CN1567288A - Method for multiple encryption of file and simultaneous sealing/unsealing - Google Patents
Method for multiple encryption of file and simultaneous sealing/unsealing Download PDFInfo
- Publication number
- CN1567288A CN1567288A CN 03135741 CN03135741A CN1567288A CN 1567288 A CN1567288 A CN 1567288A CN 03135741 CN03135741 CN 03135741 CN 03135741 A CN03135741 A CN 03135741A CN 1567288 A CN1567288 A CN 1567288A
- Authority
- CN
- China
- Prior art keywords
- file
- safekeeping
- enciphering
- sealing
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
This invention provides a kind of simultaneous encrypting and decrypting method of file multiple encryptions. It belongs to the information security realm. It features that when encrypting the file, it adopts the asymmetric encryption algorithm to nesting encrypt by using public key of multiple participants, so to realize the function of file encryption. If the file needs to be decrypted, each participant must attend simultaneously and provide their private key to decrypt one after another. This method can be applied to the field not only with high security and confidentiality but also needs publicity and justness.
Description
Technical field
The present invention proposes the method that a kind of file multi-enciphering is sealed up for safekeeping simultaneously and broken a seal, and belongs to information security field, realizes security that file preserves, confidentiality, integrality and open notarization property.
Background technology
At present, file security mostly adopts digital signature and encryption technology, at first uses the possessory private key of file file is signed and to be attached on the file; With the disposable session key that generates at random file and signature are encrypted the formation ciphertext then; With file viewer's PKI session key is encrypted the formation encryption key again; At last with ciphertext and the synthetic file that will transmit of encryption key.The file of Chan Shenging only needs just can be deciphered separately by the file viewer like this, can not satisfy the requirement (for example must show up simultaneously in many ways and just can carry out reading file) of the occasion that ask for something gets involved in many ways.
The Chinese patent publication number is that the application case of CN1109187A is that source file is encrypted, and the executable file of generation writes floppy disk and offers the user.Because the unreliability of floppy disk medium, the range of application of this method has significant limitation.The Chinese patent publication number is that the application case of CN1186277A is to utilize the method for layered encryption to guarantee the confidentiality of file, when transmitting or storing encrypt file, in the archives that the decompression and the decrypt operation of correspondence is additional to encrypt file.Such file only needs the correct password of receiving end input can obtain raw data, does not possess publicity and notarization property, and can not verify the integrality of source document.
The present invention adopts the multi-enciphering technology, by participant in many ways file is sealed up for safekeeping simultaneously and is guaranteed safety of files, confidentiality, integrality and open fairness.Wherein participant's list is selected by the person of sealing up for safekeeping of file in many ways, in case file is sealed up for safekeeping simultaneously, has only all participants all on the scene simultaneously and correct information is provided, and file could be broken a seal.
The file that multi-enciphering is sealed up for safekeeping simultaneously can prevent that file content from being revised separately and reconstruct, guarantee safety of files, confidentiality, integrality and open fairness, the file secret that can be widely used in each institutional settings is preserved and occasions such as the online open bidding of website and bid.
Summary of the invention
The file that multi-enciphering is sealed up for safekeeping simultaneously is the file of an order, and its structure is divided into three parts (introduce in detail and see also accompanying drawing 1 explanation):
1) file header comprises six parts: the person's of sealing up for safekeeping identifier, digest algorithm identifier, signature algorithm identifier symbol, file encryption algorithm identifier, participation number identifier and participant identifying symbol.
The ciphertext of 2) sealing up for safekeeping.
3) multi-enciphering key comprises two parts: asymmetric arithmetic identifier and key information.
When source document is sealed up for safekeeping simultaneously, at first fill up a document head for information about, as: the person's of sealing up for safekeeping identifier, digest algorithm identifier, signature algorithm identifier symbol, participation number identifier etc., wherein the participant is by the person's of sealing up for safekeeping decision of file, be generally the identifier more than three, its number is consistent with the number of participation identifier.Then do not seal the person up for safekeeping source document is produced summary and encrypts the formation signature with the private key of oneself, signature is attached to the file (detail operations sees also accompanying drawing 2 explanations) that the source document end forms signature.Then do not seal the person up for safekeeping and produce disposable session key at random, the file of having signed is encrypted the ciphertext content that formation will be sealed up for safekeeping.Then obtain participant's PKI separately,, obtain multi-enciphering key (detail operations sees also accompanying drawing 3 explanations) according to disposable random session key being carried out nested encryption from back to the preceding PKI that uses in order.
In the time of will sealing file up for safekeeping and break a seal simultaneously, at first require the participant in the participant identifying symbol that corresponding private key is provided successively.If wherein any one participant's private key mistake, then file Kaifeng failure this time.After obtaining corresponding private key, private key according to from front to back the participant that uses in order is deciphered successively to the multi-enciphering key, obtain the disposable random session key that the person of sealing up for safekeeping generates, and according to the file encryption algorithm of describing in the file header, use this session key that the ciphertext of sealing up for safekeeping is decrypted, the file that obtains signing (detail operations sees also accompanying drawing 4 explanations).Take out the signed data in the file at last, verify the correctness (detail operations sees also accompanying drawing 5 explanations) of its signature according to digest algorithm of describing in the file header and signature algorithm.If by signature verification, illustrate that then source document is not destroyed, file is complete; Otherwise supporting paper is destroyed.Any slight change of source document all will cause the greatest differences of summary info, therefore, verify the signing messages of this field, but the integrality of authenticating documents, primitiveness and non-repudiation etc.
In order to further specify principle of the present invention and feature, describe below in conjunction with accompanying drawing.
Fig. 1 seals the structural drawing of file simultaneously up for safekeeping for multi-enciphering.
The file that multi-enciphering is sealed up for safekeeping simultaneously comprises file header, the ciphertext of sealing up for safekeeping and multi-enciphering key three parts.
Wherein file header comprises six partial contents:
1) person's of sealing up for safekeeping identifier
Character string, the person of sealing up for safekeeping of sign source document.
2) digest algorithm identifier
Character string, the digest algorithm that file uses is sealed in expression up for safekeeping.Can adopt digest algorithm commonly used both at home and abroad, as: MD2, MD5 and SHA1 etc.
3) signature algorithm identifier symbol
Character string, the signature algorithm that file uses is sealed in expression up for safekeeping.Can adopt signature algorithm commonly used both at home and abroad, as: DSS, RSA etc.
4) file encryption algorithm identifier
Character string, the symmetric encipherment algorithm that file uses is sealed in expression up for safekeeping.Can adopt symmetric encipherment algorithm commonly used at present both at home and abroad, as: AES, triple des, RC5 and IDEA etc.
5) participate in the number identifier
Character string, the participant's that file relates to number is sealed in expression up for safekeeping.
6) participant identifying symbol
Character string, sign is sealed all participants that file relates to up for safekeeping.
The ciphertext of sealing up for safekeeping is a binary string, by the algorithm of file encryption algorithm identifiers appointment in the file header source document is encrypted the back and forms.
The multi-enciphering key comprises two parts content:
1) asymmetric arithmetic identifier
Character string, the rivest, shamir, adelman that the expression session key uses.Can adopt rivest, shamir, adelman commonly used both at home and abroad, as: RSA, DSA, ECC and DH etc.
2) key information
Binary string is stored after the algorithm for encryption by the appointment of top rivest, shamir, adelman identifier.
Fig. 2 is the generation model of signature file.
To the source document formation signature file of signing, concrete steps are as follows:
1. use digest algorithm, source document is carried out hash operations, obtain a hashed value.
2. use the person's of sealing up for safekeeping encrypted private key hashed value, obtain the signature of file.
3. signature is attached to the source document end, forms the file of signature.
Fig. 3 is a generation model of sealing file up for safekeeping.
Behind the file that obtains signing, need seal up for safekeeping simultaneously this document.File after sealing up for safekeeping simultaneously only could be broken a seal after all participants provide correct information, has very high security, confidentiality and open notarization property.Concrete steps are as follows:
1. do not seal the person up for safekeeping and produce disposable session key SK at random,, the file of signature is encrypted, form ciphered data according to the algorithm of file encryption algorithm identifiers appointment in the file header.
2. ciphered data is write the ciphertext part of sealing file up for safekeeping.
3. from the participant identifying symbol of file header, take out last participant, obtain its PKI PBK
n, use the rivest, shamir, adelman of appointment that SK is encrypted, form temporary key TK
1From the participant identifying symbol, take out the penult participant, obtain its PKI PBK
N-1And the rivest, shamir, adelman of use appointment is to TK
1Encrypt, form temporary key TK
2The PKI that extremely before obtains the participant from the back carries out nested encryption so successively, until the PKI PBK with first participant
1To temporary key TK
N-1Encrypt, form the session key EK of multi-enciphering.
4. identifier and the EK with the rivest, shamir, adelman that uses writes the multi-enciphering key part of sealing file up for safekeeping.
Fig. 4 is a Kaifeng model of sealing file up for safekeeping.
File after sealing up for safekeeping simultaneously for a multi-enciphering, as follows to its concrete steps that break a seal:
1. from the file of sealing up for safekeeping, take out the session key EK of multi-enciphering.
2. from the participant identifying symbol of file header, take out first participant, provide its corresponding private key PVK by this participant
1, use the rivest, shamir, adelman of appointment that EK is decrypted, obtain temporary key TK
N-1From the participant identifying symbol, take out second participant, provide its corresponding private key PVK by this participant equally
2, and the rivest, shamir, adelman of use appointment is to TK
N-1Be decrypted, obtain temporary key TK
N-2Provide its corresponding private key to be decrypted by the participant from front to back so successively, provide its private key PVK until last participant
nTo temporary key TK
1Be decrypted, obtain the disposable random session key SK that the person of sealing up for safekeeping generates.
3. from the file of sealing up for safekeeping, take out the ciphertext part.
4. according to the algorithm of file encryption algorithm identifiers appointment in the file header, use session key SK that ciphertext is decrypted, obtain file, finish the Kaifeng process of file through the person's of sealing up for safekeeping signature.
Fig. 5 is a verification model of sealing file integrality up for safekeeping.
The file of sealing up for safekeeping also need carry out integrity verification after obtaining the source document and the person's of sealing up for safekeeping signature through Kaifeng, is illegally modified to prevent file.Concrete steps are as follows:
1. according to the algorithm of signature algorithm identifier symbol appointment in the file header, use the person's of sealing up for safekeeping PKI that signature is decrypted, obtain its hashed value M1.
2. according to the algorithm of digest algorithm identifier appointment in the file header, source document is carried out hash operations, obtain a hashed value M2.
3. compare M1 and M2, if both are identical, then source document is not destroyed, is proved to be successful; If inequality, show that then source document is destroyed, authentication failed.
Claims (5)
1. a file multi-enciphering is sealed up for safekeeping/the Kaifeng method simultaneously, and its feature may further comprise the steps: multi-enciphering is sealed the structure of file simultaneously up for safekeeping; File is carried out the step that multi-enciphering is sealed up for safekeeping simultaneously; The step that the file of sealing up for safekeeping breaks a seal; The step of the file integrality checking of sealing up for safekeeping.
2. the described file multi-enciphering of claim 1 is sealed up for safekeeping/the Kaifeng method simultaneously, it is characterized in that multi-enciphering seals the structure of file simultaneously up for safekeeping and comprise following content:
The file that multi-enciphering is sealed up for safekeeping simultaneously comprises file header, the ciphertext of sealing up for safekeeping and multi-enciphering key three parts;
File header comprises six partial contents: the person's of sealing up for safekeeping identifier, digest algorithm identifier, signature algorithm identifier symbol, file add
Close algorithm identifier, participation number identifier and participant identifying symbol;
The ciphertext of sealing up for safekeeping comprises a part, promptly passes through ciphered data;
The multi-enciphering key comprises two parts content: asymmetric arithmetic identifier and key information.
3. the described file multi-enciphering of claim 1 is sealed up for safekeeping/the Kaifeng method simultaneously, it is characterized in that file is carried out the step that multi-enciphering seals up for safekeeping simultaneously be may further comprise the steps:
Use digest algorithm that source document is carried out hash operations, generate the step of hashed value;
Use the encrypted private key hashed value, generate the step of secret value;
Use disposable random session key to encrypt source document and signature, generate the step of enciphered data;
Ciphered data is write the step of the ciphertext part of sealing file up for safekeeping;
Use the nested encrypted session key of a plurality of PKIs, generate the step of encryption key;
Encrypted secret key is write the step of the multi-enciphering key part of sealing file up for safekeeping.
4. the described file multi-enciphering of claim 1 is sealed up for safekeeping/the Kaifeng method simultaneously, and the step that the file that it is characterized in that sealing up for safekeeping breaks a seal may further comprise the steps:
The step of partly taking out encryption key from the multi-enciphering key of sealing file up for safekeeping;
Use a plurality of private keys decruption key successively, obtain the step of session key;
Partly take out the step of enciphered data from the ciphertext of sealing file up for safekeeping;
Use the session key decrypting ciphertext, obtain the step of source document and signature.
5. the described file multi-enciphering of claim 1 is sealed up for safekeeping/the Kaifeng method simultaneously, and the step that it is characterized in that sealing up for safekeeping the integrity verification of file may further comprise the steps:
With PKI decrypted signature data, obtain the step of hashed value;
Use digest algorithm, source document is carried out hash operations, the step of the hashed value that must make new advances;
Relatively two hashed values draw the step of verifying the result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 03135741 CN1226691C (en) | 2003-09-02 | 2003-09-02 | Method for multiple encryption of file and simultaneous sealing/unsealing |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 03135741 CN1226691C (en) | 2003-09-02 | 2003-09-02 | Method for multiple encryption of file and simultaneous sealing/unsealing |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1567288A true CN1567288A (en) | 2005-01-19 |
| CN1226691C CN1226691C (en) | 2005-11-09 |
Family
ID=34470326
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 03135741 Expired - Fee Related CN1226691C (en) | 2003-09-02 | 2003-09-02 | Method for multiple encryption of file and simultaneous sealing/unsealing |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1226691C (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102291234A (en) * | 2010-06-17 | 2011-12-21 | 神盾股份有限公司 | Data security system applicable to sharing encrypted file and restoring secrete key and method thereof |
| CN106211146A (en) * | 2016-06-27 | 2016-12-07 | 上海联彤网络通讯技术有限公司 | Safety communication record adding method, information communicating method and call method and system |
| CN106713336A (en) * | 2017-01-03 | 2017-05-24 | 厦门法信公证云科技有限公司 | Electronic data safekeeping system and method based on double and asymmetric encryption technology |
| CN106790223A (en) * | 2017-01-13 | 2017-05-31 | 无锡英威腾电梯控制技术有限公司 | The method and apparatus and its system of a kind of data transfer |
| CN110751821A (en) * | 2019-11-14 | 2020-02-04 | 华南理工大学广州学院 | RGB (Red Green blue) collector based on wifi (Wireless Fidelity) transmission and collecting method |
| CN110826091A (en) * | 2018-08-14 | 2020-02-21 | 珠海金山办公软件有限公司 | File signature method and device, electronic equipment and readable storage medium |
| CN116910790A (en) * | 2023-09-11 | 2023-10-20 | 四川建设网有限责任公司 | Bid file encryption method with self-integrity checking function |
-
2003
- 2003-09-02 CN CN 03135741 patent/CN1226691C/en not_active Expired - Fee Related
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102291234A (en) * | 2010-06-17 | 2011-12-21 | 神盾股份有限公司 | Data security system applicable to sharing encrypted file and restoring secrete key and method thereof |
| CN102291234B (en) * | 2010-06-17 | 2014-03-26 | 神盾股份有限公司 | Data security system applicable to sharing encrypted file and restoring secrete key and method thereof |
| CN106211146A (en) * | 2016-06-27 | 2016-12-07 | 上海联彤网络通讯技术有限公司 | Safety communication record adding method, information communicating method and call method and system |
| CN106713336A (en) * | 2017-01-03 | 2017-05-24 | 厦门法信公证云科技有限公司 | Electronic data safekeeping system and method based on double and asymmetric encryption technology |
| CN106713336B (en) * | 2017-01-03 | 2019-09-06 | 厦门法信公证云科技有限公司 | Electronic data safeguard system and method based on double, asymmetrical encryption technology |
| CN106790223A (en) * | 2017-01-13 | 2017-05-31 | 无锡英威腾电梯控制技术有限公司 | The method and apparatus and its system of a kind of data transfer |
| CN106790223B (en) * | 2017-01-13 | 2020-10-20 | 无锡英威腾电梯控制技术有限公司 | Data transmission method, equipment and system |
| CN110826091A (en) * | 2018-08-14 | 2020-02-21 | 珠海金山办公软件有限公司 | File signature method and device, electronic equipment and readable storage medium |
| CN110751821A (en) * | 2019-11-14 | 2020-02-04 | 华南理工大学广州学院 | RGB (Red Green blue) collector based on wifi (Wireless Fidelity) transmission and collecting method |
| CN116910790A (en) * | 2023-09-11 | 2023-10-20 | 四川建设网有限责任公司 | Bid file encryption method with self-integrity checking function |
| CN116910790B (en) * | 2023-09-11 | 2023-11-24 | 四川建设网有限责任公司 | Bid file encryption method with self-integrity checking function |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1226691C (en) | 2005-11-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1219260C (en) | Method for controlling storage and access of security file system | |
| US8712046B2 (en) | Cryptographic key split combiner | |
| US20090097657A1 (en) | Constructive Channel Key | |
| US20100005318A1 (en) | Process for securing data in a storage unit | |
| HU225077B1 (en) | Method and apparatus for providing for the recovery of a cryptographic key | |
| CN105554031B (en) | encryption method, encryption device, decryption method, decryption device and terminal | |
| CN110958219B (en) | SM2 proxy re-encryption method and device for medical cloud shared data | |
| US20130028419A1 (en) | System and a method for use in a symmetric key cryptographic communications | |
| CN101262341A (en) | A mixed encryption method in session system | |
| CN1682479A (en) | Efficient encryption and authentication for data processing systems | |
| CN110719295B (en) | Identity-based food data security-oriented proxy re-encryption method and device | |
| GB2487503A (en) | Authentication of digital files and associated identities using biometric information | |
| CN1922816A (en) | One way authentication | |
| CN104410493A (en) | Secure data storage method and secure data read method based on distributed system infrastructure | |
| CN112055022A (en) | High-efficiency and high-security network file transmission double encryption method | |
| GB2456509A (en) | Using a human readable code communicated using a trusted channel to verify that a distributed public key was issued by the party who claims to have issued it | |
| CN111049738B (en) | E-mail data security protection method based on hybrid encryption | |
| WO2012147001A1 (en) | Data encryption | |
| CN1741443A (en) | Key transplanting method based on safety environment | |
| CN1226691C (en) | Method for multiple encryption of file and simultaneous sealing/unsealing | |
| CN110233729A (en) | A kind of encryption solid-state disk key management method based on PUF | |
| CN112800462A (en) | Method for storing confidential information in cloud computing environment | |
| Patil et al. | Performance evaluation of hybrid cryptography algorithm for secure sharing of text & images | |
| Rajasekar et al. | Introduction to Classical Cryptography | |
| CN1209710C (en) | Digital watermark journal structural method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: SICHUAN GREAT TECHNOLOGY CO., LTD. Free format text: FORMER OWNER: SICHUAN UNIVERSITY Effective date: 20100513 |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 610065 NO.24, SOUTH 1ST SECTION, 1ST RING ROAD, CHENGDU CITY, SICHUAN PROVINCE TO: 610041 2/F, COMPLEX BUILDING (FACING THE STREET), CHENGDU KEHUA MIDDLE ROAD PRIMARY SCHOOL, NO.2, CHANGSHOU ROAD, WUHOU DISTRICT, CHENGDU CITY |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20100513 Address after: 610041, Wuhou District, Changshou Road, Chengdu No. 2 Chengdu KELONG Road Primary School Street building two floor Patentee after: Sichuan Gerite Technology Co., Ltd. Address before: 610065 Sichuan, Chengdu, South Ring Road, No. 1, No. 24 Patentee before: Sichuan University |
|
| ASS | Succession or assignment of patent right |
Owner name: CHENGDU GLOBAL CAPSHEAF TECHNOLOGY CO., LTD. Free format text: FORMER OWNER: SICHUAN GREAT TECHNOLOGY CO., LTD. Effective date: 20130401 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20130401 Address after: 610000 C-411 Asia Pacific Plaza, KELONG North Road, Sichuan, Chengdu Patentee after: Chengdu century summit Technology Co., Ltd. Address before: 610000, Sichuan, Wuhou District, Changshou Road, Chengdu No. 2 Chengdu KELONG Road Primary School Street building two floor Patentee before: Sichuan Gerite Technology Co., Ltd. |
|
| DD01 | Delivery of document by public notice |
Addressee: Wang Zhengtao Document name: Notification of Passing Examination on Formalities |
|
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20051109 Termination date: 20150902 |
|
| EXPY | Termination of patent right or utility model |