CN115801321B - Data combination encryption method and device - Google Patents
Data combination encryption method and device Download PDFInfo
- Publication number
- CN115801321B CN115801321B CN202211289782.6A CN202211289782A CN115801321B CN 115801321 B CN115801321 B CN 115801321B CN 202211289782 A CN202211289782 A CN 202211289782A CN 115801321 B CN115801321 B CN 115801321B
- Authority
- CN
- China
- Prior art keywords
- data
- length
- encryption
- ciphertext
- data length
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 39
- 230000000295 complement effect Effects 0.000 claims description 11
- 238000004590 computer program Methods 0.000 description 7
- 238000004891 communication Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000001737 promoting effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Abstract
The application discloses a data encryption method and a device, wherein the method comprises the following steps: the first device receives a plurality of encryption requests from a plurality of second devices, wherein the plurality of encryption requests respectively comprise data; the first device obtains a plurality of data packets according to data respectively included in the plurality of encryption requests, wherein the lengths of the plurality of data packets are the first data length; the first device combines the plurality of data packets to obtain data with a second data length; the first device complements the data with the second data length according to the password group length to obtain the data with the third data length, wherein the first data length is an integer multiple of the password group length; the first device obtains ciphertext data corresponding to the data of the third data length. The method can improve the encryption performance of the first equipment.
Description
Technical Field
The embodiment of the application relates to the field of information security, in particular to a data combination encryption method and device.
Background
Currently, in the field of information security, encryption devices may encrypt data according to a packet encryption mode. The data may comprise data of any data length. Currently, for communication and other reasons, if the data length of the data is small, the encryption performance of the encryption device needs to be poor for the data. If the data length of the data is more, the encryption performance of the encryption equipment on the data is higher.
Therefore, at present, the encryption performance of the encryption device for data with different data lengths is different, the encryption performance is better when encrypting larger data, and the encryption performance is worse when encrypting small data, so that improvement is needed.
Disclosure of Invention
The embodiment of the application provides a data encryption method and device, which are used for improving the encryption performance of encryption equipment.
In a first aspect, an embodiment of the present application provides a data encryption method, including:
the method comprises the steps that a first device receives a plurality of encryption requests from a plurality of second devices, wherein the plurality of encryption requests respectively comprise data; the first device obtains a plurality of data packets according to the data respectively included in the plurality of encryption requests, wherein the lengths of the plurality of data packets are the first data length; the first device combines the plurality of data packets to obtain data with a second data length; the first device complements the data with the second data length according to the password grouping length to obtain data with a third data length, wherein the first data length is an integer multiple of the password grouping length; and the first equipment obtains ciphertext data corresponding to the data with the third data length.
According to the method, the first device can combine a plurality of data to be encrypted, so that the encryption performance of the encryption device is improved. In addition, in the scheme, the data packet of each first data length does not need to be complemented according to the password block length, so that the encryption complexity can be reduced.
In one possible design, the first device obtains a plurality of data packets according to data included in the plurality of encryption requests, including: the first device determines the first data length according to the lengths of data and a plurality of alternative data lengths respectively included in the plurality of encryption requests, wherein the plurality of alternative data lengths include the first data length, and the plurality of alternative data lengths are all integer multiples of the cipher block length; and the first device complements the data respectively included in the plurality of encryption requests according to the first data length to obtain the plurality of data packets.
According to the design, the first device receives a plurality of encryption requests comprising data to be encrypted, and can complement codes according to the plurality of data to be encrypted to meet the requirement of the data packet length.
In one possible design, the first device combines the plurality of data packets to obtain data of a second data length, including: and the first equipment connects the data in the data packets end to obtain the data with the second data length, wherein the second data length is equal to the integral multiple of the first data length.
According to the design, the first device combines a plurality of data packets with the first data length to obtain the data with the second data length, so that the flexible determination of the data with the second data length is realized.
In one possible design, the third data length is equal to the second data length plus the cipher block length.
According to the design, the first device combines a plurality of data with the second data length to obtain the data with the third data length, so that the data encryption efficiency can be improved.
In one possible design, the method further comprises: the first device splits the ciphertext data into ciphertext data corresponding to the plurality of data packets respectively according to the first data length and the password group length; and the first device sends ciphertext data corresponding to the data packet and an initial vector value corresponding to the ciphertext data to the second device corresponding to each data packet.
According to the design, the first device can split the ciphertext data to obtain ciphertext data corresponding to the plurality of data packets.
In one possible design, the method further comprises: the first device sends the data with the third data length to an encryption device; the first device obtains ciphertext data corresponding to the data of the third data length, including: the first device receives ciphertext data from the encryption device, wherein the ciphertext data is an encryption result of the data with the third data length.
According to the design, the first device sends the data with the third data length to the encryption device, so that the encryption performance of the encryption device on the data is further improved.
In one possible design, each of the data packets corresponds to at least one encrypted packet, and the initial vector value is an initial value or is determined from ciphertext data corresponding to a last encrypted packet of a previous data packet.
According to the design, the same data and ciphertext corresponding to different initial vector values are different, so that the safety of ciphertext data can be improved.
In a second aspect, an embodiment of the present application further provides a data encryption device, including an acquisition module and a processing module. Wherein:
the system comprises an acquisition module, a storage module and a processing module, wherein the acquisition module is used for receiving a plurality of encryption requests from a plurality of second devices, and the plurality of encryption requests respectively comprise data; the processing module is used for obtaining a plurality of data packets according to the data respectively included in the plurality of encryption requests, and the lengths of the plurality of data packets are the first data length; the processing module is further configured to combine the plurality of data packets to obtain data with a second data length; the processing module is further configured to complement the data with the second data length according to a cipher block length, to obtain data with a third data length, where the first data length is an integer multiple of the cipher block length; the obtaining module is further configured to obtain ciphertext data corresponding to the data with the third data length.
In one possible design, the processing module is specifically configured to: determining the first data length according to the lengths of data and a plurality of alternative data lengths respectively included in the plurality of encryption requests, wherein the plurality of alternative data lengths include the first data length, and the plurality of alternative data lengths are all integer multiples of the cipher block length; and complementing the data respectively included in the plurality of encryption requests according to the first data length to obtain the plurality of data packets.
In one possible design, the processing module is specifically configured to: and connecting the data in the data packets end to obtain the data with the second data length, wherein the second data length is equal to the integral multiple of the first data length.
In one possible design, the third data length is equal to the second data length plus the cipher block length.
In one possible design, the processing module is further configured to: splitting the ciphertext data into ciphertext data corresponding to the plurality of data packets respectively according to the first data length and the password block length; and sending ciphertext data corresponding to the data packets and an initial vector value corresponding to the ciphertext data to second equipment corresponding to each data packet.
In one possible design, the processing module is further configured to: transmitting data of the third data length to an encryption device; the acquisition module is specifically configured to: and receiving ciphertext data from the encryption equipment, wherein the ciphertext data is an encryption result of the data with the third data length.
In one possible design, each of the data packets corresponds to at least one encrypted packet, and the initial vector value is an initial value or is determined from ciphertext data corresponding to a last encrypted packet of a previous data packet.
In a third aspect, embodiments of the present application further provide a computer readable storage medium having a computer program stored therein, which when executed by a processor, implements the method of the first aspect and any one of its designs.
In a fourth aspect, an embodiment of the present application further provides an electronic device, including a memory and a processor, where the memory stores a computer program executable on the processor, and when the computer program is executed by the processor, causes the processor to implement the method of the first aspect and any one of the designs thereof.
The technical effects of the second aspect to the fourth aspect and any one of the designs thereof may be referred to as the technical effects of the corresponding designs in the first aspect, and will not be described herein.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic flow chart of a data encryption method according to an embodiment of the present application;
fig. 2 is a flow chart of another data encryption method according to an embodiment of the present application;
FIG. 3 is a schematic diagram of a device according to an embodiment of the present application;
fig. 4 is a schematic diagram of another device structure according to an embodiment of the present application.
Detailed Description
For the purpose of promoting an understanding of the principles and advantages of the application, reference will now be made in detail to the drawings, in which embodiments of the application are illustrated, some but not all of which are illustrated. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application. It should be appreciated that the specific methods of operation described in the method embodiments described below may also be applied in device embodiments or system embodiments.
Currently, in the field of information security, encryption devices may encrypt data according to a packet encryption mode. The packet encryption mode includes: cipher block chaining mode (CBC). The cipher block chaining mode may handle data including any data length. Currently, for communication and other reasons, when data includes data of different data lengths, there is a difference in encryption performance of the data by an encryption device. For example, when the data length of the data is large, the encryption performance of the encryption device on the data is high; when the data is small data, the small data represents data with the data length of one-digit bytes or ten-digit bytes, and the encryption performance of the encryption equipment on the data is low. Therefore, the encryption device has a problem that the encryption performance for the small data is low, and needs to be improved.
In order to solve the above problems, the present application provides a method for encrypting data in combination, which is used for improving the encryption performance of an encryption device.
In the embodiment of the application, a first device receives a plurality of encryption requests from a plurality of second devices, wherein the plurality of encryption requests respectively comprise data; the first device obtains a plurality of data packets according to the data respectively included in the plurality of encryption requests, wherein the lengths of the plurality of data packets are the first data length; the first device combines the plurality of data packets to obtain data with a second data length; the first device complements the data with the second data length according to the password grouping length to obtain data with a third data length, wherein the first data length is an integer multiple of the password grouping length; and the first equipment obtains ciphertext data corresponding to the data with the third data length. The method can improve the encryption performance of the encryption equipment.
Fig. 1 shows a schematic flow chart of a data encryption method. Illustratively, the method is performed by a first device and a second device. The first device may be an encryption server, and the second device may be an encryption client. The encryption client may be used to request encryption of data so that the encryption client may send the data to be encrypted to the encryption server. In the application, the encryption server can receive encryption requests from different encryption clients, obtain data with a first data length according to the data to be encrypted carried in the encryption requests, and generate combined data to be encrypted after combining a plurality of data with the first length. The encryption server side can also obtain an encryption result corresponding to the combined data to be encrypted. The encryption server can combine a plurality of data to be encrypted, so that small data are prevented from being encrypted, and the encryption performance of the encryption equipment can be improved. It can be understood that the encryption server in the application can be an encryption device, and can also be a device which is communicated with or matched with the encryption device, and the specific requirement is not required.
Referring to the flow shown in fig. 1, taking the first device as an execution body as an example, the method provided by the embodiment of the application may include the following steps:
in step 101, a first device receives a plurality of encryption requests from a plurality of second devices, the plurality of encryption requests each including data.
For example, the plurality of second devices may send encryption requests to the first device when there is a data encryption requirement, where the encryption requests correspond to a plurality of data to be encrypted. Accordingly, the first device receives the encryption request sent by the second device, so that data to be encrypted can be obtained. Optionally, the first device may further learn respective data lengths of the plurality of data to be encrypted. Optionally, any data to be encrypted has any data length, such as a smaller data length, which is not specifically required by the present application.
For example, the first device receives a plurality of encryption requests from a plurality of second devices, one encryption request corresponding to one data to be encrypted.
Step 102, the first device obtains a plurality of data packets according to the data included in the plurality of encryption requests, where the lengths of the plurality of data packets are the first data length.
It is understood that the data packets and data in the present application may be interchanged.
In the present application, the first data length is one of a plurality of alternative data lengths. Wherein the plurality of alternative data lengths are integer multiples of the cipher block length. The cipher-block length is the length of the encrypted packet supported by the encryption device. For example, the cipher block length is 16 bytes, which means that the encryption device encrypts with 16 bytes of data as a group, and the multiple alternative data lengths may be integer multiples of 16 bytes, respectively.
For example, the first device may select the first data length from the alternative data lengths according to the data length of the data and the alternative data length. For example, if the cipher block length is 16 bytes, the first data length may be 16 bytes when any data length to be encrypted is 13 bytes. In addition, when any of the data lengths to be encrypted is 29 bytes, the first data length may be 32 bytes.
Optionally, the first device may further complement the data according to the first data length to obtain a data packet with the first data length. The application is not particularly limited to the manner in which the data of the first data length is obtained by the complement.
And 103, combining the plurality of data packets by the first device to obtain data with a second data length.
Alternatively, the plurality of data packets may be a plurality of data packets having a first data length obtained by the first device during a certain period of time. For example, the first device may start timing from the full point and take the data packet with the first data length obtained in each hour as the data packet with the second data length. And/or the plurality of data packets may satisfy a certain number threshold, for example, the first device may perform step 103 after each obtaining N data packets of the first data length, so as to combine the N data packets of the first data length to obtain a data packet of the second data length. Wherein N is an integer greater than 1.
The first device may end-to-end connect data corresponding to any two data packets, to obtain data with the second data length. For example, the numbers of the plurality of data packets are respectively numbered 1 to 5, when the second data packet is obtained, the first device sequentially connects two adjacent data packets end to end according to the order of numbered 1 to 5 to obtain the data with the second data length, that is, the position of the data in the data packet with the number 1 in the data with the second data length is located before the data with the number 2, the position of the data in the data packet with the number 2 in the data with the second data length is located before the data with the number 3, and so on, and will not be repeated.
Optionally, the first device may further store data of the second data length obtained from the plurality of data packets, and determine an ordering of the plurality of data packets. For example, in the above example, the first device may further store an order of numbers 1 to 5, which indicates a positional relationship of data of each packet among the data of the second data length.
Step 104, the first device complements the data with the second data length according to the cipher block length to obtain the data with the third data length, wherein the first data length is an integer multiple of the cipher block length.
For example, the first device may splice the data with the cipher block length with the data with the second data length to obtain data with the data length being the third data length, and implement the complement.
For example, in step 102, assuming that the cipher block length is 16 bytes, the first device selects 16 bytes from the candidate data lengths of 16 bytes, 32 bytes, and the like, as the first data length, and complements the data to be encrypted according to the first data length, so as to obtain a plurality of data packets, and thus, a data packet with a data length of 16 bytes is obtained. In step 103, the first device may combine N data packets with a first data length to obtain data with a second data length, which in this example is 16×n bytes. Therefore, in step 104, the first device may complement the data with a length of 16×n bytes according to 16 bytes to obtain data with a length of 16×n+1 bytes, where the third data length is 16×n+1 bytes. Wherein the symbols represent multiplication operations.
Alternatively, in the data of the third data length, the 16-byte complement may be located after the data of the second data length.
It will be appreciated that the third data length described above is determined from the second data length and the cipher block length, and is not limited to the values exemplified above.
Step 105, the first device obtains ciphertext data corresponding to the data with the third data length.
As an alternative implementation of step 105, as shown in fig. 2, the first device does not include an encryption device, and the first device may send the data with the third data length to the encryption device. And encrypting the data with the third data length by using encryption equipment to obtain ciphertext data corresponding to the data with the third data length. The encryption device may also send ciphertext data to the first device. Accordingly, the first device may obtain ciphertext data.
As another alternative implementation of step 105, the first device may be configured to implement the function of the encryption device, that is, the first device encrypts the data with the third data length to obtain the ciphertext data.
Based on the above steps 101 to 105, the first device may combine the data respectively included in the multiple encryption requests according to the encryption requests from the multiple second devices, and then complement the combined data to obtain ciphertext data corresponding to the complemented data. The scheme can avoid encrypting the single small data, and therefore can provide the encryption performance of the encryption device.
Optionally, the first device splits the ciphertext data corresponding to the data with the third data length into ciphertext data corresponding to the data with the second data length and ciphertext data corresponding to the data with the password group length according to the password group length.
It can be understood that, in step 104, the second data length is complemented according to the cipher block length, so after obtaining the ciphertext data, the first device may delete ciphertext data corresponding to the data of the cipher block length from the ciphertext data according to the cipher block length, and the remainder ciphertext data is ciphertext data corresponding to the data of the second data length.
In addition, the first device may split the rest of ciphertext data according to the first data length, to obtain ciphertext data corresponding to each encryption request (or data packet) respectively. The ciphertext data corresponding to the encryption request is an encryption result corresponding to the data to be encrypted in the encryption request.
In an exemplary embodiment, the first device may split ciphertext data corresponding to the data with the second data length into multiple pieces of ciphertext data according to the first data length, where each piece of ciphertext data is ciphertext data corresponding to one encryption request. The first device may further determine ciphertext data corresponding to each data packet from the plurality of pieces of ciphertext data according to the ordering of the data packets. The sequence of the data packets may be the sequence of the plurality of data packets when the first device concatenates the plurality of data packets to obtain the second data packet in step 103, and the second device obtains the data of the second data length according to the plurality of data packets.
For example, taking the example that the third data length is 16×n+1 bytes and the ciphertext data length is 16×n+1 bytes, where, because the cipher block length is 16 bytes, assuming that the 16-byte data used for the complement in step 104 is located at the last 16 bytes of the data of the third data length, the first device may disassemble the ciphertext data, and delete the last 16-byte data of the ciphertext data from the ciphertext data, to obtain ciphertext data corresponding to the data of the second data length (i.e., 16×n bytes). Taking the example that the first data length is 16 bytes, the first device may further split ciphertext data with a length of 16×n bytes into N pieces of ciphertext data, where each piece of ciphertext data corresponds to one data packet with 16 bytes. The first device may further determine ciphertext data corresponding to each data packet according to the ordering of the 16-byte data packets in the data with the second data length, and the ordering of the N-segment ciphertext data in the ciphertext data with the length of 16×n bytes. For example, the 1 st 16-byte ciphertext data of the 16×n-byte ciphertext data is ciphertext data of the first packet of the data corresponding to the second data length.
Optionally, the first device may further determine a second device corresponding to the data to be encrypted in the data packet according to a correspondence between the data packet and the ciphertext data, and send the ciphertext data and an initial vector value (Initialization Vector, IV) (or referred to as an IV value) corresponding to the ciphertext data to the second device.
Wherein the IV value may be used to decrypt ciphertext data. For example, different ciphertexts can be obtained by adopting different IV values for the same data, and the security of the ciphertexts data can be improved.
It should be understood that the decryption process of the first device in the present application may be performed according to the requirements of the second device.
For example, when ciphertext data needs to be decrypted, the second device may send the ciphertext data and the corresponding IV value to the first device, decrypt the ciphertext data by the first device, and send the decrypted data to the second device.
Alternatively, the second device may decrypt the ciphertext data via the key and the IV value, the key may be associated with a key that the encryption device obtained the encrypted data. It will be appreciated that the manner in which the key is obtained is not within the scope of the present application.
For example, for a first packet in the second data length data, the corresponding IV value may be a set value, such as an initial IV value. For the ith data packet in the data of the second data length, the IV value corresponding to the ith data packet may be determined according to the ciphertext data of the (i-1) th data packet in the data of the second data length, i=2, 3, … …, N.
For example, the IV value corresponding to the i-th packet may be the last cipher block length of the ciphertext data of the (i-1) -th packet, for example, the first data length is 32 bytes, the cipher block length is 16 bytes, that is, the length of the ciphertext data corresponding to each packet is 32 bytes, and the IV value corresponding to the 2 nd packet may be the last 16 bytes of the ciphertext data corresponding to the 1 st packet in the data of the second data length. Alternatively, the IV value corresponding to the i-th packet may be determined according to the initial IV value and the data of the last cipher block length of the ciphertext data of the (i-1) -th packet, and the determination manner may be that the initial IV value and the last cipher block length are subjected to exclusive-or processing, for example, the IV value corresponding to the 2 nd packet may be the exclusive-or calculation result of the last 16 bytes of the ciphertext data corresponding to the 1 st packet. Similarly, the IV value corresponding to the i-th packet may be determined according to the initial IV value and ciphertext data of the (i-1) -th packet, e.g., determined by exclusive or processing, which is not specifically required.
It will be appreciated that if ciphertext data is generated by an encryption device, the interaction between the second device, the first device and the encryption device is as shown in figure 2. The second device in fig. 2 may be understood as one of the plurality of second devices, and thus, the flow shown in fig. 2 may be applied to the plurality of second devices.
Illustratively, the IV value may be used by the encryption client to decrypt ciphertext data. When the encryption client needs to decrypt the ciphertext data, the encryption client only needs to send the IV value and the ciphertext data to the encryption server, and the encryption server can decrypt the ciphertext data according to the IV value and the key K and send a decryption result to the encryption client.
It should be understood that the decryption process of the encryption server of the present application may be performed according to the requirements of the encryption client.
Based on the same technical concept, the present application exemplarily provides a data encryption apparatus, as shown in fig. 3, including:
an obtaining module 301, configured to receive a plurality of encryption requests from a plurality of second devices, where the plurality of encryption requests respectively include data;
a processing module 302, configured to obtain a plurality of data packets according to data included in the plurality of encryption requests, where a length of the plurality of data packets is a first data length;
the processing module 302 is further configured to combine the plurality of data packets to obtain data with a second data length;
the processing module 302 is further configured to complement the data of the second data length according to a cipher block length, to obtain data of a third data length, where the first data length is an integer multiple of the cipher block length;
the obtaining module 301 is further configured to obtain ciphertext data corresponding to the data of the third data length.
Optionally, the processing module 301 is further configured to: determining the first data length according to the lengths of data and a plurality of alternative data lengths respectively included in the plurality of encryption requests, wherein the plurality of alternative data lengths include the first data length, and the plurality of alternative data lengths are all integer multiples of the cipher block length; and complementing the data respectively included in the plurality of encryption requests according to the first data length to obtain the plurality of data packets.
Optionally, the processing module 302 is further configured to: and connecting the data in the data packets end to obtain the data with the second data length, wherein the second data length is equal to the integral multiple of the first data length.
Optionally, the third data length is equal to the second data length plus the cipher block length.
Optionally, the processing module 302 is further configured to: splitting the ciphertext data into ciphertext data corresponding to the plurality of data packets respectively according to the first data length and the password block length; and sending ciphertext data corresponding to the data packets and an initial vector value corresponding to the ciphertext data to second equipment corresponding to each data packet.
Optionally, the processing module 302 is further configured to: transmitting data of the third data length to an encryption device; the obtaining module 301 is specifically configured to: and receiving ciphertext data from the encryption equipment, wherein the ciphertext data is an encryption result of the data with the third data length.
Optionally, each data packet corresponds to at least one encrypted packet, and the initial vector value is an initial value or is determined according to ciphertext data corresponding to a last encrypted packet of a previous data packet.
The embodiment of the application also provides electronic equipment based on the same conception as the embodiment of the method. The electronic device may be configured to perform the actions described in the method embodiments above. In this embodiment, the structure of the electronic device may include a memory 401 and one or more processors 402 as shown in FIG. 4.
A memory 401 for storing a computer program executed by the processor 402. The memory 401 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, a program required for running an instant communication function, and the like; the storage data area can store various instant messaging information, operation instruction sets and the like.
The memory 401 may be a volatile memory (RAM) such as a random-access memory (RAM); the memory 401 may also be a nonvolatile memory (non-volatile memory), such as a read-only memory, a flash memory (flash memory), a Hard Disk Drive (HDD) or a Solid State Drive (SSD), or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited thereto. Memory 401 may be a combination of the above.
The processor 402 may include one or more central processing units (central processing unit, CPU) or digital processing units, etc. The processor 402 is configured to implement the above method when invoking a computer program stored in the memory 401.
The specific connection medium between the memory 401 and the processor 402 is not limited in the embodiment of the present application. As an example, the embodiment of the present application is shown in fig. 4, where the memory 401 and the processor 402 are connected by a bus 403, and the bus 403 is shown in fig. 4 with a thick line, and the connection between other components is merely illustrative, and not limited to the above. The bus 403 may be classified into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in fig. 4, but not only one bus or one type of bus.
Optionally, the processor 402 may be used to perform the actions described above as being performed by any one or more of the acquisition module 301 and the processing module 302.
According to one aspect of the present application, there is provided a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the computer device performs the method in the above-described embodiment.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The foregoing is merely illustrative of the present application, and the present application is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present application.
Claims (14)
1. A data encryption method, comprising:
the method comprises the steps that a first device receives a plurality of encryption requests from a plurality of second devices, wherein the plurality of encryption requests respectively comprise data;
the first device obtains a plurality of data packets according to the data respectively included in the plurality of encryption requests, wherein the lengths of the plurality of data packets are the first data length;
the first device combines the plurality of data packets to obtain data with a second data length;
the first device complements the data with the second data length according to the password grouping length to obtain data with a third data length, wherein the first data length is an integer multiple of the password grouping length;
the first device obtains ciphertext data corresponding to the data with the third data length;
the first device splits the ciphertext data into ciphertext data corresponding to the plurality of data packets respectively according to the first data length and the password group length;
and the first device sends ciphertext data corresponding to the data packet and an initial vector value corresponding to the ciphertext data to the second device corresponding to each data packet.
2. The method of claim 1, wherein the first device obtains a plurality of data packets from data respectively included in the plurality of encryption requests, comprising:
the first device determines the first data length according to the lengths of data and a plurality of alternative data lengths respectively included in the plurality of encryption requests, wherein the plurality of alternative data lengths include the first data length, and the plurality of alternative data lengths are all integer multiples of the cipher block length;
and the first device complements the data respectively included in the plurality of encryption requests according to the first data length to obtain the plurality of data packets.
3. The method of claim 1, wherein the first device combines the plurality of data packets to obtain data of a second data length, comprising:
and the first equipment connects the data in the data packets end to obtain the data with the second data length, wherein the second data length is equal to the integral multiple of the first data length.
4. The method of claim 1, wherein the third data length is equal to the second data length plus the cipher block length.
5. The method of claim 1, wherein the method further comprises:
the first device sends the data with the third data length to an encryption device;
the first device obtains ciphertext data corresponding to the data of the third data length, including:
the first device receives ciphertext data from the encryption device, wherein the ciphertext data is an encryption result of the data with the third data length.
6. The method of claim 1, wherein each of the data packets corresponds to at least one encrypted packet, and wherein the initial vector value is an initial value or is determined based on ciphertext data corresponding to a last encrypted packet of a previous data packet.
7. A data encryption apparatus, comprising:
the system comprises an acquisition module, a storage module and a processing module, wherein the acquisition module is used for receiving a plurality of encryption requests from a plurality of second devices, and the plurality of encryption requests respectively comprise data;
the processing module is used for obtaining a plurality of data packets according to the data respectively included in the plurality of encryption requests, and the lengths of the plurality of data packets are the first data length;
the processing module is further configured to combine the plurality of data packets to obtain data with a second data length;
the processing module is further configured to complement the data with the second data length according to a cipher block length, to obtain data with a third data length, where the first data length is an integer multiple of the cipher block length;
the acquisition module is further configured to acquire ciphertext data corresponding to the data with the third data length;
the processing module is further configured to split the ciphertext data into ciphertext data corresponding to the plurality of data packets respectively according to the first data length and the cipher block length;
the processing module is further configured to send ciphertext data corresponding to the data packets and an initial vector value corresponding to the ciphertext data to a second device corresponding to each data packet.
8. The apparatus of claim 7, wherein the processing module is specifically configured to:
determining the first data length according to the lengths of data and a plurality of alternative data lengths respectively included in the plurality of encryption requests, wherein the plurality of alternative data lengths include the first data length, and the plurality of alternative data lengths are all integer multiples of the cipher block length;
and complementing the data respectively included in the plurality of encryption requests according to the first data length to obtain the plurality of data packets.
9. The apparatus of claim 7, wherein the processing module is specifically configured to:
and connecting the data in the data packets end to obtain the data with the second data length, wherein the second data length is equal to the integral multiple of the first data length.
10. The apparatus of claim 7, wherein the third data length is equal to the second data length plus the cipher block length.
11. The apparatus of claim 7, wherein the processing module is further to:
transmitting data of the third data length to an encryption device;
the acquisition module is specifically configured to: and receiving ciphertext data from the encryption equipment, wherein the ciphertext data is an encryption result of the data with the third data length.
12. The apparatus of claim 7, wherein each of the data packets corresponds to at least one encrypted packet, and wherein the initial vector value is an initial value or is determined based on ciphertext data corresponding to a last encrypted packet of a previous data packet.
13. An electronic device comprising a processor and a memory, wherein the memory stores program code that, when executed by the processor, causes the processor to perform the steps of the method of any of claims 1-6.
14. A computer readable storage medium, characterized in that it comprises a program code for causing an electronic device to perform the steps of the method according to any one of claims 1-6, when said program code is run on the electronic device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211289782.6A CN115801321B (en) | 2022-10-20 | 2022-10-20 | Data combination encryption method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211289782.6A CN115801321B (en) | 2022-10-20 | 2022-10-20 | Data combination encryption method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115801321A CN115801321A (en) | 2023-03-14 |
| CN115801321B true CN115801321B (en) | 2023-11-14 |
Family
ID=85433365
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211289782.6A Active CN115801321B (en) | 2022-10-20 | 2022-10-20 | Data combination encryption method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115801321B (en) |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101355421A (en) * | 2008-09-25 | 2009-01-28 | 中国电信股份有限公司 | Method for adapting ciphering/deciphering data length of packet |
| CN101710964A (en) * | 2009-11-17 | 2010-05-19 | 深圳国微技术有限公司 | Method for enciphering and deciphering MPEG2 transport stream packets |
| CN101938350A (en) * | 2010-07-16 | 2011-01-05 | 黑龙江大学 | File encryption and decryption method based on combinatorial coding |
| CN102437910A (en) * | 2011-10-18 | 2012-05-02 | 国家超级计算深圳中心(深圳云计算中心) | Data encryption/decryption checking method and system |
| WO2015031949A1 (en) * | 2013-09-09 | 2015-03-12 | Newsouth Innovations Pty Limited | Data encryption process |
| CN105931445A (en) * | 2016-06-23 | 2016-09-07 | 威海市天罡仪表股份有限公司 | Anti-interference wireless M-Bus short-distance meter reading control method |
| CN109245881A (en) * | 2018-09-14 | 2019-01-18 | 杭州嘀嗒科技有限公司 | A kind of photograph video cloud encryption storage method |
| CN109510703A (en) * | 2018-11-23 | 2019-03-22 | 北京海泰方圆科技股份有限公司 | A kind of data encryption/decryption method and device |
| CN111191253A (en) * | 2019-05-17 | 2020-05-22 | 延安大学 | Data encryption combination method |
| CN111464564A (en) * | 2020-05-08 | 2020-07-28 | 郑州信大捷安信息技术股份有限公司 | Data high-speed encryption and decryption method and device based on symmetric cryptographic algorithm |
| CN112104454A (en) * | 2020-08-11 | 2020-12-18 | 东方红卫星移动通信有限公司 | Data secure transmission method and system |
| CN114826590A (en) * | 2022-05-19 | 2022-07-29 | 北京海泰方圆科技股份有限公司 | Packet mode encryption method, packet mode decryption method, packet mode encryption device, packet mode decryption device and packet mode decryption equipment |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1422908B1 (en) * | 2002-11-25 | 2005-11-30 | Siemens Aktiengesellschaft | Method and apparatus for transmitting encrypted data streams over a packet oriented network |
| KR101132296B1 (en) * | 2005-05-02 | 2012-04-05 | 엔디에스 리미티드 | Native scrambling system |
-
2022
- 2022-10-20 CN CN202211289782.6A patent/CN115801321B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101355421A (en) * | 2008-09-25 | 2009-01-28 | 中国电信股份有限公司 | Method for adapting ciphering/deciphering data length of packet |
| CN101710964A (en) * | 2009-11-17 | 2010-05-19 | 深圳国微技术有限公司 | Method for enciphering and deciphering MPEG2 transport stream packets |
| CN101938350A (en) * | 2010-07-16 | 2011-01-05 | 黑龙江大学 | File encryption and decryption method based on combinatorial coding |
| CN102437910A (en) * | 2011-10-18 | 2012-05-02 | 国家超级计算深圳中心(深圳云计算中心) | Data encryption/decryption checking method and system |
| WO2015031949A1 (en) * | 2013-09-09 | 2015-03-12 | Newsouth Innovations Pty Limited | Data encryption process |
| CN105931445A (en) * | 2016-06-23 | 2016-09-07 | 威海市天罡仪表股份有限公司 | Anti-interference wireless M-Bus short-distance meter reading control method |
| CN109245881A (en) * | 2018-09-14 | 2019-01-18 | 杭州嘀嗒科技有限公司 | A kind of photograph video cloud encryption storage method |
| CN109510703A (en) * | 2018-11-23 | 2019-03-22 | 北京海泰方圆科技股份有限公司 | A kind of data encryption/decryption method and device |
| CN111191253A (en) * | 2019-05-17 | 2020-05-22 | 延安大学 | Data encryption combination method |
| CN111464564A (en) * | 2020-05-08 | 2020-07-28 | 郑州信大捷安信息技术股份有限公司 | Data high-speed encryption and decryption method and device based on symmetric cryptographic algorithm |
| CN112104454A (en) * | 2020-08-11 | 2020-12-18 | 东方红卫星移动通信有限公司 | Data secure transmission method and system |
| CN114826590A (en) * | 2022-05-19 | 2022-07-29 | 北京海泰方圆科技股份有限公司 | Packet mode encryption method, packet mode decryption method, packet mode encryption device, packet mode decryption device and packet mode decryption equipment |
Non-Patent Citations (2)
| Title |
|---|
| 基于GPU的密文分组随机链接加密模式的研究;吴伟民;李坚锐;林志毅;;计算机工程与科学(第01期);全文 * |
| 流媒体信息加密与用户认证技术的实现;姚华桢,冯穗力,叶梧,谢杏;中国有线电视(第01期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115801321A (en) | 2023-03-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10623176B2 (en) | Authentication encryption method, authentication decryption method, and information-processing device | |
| US7907725B2 (en) | Simple universal hash for plaintext aware encryption | |
| KR102136904B1 (en) | Shared secret key generation device, encryption device, decryption device, shared secret key generation method, encryption method, decryption method, and program | |
| KR101600016B1 (en) | method of encrypting data using Homomorphic Encryption and Computing device performing the method | |
| CN114175572B (en) | System and method for performing equal and less operations on encrypted data using a quasi-group operation | |
| CN110768784B (en) | Password transmission method, device, computer equipment and storage medium | |
| US20230096233A1 (en) | Chosen-plaintext secure cryptosystem and authentication | |
| US8804953B2 (en) | Extensive ciphertext feedback | |
| Gligoroski et al. | π-cipher: Authenticated encryption for big data | |
| CN112947967B (en) | Software updating method, blockchain application store and software uploading terminal | |
| US11411715B2 (en) | System and method for generating scalable group key based on homomorphic encryption with trust server | |
| CN115801321B (en) | Data combination encryption method and device | |
| JPWO2015166701A1 (en) | ENCRYPTION METHOD, PROGRAM, AND SYSTEM | |
| CN110830261A (en) | Encryption method, device, computer equipment and storage medium | |
| Routray et al. | Secure Sharing of Text Based Data Using Hybrid Encryption Algorithms in a Client-Server Model | |
| CN112836239A (en) | Method and device for cooperatively determining target object data by two parties for protecting privacy | |
| CN114143098A (en) | Data storage method and data storage device | |
| CN111931204A (en) | Encryption and de-duplication storage method and terminal equipment for distributed system | |
| KR100494560B1 (en) | Real time block data encryption/decryption processor using Rijndael block cipher and method therefor | |
| JP2009098321A (en) | Information processor | |
| CN116866029B (en) | Random number encryption data transmission method, device, computer equipment and storage medium | |
| CN115563638B (en) | Data processing method, system, device and storage medium | |
| US11228589B2 (en) | System and method for efficient and secure communications between devices | |
| US20240113871A1 (en) | Encryption processing apparatus, encryption processing method for encryption processing apparatus, and storage medium | |
| CN117675178A (en) | Transmission path encryption method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |