CN117708838A - Encryption method, storage medium and equipment for transaction log - Google Patents

Encryption method, storage medium and equipment for transaction log Download PDF

Info

Publication number
CN117708838A
CN117708838A CN202211090771.5A CN202211090771A CN117708838A CN 117708838 A CN117708838 A CN 117708838A CN 202211090771 A CN202211090771 A CN 202211090771A CN 117708838 A CN117708838 A CN 117708838A
Authority
CN
China
Prior art keywords
data
transaction log
log
encrypting
xlog
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211090771.5A
Other languages
Chinese (zh)
Inventor
冷建全
沈志伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Kingbase Information Technologies Co Ltd
Original Assignee
Beijing Kingbase Information Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Kingbase Information Technologies Co Ltd filed Critical Beijing Kingbase Information Technologies Co Ltd
Priority to CN202211090771.5A priority Critical patent/CN117708838A/en
Publication of CN117708838A publication Critical patent/CN117708838A/en
Pending legal-status Critical Current

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The present invention relates to database technologies, and in particular, to a method, a storage medium, and an apparatus for encrypting a transaction log. The encryption method of the transaction log comprises the following steps: in the process of assembling the transaction log to be encrypted, encrypting the transaction log with a preset encryption granularity; according to the length of the encrypted transaction log, pre-distributing the storage position of the transaction log in the transaction log write cache; and copying the transaction log to a transaction log write cache according to the storage position of the transaction log obtained by pre-allocation. The encryption method of the transaction log, disclosed by the invention, can be used for protecting the encryption of the transaction log to meet the safety, and meanwhile, the problem of change of storage position information caused by different lengths before and after the encryption of the transaction log is avoided, and the stability of the storage position information of the transaction log in the transaction log write cache is maintained.

Description

Encryption method, storage medium and equipment for transaction log
Technical Field
The present invention relates to database technologies, and in particular, to a method, a storage medium, and an apparatus for encrypting a transaction log.
Background
In a KingbaseES database (abbreviated as KES database), a transaction log is actually referred to as an XLOG log (or called WAL log), and the database system records all update operations of all transactions to the KES database and writes XLOG log files before they are applied. If the XLOG log is not encrypted in the KES database, under the condition that an illegal person takes the XLOG log containing sensitive user data, the illegal person can obtain the sensitive user data through simple XLOG log playback operation, thereby causing user information leakage. Therefore, in order to prevent leakage of user information from the XLOG log, the XLOG log needs to be cryptographically protected.
However, existing encryption algorithms (e.g., SM 4) align the encrypted data, resulting in inconsistent plaintext lengths before encryption and ciphertext lengths after encryption. Because the XLOG log contents in the XLOG log file are all stored in fixed locations, if the data lengths of the XLOG logs before and after encryption are inconsistent, the information of the recorded XLOG log locations is not available any more.
Therefore, how to design a KES database XLOG log encryption method that satisfies security and supports inconsistent data lengths of XLOG logs before and after encryption becomes a problem to be solved.
Disclosure of Invention
An object of the present invention is to provide a transaction log encryption method capable of satisfying security and supporting data length inconsistency of transaction logs before and after encryption.
It is a further object of the invention to improve the overall performance of the database.
It is a further object of the invention to improve the encryption effect and further the security.
In particular, the present invention provides a method for encrypting a transaction log, comprising:
in the process of assembling the transaction log to be encrypted, encrypting the transaction log with a preset encryption granularity;
according to the length of the encrypted transaction log, pre-distributing the storage position of the transaction log in the transaction log write cache;
and copying the transaction log to a transaction log write cache according to the storage position of the transaction log obtained by pre-allocation.
Optionally, the transaction log to be encrypted includes a transaction log header and a transaction log data area, wherein the transaction log data area includes a plurality of data blocks; and is also provided with
The preset encryption granularity is a data block.
Optionally, the transaction log data area includes main data and/or at least one block area, the block area contains page data and/or scroll data, and the main data, the page data and the scroll data each include at least one data block; and is also provided with
Under the condition that the transaction log to be encrypted comprises main data, page data and scroll data, in the process of assembling the transaction log, the process of encrypting the transaction log with the preset encryption granularity comprises the following steps:
checking whether a block area in the transaction log is not traversed;
if yes, encrypting each data block in each page data and each scroll data of each block area which is not traversed;
if not, checking whether the transaction log contains main data;
if so, encrypting each data block in main data;
if not, the encryption operation is ended.
Optionally, the process of encrypting each data block in main data includes:
acquiring head pointers corresponding to data blocks of main data in a pre-constructed assembly linked list;
searching each data block of main data according to the head pointer sequence, and encrypting the searched data blocks until main data traversal is finished;
and when main data traversal is finished, finishing the encryption operation.
Optionally, the process of encrypting each data block in each page data and each repetition data of the non-traversed block region includes:
acquiring any non-traversed block area, and checking whether page data is contained in the non-traversed block area;
if the page data is contained, encrypting each data block in the page data, and checking whether a not traversed block area contains a scroll data or not;
if the block area does not contain page data, checking whether a not traversed block area contains a complete data or not;
if the data block contains the repetition data, each data block in the repetition data is encrypted.
Optionally, the method further includes, without including the repetition data:
again check if there are block areas in the transaction log that have not been traversed.
Optionally, the process of encrypting each data block in the tuple data includes:
acquiring head pointers corresponding to data blocks of the complete data in a pre-constructed assembly linked list;
searching each data block of the repetition data according to the head pointer sequence, and encrypting the searched data blocks until the repetition data traversal is finished.
Optionally, before the step of encrypting the transaction log with the preset encryption granularity, the encryption method of the transaction log further includes:
the length of the encrypted transaction log is calculated.
According to another aspect of the present invention, there is also provided a machine-readable storage medium having stored thereon a machine-executable program which, when executed by a processor, implements a method of encrypting a transaction log of any of the above.
According to yet another aspect of the present invention, there is also provided a computer device including a memory, a processor, and a machine executable program stored on the memory and running on the processor, and the processor implementing the encryption method of the transaction log of any one of the above when executing the machine executable program.
According to the encryption method of the transaction log, in the process of assembling the transaction log to be encrypted, the transaction log is encrypted with the preset encryption granularity, so that the encryption protection of the transaction log is realized, and the security is met. After the encryption operation is carried out on the transaction log in the assembly transaction log stage, the encryption method of the transaction log of the invention pre-distributes the storage position of the transaction log in the transaction log write cache according to the length of the encrypted transaction log, copies the transaction log to the transaction log write cache according to the storage position of the transaction log obtained by pre-distribution, avoids the change of the storage position information of the transaction log when the transaction log is subsequently copied to the transaction log write cache, and eliminates the influence of the data alignment operation during the encryption of the transaction log on the storage position information of the transaction log, thereby keeping the stability of the storage position information of the transaction log in the transaction log write cache under the condition of supporting the inconsistent data length of the transaction log before and after encryption.
Further, in the encryption method of the transaction log, the transaction log to be encrypted comprises a transaction log header and a transaction log data area, wherein the transaction log data area comprises a plurality of data blocks, and the preset encryption granularity is the data blocks. The encryption method of the transaction log realizes that only the data needing to be encrypted can be encrypted in a targeted manner by using the data block as the preset encryption granularity, avoids the encryption operation on other invalid data, reduces the performance loss and effectively improves the overall performance of the database.
Furthermore, in the encryption method of the transaction log, the transaction log data area comprises main data and/or at least one block area, each block area contains page data and/or scroll data, and the main data, the page data and the scroll data comprise at least one data block. In the event that the transaction log to be encrypted comprises main data, page data and scroll data, the encryption method of the transaction log of the invention is used for checking whether a block area in the transaction log is not traversed, if so, encrypting each page data of the block area which is not traversed and each data block in each scroll data respectively, if not, checking whether the transaction log contains main data, if so, encrypting each data block in the main data, and if not, ending the encryption operation, thereby realizing the encryption operation of each data block which needs to be encrypted in the transaction log gradually, effectively improving the encryption effect, and further improving the safety of user information.
The above, as well as additional objectives, advantages, and features of the present invention will become apparent to those skilled in the art from the following detailed description of a specific embodiment of the present invention when read in conjunction with the accompanying drawings.
Drawings
Some specific embodiments of the invention will be described in detail hereinafter by way of example and not by way of limitation with reference to the accompanying drawings. The same reference numbers will be used throughout the drawings to refer to the same or like parts or portions. It will be appreciated by those skilled in the art that the drawings are not necessarily drawn to scale. In the accompanying drawings:
FIG. 1 is a flow diagram of a method of encrypting a transaction log according to one embodiment of the invention;
FIG. 2 is a flow diagram of a transaction log write flow in a method of encrypting a transaction log according to one embodiment of the invention;
FIG. 3 is a schematic diagram of the structure of a transaction log in a method of encrypting a transaction log according to one embodiment of the invention;
FIG. 4 is a flow diagram of a method of encrypting a transaction log according to another embodiment of the present invention;
FIG. 5 is a schematic diagram of a machine-readable storage medium according to one embodiment of the invention; and
fig. 6 is a schematic structural view of a computer device according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present invention are shown in the drawings, it should be understood that the present invention may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
In order to solve the above technical problems, an embodiment of the present invention provides an encryption method for a transaction log. FIG. 1 is a schematic flow diagram of a method of encrypting a transaction log according to one embodiment of the invention. The encryption method of the transaction log may generally include:
step S102, in the process of assembling the transaction log to be encrypted, encrypting the transaction log with a preset encryption granularity;
step S104, pre-distributing the storage position of the transaction log in the transaction log write cache according to the length of the encrypted transaction log;
and step S106, copying the transaction log to a transaction log write cache according to the storage position of the transaction log obtained by pre-allocation.
In the encryption method of the transaction log of the embodiment, in the process of assembling the transaction log to be encrypted, encryption operation is carried out on the transaction log with preset encryption granularity. That is, the embodiment encrypts the transaction log to be encrypted in the stage of assembling the transaction log, thereby realizing the encryption protection of the transaction log and meeting the security. After the encryption operation is performed on the transaction log in the assembly transaction log stage, the encryption method of the transaction log of the embodiment pre-distributes the storage position of the transaction log in the transaction log write cache according to the length of the encrypted transaction log, and copies the transaction log to the transaction log write cache according to the pre-distributed storage position of the transaction log. In other words, the encryption method of the transaction log in this embodiment determines the storage location information of the transaction log after copying to the transaction log write cache according to the data length of the ciphertext of the transaction log obtained after encryption, so as to avoid the change of the storage location information caused by the length change of the transaction log when copying the ciphertext of the encrypted transaction log to the transaction log write cache after determining the storage location information according to the plaintext length of the transaction log, and eliminate the influence of the data alignment operation on the transaction log storage location information when the transaction log is encrypted, thereby maintaining the stability of the storage location information of the transaction log in the transaction log write cache under the condition that the data lengths of the transaction logs before and after encryption are inconsistent.
In one embodiment, prior to the step of assembling the transaction log, the steps of: generating a transaction log in database operation; registering a transaction log; and pre-constructing an assembly linked list in the database management system according to the registration result of the transaction log. It should be noted that the assembly linked list is a non-continuous and non-sequential storage structure on a physical storage unit, and the logical sequence of the data elements is implemented by the sequence of pointer links in the assembly linked list. In this embodiment, the step S106 may specifically include the following steps: according to the storage position of the transaction log obtained by pre-allocation, each part of data in the transaction log is respectively put into a continuous section of a pre-constructed assembly linked list; and copying the transaction log data in the continuous interval to a transaction log write cache. After the above step S106, the present embodiment further includes the steps of: writing the page with the transaction log stored in the transaction log write cache into a disk file to complete the transaction log write flow.
In one embodiment, before the step of encrypting the transaction log with the preset encryption granularity in the step S102, the encryption method of the transaction log of the present invention may further include the following steps: the length of the encrypted transaction log is calculated. That is, before performing the encryption operation, the encryption method of the transaction log of the present embodiment calculates the length of the transaction log after encryption, so as to obtain the total length of the encrypted transaction log in the subsequent step.
In addition, the KingbaseES is a large-person-warehouse database management system KingbaseES, and is a general relational database management system. Those skilled in the art will recognize that in some alternative embodiments, the encryption method of the transaction log of the present invention may be applied to KES databases, and in other alternative embodiments, the encryption method of the transaction log of the present invention may be applied to other relational databases. For the KES database, the transaction log is actually referred to as an XLOG log (or called WAL log), which details the operation process of the service process on the KES database. In order to more clearly illustrate the technical effect of selecting the stage of assembling the transaction log as the encryption location in this embodiment, the transaction log writing procedure is further described below with reference to fig. 2 and 3.
Fig. 2 is a flow diagram of a transaction log writing procedure in the encryption method of the transaction log according to an embodiment of the present invention. As shown in fig. 2, in this embodiment, the XLOG log write flow may generally include:
in step S202, XLOG log data is generated. The final data content in the XLOG log cannot be completely determined in the XLOG log generation stage because the data in the XLOG log is selectively stored according to some flag bits when the XLOG log is assembled. Therefore, this stage is not suitable for encrypting XLOG logs.
In step S204, XLOG log data is registered. The final data content in the XLOG log cannot be completely determined until the registration XLOG log phase is also in the XLOG log assembly phase. Therefore, this stage is also not suitable for encrypting XLOG logs.
Step S206, assembling XLOG log data. The final data content in the XLON log can be completely determined in the XLON log assembling stage, and the position of the XLON log in the XLON log writing buffer memory is not determined at the moment, and the influence of the XLON log storage position information caused by the data alignment operation during the XLON log encryption can be eliminated only by calculating the real total length of the encrypted XLON log and pre-distributing the storage position of the XLON log in the XLON log writing buffer memory according to the length. Encrypting the XLOG log at this stage has the further benefit that no changes are required for the subsequent write flow.
Step S208, pre-allocating the storage position of the XLON log in the XLON log write cache. In this process, each process writing the XLOG needs to acquire an exclusive lock to prevent each process from overlapping pre-allocated locations on the XLOG write cache. If the encryption task is performed in this process, the encryption task of each process is caused to be performed serially, resulting in serious performance problems. Therefore, this stage is not suitable for encrypting XLOG logs.
In step S210, the data of each part of the XLOG log is put into a continuous section. Since prior to this process, the place where the XLOG log is stored in the XLOG write cache has been determined (the stage of pre-allocating the storage location of the XLOG log in the XLOG write cache), and the XLOG log may cause a change in the length of the XLOG log when encrypted, this stage is not suitable for encrypting the XLOG log.
In step S212, the XLOG data in the continuous section is copied to the XLOG write cache. Since this stage is also in a state that the storage position of the XLOG log in the XLOG write cache is already determined, and the length of the XLOG log may be changed when the XLOG log is encrypted, this stage is also not suitable for encrypting the XLOG log.
Step S214, writing the page with the XLON log stored in the XLON write cache into a disk file. At this stage, the whole XLOG log cannot be accurately obtained, and the preset encryption granularity can be considered to be set as a page. However, the granularity of encrypting a page has the following problems: one page is likely to be encrypted or decrypted multiple times, severely compromising performance. For example, if a page is not full, and the operation of brushing is performed, then only a part of valid XLOG log data is used by the page in the disk file, but the encryption granularity is now the page, and then the whole page is encrypted every time, and possibly many invalid data are encrypted. When the XLOG log needs to be written to this page, it needs to be decrypted first. In practical use, the operation of such a brush plate is very numerous, which results in very large performance losses. Therefore, this stage is also not suitable for encrypting XLOG logs.
In the above embodiment, the XLOG log to be encrypted includes the XLOG log header and the XLOG log data area, wherein the XLOG log data area includes a plurality of data blocks. It should be noted that some XLOG logs only include an XLOG log header, and do not have an XLOG log data area, and an XLOG log including only an XLOG log header may not be encrypted in the writing flow of the XLOG log because of no user data. Specifically, the XLOG log data area includes main data and/or at least one block area, each block area contains page data and/or scroll data, and the main data portion, page data and scroll data each include at least one data block. The various parts of the XLOG log are described in detail below in conjunction with fig. 3.
FIG. 3 is a schematic diagram of the structure of a transaction log in a method for encrypting a transaction log according to one embodiment of the invention. Specifically, for the KES database, the transaction log is an XLOG log.
As shown in fig. 3, one XLOG log includes an XLOG log header and an XLOG log data area, wherein the XLOG log header has no user data and may not be encrypted. The XLOG log data area includes a blocks portion and/or a main data portion. Note that, the XLOG logs of different kinds have different configurations, and one part of the XLOG logs of one kind includes only the XLOG log header, but does not have the XLOG log data area, and the other part of the XLOG logs of the other kind includes both the XLOG log header and the XLOG log data area. An XLOG log without an XLOG log data area including only an XLOG log header may not be encrypted in a write flow of the XLOG log due to the absence of user data, while an XLOG log including both an XLOG log header and an XLOG log data area may need to be encrypted in a write flow of the XLOG log. That is, the XLOG log to be decrypted may include an XLOG log header and an XLOG log data area.
Specifically, the blocks portion includes at least one block region, each block region containing page data and/or repetition data. It should be noted that, the XLOG logs of different types have different structures, one part of the XLOG logs of one type has only an XLOG log header and a main data, the other part of the XLOG logs of another type has only an XLOG log header and a blocks portion, and the other part of the XLOG logs of another type includes an XLOG log header, a main data and a blocks portion at the same time. That is, the XLOG journal data region may include both main data and at least one block region, or the XLOG journal data region may include only main data or at least one block region. In addition, each block region may contain both page data and repetition data, or may contain only repetition data. As shown in fig. 3, for an XLOG log stored in one page, the first block region of the blocks section contains both page data and repetition data, and the non-first block region contains only repetition data. When the length exceeds one page or the XLOG log stored across pages, the first block area distributed in each page contains page data and scroll data at the same time, and the rest block areas contain only scroll data.
In the above embodiments, each of main data, page data, and scroll data may include at least one data block, and the length of each data block may be different. On this basis, the predetermined encryption granularity in step S102 may be a data block. The encryption operation on the XLOG log head or other invalid data which is not recorded with the user data is avoided, the purpose of encrypting only the data needing to be encrypted in a targeted manner is achieved, the performance loss is reduced, and the overall performance of the database is effectively improved. In addition, the data blocks of all parts in the XLON log can be conveniently obtained in the stage of assembling the XLON log, so that the XLON log is conveniently encrypted by taking the data blocks as a preset encryption granularity.
In one embodiment, the step S102 may be specifically performed as the following steps: checking whether a block area in the XLog log is not traversed; if yes, encrypting each data block in each page data and each scroll data of the block area which is not traversed; if not, checking whether the XLOG log contains main data; if so, encrypting each data block in main data; if not, the encryption operation is ended. By using the method, each data block needing to be encrypted in the XLOG log can be orderly encrypted, so that the encryption effect is effectively improved, and the safety of user information is further improved. Specifically, the above-described steps of encrypting each data block in each page data and each repetition data of the block area that is not traversed, respectively, may be specifically performed as: acquiring any non-traversed block area, and checking whether page data is contained in the non-traversed block area; if the page data is contained, encrypting each data block in the scroll data, and checking whether the non-traversed block area contains the scroll data or not; if the block area does not contain page data, checking whether a not traversed block area contains a complete data or not; if the data block contains the repetition data, each data block in the repetition data is encrypted.
In addition, after the step of encrypting each data block in the repetition data, the method of the present embodiment further includes: again check whether there are block areas in the XLOG log that have not been traversed. And after the step of checking whether the not traversed block area contains the repetition data, in the case that the repetition data is not contained, the method of the embodiment further includes: again check whether there are block areas in the XLOG log that have not been traversed.
In a specific embodiment, each data block of each data of each scroll data and each data of main data of the block area of the XLOG log of the present embodiment have a head pointer corresponding to the assembly linked list one by one, and a node corresponding to each data block position in the assembly linked list can be found by the head pointer. It should be noted that the assembly linked list is composed of a series of nodes (each element in the linked list is called a node), and the nodes can be dynamically generated at runtime. The head pointer is a pointer to the storage location of a node in the linked list. Because the data stored in the assembly linked list is used, the real physical storage addresses are not adjacent to each other, but are randomly distributed by the system, and the head pointer is created in advance, so that the data stored in the assembly linked list can be conveniently found.
On this basis, the step of encrypting each data block in main data may be specifically performed as the steps of: acquiring head pointers corresponding to data blocks of main data in a pre-constructed assembly linked list; searching each data block of main data according to the head pointer sequence, and encrypting the searched data blocks until main data traversal is finished; and when main data traversal is finished, finishing the encryption operation. In addition, the step of encrypting each data block in the tuple data may be specifically performed as the steps of: acquiring head pointers corresponding to data blocks of the complete data in a pre-constructed assembly linked list; searching each data block of the repetition data according to the head pointer sequence, and encrypting the searched data blocks until the repetition data traversal is finished. By using the method, each data block needing to be encrypted in the XLOG log is further ensured to be encrypted step by step, and the encryption effect is further ensured.
Fig. 4 is a flow diagram of a method of encrypting a transaction log according to another embodiment of the invention. The following describes the steps of the flow of the present embodiment in detail with reference to fig. 4.
In step S402, XLOG log data is generated during database operation.
In step S404, XLOG log data is registered. In a specific embodiment, step S404 may be specifically performed as: applying for an identification number for the generated XLOG logs by a log manager, wherein the identification number of each XLOG log comprises a head pointer of each data block of the XLOG log; and according to the registration result of the XLOG log, pre-constructing an assembly linked list in the database management system, wherein nodes corresponding to the positions of the data blocks in the assembly linked list can be found through head pointers. In addition, an XLOG log includes an XLOG log header and an XLOG log data area, wherein the XLOG log header has no user data and may not be encrypted. The XLOG journal data field includes a blocks portion and a main data portion. Specifically, the blocks portion includes a plurality of block areas, each of which may contain page data and page data, and the page data and page data may be internally divided into a plurality of data blocks each having a different length. The main data portion may also be internally divided into a plurality of data blocks that may be of varying lengths.
Step S406, checking whether the block area in the XLog log is not traversed, if yes, executing step S428, otherwise, executing step S408. After step S404, the process enters the stage of assembling the XLOG log, and after the start of assembling the XLOG log, step S406 is executed.
In step S408, a block area is obtained from the non-traversed block area.
Step S410, checking whether the obtained block area has page data, if yes, executing step S412, and if not, executing step S416.
Step S412, each data block in the page data is encrypted.
Step S414, adding the node storing the page data into the assembly linked list.
Step S416, checking whether the non-traversed block area contains the repetition data, if yes, executing step S418, otherwise, returning to step S406.
Step S418, acquiring a top pointer of a complete data linked list. Specifically, the tuple data link table head pointer includes head pointers corresponding to respective data blocks of the tuple data in the pre-constructed assembly link table.
Step S420, encrypt the data block of the current linked list node. Specifically, according to the pre-constructed head pointer, the linked list node corresponding to each data block of the multiple data linked list can be obtained in the assembled linked list.
Step S422, adding the current scroll data linked list node into the assembly linked list. Specifically, the current complete data linked list node refers to a linked list node corresponding to the data block of which encryption has been completed last.
Step S424, determining whether the traversal of the complete data is completed, if yes, returning to step S406, and if no, executing step S426.
Step S426, the next complete data linked list node is obtained, and step S420 is continued.
Step S428, check whether the XLOG log contains main data, if yes, go to step S430, if no, go to step S426. Specifically, if the XLOG log does not include main data, the process of assembling the XLOG log is ended, and the stage of pre-allocating the storage location of the XLOG log in the XLOG log write cache is entered.
Step S430, obtaining a main data linked list head pointer. Specifically, the main data linked list head pointer includes head pointers corresponding to respective data blocks of main data in a pre-built assembly linked list.
Step S432, encrypting the data block of the current linked list node. Specifically, according to the pre-constructed head pointer, the linked list node corresponding to each data block of the main data linked list can be obtained in the assembled linked list.
Step S434, adding the current main data linked list node into the assembly linked list. Specifically, the current main data linked list node refers to a linked list node corresponding to a data block in main data, which has been encrypted last.
Step S436, determining whether main data is traversed, if yes, executing step S440, and if no, executing step S438. Specifically, if main data traversal is finished, the process of assembling the XLOG log is finished, and the stage of pre-allocating the storage position of the XLOG log in the XLOG log write cache is entered.
Step S438, the next main data linked list node is obtained, and step S432 is continued.
In step S440, the storage location of the XLOG log is pre-allocated in the XLOG log write cache. Specifically, the storage location of the XLOG log pre-allocated in step S440 may be determined according to the length of the encrypted XLOG log.
In step S442, the XLOG log is copied to the XLOG log write cache. Specifically, step S442 may be specifically performed as: according to the storage position of the pre-allocated XLOG log, the data of each part of the XLOG log is put into a continuous interval; the XLOG data in consecutive intervals is copied to the XLOG write cache.
Step S444, writing the page with the XLON log stored in the XLON write cache into a disk file. The flow ends.
By using the method, for the KES system, each data block of the XLON log is selected as the encryption granularity of the XLON log, and the stage of assembling the XLON log is selected as the encryption position, so that the encryption protection of the XLON log is realized to meet the security, and meanwhile, the influence of the data alignment operation during the encryption of the XLON log on the storage position information of the XLON log is eliminated, thereby maintaining the stability of the storage position information of the XLON log in the XLON log write cache under the condition of inconsistent data lengths of the XLON log before and after encryption is supported.
The present embodiment also provides a machine-readable storage medium and a computer device. Fig. 5 is a schematic diagram of the structure of a machine-readable storage medium 10 according to one embodiment of the present invention, and fig. 6 is a schematic diagram of the structure of a computer device 20 according to one embodiment of the present invention.
The machine-readable storage medium 10 has stored thereon a machine-executable program 11, which when executed by a processor, implements the processing method of any of the above embodiments.
The computer device 20 may include a memory 220, a processor 210, and a machine executable program 11 stored on the memory 220 and running on the processor 210, and the processor 210 implements the processing methods of any of the embodiments described above when executing the machine executable program 11.
The flowcharts provided by this embodiment are not intended to indicate that the operations of the method are to be performed in any particular order, or that all of the operations of the method are included in all of each case. Furthermore, the method may include additional operations. Additional variations may be made to the above-described methods within the scope of the technical ideas provided by the methods of the present embodiments.
By now it should be appreciated by those skilled in the art that while a number of exemplary embodiments of the invention have been shown and described herein in detail, many other variations or modifications of the invention consistent with the principles of the invention may be directly ascertained or inferred from the present disclosure without departing from the spirit and scope of the invention. Accordingly, the scope of the present invention should be understood and deemed to cover all such other variations or modifications.

Claims (10)

1. A method of encrypting a transaction log, comprising:
in the process of assembling the transaction log to be encrypted, encrypting the transaction log with a preset encryption granularity;
according to the length of the encrypted transaction log, pre-distributing the storage position of the transaction log in a transaction log write cache;
and copying the transaction log to the transaction log write cache according to the storage position of the transaction log obtained by pre-allocation.
2. The encryption method of a transaction log of claim 1, wherein the transaction log to be encrypted comprises a transaction log header and a transaction log data region, wherein the transaction log data region comprises a plurality of data blocks; and is also provided with
The preset encryption granularity is the data block.
3. The encryption method of transaction log according to claim 2, wherein the transaction log data area comprises main data and/or at least one block area, the block area contains page data and/or scroll data, and the main data, the page data and the scroll data each comprise at least one data block; and is also provided with
In the case that the transaction log to be encrypted includes the main data, the page data and the tuple data, the process of encrypting the transaction log with a preset encryption granularity in the process of assembling the transaction log includes:
checking whether a block area is not traversed in the transaction log;
if yes, encrypting each page data of each block area which is not traversed and each data block in each repledata;
if not, checking whether the transaction log contains main data;
if so, encrypting each data block in the main data;
and if not, ending the encryption operation.
4. The encryption method of transaction log according to claim 3, wherein the process of encrypting each of the data blocks in the main data comprises:
acquiring head pointers corresponding to the data blocks of the main data in a pre-constructed assembly linked list;
searching each data block of the main data according to the head pointer sequence, and encrypting the searched data blocks until the main data traversal is finished;
and ending the encryption operation under the condition that the main data traversal is ended.
5. The encryption method of transaction log according to claim 3, wherein the encrypting process of each of the data blocks in each of the page data and each of the repledata of the non-traversed block region comprises:
acquiring any non-traversed block area, and checking whether page data is contained in the non-traversed block area;
if the data block contains page data, encrypting each data block in the page data, and checking whether a block area which is not traversed contains a repledata or not;
if the page data is not contained, checking whether a not traversed block area contains a repledata or not;
and if the data block contains the replededata, encrypting each data block in the replededata.
6. The encryption method of transaction log according to claim 5, wherein the encryption method further comprises, without including tupledata:
and checking whether a block area in the transaction log is not traversed or not again.
7. The encryption method of transaction log according to claim 5, wherein the process of encrypting each of the data blocks in the reply data comprises:
acquiring head pointers corresponding to the data blocks of the tupledata in a pre-constructed assembly linked list;
and searching each data block of the tupledata according to the head pointer sequence, and encrypting the searched data blocks until the tupledata traversal is finished.
8. The encryption method of a transaction log according to claim 1, wherein, before the step of encrypting the transaction log with a preset encryption granularity, the encryption method of the transaction log further comprises:
and calculating the length of the encrypted transaction log.
9. A machine-readable storage medium having stored thereon a machine-executable program which when executed by a processor implements the encryption method of transaction logs according to any one of claims 1 to 8.
10. A computer device comprising a memory, a processor and a machine executable program stored on the memory and running on the processor, and the processor implementing the encryption method of the transaction log according to any one of claims 1 to 8 when executing the machine executable program.
CN202211090771.5A 2022-09-07 2022-09-07 Encryption method, storage medium and equipment for transaction log Pending CN117708838A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211090771.5A CN117708838A (en) 2022-09-07 2022-09-07 Encryption method, storage medium and equipment for transaction log

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211090771.5A CN117708838A (en) 2022-09-07 2022-09-07 Encryption method, storage medium and equipment for transaction log

Publications (1)

Publication Number Publication Date
CN117708838A true CN117708838A (en) 2024-03-15

Family

ID=90144854

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211090771.5A Pending CN117708838A (en) 2022-09-07 2022-09-07 Encryption method, storage medium and equipment for transaction log

Country Status (1)

Country Link
CN (1) CN117708838A (en)

Similar Documents

Publication Publication Date Title
Demertzis et al. Fast searchable encryption with tunable locality
US7818586B2 (en) System and method for data encryption keys and indicators
US7689547B2 (en) Encrypted data search
US6249866B1 (en) Encrypting file system and method
US11232216B1 (en) Systems and methods for generation of secure indexes for cryptographically-secure queries
US8464071B2 (en) Trusted storage systems and methods
US7152165B1 (en) Trusted storage systems and methods
KR100749428B1 (en) Distributed data archive device, system and recording medium
KR101405720B1 (en) Accelerated cryptography with an encryption attribute
JP2009533759A (en) System for reconstructing distributed data
CN108923932A (en) A kind of decentralization co-verification model and verification algorithm
US20160283749A1 (en) Method for encrypting database
JP2008517354A (en) A computer with a method of building an encrypted database index for database table search
US10903977B2 (en) Hidden electronic file systems
KR101522870B1 (en) Apparatus and method for encrypting data column
US20210124732A1 (en) Blockchain based distributed file systems
CN117708838A (en) Encryption method, storage medium and equipment for transaction log
JP3734132B2 (en) Key recovery authority management method, apparatus and program recording medium
CN117708840A (en) Decryption method, storage medium and equipment for transaction log
Degitz et al. Access Pattern Confidentiality-Preserving Relational Databases: Deployment Concept and Efficiency Evaluation.
KR102668409B1 (en) Secure computing device and method for key value store using log structured merge tree
CN111913915B (en) File hiding method and device
Wang et al. Secure dynamic SSE via access indistinguishable storage
CN117714085A (en) Transaction log processing method, storage medium and equipment
Degitz et al. PATCONFDB: Design and Evaluation of Access Pattern Confidentiality-Preserving Indexes.

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination