CN114896608A - Method, medium and device for realizing hardware password interface by adopting go language - Google Patents
Method, medium and device for realizing hardware password interface by adopting go language Download PDFInfo
- Publication number
- CN114896608A CN114896608A CN202210247172.3A CN202210247172A CN114896608A CN 114896608 A CN114896608 A CN 114896608A CN 202210247172 A CN202210247172 A CN 202210247172A CN 114896608 A CN114896608 A CN 114896608A
- Authority
- CN
- China
- Prior art keywords
- language
- data
- key
- interface
- pointer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Abstract
The invention discloses a method, a storage medium and a device for realizing a hardware password interface by adopting a go language, wherein the method comprises the following steps: calling a C language interface through a go language interface, starting the password equipment, generating and outputting a key negotiation parameter after a session handle is established with the equipment, and requesting the password equipment to generate and output a key pair with a specified type and a specified modular length; performing signature operation on the data by using a private key; encrypting data by adopting a CBC mode, carrying out encryption operation on the data by using a public key, and storing an encrypted data ciphertext in a buffer pointer; carrying out decryption operation on the data ciphertext by using a private key, and outputting a plaintext; carrying out Hash (MAC) operation on the data, initializing hash operation, further inputting data plaintext operation for multi-packet hash, and returning the hash data after completion; and closing the session established with the password equipment, closing the password equipment and releasing the memory. The invention realizes that the go language level outputs hardware passwords to the outside so as to enhance the safety level of application.
Description
Technical Field
The invention belongs to the technical field of hardware password interfaces, and particularly relates to a method, a storage medium and a device for realizing a hardware asymmetric password interface by adopting a go language.
Background
The SDF interface (hardware cryptographic interface) standard is a specification about cryptographic device application interfaces specified in the national cryptographic industry standard GM/T0018 and 2012 "cryptographic device application interface specification".
The standard aims to specify a uniform application interface standard for service type password equipment under a public key password infrastructure application system framework, call the password equipment through the interface, provide basic password service for an upper layer and provide standard basis and guidance for development, use and detection of the type of password equipment.
At present, some encryptor manufacturers have started to support the SDF interface standard, which is an interface prototype for the C language, and cannot be directly called in other languages.
Therefore, a packaging method of an SDF interface based on a go language and a C language is needed, so that in a go language type application, an interface of the go language can be directly called to operate an encryption machine supporting the SDF interface standard, which is convenient for the application to realize a cryptographic system of the application and enhances the security level of the application.
Disclosure of Invention
Based on the background and the problems in the prior art, the invention proposes a method for realizing a hardware asymmetric password interface by adopting a go language, which can realize that the go language interface calls a C language interface to realize a hardware password interface, and realizes that a go language layer outputs a hardware password to the outside by calling the interface so as to enhance the safety level of application.
Additional advantages, objects, and features of the invention will be set forth in part in the description which follows and in part will become apparent to those having ordinary skill in the art upon examination of the following or may be learned from practice of the invention. To achieve these objects and other advantages and in accordance with the purpose of the invention, a method for implementing a hardware asymmetric cryptographic interface in a go language is provided, wherein a key pair comprises: one of an RSA key pair or an ECC key pair. The concrete implementation steps comprise:
calling a C language interface through a go language interface, starting the password equipment, establishing a session with the password equipment through the C language interface, connecting a dynamic link library to return a state code, and returning a session handle, namely Session handle and the state code;
after a session handle is established with the cryptographic equipment, a key negotiation parameter is generated and output, a session key is calculated according to the key negotiation parameter, the cryptographic equipment is requested to generate and output a key pair (comprising a public key and a private key) with a specified type and a specified modular length, and the session key is encrypted by the public key and then output; the key pair comprises an external key and an internal key, and the keys comprise a public key and a private key; the generating a session key and outputting the session key and the encrypted session key by using a public key comprises the following steps: one of encryption using an internal RSA public key, encryption using an external RSA public key, encryption using an internal ECC public key and encryption using an external ECC public key;
carrying out signature operation on the data by using a private key, storing the signed data into a buffer pointer, and carrying out verification operation on a signature value by using a public key;
encrypting data by adopting a CBC mode, importing a session key, decrypting by using a private key, returning a key handle, performing encryption operation on the data by using a public key, and storing an encrypted data ciphertext in a buffer pointer;
carrying out decryption operation on the data ciphertext by using a private key, and outputting a plaintext;
carrying out Hash (MAC) operation on the data, transmitting an algorithm identifier, a signature public key, a signature ID value and an ID length, initializing hash operation, further inputting data plaintext to operate multi-packet hash (a plurality of transaction data payment channels), and returning the hash data after completion;
calling a C language interface through a go language interface, connecting a dynamic connection library to return a state code, closing a session established with the password equipment, closing the password equipment and releasing the memory.
Further, the step of initiating the device or session includes: the password equipment adopts a go language interface to be in butt joint with a C language interface to start opening equipment, a dynamic connection library is triggered through the C language interface to open the password equipment, the handle and the state code of the password equipment are returned, and the state code is converted into error information.
Further, calculating the session key using an ECC key agreement algorithm, comprising: the negotiation initiator acquires the negotiation parameters and the negotiation handle returned by the responder, calculates a session key by using an SM2 algorithm, and simultaneously returns an ECC public key of a specified index position, a public key of a key pair (temporary ECC), the negotiation handle and the session key handle.
Further, a go language interface is adopted to generate a key pair, and the specific implementation steps comprise:
the cipher equipment adopts a go language interface to butt joint a C language interface to open up a memory space for the public key, and a public key pointer returns to the go language interface;
generating a key pair, and transmitting a session handle, a key module length and a key pair pointer;
triggering the dynamic link library to produce a key pair through the C language interface, and returning the filled key pair and the state code;
and copying the information of the key pair to a memory space of the go language through a go language interface, and destroying the memory space opened up for the key pair in the C language.
Further, before signing, input data is a hash value of the data to be signed, an SM2 algorithm is used for preprocessing the data to be signed, one of an external ECC private key and an internal ECC private key is used for signing, and a session handle, a private key index value or a private key pointer, an input data length and an output signature value data are transmitted by calling a go language interface.
Furthermore, the encryption operation opens up a memory space for the ciphertext data in the C language through a go language interface, the C language interface returns a ciphertext data pointer to the go language interface, the public key structure content is copied to the C language memory space, a public key pointer is returned to the go language interface, the public key is adopted for encryption, a session handle, an algorithm identifier and a public key pointer are transmitted, a data pointer and a data length are input, a ciphertext data pointer is output, and the C language interface calls a dynamic connection library to return the filled ciphertext data and the state code.
Further, the decryption implementation step includes:
starting a go language interface to open up a memory space for plaintext data in a C language interface, and returning a plaintext data pointer;
opening up a memory space for the length of the plaintext data in the C language interface, and returning a pointer of the length of the plaintext data;
copying the content of the private key structure to the memory space of the C language interface, and returning a pointer of the private key structure;
a private key is called to decrypt the data, a session handle and an algorithm identifier are transmitted, a ciphertext data pointer is input, and a plaintext data pointer and a plaintext data length pointer are output;
calling a dynamic link library by the C language interface to start the SDF interface decryption, and returning the filled plaintext data, the plaintext data length and the state code;
copying plaintext data information to a memory space of the go language interface by the go language interface;
and the Go language interface initiates destruction of a memory space opened up for the plaintext data, the plaintext data length and the private key in the C language interface.
Further, the initializing the hash operation by calling the C language interface through the go language interface by the hash operation first includes: and transmitting the session handle, the algorithm identifier, the signer public key, the signer ID and the signer ID length, then performing multi-packet hash operation, transmitting the session handle, the data pointer and the data length, and finally ending the hash operation, and transmitting the session handle, the hash data pointer and the hash data length pointer.
In another aspect, the invention proposes a computer-readable storage medium storing a computer program which, when executed by a processor, implements the method and steps of any of the above.
In a third aspect, the present invention provides an apparatus for implementing a hardware asymmetric cryptographic interface in a go language, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor can implement any one of the above methods and steps when executing the computer program.
The invention at least comprises the following beneficial effects: the encryption is realized through hardware encryption, so that the application encryption is safer, and meanwhile, the encryption method adopts go language to realize the SDF hardware password interface, directly calls the go language interface to operate the encryption machine supporting the SDF interface standard, and is convenient for application and realization of the own password system. By connecting the C language interface and the dynamic connection library, the technical bottleneck that the go language layer cannot directly call the SDF interface is broken through, and the safety level of application is enhanced.
Drawings
FIG. 1 is a general flow chart of a go language implementation hardware cryptographic interface of the present invention;
FIG. 2 is a flow chart of ECC key generation according to the present invention;
FIG. 3 is a flow chart of the signature verification of the present invention;
FIG. 4 is a flow chart of the signature verification process of the present invention
FIG. 5 is a flow chart of encryption and decryption according to the present invention;
fig. 6 is a decryption flowchart of the present invention.
Detailed Description
In order to clearly illustrate the present invention and make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention are clearly and completely described below with reference to the drawings in the embodiments of the present invention, so that those skilled in the art can implement the technical solutions in reference to the description text. The technology of the present invention will be described in detail below with reference to the accompanying drawings in conjunction with specific embodiments.
Name interpretation:
MAC: message Authentication Code, Message Hash Authentication Code, Authentication protocol based on Hash algorithm of the key;
and (3) CBC: cipher Block Chaining, a Cipher Block Chaining mode, which is to cut a plaintext into a plurality of small sections, perform XOR operation on each small section and an initial Block or a ciphertext section of a previous section, and then encrypt the small sections and a secret key.
The invention provides a packaging method for an SDF interface based on a go language and a C language, so that in the application of a go language type, the go language interface can be directly called to operate an encryption machine supporting the SDF interface standard, the application is convenient to realize a password system, and the safety level of the application is enhanced. The encryption, decryption, signature and signature verification of the present invention can adopt encryption methods such as RSA and ECC, etc., and the following description of the present invention takes ECC algorithm as an example to illustrate the specific implementation mode of the present invention.
Specific example 1:
fig. 1 shows a general flowchart of a go language implementation hardware cryptographic interface according to an implementation form of the present invention, and according to the general flowchart, the implementation steps of the present invention include:
step 1: calling a C language interface through a go language interface, starting an open device (C.SDF _ Opendevice) by the password device by adopting a go language to connect the C language interface, triggering a dynamic connection library through the C language interface to open the password device (SDF _ Opendevice), returning a handle (device handle) and a state code of the password device, converting the state code into error information, starting the password device, establishing a session with the password device through the C language interface, connecting the dynamic connection library to return the state code, and returning a Session handle and the state code;
step 2: after a session handle is established with the device, a key negotiation parameter is generated and output, a session key is calculated according to the key negotiation parameter by using an ECC key negotiation algorithm, a negotiation initiator acquires a negotiation parameter and a negotiation handle returned by a responder, a session key is calculated by using an SM2 algorithm, an ECC public key at a specified index position, a public key of a temporary ECC key pair, the negotiation handle and the session key handle are returned at the same time, and the cryptographic device is requested to generate and output a key pair (including a public key and a private key) with a specified type and a specified modular length, as shown in fig. 2, the key pair includes: one of RSA key pair or ECC key pair, which is output after encrypting the session key by public key, includes: one of using internal RSA public key encryption, using external RSA public key encryption, using internal ECC public key encryption, and using external ECC public key encryption. The key pair includes an external key and an internal key, the keys including a public key and a private key. The method comprises the following specific implementation steps of generating a key pair by adopting a go language:
s21: the cipher equipment adopts go language to connect with C language interface to open up memory space (RSArefpublickey or ECCrefpublickey) for public key, and the public key pointer returns to go language interface;
s22: generating a key pair, (c.sdf _ GenerateKeyPair RSA or c.sdf _ GenerateKeyPair ECC) incoming session handle and key modulo length and key pair pointer (RSArefPublickey pointer or eccenfpublickey pointer, rsaeffpublickey pointer or eccenfprivatekey pointer);
s23: triggering a dynamic link library to produce a key pair (SDF _ Generation KeyPair _ RSA SDF _ Generation KeyPair _ ECC) through a C language interface, and returning a filled key pair (RSArefpublickey or ECCrefpublicKey, RSArefprivateKey or ECCrefprivateKey), wherein the key pair comprises an RSA or ECC public key, a private key and a state code;
s24: copying the information of a key pair (RSArefPublicKey or ECCrefPublicKey, RSArefPrivateKey or ECCrefPrivateKey) to a go language memory space through a go language interface, and destroying the memory space opened up for the key pair (RSArefPublicKey or ECCrefPublicKey, RSArefPrivateKey or ECCrefPrivateKey) in the C language.
Step 3: the input data is a hash value of the data to be signed, the data to be signed is preprocessed by using an SM2 algorithm, one of an external ECC private key and an internal ECC private key is adopted for signing, a go language interface is called to transmit a session handle, a private key index value or a private key pointer, an input data length and an output signature value data, as shown in FIG. 3, the private key is used for carrying out signature operation on the data, the signed data is stored in a buffer area pointer, a public key is used for carrying out verification operation on the signature value, and the signature verification process is shown in FIG. 4;
step 4: importing a session key, decrypting the session key by using a private key, returning a key handle, performing encryption operation on data by using a public key, opening up a memory space (pucEncData and public key encrypted data) for the ciphertext data in a C language through a go language interface, returning a ciphertext data pointer (pucEncData pointer) to the go language interface through the C language interface, copying the content of a public key structure (external ECC public key structure pucPublicKey) to the memory space of the C language, returning a public key pointer to the go language interface, performing encryption (external key ECC public key encryption, C.SDF _ external encrypt _ ECC) by using the public key, importing the session handle, an algorithm identifier, a public key pointer (external pucPublicKey pointer), inputting a data pointer and a data length, outputting a ciphertext data pointer, and calling a dynamic link library by the C language interface to return filling data (pucEncData) and a state code as shown in FIG. 5. Storing the encrypted data ciphertext in a buffer pointer;
step 5: as shown in fig. 6, the data cipher text is decrypted by using a private key, and a plaintext is output; wherein the decryption implementation step comprises:
s51: starting a go language interface to open up a memory space for plaintext data (pucData) in a C language interface, and returning a plaintext data pointer (pucData pointer);
s52: opening up a memory space for a plaintext data length (pucDataLength) in a C language interface, and returning a plaintext length (pucDataLength) pointer;
s53: copying the content of a private key structure (pucPrivateKey) to a memory space of a C language interface, and returning a pointer of the private key structure;
s54: calling a private key to decrypt the data (C.SDF _ ExternalDecrypt _ ECC), transmitting a session handle and an algorithm identifier, inputting an m ciphertext data pointer, and outputting a plaintext data pointer and a plaintext data length pointer;
s55: calling a dynamic link library by a C language interface to start SDF interface decryption (SDF _ Encrypt), and returning filled pucData, pucDataLength and state codes;
s56: copying pucData information to a memory space of the go language interface by the go language interface;
s57: and initiating destruction of the memory space opened for the pucData and the pucDataLength in the C language interface by the Go language interface.
Step 6: encrypting data by adopting a CBC mode, carrying out Hash (MAC) operation on the data, transmitting an algorithm identifier, a signature public key, a signature ID value and an ID length, initializing hash operation, further inputting data plaintext operation for multi-packet hash, and returning the hash data after the completion; the hash operation firstly calls a C language interface through a go language interface to initialize the hash operation (C _ SDF _ HashInit) comprises the following steps: the session handle, the algorithm identifier, the signer public key, the signer ID and the length of the signer ID are transmitted, then a multi-packet hash operation (C _ SDF _ HashUpdate) is carried out, the session handle, the data pointer and the data length are transmitted, finally, the hash operation (C.SDF _ HashFinal) is ended, and the session handle, the hash data pointer and the hash data length pointer are transmitted.
Step 7: calling a C language interface through a go language interface, connecting a dynamic connection library to return a state code, closing a session established with the password equipment, closing the password equipment and releasing the memory.
Example 2:
the invention is not limited to the whole implementation steps in the specific embodiment 1, all the steps can be used independently to form a corresponding matching scheme, and the method described by the steps of the invention is adopted to realize the calling of the hardware password interface by the encapsulation of the go language, and the method falls into the protection scope of the invention. Namely, the four steps of generating the key, signing and verifying the signature, encrypting and decrypting, and Hash operation can be parallel, as shown in fig. 1, the dotted line represents a step which may not be needed in some scenarios, wherein the Hash operation is used in the signing and verifying process, and the encrypting and decrypting can be separated. For example, during a certain cryptographic operation, the system already stores the generated key pair, and only needs to perform the encryption operation on the encrypted data, which can be accomplished by using Step1, Step5, and Step7 in embodiment 1 of the present invention. Therefore, only one of the signature, the signature verification, the encryption, the decryption and the digest calculation of the invention can be used in a specific application scene.
Because the method is basically similar to the method embodiment, the description is simple, and the relevant points can be referred to the partial description of the method embodiment.
Example 3:
the embodiment provides a computer-readable storage medium, where a computer program is stored, where the computer program, when executed by a processor, can implement the following method and steps, and the implementing step of the hardware asymmetric cryptographic interface using the go language includes:
calling a C language interface through a go language interface, starting the password equipment, establishing a session with the password equipment through the C language interface, connecting a dynamic connection library to return a state code, and returning a session handle and the state code;
after establishing a session handle with a cryptographic device, generating and outputting a key negotiation parameter, calculating a session key according to the key negotiation parameter, requesting the cryptographic device to generate and output a key pair with a specified type and a specified modular length, and encrypting and outputting the session key by using a public key;
carrying out signature operation on the data by using a private key, storing the signed data into a buffer pointer, and carrying out verification operation on a signature value by using a public key;
encrypting data by adopting a CBC mode, importing a session key, decrypting by using a private key, returning a key handle, performing encryption operation on the data by using a public key, and storing an encrypted data ciphertext in a buffer pointer;
carrying out decryption operation on the data ciphertext by using a private key, and outputting a plaintext;
carrying out hash operation on the data, transmitting an algorithm identifier, a signature public key, a signature ID value and an ID length, initializing hash operation, further inputting data plaintext operation for multi-packet hash, and returning hash data after completion;
calling a C language interface through a go language interface, connecting a dynamic connection library to return a state code, closing a session established with the password equipment, closing the password equipment and releasing the memory.
In one embodiment, the implementation of initiating a device or session, when the processor executes the computer program, comprises: the password equipment adopts a go language to connect with a C language interface to start opening equipment, triggers a dynamic connection library through the C language interface to open the password equipment, returns the password equipment handle and the state code, and converts the state code into error information.
In one embodiment, the processor, when executing the computer program, calculates the session key using an ECC key agreement algorithm, comprising: and the negotiation initiator acquires the negotiation parameters and the negotiation handle returned by the responder, calculates the session key by using an SM2 algorithm, and simultaneously returns an ECC public key of a specified index position, a public key of a key pair, the negotiation handle and the session key handle.
In one embodiment, when the processor executes the computer program, the key pair is generated in a go language, and the specific implementation steps include:
the cipher equipment adopts a go language to connect with a C language interface to open up a memory space for the public key, and a public key pointer returns to the go language interface;
generating a key pair, and transmitting a session handle, a key module length and a key pair pointer;
triggering the dynamic link library to produce a key pair through the C language interface, and returning the filled key pair and the state code;
copying the information of the key pair to a memory space of the go language through a go language interface, and destroying the memory space opened up for the key pair in the C language;
in one embodiment, the key pair, when the computer program is executed by the processor, comprises: one of an RSA key pair or an ECC key pair.
In one embodiment, the generating a session key and encrypting an output with a public key when a processor executes a computer program comprises: one of using internal RSA public key encryption, using external RSA public key encryption, using internal ECC public key encryption, and using external ECC public key encryption.
In one embodiment, when the processor executes the computer program, before the signing, the input data is a hash value of the data to be signed, the SM2 algorithm is used for preprocessing the data to be signed, one of an external ECC private key and an internal ECC private key is used for signing, and a session handle, a private key index value or a private key pointer, an input data length and an output signature value data are transmitted by calling a go language interface.
In one embodiment, when the processor executes the computer program, the encryption operation opens up a memory space for ciphertext data in a C language through a go language interface, the C language interface returns a ciphertext data pointer to the go language interface, the public key structure content is copied to the C language memory space, a public key pointer is returned to the go language interface, the public key is adopted for encryption, a session handle, an algorithm identifier and a public key pointer are transmitted, the data pointer and the data length are input, the ciphertext data pointer is output, and the C language interface calls a dynamic connection library to return filled ciphertext data and a state code.
In one embodiment, the decryption implementation step, when the computer program is executed by a processor, comprises:
starting a go language interface to open up a memory space for plaintext data in a C language interface, and returning a plaintext data pointer;
opening up a memory space for the length of the plaintext data in the C language interface, and returning a pointer of the length of the plaintext data;
copying the content of the private key structure to the memory space of the C language interface, and returning a pointer of the private key structure;
a private key is called to decrypt the data, a session handle and an algorithm identifier are transmitted, a ciphertext data pointer is input, and a plaintext data pointer and a plaintext data length pointer are output;
calling a dynamic link library by the C language interface to start the SDF interface decryption, and returning the filled plaintext data, the plaintext data length and the state code;
copying plaintext data information to a memory space of the go language interface by the go language interface;
and the Go language interface initiates destruction of a memory space opened up for the plaintext data and the plaintext data length in the C language interface.
In one embodiment, when the processor executes the computer program, the hash operation first calls the C language interface through the go language interface to initialize the hash operation, including: and transmitting the session handle, the algorithm identifier, the signer public key, the signer ID and the signer ID length, then performing multi-packet hash operation, transmitting the session handle, the data pointer and the data length, and finally ending the hash operation, and transmitting the session handle, the hash data pointer and the hash data length pointer.
Example 4:
the embodiment provides a device for realizing a hardware asymmetric password interface by adopting a go language, and the device can be a server or a mobile terminal. The apparatus is also a computer device comprising a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database is used for storing all data of the computer equipment. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a multi-chain compatible architecture building method.
For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.
The embodiments described above are presented to enable a person having ordinary skill in the art to make and use the invention. It will be readily apparent to those skilled in the art that various modifications to the above-described embodiments may be made, and the generic principles defined herein may be applied to other embodiments without the use of inventive faculty. Therefore, the present invention is not limited to the above embodiments, and those skilled in the art should make improvements and modifications to the present invention based on the disclosure of the present invention within the protection scope of the present invention.
Claims (12)
1. A method for realizing hardware asymmetric password interface by adopting go language is characterized by comprising the following concrete steps:
calling a C language interface through a go language interface, starting the password equipment, establishing a session with the password equipment through the C language interface, connecting a dynamic connection library to return a state code, and returning a session handle and the state code;
after establishing a session handle with a cryptographic device, generating and outputting a key negotiation parameter, calculating a session key according to the key negotiation parameter, requesting the cryptographic device to generate and output a key pair with a specified type and a specified modular length, and encrypting and outputting the session key by using a public key;
carrying out signature operation on the data by using a private key, storing the signed data into a buffer pointer, and carrying out verification operation on a signature value by using a public key;
encrypting data by adopting a CBC mode, importing a session key, decrypting by using a private key, returning a key handle, performing encryption operation on the data by using a public key, and storing an encrypted data ciphertext in a buffer pointer;
carrying out decryption operation on the data ciphertext by using a private key, and outputting a plaintext;
carrying out hash operation on the data, transmitting an algorithm identifier, a signature public key, a signature ID value and an ID length, initializing hash operation, further inputting data plaintext operation for multi-packet hash, and returning hash data after completion;
calling a C language interface through a go language interface, connecting a dynamic connection library to return a state code, closing a session established with the password equipment, closing the password equipment and releasing the memory.
2. The method for implementing hardware asymmetric cryptographic interface in go language according to claim 1, wherein the implementation steps of initiating device and session include: and adopting a go language interface to be in butt joint with a C language interface to start and open the password equipment, triggering a dynamic connection library through the C language interface to open the password equipment, returning the password equipment handle and the state code, and converting the state code into error information.
3. The method for implementing an asymmetric cryptographic interface in hardware using a go language according to claim 1, wherein calculating the session key using an ECC key agreement algorithm specifically includes: and the negotiation initiator acquires the negotiation parameters and the negotiation handle returned by the responder, calculates the session key by using an SM2 algorithm, and simultaneously returns the ECC public key of the specified index position, the public key of the temporary ECC key pair, the negotiation handle and the session key handle.
4. The method for realizing the hardware asymmetric cryptographic interface by adopting the go language according to claim 1, wherein the key pair is generated by adopting the go language interface, and the specific implementation steps comprise:
the cipher equipment adopts a go language interface to butt joint a C language interface to open up a memory space for the public key, and a public key pointer returns to the go language interface;
generating a key pair, and transmitting a session handle, a key modular length and a key pair pointer;
triggering the dynamic link library to produce a key pair through the C language interface, and returning the filled key pair and the state code;
and copying the information of the key pair to a memory space of the go language through a go language interface, and destroying the memory space opened up for the key pair in the C language.
5. The method for implementing hardware asymmetric cryptographic interface in go language according to claim 1 or 4, wherein the key pair comprises: one of an RSA key pair or an ECC key pair.
6. The method for implementing hardware asymmetric cryptographic interface in go language according to claim 1, wherein the generating a session key and outputting the session key and the session key with a public key encryption comprises: one of using internal RSA public key encryption, using external RSA public key encryption, using internal ECC public key encryption, and using external ECC public key encryption.
7. The method for realizing the hardware asymmetric cryptographic interface by adopting the go language as claimed in claim 1, wherein before signing, the input data is a hash value of the data to be signed, the data to be signed is preprocessed by using an SM2 algorithm, signing is carried out by adopting one of an external ECC private key and an internal ECC private key, and a session handle, a private key index value or a private key pointer, an input data length and an output signature value data are transmitted by calling the go language interface.
8. The method for realizing the hardware asymmetric cryptographic interface by adopting the go language according to claim 1, wherein the encryption operation opens up a memory space for the ciphertext data in the C language through the go language interface, the C language interface returns a ciphertext data pointer to the go language interface, copies the public key structure content to the C language memory space, returns a public key pointer to the go language interface, encrypts by adopting the public key, transmits a session handle, an algorithm identifier and a public key pointer, inputs a data pointer and a data length, outputs a ciphertext data pointer, and the C language interface calls a dynamic connection library to return the filling ciphertext data and a state code.
9. The method for implementing hardware asymmetric cryptographic interface in go language according to claim 1, wherein said decryption implementation step comprises:
starting a go language interface to open up a memory space for plaintext data in a C language interface, and returning a plaintext data pointer;
opening up a memory space for the length of the plaintext data in the C language interface, and returning a pointer of the length of the plaintext data;
copying the content of the private key structure to the memory space of the C language interface, and returning a pointer of the private key structure;
a private key is called to decrypt the data, a session handle and an algorithm identifier are transmitted, a ciphertext data pointer is input, and a plaintext data pointer and a plaintext data length pointer are output;
calling a dynamic link library by the C language interface to start the SDF interface decryption, and returning the filled plaintext data, the plaintext data length and the state code;
copying plaintext data information to a memory space of the go language interface by the go language interface;
and the Go language interface initiates destruction of a memory space opened up for the plaintext data and the plaintext data length in the C language interface.
10. The method for implementing hardware asymmetric cryptographic interface by using go language according to claim 1, wherein the hash operation first calls C language interface through go language interface to initialize hash operation, and the specific steps of the hash operation comprise: and transmitting the session handle, the algorithm identifier, the signer public key, the signer ID and the signer ID length, then performing multi-packet hash operation, transmitting the session handle, the data pointer and the data length, and finally ending the hash operation, and transmitting the session handle, the hash data pointer and the hash data length pointer.
11. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the method steps of one of claims 1 to 10.
12. An apparatus for implementing a hardware asymmetric cryptographic interface in a go language, comprising a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor implements the method steps of any one of claims 1 to 10 when executing the computer program.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2021105802441 | 2021-05-26 | ||
| CN202110580244.1A CN113254960A (en) | 2021-05-26 | 2021-05-26 | Method, medium and device for realizing hardware password interface by adopting go language |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114896608A true CN114896608A (en) | 2022-08-12 |
Family
ID=77184601
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110580244.1A Pending CN113254960A (en) | 2021-05-26 | 2021-05-26 | Method, medium and device for realizing hardware password interface by adopting go language |
| CN202210247172.3A Pending CN114896608A (en) | 2021-05-26 | 2022-03-14 | Method, medium and device for realizing hardware password interface by adopting go language |
Family Applications Before (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110580244.1A Pending CN113254960A (en) | 2021-05-26 | 2021-05-26 | Method, medium and device for realizing hardware password interface by adopting go language |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN113254960A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117592093A (en) * | 2024-01-19 | 2024-02-23 | 成都四方伟业软件股份有限公司 | File encryption method, decryption method, encryption device and decryption device |
-
2021
- 2021-05-26 CN CN202110580244.1A patent/CN113254960A/en active Pending
-
2022
- 2022-03-14 CN CN202210247172.3A patent/CN114896608A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117592093A (en) * | 2024-01-19 | 2024-02-23 | 成都四方伟业软件股份有限公司 | File encryption method, decryption method, encryption device and decryption device |
| CN117592093B (en) * | 2024-01-19 | 2024-04-05 | 成都四方伟业软件股份有限公司 | File encryption method, decryption method, encryption device and decryption device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113254960A (en) | 2021-08-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110380852B (en) | Bidirectional authentication method and communication system | |
| CN109462476B (en) | Key agreement method, device, terminal and computer readable storage medium | |
| JP5815294B2 (en) | Secure field programmable gate array (FPGA) architecture | |
| CN113612605B (en) | Method, system and equipment for enhancing MQTT protocol identity authentication by using symmetric cryptographic technology | |
| CN101409619B (en) | Flash memory card and method for implementing virtual special network key exchange | |
| CN107612889B (en) | Method for preventing user information leakage | |
| CN103166931A (en) | Method, device and system of transmitting data safely | |
| CN110889696A (en) | Storage method, device, equipment and medium for alliance block chain secret key based on SGX technology | |
| CN108599926B (en) | HTTP-Digest improved AKA identity authentication system and method based on symmetric key pool | |
| CN112672342B (en) | Data transmission method, device, equipment, system and storage medium | |
| CN112020038A (en) | Domestic encryption terminal suitable for rail transit mobile application | |
| CN106788960A (en) | A kind of method and device of key agreement | |
| CN107249002B (en) | Method, system and device for improving safety of intelligent electric energy meter | |
| CN111654503A (en) | Remote control method, device, equipment and storage medium | |
| CN111600948A (en) | Cloud platform application and data security processing method, system, storage medium and program based on identification password | |
| CN111224958A (en) | Data transmission method and system | |
| CN109309648B (en) | Information transmission method and equipment | |
| CN114896608A (en) | Method, medium and device for realizing hardware password interface by adopting go language | |
| CN112738101B (en) | Message processing method and device | |
| CN107104888B (en) | Safe instant messaging method | |
| CN116599719A (en) | User login authentication method, device, equipment and storage medium | |
| CN114785527B (en) | Data transmission method, device, equipment and storage medium | |
| CN114928503B (en) | Method for realizing secure channel and data transmission method | |
| CN112995210B (en) | Data transmission method and device and electronic equipment | |
| CN113422753B (en) | Data processing method, device, electronic equipment and computer storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |