CN115801321A - Data combination encryption method and device - Google Patents
Data combination encryption method and device Download PDFInfo
- Publication number
- CN115801321A CN115801321A CN202211289782.6A CN202211289782A CN115801321A CN 115801321 A CN115801321 A CN 115801321A CN 202211289782 A CN202211289782 A CN 202211289782A CN 115801321 A CN115801321 A CN 115801321A
- Authority
- CN
- China
- Prior art keywords
- data
- length
- encryption
- ciphertext
- packet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 40
- 230000015654 memory Effects 0.000 claims description 27
- 230000000295 complement effect Effects 0.000 description 12
- 238000004590 computer program Methods 0.000 description 9
- 230000008569 process Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application discloses a data encryption method and a device, wherein the method comprises the following steps: the first device receives a plurality of encryption requests from a plurality of second devices, the plurality of encryption requests respectively including data; the first equipment obtains a plurality of data packets according to data respectively included by the plurality of encryption requests, and the length of the plurality of data packets is the first data length; the first equipment combines a plurality of data packets to obtain data with a second data length; the first equipment complements codes for the data with the second data length according to the cipher grouping length to obtain the data with the third data length, and the first data length is integral multiple of the cipher grouping length; and the first equipment obtains ciphertext data corresponding to the data with the third data length. The method can improve the encryption performance of the first device.
Description
Technical Field
The embodiment of the application relates to the field of information security, in particular to a data combination encryption method and device.
Background
Currently, in the field of information security, an encryption device may encrypt data according to a block encryption mode. The data may include data of any data length. At present, for communication and other reasons, if the data length of the data is small, the encryption performance of the data by the encryption device is poor. And if the data length of the data is large, the encryption performance of the data by the encryption equipment is high.
Therefore, at present, the encryption performance of the encryption device for data with different data lengths is different, and the encryption performance is better when encrypting larger data, and the encryption performance is poorer when encrypting small data, and needs to be improved.
Disclosure of Invention
The embodiment of the application provides a data encryption method and device, which are used for improving the encryption performance of encryption equipment.
In a first aspect, an embodiment of the present application provides a data encryption method, including:
a first device receiving a plurality of encryption requests from a plurality of second devices, the plurality of encryption requests respectively including data; the first equipment obtains a plurality of data packets according to data respectively included by the plurality of encryption requests, wherein the length of the plurality of data packets is a first data length; the first device combines the plurality of data packets to obtain data of a second data length; the first equipment complements codes to the data with the second data length according to the cipher grouping length to obtain data with a third data length, wherein the first data length is an integral multiple of the cipher grouping length; and the first equipment acquires ciphertext data corresponding to the data with the third data length.
According to the method, the first equipment can combine a plurality of data to be encrypted, and the encryption performance of the encryption equipment is improved. In addition, according to the scheme, the complementary code does not need to be carried out on each data packet with the first data length according to the cipher packet length, and the encryption complexity can be reduced.
In one possible design, the obtaining, by the first device, a plurality of data packets according to data included in the plurality of encryption requests, respectively, includes: the first device determines the first data length according to the length of data respectively included by the multiple encryption requests and multiple alternative data lengths, wherein the multiple alternative data lengths include the first data length, and the multiple alternative data lengths are all integer multiples of the cipher packet length; and the first equipment complements the data respectively included by the plurality of encryption requests according to the first data length to obtain the plurality of data packets.
According to the design, the first device receives a plurality of encryption requests comprising data to be encrypted, and can perform complement according to the plurality of data to be encrypted so as to meet the requirement of data packet length.
In one possible design, the first device combines the plurality of data packets to obtain data of a second data length, including: and the first equipment connects the data in the data packets end to obtain the data with the second data length, wherein the second data length is equal to the integral multiple of the first data length.
According to the design, the first device combines a plurality of data packets with the first data length to obtain data with the second data length, and flexible determination of the data with the second data length is achieved.
In one possible design, the third data length is equal to the second data length plus the cipher block length.
According to the design, the first device combines a plurality of data with the data length of the second data length to obtain data with the data length of the third data length, and the data encryption efficiency can be improved.
In one possible design, the method further includes: the first device splits the ciphertext data into ciphertext data corresponding to the plurality of data packets according to the first data length and the cipher block length; and the first equipment sends the ciphertext data corresponding to the data packet and the initial vector value corresponding to the ciphertext data to the second equipment corresponding to each data packet.
According to the design, the first device can split the ciphertext data to obtain the ciphertext data corresponding to the plurality of data packets.
In one possible design, the method further includes: the first equipment sends the data with the third data length to encryption equipment; the obtaining, by the first device, ciphertext data corresponding to the data of the third data length includes: and the first equipment receives ciphertext data from the encryption equipment, wherein the ciphertext data is an encryption result of the data with the third data length.
According to the design, the first device sends the data with the third data length to the encryption device, and the encryption performance of the encryption device on the data is further improved.
In one possible design, each of the data packets corresponds to at least one encrypted packet, and the initial vector value is an initial value or determined according to ciphertext data corresponding to a last encrypted packet of a previous data packet.
According to the design, the same data and different ciphertexts corresponding to different initial vector values are different, and the safety of the cipher text data can be improved.
In a second aspect, an embodiment of the present application further provides a data encryption apparatus, which includes an obtaining module and a processing module. Wherein:
an obtaining module, configured to receive multiple encryption requests from multiple second devices, where the multiple encryption requests include data respectively; the processing module is used for obtaining a plurality of data packets according to data respectively included in the plurality of encryption requests, and the length of each data packet is a first data length; the processing module is further configured to combine the plurality of data packets to obtain data of a second data length; the processing module is further configured to complement the data with the second data length according to the cipher packet length to obtain data with a third data length, where the first data length is an integer multiple of the cipher packet length; the obtaining module is further configured to obtain ciphertext data corresponding to the data of the third data length.
In one possible design, the processing module is specifically configured to: determining the first data length according to the length of data respectively included by the plurality of encryption requests and a plurality of alternative data lengths, wherein the plurality of alternative data lengths include the first data length, and the plurality of alternative data lengths are integral multiples of the cipher packet length; and complementing the data respectively included in the plurality of encryption requests according to the first data length to obtain the plurality of data packets.
In one possible design, the processing module is specifically configured to: and connecting the data in the plurality of data packets end to obtain the data with the second data length, wherein the second data length is equal to the integral multiple of the first data length.
In one possible design, the third data length is equal to the second data length plus the cipher block length.
In one possible design, the processing module is further to: according to the first data length and the cipher block length, dividing the cipher text data into cipher text data respectively corresponding to the plurality of data packets; and sending ciphertext data corresponding to the data packet and the initial vector value corresponding to the ciphertext data to second equipment corresponding to each data packet.
In one possible design, the processing module is further to: sending the data with the third data length to an encryption device; the acquisition module is specifically configured to: and receiving ciphertext data from the encryption device, wherein the ciphertext data is an encryption result of the data with the third data length.
In one possible design, each of the data packets corresponds to at least one encrypted packet, and the initial vector value is an initial value or determined according to ciphertext data corresponding to a last encrypted packet of a previous data packet.
In a third aspect, this application further provides a computer-readable storage medium, where a computer program is stored in the computer-readable storage medium, and when the computer program is executed by a processor, the computer program implements the method according to the first aspect and any one of the designs thereof.
In a fourth aspect, this application further provides an electronic device, including a memory and a processor, where the memory stores a computer program executable on the processor, and when the computer program is executed by the processor, the processor is enabled to implement the method of the first aspect and any design thereof.
The technical effects of the second to fourth aspects and any design thereof can be referred to the technical effects of the corresponding design in the first aspect, and are not described herein again.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic flowchart of a data encryption method according to an embodiment of the present application;
fig. 2 is a schematic flowchart of another data encryption method according to an embodiment of the present application;
FIG. 3 is a schematic diagram of an apparatus according to an embodiment of the present disclosure;
fig. 4 is a schematic structural diagram of another apparatus provided in the embodiment of the present application.
Detailed Description
For the purpose of making the purpose, technical solutions and advantages of the present application clearer, the present application will be described in detail with reference to the accompanying drawings, and it should be understood that the described embodiments are only a part of the embodiments of the present application, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application. It should be understood that the specific methods of operation in the method embodiments described below may also be applied to either the apparatus embodiments or the system embodiments.
Currently, in the field of information security, an encryption device may encrypt data according to a block encryption mode. The packet encryption mode includes: cipher-block chaining (CBC). The cipher block chaining mode may handle data comprising any data length. Currently, when data includes data of different data lengths, there are differences in encryption performance of encryption devices for the data due to communications and other reasons. For example, when the data length of the data is large, the encryption performance of the data by the encryption device is high; when the data is small data, the small data represents data with the data length of single-digit bytes or ten-digit bytes, and the encryption performance of the encryption equipment on the data is low. Therefore, the encryption device has a problem that the encryption performance for the small data is low, and needs to be improved.
In order to solve the above problem, the present application provides a method for data combination encryption, so as to improve the encryption performance of an encryption device.
In the example of the application, a first device receives a plurality of encryption requests from a plurality of second devices, wherein the plurality of encryption requests respectively comprise data; the first device obtains a plurality of data packets according to data respectively included in the plurality of encryption requests, wherein the length of the plurality of data packets is a first data length; the first device combines the plurality of data packets to obtain data of a second data length; the first equipment complements codes for the data with the second data length according to the cipher grouping length to obtain data with a third data length, wherein the first data length is integral multiple of the cipher grouping length; and the first equipment obtains ciphertext data corresponding to the data with the third data length. The method can improve the encryption performance of the encryption equipment.
Fig. 1 schematically shows a flow chart of a data encryption method. Illustratively, the execution subject of the method is a first device and a second device. The first device may be an encryption server, and the second device may be an encryption client. The encryption client can be used for requesting to encrypt the data, so that the encryption client can send the data to be encrypted to the encryption server. In the application, the encryption server side can receive encryption requests from different encryption client sides, obtain data with a first data length according to data to be encrypted carried in the encryption requests, and generate combined data to be encrypted after combining a plurality of data with the first length. The encryption server can also obtain the encryption result corresponding to the combined data to be encrypted. The encryption server can combine a plurality of data to be encrypted, so that small data are prevented from being encrypted, and the encryption performance of the encryption equipment can be improved. It can be understood that the encryption server in the present application may be an encryption device, and may also be a device that communicates with or is used in cooperation with the encryption device, which is not particularly required.
Referring to the flow shown in fig. 1, taking the first device as an execution subject as an example, the method provided by the embodiment of the present application may include:
step 101, a first device receives a plurality of encryption requests from a plurality of second devices, wherein the plurality of encryption requests respectively comprise data.
For example, when there is a data encryption requirement, the plurality of second devices may respectively send an encryption request to the first device, where the encryption request corresponds to a plurality of data to be encrypted. Accordingly, the first device receives the encryption request sent by the second device, so that the data to be encrypted can be acquired. Optionally, the first device may further know respective data lengths of the plurality of data to be encrypted. Optionally, any data to be encrypted has any data length, such as a smaller data length, and the application does not make a specific requirement.
For example, the first device receives a plurality of encryption requests from a plurality of second devices, one encryption request corresponding to one data to be encrypted.
Step 102, the first device obtains a plurality of data packets according to data included in the plurality of encryption requests, respectively, where the length of the plurality of data packets is a first data length.
It is understood that the data packets and data may be interchanged in this application.
In this application, the first data length is one data length of a plurality of candidate data lengths. Wherein the plurality of candidate data lengths are integer multiples of the cipher block length. The cipher packet length is the length of the encryption packet supported by the encryption device. For example, the cipher block length is 16 bytes, which means that the encryption device encrypts data of 16 bytes as a group, and the lengths of the plurality of candidate data may be respectively integer multiples of 16 bytes.
For example, the first device may select the first data length from the alternative data lengths according to the data length of the data and the alternative data length. For example, if the cipher packet length is 16 bytes, the first data length may be 16 bytes when any data length to be encrypted is 13 bytes. In addition, when any data length to be encrypted is 29 bytes, the first data length may be 32 bytes.
Optionally, the first device may further complement the data according to the first data length to obtain a data packet with the first data length. The present application does not specifically require the manner in which the data of the first data length is obtained by complement.
And 103, combining the plurality of data packets by the first device to obtain data with a second data length.
Optionally, the plurality of data packets may be a plurality of data packets with a first data length obtained by the first device within a certain period of time. For example, the first device may start timing from an hour and regard a packet of the first data length obtained in each hour as a packet of the second data length. And/or the plurality of data packets may satisfy a certain number threshold, for example, the first device may perform step 103 after obtaining N data packets of the first data length, so as to combine the N data packets of the first data length to obtain data packets of the second data length. Wherein N is an integer greater than 1.
For example, the first device may end-to-end data corresponding to any two data packets to obtain data of the second data length. For example, the numbers of the multiple data packets are respectively number 1 to number 5, when a second data packet is obtained, the first device sequentially connects two adjacent data packets end to end according to the sequence of number 1 to number 5 to obtain data of the second data length, that is, the position of the data in the data packet of number 1 in the data of the second data length is located before the data of number 2, and the position of the data in the data packet of number 2 in the data of the second data length is located before the data of number 3, and so on, and no further description is given here.
Optionally, the first device may further determine the ordering of the plurality of data packets when obtaining the data of the second data length from the plurality of data packets. For example, in the above example, the first device may further store the order of the number 1 to the number 5, which indicates the positional relationship of the data of each packet in the data of the second data length.
And step 104, the first device complements the data with the second data length according to the cipher packet length to obtain data with a third data length, wherein the first data length is an integral multiple of the cipher packet length.
For example, the first device may splice data with a cipher block length and data with the second data length to obtain data with a third data length, so as to implement complementary coding.
For example, in step 102, assuming that the length of the cipher packet is 16 bytes, the first device selects 16 bytes from the alternative data lengths with lengths of 16 bytes, 32 bytes, and the like as a first data length, and performs complementary coding on the data to be encrypted according to the first data length to obtain a plurality of data packets, that is, data packets with data lengths of 16 bytes. In step 103, the first device may combine the N data packets with the first data length to obtain data with a second data length, in this example, 16 × N bytes. Therefore, in step 104, the first device may complement the data with the length of 16 × N bytes according to 16 bytes to obtain the data with the length of 16 × N (N + 1), where the third data length is 16 × N (N + 1) bytes. Where the symbol represents a multiplication operation.
Alternatively, in the data of the third data length, a 16-byte complement may be positioned after the data of the second data length.
It is to be understood that the third data length is determined according to the second data length and the cipher packet length, and is not limited to the above-exemplified values.
And 105, the first device obtains ciphertext data corresponding to the data with the third data length.
As an alternative implementation of step 105, as shown in fig. 2, if the first device does not include an encryption device, the first device may send the data of the third data length to the encryption device. And encrypting the data with the third data length by using encryption equipment to obtain ciphertext data corresponding to the data with the third data length. The encryption device may also transmit ciphertext data to the first device. Accordingly, the first device may obtain ciphertext data.
As another alternative implementation manner of step 105, the first device may be configured to implement a function of an encryption device, that is, the first device may encrypt data with a third data length to obtain the ciphertext data.
Based on the above steps 101 to 105, the first device may combine data included in the plurality of encryption requests according to the encryption requests from the plurality of second devices, and perform complement on the combined data to obtain ciphertext data corresponding to the complemented data. This scheme can avoid encrypting individual small data, and thus can provide the encryption performance of the encryption apparatus.
Optionally, the first device splits the ciphertext data corresponding to the data with the third data length into ciphertext data corresponding to the data with the second data length and ciphertext data corresponding to the data with the cipher block length according to the cipher block length.
It can be understood that, since the second data length is complemented according to the cipher block length in step 104, after obtaining the ciphertext data, the first device may delete the ciphertext data corresponding to the data of the cipher block length from the ciphertext data according to the cipher block length, and the remaining portion of the ciphertext data is the ciphertext data corresponding to the data of the second data length.
In addition, the first device may further split the remaining portion of the ciphertext data according to the first data length, so as to obtain ciphertext data corresponding to each encryption request (or data packet). And the ciphertext data corresponding to the encryption request is an encryption result corresponding to the data to be encrypted in the encryption request.
For example, the first device may split ciphertext data corresponding to the data of the second data length into multiple pieces of ciphertext data according to the first data length, where each piece of ciphertext data is ciphertext data corresponding to one encryption request. The first device may further determine ciphertext data corresponding to each data packet from the plurality of segments of ciphertext data according to the ordering of the data packets. The sequence of the data packets may be the sequence of the data packets when the first device obtains the second data packet by splicing the data packets in step 103 and obtains the data of the second data length according to the data packets.
For example, taking the third data length as 16 × N +1 bytes as an example, the ciphertext data has a length of 16 × N +1 bytes, where since the cipher packet has a length of 16 bytes, assuming that the 16 bytes of data used for the complement in step 104 are located at the last 16 bytes of the data with the third data length, the first device may disassemble the ciphertext data, delete the last 16 bytes of data of the ciphertext data from the ciphertext data, and obtain the ciphertext data corresponding to the data with the second data length (i.e., 16 × N bytes). Taking the first data length as 16 bytes as an example, the first device may further split the ciphertext data with the length of 16 × N bytes into N pieces of ciphertext data, where each piece of ciphertext data corresponds to one data packet of 16 bytes. The first device may further determine ciphertext data corresponding to each data packet according to the ordering of the 16-byte data packet in the data with the second data length and the ordering of the N segments of ciphertext data in the ciphertext data with the length of 16 × N bytes. For example, the 1 st 16-byte ciphertext data of the ciphertext data having the length of 16 × n bytes is the ciphertext data of the first packet of the data corresponding to the second data length.
Optionally, the first device may further determine, according to a correspondence between the data packet and the ciphertext data, a second device corresponding to the data to be encrypted in the data packet, and send the initial Vector value (or referred to as an IV value) corresponding to the ciphertext data and the ciphertext data to the second device.
Wherein the IV value may be used to decrypt the ciphertext data. For example, different ciphertexts can be obtained by adopting different IV values for the same data, so that the security of the cipher text data can be improved.
It should be understood that the decryption process of the first device in the present application may be performed according to the requirements of the second device.
For example, when ciphertext data needs to be decrypted, the second device may send the ciphertext data and the corresponding IV value to the first device, be decrypted by the first device, and send the decrypted data to the second device.
Optionally, the second device may decrypt the ciphertext data with the key and the IV value, and the key may be associated with a key for the encryption device to obtain the encrypted data. It is understood that the key is obtained in a manner not limited by the scope of the present application.
For example, for the first data packet in the data of the second data length, the corresponding IV value may be a set value, such as an initial IV value. For the ith data packet in the data of the second data length, the corresponding IV value may be determined according to the ciphertext data of the (i-1) th data packet in the data of the second data length, i =2, 3, … …, N.
For example, the IV value corresponding to the ith data packet may be data of the last cipher packet length of the cipher text data of the (i-1) th data packet, for example, the first data length is 32 bytes, the cipher packet length is 16 bytes, that is, the length of the cipher text data corresponding to each data packet is 32 bytes, and in the data of the second data length, the IV value corresponding to the 2 nd data packet may be the last 16 bytes of the cipher text data corresponding to the 1 st data packet. Or, the IV value corresponding to the ith data packet may be determined according to the initial IV value and the data of the last cipher packet length of the cipher text data of the (i-1) th data packet, and the determination manner may be that the initial IV value and the data of the last cipher packet length of the cipher text data of the (i-1) th data packet are subjected to xor processing, for example, along the above example, the IV value corresponding to the 2 nd data packet may be an xor calculation result of the initial IV value and the last 16 bytes of the cipher text data corresponding to the 1 st data packet. Similarly, the IV value corresponding to the ith packet may be determined according to the initial IV value and the ciphertext data of the (i-1) th packet, for example, determined through xor processing, which is not particularly required.
It is understood that if the ciphertext data is generated by the encryption device, the interaction process between the second device, the first device, and the encryption device is as shown in fig. 2. The second device in fig. 2 may be understood as one of a plurality of second devices, and thus, the flow illustrated in fig. 2 may be applied to the plurality of second devices.
Illustratively, the IV value may be used by the encryption client to decrypt ciphertext data. When the encryption client needs to decrypt the ciphertext data, the encryption server only needs to send the IV value and the ciphertext data to the encryption server, and the encryption server can decrypt the ciphertext data according to the IV value and the secret key K and send a decryption result to the encryption client.
It should be understood that the decryption process of the encryption server in the present application can be performed according to the requirements of the encryption client.
Based on the same technical concept, the present application exemplarily provides a data encryption apparatus, as shown in fig. 3, the apparatus including:
an obtaining module 301, configured to receive a plurality of encryption requests from a plurality of second devices, where the plurality of encryption requests respectively include data;
a processing module 302, configured to obtain a plurality of data packets according to data included in each of the plurality of encryption requests, where the length of each of the plurality of data packets is a first data length;
the processing module 302 is further configured to combine the plurality of data packets to obtain data of a second data length;
the processing module 302 is further configured to complement the data with the second data length according to the cipher packet length to obtain data with a third data length, where the first data length is an integer multiple of the cipher packet length;
the obtaining module 301 is further configured to obtain ciphertext data corresponding to the data with the third data length.
Optionally, the processing module 301 is further configured to: determining the first data length according to the length of data respectively included by the plurality of encryption requests and a plurality of alternative data lengths, wherein the plurality of alternative data lengths include the first data length, and the plurality of alternative data lengths are integral multiples of the cipher packet length; and complementing the data respectively included in the plurality of encryption requests according to the first data length to obtain the plurality of data packets.
Optionally, the processing module 302 is further configured to: and connecting the data in the data packets end to obtain the data with the second data length, wherein the second data length is equal to the integral multiple of the first data length.
Optionally, the third data length is equal to the second data length added to the cipher block length.
Optionally, the processing module 302 is further configured to: according to the first data length and the cipher block length, dividing the cipher text data into cipher text data respectively corresponding to the plurality of data packets; and sending ciphertext data corresponding to the data packet and an initial vector value corresponding to the ciphertext data to second equipment corresponding to each data packet.
Optionally, the processing module 302 is further configured to: sending the data with the third data length to an encryption device; the obtaining module 301 is specifically configured to: and receiving ciphertext data from the encryption device, wherein the ciphertext data is an encryption result of the data with the third data length.
Optionally, each data packet corresponds to at least one encrypted packet, and the initial vector value is an initial value or determined according to ciphertext data corresponding to a last encrypted packet of a previous data packet.
The electronic equipment is based on the same inventive concept as the method embodiment, and the embodiment of the application also provides the electronic equipment. The electronic device may be configured to perform the actions described in the method embodiments above. In this embodiment, the structure of the electronic device may be as shown in fig. 4, including a memory 401 and one or more processors 402.
A memory 401 for storing computer programs executed by the processor 402. The memory 401 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, a program required for running an instant messaging function, and the like; the storage data area can store various instant messaging information, operation instruction sets and the like.
The memory 401 may be a volatile memory (volatile memory), such as a random-access memory (RAM); the memory 401 may also be a non-volatile memory (non-volatile memory) such as, but not limited to, a read-only memory (rom), a flash memory (flash memory), a Hard Disk Drive (HDD) or a solid-state drive (SSD), or the memory 401 may be any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer. The memory 401 may be a combination of the above memories.
The processor 402 may include one or more Central Processing Units (CPUs), a digital processing unit, and the like. The processor 402 is configured to implement the above method when calling the computer program stored in the memory 401.
The specific connection medium between the memory 401 and the processor 402 is not limited in the embodiments of the present application. As an example, in fig. 4, the memory 401 and the processor 402 are connected by a bus 403, the bus 403 is shown by a thick line in fig. 4, and the connection manner between other components is merely illustrative and is not limited. The bus 403 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in FIG. 4, but this does not indicate only one bus or one type of bus.
Optionally, processor 402 may be used to perform the actions performed by any one or more of acquisition module 301 and processing module 302 above.
According to an aspect of the application, a computer program product or computer program is provided, comprising computer instructions, the computer instructions being stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the computer device executes the method in the above embodiment.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application.
Claims (9)
1. A method for data encryption, comprising:
a first device receiving a plurality of encryption requests from a plurality of second devices, the plurality of encryption requests respectively including data;
the first device obtains a plurality of data packets according to data respectively included in the plurality of encryption requests, wherein the length of the plurality of data packets is a first data length;
the first device combines the plurality of data packets to obtain data of a second data length;
the first equipment complements codes for the data with the second data length according to the cipher grouping length to obtain data with a third data length, wherein the first data length is integral multiple of the cipher grouping length;
and the first equipment obtains ciphertext data corresponding to the data with the third data length.
2. The method of claim 1, wherein obtaining, by the first device, a plurality of data packets based on data included in each of the plurality of encryption requests comprises:
the first device determines the first data length according to the length of data respectively included by the multiple encryption requests and multiple alternative data lengths, wherein the multiple alternative data lengths include the first data length, and the multiple alternative data lengths are all integer multiples of the cipher packet length;
and the first equipment complements the data respectively included by the plurality of encryption requests according to the first data length to obtain the plurality of data packets.
3. The method of claim 1, wherein the first device combining the plurality of data packets to obtain data of a second data length comprises:
and the first equipment connects the data in the data packets end to obtain the data with the second data length, wherein the second data length is equal to the integral multiple of the first data length.
4. The method of claim 1, wherein the third data length is equal to the second data length plus the cipher block length.
5. The method of any one of claims 1-4, wherein the method further comprises:
the first device splits the ciphertext data into ciphertext data corresponding to the plurality of data packets according to the first data length and the cipher block length;
and the first equipment sends the ciphertext data corresponding to the data packet and the initial vector value corresponding to the ciphertext data to the second equipment corresponding to each data packet.
6. The method of claim 5, wherein the method further comprises:
the first equipment sends the data with the third data length to encryption equipment;
the obtaining, by the first device, ciphertext data corresponding to the data of the third data length includes:
and the first equipment receives ciphertext data from the encryption equipment, wherein the ciphertext data is an encryption result of the data with the third data length.
7. The method of claim 5, wherein each of the data packets corresponds to at least one encrypted packet, and the initial vector value is an initial value or determined according to ciphertext data corresponding to a last encrypted packet of a previous data packet.
8. An electronic device, comprising a processor and a memory, wherein the memory stores program code which, when executed by the processor, causes the processor to perform the steps of the method of any of claims 1 to 7.
9. A computer-readable storage medium, characterized in that it comprises program code for causing an electronic device to perform the steps of the method of any one of claims 1 to 7, when said program code is run on the electronic device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211289782.6A CN115801321B (en) | 2022-10-20 | 2022-10-20 | Data combination encryption method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211289782.6A CN115801321B (en) | 2022-10-20 | 2022-10-20 | Data combination encryption method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115801321A true CN115801321A (en) | 2023-03-14 |
| CN115801321B CN115801321B (en) | 2023-11-14 |
Family
ID=85433365
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211289782.6A Active CN115801321B (en) | 2022-10-20 | 2022-10-20 | Data combination encryption method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115801321B (en) |
Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040153643A1 (en) * | 2002-11-25 | 2004-08-05 | Siemens Aktiengesellschaft | Method and system for encrypting transmissions of communication data streams via a packet-oriented communication network |
| US20080137851A1 (en) * | 2005-05-02 | 2008-06-12 | Nds Limited | Native Scrambling System |
| CN101355421A (en) * | 2008-09-25 | 2009-01-28 | 中国电信股份有限公司 | Method for adapting ciphering/deciphering data length of packet |
| CN101710964A (en) * | 2009-11-17 | 2010-05-19 | 深圳国微技术有限公司 | Method for enciphering and deciphering MPEG2 transport stream packets |
| CN101938350A (en) * | 2010-07-16 | 2011-01-05 | 黑龙江大学 | File encryption and decryption method based on combinatorial coding |
| CN102437910A (en) * | 2011-10-18 | 2012-05-02 | 国家超级计算深圳中心(深圳云计算中心) | Data encryption/decryption checking method and system |
| WO2015031949A1 (en) * | 2013-09-09 | 2015-03-12 | Newsouth Innovations Pty Limited | Data encryption process |
| CN105931445A (en) * | 2016-06-23 | 2016-09-07 | 威海市天罡仪表股份有限公司 | Anti-interference wireless M-Bus short-distance meter reading control method |
| CN109245881A (en) * | 2018-09-14 | 2019-01-18 | 杭州嘀嗒科技有限公司 | A kind of photograph video cloud encryption storage method |
| CN109510703A (en) * | 2018-11-23 | 2019-03-22 | 北京海泰方圆科技股份有限公司 | A kind of data encryption/decryption method and device |
| CN111191253A (en) * | 2019-05-17 | 2020-05-22 | 延安大学 | Data encryption combination method |
| CN111464564A (en) * | 2020-05-08 | 2020-07-28 | 郑州信大捷安信息技术股份有限公司 | Data high-speed encryption and decryption method and device based on symmetric cryptographic algorithm |
| CN112104454A (en) * | 2020-08-11 | 2020-12-18 | 东方红卫星移动通信有限公司 | Data secure transmission method and system |
| CN114826590A (en) * | 2022-05-19 | 2022-07-29 | 北京海泰方圆科技股份有限公司 | Packet mode encryption method, packet mode decryption method, packet mode encryption device, packet mode decryption device and packet mode decryption equipment |
-
2022
- 2022-10-20 CN CN202211289782.6A patent/CN115801321B/en active Active
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040153643A1 (en) * | 2002-11-25 | 2004-08-05 | Siemens Aktiengesellschaft | Method and system for encrypting transmissions of communication data streams via a packet-oriented communication network |
| US20080137851A1 (en) * | 2005-05-02 | 2008-06-12 | Nds Limited | Native Scrambling System |
| CN101355421A (en) * | 2008-09-25 | 2009-01-28 | 中国电信股份有限公司 | Method for adapting ciphering/deciphering data length of packet |
| CN101710964A (en) * | 2009-11-17 | 2010-05-19 | 深圳国微技术有限公司 | Method for enciphering and deciphering MPEG2 transport stream packets |
| CN101938350A (en) * | 2010-07-16 | 2011-01-05 | 黑龙江大学 | File encryption and decryption method based on combinatorial coding |
| CN102437910A (en) * | 2011-10-18 | 2012-05-02 | 国家超级计算深圳中心(深圳云计算中心) | Data encryption/decryption checking method and system |
| WO2015031949A1 (en) * | 2013-09-09 | 2015-03-12 | Newsouth Innovations Pty Limited | Data encryption process |
| CN105931445A (en) * | 2016-06-23 | 2016-09-07 | 威海市天罡仪表股份有限公司 | Anti-interference wireless M-Bus short-distance meter reading control method |
| CN109245881A (en) * | 2018-09-14 | 2019-01-18 | 杭州嘀嗒科技有限公司 | A kind of photograph video cloud encryption storage method |
| CN109510703A (en) * | 2018-11-23 | 2019-03-22 | 北京海泰方圆科技股份有限公司 | A kind of data encryption/decryption method and device |
| CN111191253A (en) * | 2019-05-17 | 2020-05-22 | 延安大学 | Data encryption combination method |
| CN111464564A (en) * | 2020-05-08 | 2020-07-28 | 郑州信大捷安信息技术股份有限公司 | Data high-speed encryption and decryption method and device based on symmetric cryptographic algorithm |
| CN112104454A (en) * | 2020-08-11 | 2020-12-18 | 东方红卫星移动通信有限公司 | Data secure transmission method and system |
| CN114826590A (en) * | 2022-05-19 | 2022-07-29 | 北京海泰方圆科技股份有限公司 | Packet mode encryption method, packet mode decryption method, packet mode encryption device, packet mode decryption device and packet mode decryption equipment |
Non-Patent Citations (2)
| Title |
|---|
| 吴伟民;李坚锐;林志毅;: "基于GPU的密文分组随机链接加密模式的研究", 计算机工程与科学, no. 01 * |
| 姚华桢,冯穗力,叶梧,谢杏: "流媒体信息加密与用户认证技术的实现", 中国有线电视, no. 01 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115801321B (en) | 2023-11-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108629027B (en) | User database reconstruction method, device, equipment and medium based on block chain | |
| KR102136904B1 (en) | Shared secret key generation device, encryption device, decryption device, shared secret key generation method, encryption method, decryption method, and program | |
| CN112202754B (en) | Data encryption method and device, electronic equipment and storage medium | |
| CN110768784B (en) | Password transmission method, device, computer equipment and storage medium | |
| US11196558B1 (en) | Systems, methods, and computer-readable media for protecting cryptographic keys | |
| CN114175572A (en) | System and method for performing equality and subordination operations on encrypted data using quasigroup operations | |
| CN114443718A (en) | Data query method and system | |
| Iavich et al. | Comparison and hybrid implementation of blowfish, twofish and rsa cryptosystems | |
| CN115603907A (en) | Method, device, equipment and storage medium for encrypting storage data | |
| JP5992651B2 (en) | ENCRYPTION METHOD, PROGRAM, AND SYSTEM | |
| US11411715B2 (en) | System and method for generating scalable group key based on homomorphic encryption with trust server | |
| CN112947967A (en) | Software updating method, block chain application store and software uploading terminal | |
| CN111931204A (en) | Encryption and de-duplication storage method and terminal equipment for distributed system | |
| CN115801321B (en) | Data combination encryption method and device | |
| CN113824713B (en) | Key generation method, system and storage medium | |
| CN115834113A (en) | OT communication method, OT communication device, electronic device, and storage medium | |
| CN115396179A (en) | Data transmission method, device, medium and equipment based on block chain | |
| CN115567263A (en) | Data transmission management method, data processing method and device | |
| CN115021919A (en) | SSL negotiation method, device, equipment and computer readable storage medium | |
| CN116866029B (en) | Random number encryption data transmission method, device, computer equipment and storage medium | |
| CN115563638B (en) | Data processing method, system, device and storage medium | |
| CN115955306B (en) | Data encryption transmission method and device, electronic equipment and storage medium | |
| CN115276961B (en) | Data processing method and device based on OT protocol | |
| CN114244515B (en) | Hypervisor-based virtual machine communication method and device, readable storage medium and electronic equipment | |
| KR102066487B1 (en) | Lightweight encryption algorithm security apparatus based on hardware authentication chip |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |