CN116070239A - File encryption and decryption methods, devices, equipment and storage medium - Google Patents

File encryption and decryption methods, devices, equipment and storage medium Download PDF

Info

Publication number
CN116070239A
CN116070239A CN202310070402.8A CN202310070402A CN116070239A CN 116070239 A CN116070239 A CN 116070239A CN 202310070402 A CN202310070402 A CN 202310070402A CN 116070239 A CN116070239 A CN 116070239A
Authority
CN
China
Prior art keywords
file
encryption
decryption
calling
stacked
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310070402.8A
Other languages
Chinese (zh)
Inventor
孙忠祥
张闯
刘科
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou Inspur Intelligent Technology Co Ltd
Original Assignee
Suzhou Inspur Intelligent Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Suzhou Inspur Intelligent Technology Co Ltd filed Critical Suzhou Inspur Intelligent Technology Co Ltd
Priority to CN202310070402.8A priority Critical patent/CN116070239A/en
Publication of CN116070239A publication Critical patent/CN116070239A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5027Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention provides a file encryption and decryption method, a device, equipment and a storage medium, comprising the following steps: responding to the writing operation of a user layer, calling a system writing function, and acquiring the memory address of a first file; according to the memory address of the first file, calling an encryption driver based on a stacked file system layer, transmitting the first file to an acceleration board for storage, and starting a hardware encryption unit in the acceleration board to encrypt the first file; and returning the encrypted first file in the acceleration board to the stacked file system layer, and calling a system write function to write the encrypted first file into the storage device. In the embodiment of the invention, the file encryption processing is realized through the interface of the encryption algorithm of the stacked file system layer hardware, compared with the prior art, the file encryption processing time is shortened by utilizing the acceleration board card, the CPU resource of the operating system is greatly released, and the file encryption efficiency of the operating system is improved.

Description

File encryption and decryption methods, devices, equipment and storage medium
Technical Field
The present invention relates to the field of file processing technologies, and in particular, to a method, an apparatus, a device, and a storage medium for encrypting and decrypting a file.
Background
With the continuous development of computer security technology, stricter requirements are put forward on the security of a computer system, and the security of the computer system is based on various encryption and decryption algorithms. Linux is one of the most widely used computer operating systems at present, and a kernel component and an application program of a user layer in the operating system are more required to provide safe and reliable file encryption and decryption services.
In a broad sense, the encryption and decryption service pursued at present is realized based on an algorithm, the encryption and decryption algorithm is to set a key with enough security, the security of encryption and decryption is ensured through the difficulty of the key, the common encryption and decryption algorithm is divided into a symmetric algorithm, an asymmetric algorithm, a message digest and the like, and the symmetric algorithm uses the same key in the encryption and decryption process, so that the encryption and decryption method has the advantage of an encryption and decryption speed block; the asymmetric algorithm uses different keys in encryption and decryption, uses a public key in encryption and uses a private key in decryption, and has the advantage of convenience in key exchange, but has slower encryption and decryption speeds. At present, a kernel encryption and decryption framework of a Linux operating system supports an encryption and decryption algorithm built in the kernel, specifically, encryption and decryption operations adopt a socket communication mode between a user layer and the kernel, all data transmission between the user layer and the kernel is realized through a network data packet according to a special protocol, and the kernel manages the encryption and decryption algorithm in the network data packet in a layering mode.
However, since the encryption and decryption service is a computationally intensive service, the file encryption and decryption is performed by adopting the software encryption and decryption algorithm in the Linux kernel, so that resources of the kernel CPU are greatly consumed, and the effect is poor in terms of data processing efficiency and encryption and decryption performance by adopting a mode of utilizing software encryption and decryption in the Linux kernel, namely, the file encryption and decryption service of the existing operating system has certain defects in terms of maintaining system stability, encryption and decryption performance and the like, the data processing effect of the operating system is influenced in practical application, and the security of file encryption and decryption is further influenced.
Disclosure of Invention
The embodiment of the invention aims to provide a file encryption and decryption method, device, equipment and storage medium, which solve the problem that an encryption and decryption algorithm consumes CPU resources of a kernel in an operating system so as to realize the effect of improving the encryption and decryption efficiency of the operating system file, and the specific technical scheme is as follows:
in a first aspect of the present invention, there is provided a file encryption method applied to an operating system, where the operating system includes a stacked file system layer, the method including:
responding to the writing operation of a user layer, calling a system writing function, and acquiring the memory address of a first file;
According to the memory address of the first file, calling an encryption driver program based on the stacked file system layer, transmitting the first file to an acceleration board for storage, and starting a hardware encryption unit in the acceleration board to encrypt the first file; the stacked file system layer is provided with an interface for adding an encryption calling function and is used for calling the encryption driver;
and returning the encrypted first file in the acceleration board to the stacked file system layer, and calling the system writing function to write the encrypted first file into a storage device.
Optionally, the step of transferring the first file to an acceleration board for storage based on the stacked file system layer to call an encryption driver according to the memory address of the first file, and starting a hardware encryption unit in the acceleration board to encrypt the first file includes:
mapping the memory address of the first file to the encryption calling function so as to acquire the first file;
acquiring the first file and the secret key through a preset encryption and decryption subsystem according to the encryption calling function, and sending the first file and the secret key to the encryption and decryption driver;
Storing the secret key into a secret key register of the acceleration board card, storing the first file into a DDR memory, and starting a hardware encryption unit in the acceleration board card;
and outputting the encrypted first file according to a preset encryption algorithm of a hardware encryption unit in the accelerator board card.
Optionally, the returning the encrypted first file in the accelerator board to the stacked file system layer, calling the system write function to write the encrypted first file into a storage device includes:
receiving an encrypted first file output by the acceleration board card, and caching the encrypted first file to the stacked file system layer through the encryption calling function;
and calling the system writing function through the bottom file system layer, and writing the encrypted first file into the storage device.
In a second aspect of the present invention, there is also provided a file decryption method applied to an operating system, where the operating system includes a stacked file system layer, the method including:
responding to the reading operation of the user layer, calling a system reading function, and reading a second file of the storage device;
according to the read second file, calling a decryption driver program based on the stacked file system layer, transmitting the second file to an acceleration board for storage, and starting a hardware decryption unit in the acceleration board to decrypt the second file; the stacked file system layer is provided with an interface added with a decryption calling function and used for calling the decryption driver;
And returning the decrypted second file in the acceleration board to the stacked file system layer, and calling the system reading function to return the decrypted second file to the user layer.
Optionally, the responding to the read operation of the user layer calls a system read function to read the second file of the storage device, including:
reading the encrypted second file from the storage device through the underlying file system layer according to the system read function;
and reading the encrypted second file of the bottom file system layer based on the virtual file system layer, and caching the second file.
Optionally, the calling, at the stacked file system layer, a decryption driver, transmitting the second file to an accelerator board for storing, and starting a hardware decryption unit in the accelerator board to decrypt the second file, where the steps include:
acquiring the second file and the secret key through a preset encryption and decryption subsystem according to the decryption calling function, and sending the second file and the secret key to the decryption driver;
storing the second file into a DDR memory, storing the secret key into a secret key register of the accelerator board card, and starting a hardware decryption unit in the accelerator board card;
And outputting the decrypted second file through a hardware decryption unit in the accelerator board.
In a third aspect of the present invention, there is also provided a file encrypting apparatus applied to an operating system, the operating system including a stacked file system layer, the apparatus comprising:
the first acquisition module is used for calling a system write function to acquire a memory address of a first file in response to write operation of a user layer;
the encryption module is used for calling an encryption driver program based on the stacked file system layer according to the memory address of the first file, transmitting the first file to an acceleration board card for storage, and starting a hardware encryption unit in the acceleration board card to encrypt the first file; the stacked file system layer is provided with an interface for adding an encryption calling function and is used for calling the encryption driver;
and the first sending module is used for returning the encrypted first file in the acceleration board to the stacked file system layer, calling the system writing function and writing the encrypted first file into the storage device.
Optionally, the encryption module includes:
the first acquisition sub-module is used for mapping the memory address of the first file to the encryption calling function so as to acquire the first file;
The first sending sub-module is used for obtaining the first file and the secret key through a preset encryption and decryption subsystem according to the encryption calling function and sending the first file and the secret key to the encryption and decryption driver;
the first processing sub-module is used for storing the secret key into a secret key register of the acceleration board card, storing the first file into a DDR memory and starting a hardware encryption unit in the acceleration board card;
and the first output sub-module is used for outputting the encrypted first file according to a preset encryption algorithm of the hardware encryption unit in the accelerator board card.
Optionally, the first sending module includes:
the receiving sub-module is used for receiving the encrypted first file output by the acceleration board card, and caching the encrypted first file to the stacked file system layer through the encryption calling function;
and the storage sub-module is used for calling the system write function through the bottom file system layer and writing the encrypted first file into the storage device.
In a fourth aspect of the present invention, there is also provided a file decrypting apparatus applied to an operating system, the operating system including a stacked file system layer, the apparatus comprising:
The first reading module is used for calling a system reading function to read a second file of the storage device in response to the reading operation of the user layer;
the decryption module is used for calling a decryption driver program based on the stacked file system layer according to the read second file, transmitting the second file to an acceleration board card for storage, and starting a hardware decryption unit in the acceleration board card to decrypt the second file; the stacked file system layer is provided with an interface added with a decryption calling function and used for calling the decryption driver;
and the second sending module is used for returning the decrypted second file in the acceleration board to the stacked file system layer, calling the system reading function and returning the decrypted second file to the user layer.
Optionally, the first reading module includes:
the first reading submodule is used for reading the encrypted second file from the storage device through the bottom file system layer according to the system reading function;
and the second reading submodule is used for reading the encrypted second file of the bottom file system layer based on the virtual file system layer and caching the second file.
Optionally, the decryption module includes:
the second sending sub-module is used for obtaining the second file and the secret key through a preset encryption and decryption subsystem according to the decryption calling function and sending the second file and the secret key to the decryption driver;
the second processing sub-module is used for storing the second file into the DDR memory, storing the secret key into a secret key register of the accelerator board card, and starting a hardware decryption unit in the accelerator board card;
and the second output sub-module is used for outputting the decrypted second file through a hardware decryption unit in the accelerator board.
In a fifth aspect of the present invention, there is also provided an electronic device, including: a transceiver, a memory, a processor, and a program stored on the memory and executable on the processor;
the processor is configured to read a program in the memory to implement the file encryption method according to any one of the first aspect or the file decryption method according to any one of the second aspect;
in a sixth aspect of the present invention, there is also provided a computer readable storage medium having instructions stored therein, which when run on a computer, cause the computer to perform the file encryption method of any one of the first aspects or the file decryption method of any one of the second aspects.
According to the file encryption method provided by the embodiment of the invention, the system write function is called to obtain the memory address of the first file by responding to the write operation of the user layer, the encryption driving program is called based on the stacked file system layer according to the memory address of the first file, the first file is transmitted to the acceleration board for storage, and the hardware encryption unit in the acceleration board is started to encrypt the first file; the stacked file system layer is provided with an interface added with an encryption calling function and used for calling an encryption driver; and returning the encrypted first file in the acceleration board to the stacked file system layer, and calling a system write function to write the encrypted first file into the storage device. In the embodiment of the invention, the file encryption and decryption processing is realized in the operating system through the interface of the encryption and decryption algorithm of the stacked file system layer, and the transparent hardware encryption and decryption architecture based on the stacked file system layer can carry out real-time and transparent encryption/decryption processing on the file, and the file encryption and decryption is carried out by utilizing the accelerator board card, so that the encryption processing time is greatly shortened, the CPU space of the operating system can be released, the CPU resource of the operating system is saved, and the effects of improving the encryption and decryption performance and efficiency of the file of the operating system are achieved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below.
FIG. 1 is a flowchart illustrating steps of a file encrypting method according to an embodiment of the present invention;
FIG. 2 is a flowchart of a method of step 102 of the file encryption method provided in the embodiment of the present invention in FIG. 1;
FIG. 3 is a flowchart illustrating steps of a method for decrypting a file according to an embodiment of the present invention;
FIG. 4 is a flowchart of a method of step 202 of the file decryption method provided in the embodiment of the present invention in FIG. 3;
fig. 5 is an application scenario schematic diagram of a file encryption and decryption method provided by an embodiment of the present invention;
FIG. 6 is a schematic diagram of a scenario of a file encryption and decryption method according to an embodiment of the present invention;
FIG. 7 is a second schematic diagram of a file encryption and decryption method according to an embodiment of the present invention;
FIG. 8 is a third exemplary scenario of a file encryption/decryption method according to an embodiment of the present invention;
FIG. 9 is a flowchart of a file encryption method provided by an embodiment of the present invention;
FIG. 10 is a flowchart of a method for decrypting a file according to an embodiment of the present invention;
FIG. 11 is a block diagram of a file encrypting apparatus according to an embodiment of the present invention;
FIG. 12 is a block diagram of a file decrypting apparatus according to an embodiment of the present invention;
fig. 13 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the following detailed description of the embodiments of the present invention will be given with reference to the accompanying drawings. However, those of ordinary skill in the art will understand that in various embodiments of the present invention, numerous technical details have been set forth in order to provide a better understanding of the present application. However, the technical solutions claimed in the present application can be implemented without these technical details and with various changes and modifications based on the following embodiments. The following embodiments are divided for convenience of description, and should not be construed as limiting the specific implementation of the present invention, and the embodiments can be mutually combined and referred to without contradiction.
Referring to fig. 1, a flowchart illustrating steps of a file encryption method according to an embodiment of the present invention is shown, where the method may include:
step 101, in response to a write operation of a user layer, a system write function is called to obtain a memory address of a first file.
In the embodiment of the invention, in order to realize the rapid and efficient processing of the file encryption in the operating system, the stacked file system layer is introduced to further perform the file encryption service in the operating system, namely, the distributed storage is combined with the hardware encryption and decryption algorithm, so that the construction performance of the file encryption architecture is improved.
Under the file architecture of the existing Linux operating system, a user layer initiates writing operation on a file, a user-state writing function enters a virtual file system layer through a system call function, the virtual file system further encrypts file data through the system call function by utilizing a software encryption algorithm of a kernel, the encrypted data is returned to enter a bottom file system layer, such as EXT2, EXT3, EXT4 and the like, and finally the encrypted file data is written into hardware storage equipment.
In this embodiment, a transparent hardware encryption/decryption architecture of a stacked file system based on a Linux operating system is provided to prevent the stored data from being compromised, and the system performs real-time transparent encryption/decryption processing on the file without changing the use habit of a user and the storage file format and state of a computer. The stacked file system layer Wrapfs is a blank middle layer file system template, does not have any function, and provides universal read-write interfaces Wrapfs_read and Wrapfs_write for users so as to realize file encryption and decryption services of an operating system.
It should be noted that, in order to facilitate understanding of the scenario of the file encryption method according to the embodiment of the present invention by those skilled in the art, referring to fig. 5, fig. 5 shows a schematic application scenario of the file encryption method provided by the embodiment of the present invention, according to the writing operation of the user layer, the encrypted file is written into the storage device according to the interface implementation scheme based on the stacked file system layer and the hardware encryption/decryption algorithm in the Linux operating system kernel.
There may be many different file system types in a computer, such as common log file systems ext2, ext3, network file systems, flash file systems, etc., and conventional Linux file system management is managed through a virtual file system layer (VirtualFilesystemSwitch, VFS). The system call layer provides a general interface for a specific file system, so that an upper process can use the same group of system call functions when performing operations related to the file system, and corresponding operations are performed in a kernel according to different file systems.
In this embodiment, as shown in fig. 6, a transparent hardware encryption and decryption architecture of a stacked file system based on a Linux operating system is provided, a stacked file system layer is located below a VFS layer, an interface of a corresponding read-write function is provided, and the stacked file system perfectly meets the requirements of compatibility and transparency.
Specifically, in the embodiment of the present invention, in response to a write operation of a user layer, a system write function is called to obtain a memory address of a first file. And (3) the system calls sys_write () to enter a virtual file system layer, and obtains a first file memory address transmitted by a user layer through vfs_write (), wherein the first file is file data to be encrypted transmitted by the user layer.
In this embodiment, based on the transparent hardware encryption and decryption architecture of the stacked file system layer, the system write function is called in response to the write operation of the user layer, so as to obtain the memory address of the first file, and thus the file can be encrypted in real time and transparently.
Step 102, according to the memory address of the first file, calling an encryption driver based on the stacked file system layer, transmitting the first file to the acceleration board for storage, and starting a hardware encryption unit in the acceleration board to encrypt the first file.
The stacked file system layer is created with an interface for adding an encryption calling function and is used for calling an encryption driver.
It should be noted that, in order to enable those skilled in the art to more clearly understand the procedure of file encryption disclosed in the above embodiment, referring to fig. 7 to fig. 8, the overall design scheme of the hardware transparent encryption/decryption interface based on the stacked file system shows a schematic view of a file encryption method provided in an embodiment of the present invention, specifically, a HOST is disposed on the left, where the HOST is used to deploy a Linux operating system, a stacked file system layer is embedded in a Linux kernel, and a storage device may be a disk. The acceleration board card on the right is provided with a PCIE interface, and consists of an FPGA programmable logic device and a DDR board card memory, wherein the FPGA is used for realizing a specific encryption and decryption algorithm to form a specific logic circuit, so that encryption and decryption service can be calculated in an acceleration way, and the DDR board card memory is used for temporarily storing plaintext data and ciphertext data in encryption and decryption service logic. The HOST and the accelerator board card are connected by using a PCIE bus, and are used for high-speed communication of data.
In the embodiment of the invention, a decryption API (application program interface) calling function of a cryptio subsystem is added in an interface wrapfs_write of a wrapfs layer of a stacked file system, namely, an interface added with an encryption calling function is created in the stacked file system and is used for calling an encryption driving program, and the wrapfs_write () function is called to add the encryption API calling function of the cryptio subsystem, wherein the cryptio encryption and decryption subsystem is an API interface function set which is provided by a Linux kernel and is used for encryption and decryption operation, and a specific encryption and decryption algorithm can be realized by calling the related API function of the cryptio subsystem.
Specifically, the stacked file system layer calls an encryption and decryption driver through the crypto encryption and decryption subsystem, and the PCIE bus transmits first file data to be encrypted to the DDR memory on one side of the accelerator board card, and at the moment, the hardware encryption unit is started to encrypt the data.
It should be noted that, the acceleration board in this embodiment may be an F37 xfpa board suitable for an operating system server, so that the operation of encrypting and decrypting a large data block file is computationally intensive, which can greatly improve the working efficiency of the server and save the computation time.
In this embodiment, the transparent hardware encryption and decryption architecture based on the stacked file system layer uses the acceleration board card to encrypt the file, so as to greatly shorten the encryption processing time, and the encryption driving program is called by the crypto encryption and decryption subsystem, and the hardware encryption unit is started to encrypt the data, so that the operating system CPU space can be released, the operating system CPU resource can be saved, and the effect of improving the encrypting performance and efficiency of the operating system file can be achieved.
And step 103, returning the encrypted first file in the acceleration board to the stacked file system layer, and calling a system write function to write the encrypted first file into the storage device.
Specifically, the ciphertext data transmitted back by the hardware encryption is called again through a function interface wrapfs_write (), of the stacked file system layer, and the ciphertext data is written into storage devices such as a hard disk and the like.
It should be noted that, in this embodiment, step 103 returns the encrypted first file in the accelerator board to the stacked file system layer, and calls the system write function to write the encrypted first file into the storage device, which may include the following steps:
firstly, receiving an encrypted first file output by an acceleration board card, and caching the encrypted first file to a stacked file system layer through an encryption calling function.
And secondly, calling the system write function through the bottom file system layer, and writing the encrypted first file into the storage device.
According to the file encryption method provided by the embodiment of the invention, the system write function is called to obtain the memory address of the first file by responding to the write operation of the user layer, the encryption driving program is called based on the stacked file system layer according to the memory address of the first file, the first file is transmitted to the acceleration board for storage, and the hardware encryption unit in the acceleration board is started to encrypt the first file; the stacked file system layer is provided with an interface added with an encryption calling function and used for calling an encryption driver; and returning the encrypted first file in the acceleration board to the stacked file system layer, and calling a system write function to write the encrypted first file into the storage device. In the embodiment of the invention, the file encryption and decryption processing is realized in the operating system through the interface of the encryption and decryption algorithm of the stacked file system layer, and the transparent hardware encryption and decryption architecture based on the stacked file system layer can carry out real-time and transparent encryption processing on the file, and the file encryption is carried out by utilizing the accelerator board card, so that the encryption processing time is greatly shortened, the CPU space of the operating system can be released, the CPU resource of the operating system is saved, and the effect of improving the file encryption performance and efficiency of the operating system is achieved.
Further, referring to fig. 2, fig. 2 is a flowchart of a method of step 102 of the file encryption method provided in the embodiment of the present invention in fig. 1, where step 102 includes:
in step 1021, the memory address of the first file is mapped to the encrypted calling function, so as to obtain the first file.
Step 1022, according to the encryption calling function, the encryption subsystem is preset to obtain the first file and the key, and the first file and the key are sent to the encryption and decryption driver.
Step 1023, storing the key into the key register of the accelerator board, storing the first file into the DDR memory, and starting the hardware encryption unit in the accelerator board.
Step 1024, outputting the encrypted first file according to a preset encryption algorithm of the hardware encryption unit in the accelerator board.
It should be noted that, in the above steps 1021-1024, the system calls sys_write () to enter the VFS virtual file system layer, obtains the address of the memory area of the data block transferred by the user layer according to the encryption calling function vfs_write (), then maps to the wrapafs_write () function, then calls the encryption driver through the crypto encryption subsystem, and transmits the first file data to be encrypted to the DDR memory on one side of the accelerator board through the PCIE bus, and starts the hardware encryption unit to encrypt the data.
The invention adopts the wrapfs_write function of the wrapfs stack file system to realize the call of the crypto encryption and decryption subsystem, and further sets a related register of hardware encryption and decryption in the encryption and decryption driving module, thereby triggering an encryption and decryption hardware calculation logic unit of the FPGA acceleration board card. By adopting the scheme, the encryption and decryption calculation efficiency of the file data can be improved, and the CPU resource of the HOST HOST end can be greatly released.
In order to enable those skilled in the art to more clearly understand the flow of the file encryption method disclosed in the above embodiment of the present invention, referring to fig. 9, a flowchart of the file encryption method provided in the embodiment of the present invention is applied to the operating system shown in fig. 7, and is described by way of example.
S301, user layer file encryption writing operation;
s302, a system calls a write function;
s303, acquiring a plaintext memory address;
s304, calling an encryption driver by the stacked file system layer;
s305, acquiring a plaintext and a secret key through a preset encryption and decryption subsystem, and sending the plaintext and the secret key to an encryption driver;
s306, storing the secret key into a secret key register of the acceleration board card, and storing the plaintext into a DDR memory;
S307, starting a hardware encryption unit in the acceleration board card;
s308, outputting the encrypted file.
Compared with the prior art, the embodiment of the invention can start writing operation from the user layer of the Linux operating system on the basis of the beneficial effects brought by the first embodiment, enter the kernel layer of the Linux operating system after the system calls the writing function sys_write (), and all function execution occurs in the kernel state of the operating system, so that for the user, after the writing of file data is executed, all operations are completed in the kernel state without any operation, and the execution speed is greatly improved compared with the mode of adopting a software encryption algorithm in the prior art based on the hardware transparent encryption process of the stacked file system layer, and the CPU resource can be greatly released, thereby improving the performance of the whole system.
Referring to fig. 3, a flowchart illustrating steps of a file decryption method according to an embodiment of the present invention is shown, where the method may include:
in step 201, in response to a read operation of the user layer, a system read function is called to read a second file of the storage device.
It should be noted that, in order to facilitate the understanding of the scenario of the file decryption method according to the embodiment of the present invention by those skilled in the art, referring to fig. 5, fig. 5 shows a schematic application scenario of the file decryption method provided by the embodiment of the present invention, according to the read operation of the user layer, the decrypted file is returned to the user layer in the Linux operating system kernel based on the interface implementation scheme of the stacked file system layer+hardware encryption and decryption algorithm.
There may be many different file system types in a computer, such as common log file systems ext2, ext3, network file systems, flash file systems, etc., and conventional Linux file system management is managed through a virtual file system layer. The system call layer provides a general interface for a specific file system, so that an upper process can use the same group of system call functions when performing operations related to the file system, and corresponding operations are performed in a kernel according to different file systems. In this embodiment, as shown in fig. 6, a transparent hardware encryption and decryption architecture of a stacked file system based on a Linux operating system is provided, a stacked file system layer is located below a VFS layer, an interface of a corresponding read-write function is provided, and the stacked file system perfectly meets the requirements of compatibility and transparency.
Specifically, in the embodiment of the invention, in response to the read operation of the user layer, a system read function is called to obtain the second file of ciphertext data. And (3) enabling the system to call sys_read () to enter a virtual file system layer, and obtaining a ciphertext second file of the storage device through vfs_read (), wherein the second file is ciphertext data stored in the storage device and is used for returning file data to be decrypted of the user layer.
It should be noted that, in this embodiment, step 201 calls a system read function in response to a read operation of the user layer, and reads a second file of the storage device, which may include the following steps:
firstly, reading an encrypted second file from a storage device through an underlying file system layer according to a system reading function;
and secondly, reading the encrypted second file of the bottom file system layer based on the virtual file system layer, and caching the second file.
Step 202, according to the read second file, a decryption driver is called based on the stacked file system layer, the second file is transmitted to the accelerator board for storage, and a hardware decryption unit in the accelerator board is started to decrypt the second file.
The stacked file system layer is created with an interface added with a decryption calling function and used for calling a decryption driver.
It should be noted that, in order to enable those skilled in the art to more clearly understand the procedure of file encryption disclosed in the above embodiment, referring to fig. 7 to fig. 8, an overall design scheme of a hardware transparent encryption/decryption interface based on a stacked file system is shown, which is a schematic diagram of a file decryption method provided by the embodiment of the present invention, specifically, a HOST is disposed on the left side, where a Linux operating system is disposed, a stacked file system layer is embedded in a Linux kernel, and a storage device may be a disk. The acceleration board card on the right is provided with a PCIE interface, and consists of an FPGA programmable logic device and a DDR board card memory, wherein the FPGA is used for realizing a specific encryption and decryption algorithm to form a specific logic circuit, so that encryption and decryption service can be calculated in an acceleration way, and the DDR board card memory is used for temporarily storing plaintext data and ciphertext data in encryption and decryption service logic. The HOST and the accelerator board card are connected by using a PCIE bus, and are used for high-speed communication of data.
In the embodiment of the invention, a decryption API (application program interface) calling function of a crypto subsystem is added in an interface wrapfs_read () of a wrapfs layer of a stacked file system, namely, the crypto subsystem encryption API calling function is added in the wrapfs_read () function, wherein the crypto encryption and decryption subsystem is an API interface function set which is self-contained in a Linux kernel and is used for encryption and decryption operations, and a specific decryption algorithm can be realized by calling a related API function of the crypto subsystem.
Specifically, the stacked file system layer calls a decryption driver through the crypto encryption and decryption subsystem, the PCIE bus transmits second file data to be decrypted to the DDR memory on one side of the acceleration board, at the moment, the hardware decryption unit is started to decrypt the data, specifically, an API function related to the crypto encryption and decryption subsystem is called to enter the decryption driver, the decryption driver is called, the hardware decryption unit is enabled to execute decryption operation, finally, the decrypted plaintext is output, and the decrypted plaintext is returned to the user layer.
It should be noted that, the acceleration board in this embodiment may be an F37 xfpa board suitable for an operating system server, so that the operation of encrypting and decrypting a large data block file is computationally intensive, which can greatly improve the working efficiency of the server and save the computation time.
And 203, returning the decrypted second file in the acceleration board to the stacked file system layer, and calling a system reading function to return the decrypted second file to the user layer.
According to the file decryption method provided by the embodiment of the invention, the second file of the storage device is read by calling the system reading function in response to the reading operation of the user layer; according to the read second file, calling a decryption driver program based on the stacked file system layer, transmitting the second file to an acceleration board for storage, and starting a hardware decryption unit in the acceleration board to decrypt the second file; the stacked file system layer is provided with an interface added with a decryption calling function and used for calling a decryption driver; and returning the decrypted second file in the acceleration board to the stacked file system layer, and calling a system reading function to return the decrypted second file to the user layer. In the embodiment of the invention, the file decryption processing is realized in the operating system through the interface of the encryption and decryption algorithm of the stacked file system layer, and the transparent hardware encryption and decryption architecture based on the stacked file system layer can perform real-time and transparent decryption processing on the file, and the file decryption is performed by using the accelerator board card, so that the decryption processing time is greatly shortened, the CPU space of the operating system can be released, and the CPU resource of the operating system is saved, thereby achieving the effect of improving the file decryption performance and efficiency of the operating system.
Further, referring to fig. 4, fig. 4 is a flowchart of a method of step 202 of the file decryption method provided in the embodiment of the present invention in fig. 3, where step 202 includes:
step 2021, according to the decryption call function, obtains the second file and the key through the preset encryption and decryption subsystem, and sends the second file and the key to the decryption driver.
Step 2022, storing the second file in the DDR memory, storing the key in the key register of the accelerator card, and starting the hardware decryption unit in the accelerator card.
In step 2023, the decrypted second file is output through the hardware decryption unit in the accelerator board.
It should be noted that, in the above steps 2021-2023, after the stacked file system layer obtains the ciphertext data in the cache, the stacking file system layer calls the related API function of the crypto encryption and decryption subsystem through the wrapfs_read () function, enters the decryption driver, and calls the decryption driver function in the decryption driver, so that the hardware decryption unit in the accelerator board executes the decryption operation, and outputs the decrypted second file.
The invention adopts the wrapfs_read function of the wrapfs stacked file system to realize the call of the crypto encryption and decryption subsystem, and further sets a related register of hardware encryption and decryption in the encryption and decryption driving module, thereby triggering an encryption and decryption hardware calculation logic unit of the FPGA acceleration board card. By adopting the scheme, the decryption calculation efficiency of the file data can be improved, and the CPU resource of the HOST HOST end can be greatly released.
In order to enable those skilled in the art to more clearly understand the flow of the file decryption method disclosed in the above embodiment of the present invention, referring to fig. 10, a flowchart of the file decryption method provided in the embodiment of the present invention is applied to the Linux operating system shown in fig. 7 for illustration.
S401, decrypting and reading a user layer file;
s402, calling a read function by the system;
s403, reading ciphertext from the storage device through the bottom file system layer, and caching the ciphertext to the virtual file system layer;
s404, the stacked file system layer calls a decryption driver;
s405, obtaining a secret key through a preset encryption and decryption subsystem, reading a ciphertext, and sending the ciphertext to a decryption driver;
s406, storing the secret key into a secret key register of the accelerator board card, and storing the ciphertext into the DDR memory;
s407, starting a hardware decryption unit in the acceleration board card;
s408, outputting the decrypted file.
It should be noted that, in the file decryption process, that is, the process of reading a file from a disk, firstly, the user layer initiates the operation of reading the file, enters the virtual file system layer through the system call layer, continues to call the related function of the bottom file system, and then enters the bottom device driving layer to read ciphertext data from the storage device. After the ciphertext data is read from the bottom layer by the virtual file system layer vfs_read (), the data is stored in a buffer memory, after the ciphertext data in the buffer memory is acquired by the stacked file system layer wrapfs_read () function, a related API function of a crypto encryption and decryption subsystem is called, a decryption driving program is entered, a decryption driving function is called in the decryption driving program, a hardware decryption unit is made to execute decryption operation, finally, a decrypted plaintext is output, and the decrypted plaintext is returned to a user layer.
Compared with the prior art, the embodiment of the invention starts reading operation from the user layer of the Linux operating system on the basis of the beneficial effects brought by the implementation mode, enters the kernel layer of the Linux operating system after the system calls the function sys_read (), and then all function execution occurs in the kernel state of the operating system.
Referring to fig. 11, a block diagram of a device of a file encryption device provided by an embodiment of the present invention is applied to an operating system, where the operating system includes a stacked file system layer, and the device may include:
a first obtaining module 501, configured to call a system write function to obtain a memory address of a first file in response to a write operation of a user layer;
the encryption module 502 is configured to invoke an encryption driver based on the stacked file system layer according to a memory address of the first file, transmit the first file to an acceleration board for storage, and start a hardware encryption unit in the acceleration board to encrypt the first file; the stacked file system layer is provided with an interface for adding an encryption calling function and is used for calling the encryption driver;
And the first sending module 503 is configured to return the encrypted first file in the accelerator board to the stacked file system layer, and call the system write function to write the encrypted first file into a storage device.
Optionally, the encryption module 502 includes:
the first acquisition sub-module is used for mapping the memory address of the first file to the encryption calling function so as to acquire the first file;
the first sending sub-module is used for obtaining the first file and the secret key through a preset encryption and decryption subsystem according to the encryption calling function and sending the first file and the secret key to the encryption and decryption driver;
the first processing sub-module is used for storing the secret key into a secret key register of the acceleration board card, storing the first file into a DDR memory and starting a hardware encryption unit in the acceleration board card;
and the first output sub-module is used for outputting the encrypted first file according to a preset encryption algorithm of the hardware encryption unit in the accelerator board card.
Optionally, the first sending module 501 includes:
the receiving sub-module is used for receiving the encrypted first file output by the acceleration board card, and caching the encrypted first file to the stacked file system layer through the encryption calling function;
And the storage sub-module is used for calling the system write function through the bottom file system layer and writing the encrypted first file into the storage device.
According to the file encryption device provided by the embodiment of the invention, the system write function is called to obtain the memory address of the first file by responding to the write operation of the user layer, the encryption driving program is called based on the stacked file system layer according to the memory address of the first file, the first file is transmitted to the acceleration board for storage, and the hardware encryption unit in the acceleration board is started to encrypt the first file; the stacked file system layer is provided with an interface added with an encryption calling function and used for calling an encryption driver; and returning the encrypted first file in the acceleration board to the stacked file system layer, and calling a system write function to write the encrypted first file into the storage device. In the embodiment of the invention, the file encryption processing is realized through the interface of the encryption algorithm of the stacked file system layer encryption hardware in the operating system, and the transparent hardware encryption/decryption architecture based on the stacked file system layer can carry out real-time and transparent encryption processing on the file, and the file encryption is carried out by utilizing the accelerator board card, so that the encryption processing time is greatly shortened, the CPU space of the operating system can be released, the CPU resource of the operating system is saved, and the effects of improving the file encryption performance and efficiency of the operating system are achieved.
Referring to fig. 12, a block diagram of a device of a file decryption device according to an embodiment of the present invention is applied to an operating system, where the operating system includes a stacked file system layer, and the device may include:
a first reading module 601, configured to respond to a reading operation of the user layer, call a system reading function, and read a second file of the storage device;
the decryption module 602 is configured to invoke a decryption driver based on the stacked file system layer according to the read second file, transmit the second file to an acceleration board for storage, and start a hardware decryption unit in the acceleration board to decrypt the second file; the stacked file system layer is provided with an interface added with a decryption calling function and used for calling the decryption driver;
and the second sending module 603 is configured to return the decrypted second file in the accelerator board to the stacked file system layer, and call the system reading function to return the decrypted second file to the user layer.
Optionally, the first reading module 601 includes:
the first reading submodule is used for reading the encrypted second file from the storage device through the bottom file system layer according to the system reading function;
And the second reading submodule is used for reading the encrypted second file of the bottom file system layer based on the virtual file system layer and caching the second file.
Optionally, the decryption module 602 includes:
the second sending sub-module is used for obtaining the second file and the secret key through a preset encryption and decryption subsystem according to the decryption calling function and sending the second file and the secret key to the decryption driver;
the second processing sub-module is used for storing the second file into the DDR memory, storing the secret key into a secret key register of the accelerator board card, and starting a hardware decryption unit in the accelerator board card;
and the second output sub-module is used for outputting the decrypted second file through a hardware decryption unit in the accelerator board.
According to the file decryption device provided by the embodiment of the invention, the second file of the storage device is read by calling the system reading function in response to the reading operation of the user layer; according to the read second file, calling a decryption driver program based on the stacked file system layer, transmitting the second file to an acceleration board for storage, and starting a hardware decryption unit in the acceleration board to decrypt the second file; the stacked file system layer is provided with an interface added with a decryption calling function and used for calling a decryption driver; and returning the decrypted second file in the acceleration board to the stacked file system layer, and calling a system reading function to return the decrypted second file to the user layer. In the embodiment of the invention, the file decryption processing is realized in the operating system through the interface of the encryption and decryption algorithm of the stacked file system layer, and the transparent hardware encryption and decryption architecture based on the stacked file system layer can perform real-time and transparent decryption processing on the file, and the file decryption is performed by using the accelerator board card, so that the decryption processing time is greatly shortened, the CPU space of the operating system can be released, and the CPU resource of the operating system is saved, thereby achieving the effect of improving the file decryption performance and efficiency of the operating system.
The embodiment of the present invention further provides an electronic device, as shown in fig. 13, including a processor 701, a communication interface 702, a memory 703 and a communication bus 704, where the processor 701, the communication interface 702, and the memory 703 perform communication with each other through the communication bus 704,
a memory 703 for storing a computer program;
the processor 701 is configured to execute the program stored in the memory 703, and implement the following steps:
responding to the writing operation of a user layer, calling a system writing function, and acquiring the memory address of a first file; according to the memory address of the first file, calling an encryption driver program based on the stacked file system layer, transmitting the first file to an acceleration board for storage, and starting a hardware encryption unit in the acceleration board to encrypt the first file; the stacked file system layer is provided with an interface for adding an encryption calling function and is used for calling the encryption driver; and returning the encrypted first file in the acceleration board to the stacked file system layer, and calling the system writing function to write the encrypted first file into a storage device.
Alternatively, the following steps are implemented:
Responding to the reading operation of the user layer, calling a system reading function, and reading a second file of the storage device; according to the read second file, calling a decryption driver program based on the stacked file system layer, transmitting the second file to an acceleration board for storage, and starting a hardware decryption unit in the acceleration board to decrypt the second file; the stacked file system layer is provided with an interface added with a decryption calling function and used for calling the decryption driver; and returning the decrypted second file in the acceleration board to the stacked file system layer, and calling the system reading function to return the decrypted second file to the user layer.
The communication bus mentioned by the above terminal may be a peripheral component interconnect standard (PeripheralComponent Interconnect, abbreviated as PCI) bus or an extended industry standard architecture (ExtendedIndustryStandard Architecture, abbreviated as EISA) bus, etc. The communication bus may be classified as an address bus, a data bus, a control bus, or the like. For ease of illustration, the figures are shown with only one bold line, but not with only one bus or one type of bus.
The communication interface is used for communication between the terminal and other devices.
The memory may include Random Access Memory (RAM) or non-volatile memory (non-volatile memory), such as at least one disk memory. Optionally, the memory may also be at least one memory device located remotely from the aforementioned processor.
The processor may be a general-purpose processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSP), application specific integrated circuits (ASIC ApplicationSpecific IntegratedCircuit), field-programmable gate arrays (Field-ProgrammableGate Array FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components.
In yet another embodiment of the present invention, a computer readable storage medium is provided, where instructions are stored, which when executed on a computer, cause the computer to perform the file encryption method according to any one of the above embodiments, or the file decryption method according to any one of the above embodiments.
In yet another embodiment of the present invention, a computer program product comprising instructions, which when run on a computer, causes the computer to perform the method for encrypting a file as described in any of the above embodiments, or the method for decrypting a file as described in any of the above embodiments, is also provided.
In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, produces a flow or function in accordance with embodiments of the present invention, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in or transmitted from one computer-readable storage medium to another, for example, by wired (e.g., coaxial cable, optical fiber, digital Subscriber Line (DSL)), or wireless (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains an integration of one or more available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid state disk SolidStateDisk (SSD)), etc.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
In this specification, each embodiment is described in a related manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for system embodiments, since they are substantially similar to method embodiments, the description is relatively simple, as relevant to see a section of the description of method embodiments.
The foregoing description is only of the preferred embodiments of the present invention and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention are included in the protection scope of the present invention.

Claims (10)

1. A method of file encryption, applied to an operating system, the operating system including a stacked file system layer, the method comprising:
responding to the writing operation of a user layer, calling a system writing function, and acquiring the memory address of a first file;
according to the memory address of the first file, calling an encryption driver program based on the stacked file system layer, transmitting the first file to an acceleration board for storage, and starting a hardware encryption unit in the acceleration board to encrypt the first file; the stacked file system layer is provided with an interface for adding an encryption calling function and is used for calling the encryption driver;
and returning the encrypted first file in the acceleration board to the stacked file system layer, and calling the system writing function to write the encrypted first file into a storage device.
2. The method of claim 1, wherein the transferring the first file to an accelerator card for storage based on the stacked file system layer invoking an encryption driver according to the memory address of the first file, and starting a hardware encryption unit in the accelerator card to encrypt the first file, comprises:
Mapping the memory address of the first file to the encryption calling function so as to acquire the first file;
acquiring the first file and the secret key through a preset encryption and decryption subsystem according to the encryption calling function, and sending the first file and the secret key to the encryption and decryption driver;
storing the secret key into a secret key register of the acceleration board card, storing the first file into a DDR memory, and starting a hardware encryption unit in the acceleration board card;
and outputting the encrypted first file according to a preset encryption algorithm of a hardware encryption unit in the accelerator board card.
3. The method of claim 1, wherein the returning the encrypted first file in the accelerator board to the stacked file system layer, invoking the system write function to write the encrypted first file to a storage device, comprises:
receiving an encrypted first file output by the acceleration board card, and caching the encrypted first file to the stacked file system layer through the encryption calling function;
and calling the system writing function through the bottom file system layer, and writing the encrypted first file into the storage device.
4. A method of decrypting a file, applied to an operating system, the operating system including a stacked file system layer, the method comprising:
Responding to the reading operation of the user layer, calling a system reading function, and reading a second file of the storage device;
according to the read second file, calling a decryption driver program based on the stacked file system layer, transmitting the second file to an acceleration board for storage, and starting a hardware decryption unit in the acceleration board to decrypt the second file; the stacked file system layer is provided with an interface added with a decryption calling function and used for calling the decryption driver;
and returning the decrypted second file in the acceleration board to the stacked file system layer, and calling the system reading function to return the decrypted second file to the user layer.
5. The method of claim 4, wherein the calling a system read function to read the second file of the storage device in response to the user layer read operation comprises:
reading the encrypted second file from the storage device through the underlying file system layer according to the system read function;
and reading the encrypted second file of the bottom file system layer based on the virtual file system layer, and caching the second file.
6. The method of claim 4, wherein the invoking a decryption driver based on the stacked file system layer based on the read second file, transferring the second file to an accelerator card for storage, and starting a hardware decryption unit in the accelerator card to decrypt the second file, comprises:
Acquiring the second file and the secret key through a preset encryption and decryption subsystem according to the decryption calling function, and sending the second file and the secret key to the decryption driver;
storing the second file into a DDR memory, storing the secret key into a secret key register of the accelerator board card, and starting a hardware decryption unit in the accelerator board card;
and outputting the decrypted second file through a hardware decryption unit in the accelerator board.
7. A file encryption apparatus for application to an operating system, the operating system including a stacked file system layer, the apparatus comprising:
the first acquisition module is used for calling a system write function to acquire a memory address of a first file in response to write operation of a user layer;
the encryption module is used for calling an encryption driver program based on the stacked file system layer according to the memory address of the first file, transmitting the first file to an acceleration board card for storage, and starting a hardware encryption unit in the acceleration board card to encrypt the first file; the stacked file system layer is provided with an interface for adding an encryption calling function and is used for calling the encryption driver;
And the first sending module is used for returning the encrypted first file in the acceleration board to the stacked file system layer, calling the system writing function and writing the encrypted first file into the storage device.
8. A file decryption device for application to an operating system, said operating system comprising a stacked file system layer, said device comprising:
the first reading module is used for calling a system reading function to read a second file of the storage device in response to the reading operation of the user layer;
the decryption module is used for calling a decryption driver program based on the stacked file system layer according to the read second file, transmitting the second file to an acceleration board card for storage, and starting a hardware decryption unit in the acceleration board card to decrypt the second file; the stacked file system layer is provided with an interface added with a decryption calling function and used for calling the decryption driver;
and the second sending module is used for returning the decrypted second file in the acceleration board to the stacked file system layer, calling the system reading function and returning the decrypted second file to the user layer.
9. An electronic device, comprising: a transceiver, a memory, a processor, and a program stored on the memory and executable on the processor;
the processor is configured to read a program in a memory to implement the steps of the file encryption method according to any one of claims 1 to 3 or the steps of the file decryption method according to any one of claims 4 to 6.
10. A readable storage medium storing a program, wherein the program when executed by a processor performs the steps of the file encryption method according to any one of claims 1 to 3 or the steps of the file decryption method according to any one of claims 4 to 6.
CN202310070402.8A 2023-01-19 2023-01-19 File encryption and decryption methods, devices, equipment and storage medium Pending CN116070239A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310070402.8A CN116070239A (en) 2023-01-19 2023-01-19 File encryption and decryption methods, devices, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310070402.8A CN116070239A (en) 2023-01-19 2023-01-19 File encryption and decryption methods, devices, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN116070239A true CN116070239A (en) 2023-05-05

Family

ID=86183349

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310070402.8A Pending CN116070239A (en) 2023-01-19 2023-01-19 File encryption and decryption methods, devices, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN116070239A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117234427A (en) * 2023-11-09 2023-12-15 苏州元脑智能科技有限公司 Data reading and writing method, device, equipment, system, storage medium and storage system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117234427A (en) * 2023-11-09 2023-12-15 苏州元脑智能科技有限公司 Data reading and writing method, device, equipment, system, storage medium and storage system
CN117234427B (en) * 2023-11-09 2024-02-09 苏州元脑智能科技有限公司 Data reading and writing method, device, equipment, system, storage medium and storage system

Similar Documents

Publication Publication Date Title
CN111679921B (en) Memory sharing method, memory sharing device and terminal equipment
CN108345806A (en) A kind of hardware encryption card and encryption method
CN115567324B (en) Data encryption transmission method, system, computer equipment and storage medium
WO2020220536A1 (en) Data backup method and device, and computer readable storage medium
CN110971398A (en) Data processing method, device and system
WO2018041074A1 (en) Method, apparatus, and system for accessing memory device
US20230069781A1 (en) Microprocessor, data processing method, electronic device, and storage medium
CN112434326B (en) Trusted computing method and device based on data flow
CN112035900B (en) High-performance password card and communication method thereof
CN103903042A (en) Data flow encryption SD card
US20230068658A1 (en) Microprocessor, data processing method, electronic device, and storage medium
WO2023046207A1 (en) Data transmission method and apparatus, and non-volatile computer-readable storage medium
CN116070239A (en) File encryption and decryption methods, devices, equipment and storage medium
CN112256460A (en) Inter-process communication method and device, electronic equipment and computer readable storage medium
CN111459673A (en) Secure memory expansion and release method and device and electronic equipment
WO2017157006A1 (en) Secret key processing method and apparatus
CN110383254B (en) Optimizing memory mapping associated with network nodes
CN108563492B (en) Data acquisition method, virtual machine and electronic equipment
CN114553411B (en) Distributed memory encryption device and distributed memory decryption device
CN114969851B (en) FPGA-based data processing method, device, equipment and medium
CN116048716A (en) Direct storage access method and device and related equipment
JP2024500822A (en) Key installation methods, systems, devices, equipment and computer programs
CN114691034A (en) Data storage method and data processing equipment
CN112416526A (en) Direct storage access method, device and related equipment
CN113852457A (en) System and method for transmitting and receiving data based on vehicle network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination