements of the security and the uniqueness of the authorization file.
Although the present invention has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that modifications may be made to the embodiments described in the foregoing embodiments, or equivalents may be substituted for elements thereof.
Claims (3)
1. An encryption and decryption method based on RSA algorithm is characterized in that: the method comprises the following steps:
the method comprises the following steps: the authorized party generates a public and private key, the authorized party stores the private key, and the public key is placed in the service system;
step two: the authorization party encrypts the authorization information through a private key;
step three: generating an authorization file from the encrypted ciphertext;
step four: uploading the authorization file to a service system;
step five: verifying and decrypting the authorization file through a public key in a service system;
step six: obtaining authorization information in an authorization file;
step seven: and performing service logic control according to the authorization information.
2. An RSA algorithm based encryption and decryption method according to claim 1, characterized in that: the specific method for the authorization party to generate the authorization file comprises the following steps: loading the content of a private key file through FileInputStream in jdk1.8, generating an RSAPrivateKey object through the private key, then generating a Cipher object through a Cipher.
3. An RSA algorithm-based encryption and decryption method according to claim 2, characterized in that: the specific method for the service system to acquire the authorization information comprises the following steps: key, and load to the memory of the business system, obtain the ciphertext content of the authorization file, load the public key file content through FileInputStream type in jdk1.8, generate RSAPublic Key object through the public key, then generate Cipher object through Cipher.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110137486.3A CN114844640A (en) | 2021-02-01 | 2021-02-01 | Encryption and decryption method based on RSA algorithm |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110137486.3A CN114844640A (en) | 2021-02-01 | 2021-02-01 | Encryption and decryption method based on RSA algorithm |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114844640A true CN114844640A (en) | 2022-08-02 |
Family
ID=82560886
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110137486.3A Pending CN114844640A (en) | 2021-02-01 | 2021-02-01 | Encryption and decryption method based on RSA algorithm |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114844640A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116506188A (en) * | 2023-05-04 | 2023-07-28 | 北京众谊越泰科技有限公司 | Operation method and system of asymmetric encryption algorithm based on B/S architecture |
-
2021
- 2021-02-01 CN CN202110137486.3A patent/CN114844640A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116506188A (en) * | 2023-05-04 | 2023-07-28 | 北京众谊越泰科技有限公司 | Operation method and system of asymmetric encryption algorithm based on B/S architecture |
| CN116506188B (en) * | 2023-05-04 | 2024-03-29 | 北京众谊越泰科技有限公司 | Operation method and system of asymmetric encryption algorithm based on B/S architecture |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101651543B (en) | Creditable calculation platform key migration system and key migration method thereof | |
| CN109510708B (en) | Public key password calculation method and system based on Intel SGX mechanism | |
| JP4673890B2 (en) | How to transfer a certification private key directly to a device using an online service | |
| US6769060B1 (en) | Method of bilateral identity authentication | |
| CN110958219B (en) | SM2 proxy re-encryption method and device for medical cloud shared data | |
| CN104796265A (en) | Internet-of-things identity authentication method based on Bluetooth communication access | |
| CN103095456A (en) | Method and system for processing transaction messages | |
| US6718468B1 (en) | Method for associating a password with a secured public/private key pair | |
| CN111614621A (en) | Internet of things communication method and system | |
| CN104268447A (en) | Encryption method of embedded software | |
| US6704868B1 (en) | Method for associating a pass phase with a secured public/private key pair | |
| CN101651538A (en) | Method for safe transmission of data based on creditable password module | |
| CN110233729A (en) | A kind of encryption solid-state disk key management method based on PUF | |
| CN108551391B (en) | Authentication method based on USB-key | |
| US11870904B2 (en) | Method for encrypting and decrypting data across domains based on privacy computing | |
| CN114844640A (en) | Encryption and decryption method based on RSA algorithm | |
| KR101262844B1 (en) | Apparatus for relaying remote meter data for controlling network access and method thereof | |
| CN106953917A (en) | Method of data synchronization and system | |
| CN113114458A (en) | Encryption certificate generation method, decryption method, encryption certificate generation device, decryption device and encryption certificate system | |
| EP3185504A1 (en) | Security management system for securing a communication between a remote server and an electronic device | |
| JPH11231776A (en) | Method and device for issuing certificate | |
| US11928247B2 (en) | Methods and devices for AI model integrity and secrecy protection | |
| CN105049433A (en) | Identified card number information transmission verification method and system | |
| US11783057B2 (en) | Method for securely provisioning a device incorporating an integrated circuit without using a secure environment | |
| JP4000899B2 (en) | Cryptographic method with authentication, decryption method and device with authentication, program, and computer-readable recording medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |