TWI762120B - File encryption and decryption method, device , and electronic device - Google Patents

File encryption and decryption method, device , and electronic device Download PDF

Info

Publication number
TWI762120B
TWI762120B TW109146560A TW109146560A TWI762120B TW I762120 B TWI762120 B TW I762120B TW 109146560 A TW109146560 A TW 109146560A TW 109146560 A TW109146560 A TW 109146560A TW I762120 B TWI762120 B TW I762120B
Authority
TW
Taiwan
Prior art keywords
key
pair
asymmetric keys
asymmetric
ciphertext
Prior art date
Application number
TW109146560A
Other languages
Chinese (zh)
Other versions
TW202226023A (en
Inventor
邱良德
賴文清
Original Assignee
鴻海精密工業股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 鴻海精密工業股份有限公司 filed Critical 鴻海精密工業股份有限公司
Priority to TW109146560A priority Critical patent/TWI762120B/en
Application granted granted Critical
Publication of TWI762120B publication Critical patent/TWI762120B/en
Publication of TW202226023A publication Critical patent/TW202226023A/en

Links

Images

Abstract

The present application provides a file encryption and decryption method, a file encryption and decryption device, and an electronic device. The file encryption and decryption method includes: generating non-symmetrical keys through a non-symmetric encryption algorithm; generating at least one pair of symmetrical keys through symmetric encryption algorithms, each pair of non-symmetrical keys including public keys and private keys; generating a first encrypted file by encrypting original file by encrypting the symmetric keys; at least one pair of public keys in the symmetrical key encrypting the symmetric key to generate a first ciphertext; calculating a MD5 value of the original file, and calculating the MD5 value, the public keys of at least one pair of the non-symmetrical keys, and a first total length of the first ciphertext; adding the first total length as a header file of the first encrypted file, and adding the header file, at least one pair of public keys in the non-symmetrical key, and the first file to the first encrypted file to generate a second encrypted file.

Description

檔案加密與解密方法、裝置及電子設備 File encryption and decryption method, device and electronic device

本發明涉及檔案加密領域,具體涉及一種檔案加密與解密方法、裝置及電子設備。 The invention relates to the field of file encryption, in particular to a file encryption and decryption method, device and electronic equipment.

現有文檔的常見的加密方式通常是藉由一把對稱式金鑰或是兩把非對稱式的金鑰進行加密和解密。上述方法限制使用特定且唯一的金鑰才能解密,造成多人使用文檔時均藉由同一把金鑰進行解密,降低了文檔的安全性。此外,如果希望避免第三人擁有同樣的金鑰,例如將已經加密過的文檔分享給第三人時不希望第三人擁有同樣的金鑰,此時勢必使用另一把金鑰對已經加密的文檔再次進行加密,進而造成使用的不便。 The common encryption method of existing documents is usually to encrypt and decrypt with a symmetric key or two asymmetric keys. The above method restricts the use of a specific and unique key to decrypt, so that when multiple people use the document, they all use the same key to decrypt the document, which reduces the security of the document. In addition, if you want to prevent a third party from having the same key, for example, when you share an encrypted document with a third party, you do not want the third party to have the same key, then you must use another key pair that has been encrypted The document is encrypted again, which will cause inconvenience to use.

鑒於以上內容,有必要提出一種檔案加密與解密方法、裝置及電子設備,以避免使用同一把金鑰進行解密檔案時降低檔案的安全性的問題,及避免對檔案進行再加密造成的使用不便的問題。 In view of the above, it is necessary to propose a file encryption and decryption method, device and electronic device, so as to avoid the problem of reducing the security of the file when using the same key to decrypt the file, and to avoid the inconvenience caused by re-encrypting the file. question.

本申請的第一方面提供一種檔案加密與解密方法,所述方法包括:藉由對稱式加密演算法產生對稱金鑰;藉由非對稱式加密演算法產生至少一對非對稱金鑰,每一對非對稱金鑰包括公開金鑰及私密金鑰; 將原始文檔藉由對稱金鑰進行加密產生第一加密文檔;將所述至少一對非對稱金鑰中的公開金鑰對所述對稱金鑰進行加密生成第一密文;計算所述原始文檔的MD5值,並計算所述MD5值、所述至少一對非對稱金鑰的公開金鑰、所述第一密文的第一總長度;將所述第一總長度作為所述第一加密文檔的標頭檔,並將所述標頭檔、所述至少一對非對稱金鑰中的公開金鑰及所述第一密文添加到所述第一加密文檔中生成第二加密文檔。 A first aspect of the present application provides a file encryption and decryption method, the method includes: generating a symmetric key by a symmetric encryption algorithm; generating at least one pair of asymmetric keys by an asymmetric encryption algorithm, each For asymmetric keys, including public key and private key; encrypting the original document with a symmetric key to generate a first encrypted document; encrypting the symmetric key with the public key in the at least a pair of asymmetric keys to generate a first ciphertext; calculating the original document and calculate the MD5 value, the public key of the at least one pair of asymmetric keys, and the first total length of the first ciphertext; take the first total length as the first encryption A header file of the document, and the header file, the public key in the at least one pair of asymmetric keys, and the first ciphertext are added to the first encrypted document to generate a second encrypted document.

優選地,所述方法還包括:藉由所述至少一對非對稱金鑰的每一對非對稱金鑰中的私密金鑰對所述第二加密文檔進行解密得到所述對稱金鑰及所述第一加密文檔;及利用所述對稱金鑰對所述第一加密文檔進行解密得到所述原始文檔。 Preferably, the method further comprises: decrypting the second encrypted document by using the private key in each pair of asymmetric keys of the at least one pair of asymmetric keys to obtain the symmetric key and all and decrypting the first encrypted document by using the symmetric key to obtain the original document.

優選地,所述藉由所述至少一對非對稱金鑰的每一對非對稱金鑰中的私密金鑰對所述第二加密文檔進行解密得到所述對稱金鑰包括:藉由所述至少一對非對稱金鑰的所述每一對非對稱金鑰中的私密金鑰對所述標頭檔中與所述每一對非對稱金鑰對應的密文進行解密得到所述對稱金鑰。 Preferably, obtaining the symmetric key by decrypting the second encrypted document with the private key in each pair of asymmetric keys of the at least one pair of asymmetric keys comprises: The private key in each pair of asymmetric keys of at least one pair of asymmetric keys decrypts the ciphertext corresponding to each pair of asymmetric keys in the header file to obtain the symmetric key key.

優選地,所述藉由非對稱式加密方法產生至少一對非對稱金鑰包括:根據所述原始文檔的分享數量確定出所述非對稱金鑰的數量。 Preferably, the generating at least one pair of asymmetric keys by the asymmetric encryption method includes: determining the number of the asymmetric keys according to the number of shares of the original document.

優選地,所述方法還包括:接收增加一對或多對非對稱金鑰的指令;根據所述指令增加一對或多對新增的非對稱金鑰;將所述新增的非對稱金鑰中的公開金鑰對所述對稱金鑰進行加密生成第二密文 Preferably, the method further comprises: receiving an instruction to add one or more pairs of asymmetric keys; adding one or more pairs of newly added asymmetric keys according to the instructions; The public key in the key encrypts the symmetric key to generate a second ciphertext

計算所述MD5值、所述至少一對非對稱金鑰的公開金鑰、所述新增的非對稱金鑰、所述第一密文、所述第二密文的第二總長度;及將所述第二總長度作為所述第二加密文檔的標頭檔,並將所述第二加密文檔的標頭檔、所述至少一對非對稱金鑰中的公開金鑰、所述新增的非對稱金鑰中的公開金鑰、及所述第一密文、所述第二密文添加到所述第一加密文檔中生成第三加密文檔。 calculating the MD5 value, the public key of the at least one pair of asymmetric keys, the newly added asymmetric key, the first ciphertext, the second total length of the second ciphertext; and The second total length is used as the header file of the second encrypted document, and the header file of the second encrypted document, the public key in the at least one pair of asymmetric keys, the new The public key in the added asymmetric key, the first ciphertext, and the second ciphertext are added to the first encrypted document to generate a third encrypted document.

優選地,所述方法還包括:藉由所述至少一對非對稱金鑰的每一對非對稱金鑰中的私密金鑰或所述新增的非對稱金鑰中的私密金鑰對所述第三加密文檔進行解密得到所述對稱金鑰及所述第一加密文檔;及利用所述對稱金鑰對所述第一加密文檔進行解密得到所述原始文檔。 Preferably, the method further comprises: using a private key in each pair of asymmetric keys of the at least one pair of asymmetric keys or a pair of private keys in the newly added asymmetric key decrypting the third encrypted document to obtain the symmetric key and the first encrypted document; and decrypting the first encrypted document using the symmetric key to obtain the original document.

本申請的第二方面提供一種檔案加密與解密裝置,所述裝置包括:第一金鑰生成模組,用於藉由對稱式加密演算法產生對稱金鑰;第二金鑰生成模組,用於藉由非對稱式加密演算法產生至少一對非對稱金鑰,每一對非對稱金鑰包括公開金鑰及私密金鑰;第一加密模組,用於將原始文檔藉由對稱金鑰進行加密產生第一加密文檔;密文生成模組,用於將所述至少一對非對稱金鑰中的公開金鑰對所述對稱金鑰進行加密生成第一密文;計算模組,用於計算所述原始文檔的MD5值,並計算所述MD5值、所述至少一對非對稱金鑰的公開金鑰、所述第一密文的第一總長度;第二加密模組,用於將所述第一總長度作為所述第一加密文檔的標頭檔,並將所述標頭檔、所述至少一對非對稱金鑰中的公開金鑰及所述第一密文添加到所述第一加密文檔中生成第二加密文檔。 A second aspect of the present application provides a file encryption and decryption device, the device includes: a first key generation module for generating a symmetric key by using a symmetric encryption algorithm; a second key generation module for using generating at least a pair of asymmetric keys by an asymmetric encryption algorithm, each pair of asymmetric keys includes a public key and a private key; the first encryption module is used for encrypting the original document by the symmetric key performing encryption to generate a first encrypted document; a ciphertext generation module, used for encrypting the symmetric key with the public key in the at least one pair of asymmetric keys to generate a first ciphertext; a calculation module, using In calculating the MD5 value of the original document, and calculating the MD5 value, the public key of the at least one pair of asymmetric keys, and the first total length of the first ciphertext; the second encryption module, using taking the first total length as the header file of the first encrypted document, and adding the header file, the public key in the at least one pair of asymmetric keys, and the first ciphertext A second encrypted document is generated from the first encrypted document.

優選地,所述裝置還包括解密模組,所述解密模組用於: 藉由所述至少一對非對稱金鑰的每一對非對稱金鑰中的私密金鑰對所述第二加密文檔進行解密得到所述對稱金鑰及所述第一加密文檔;及利用所述對稱金鑰對所述第一加密文檔進行解密得到所述原始文檔。 Preferably, the device further includes a decryption module, and the decryption module is used for: Decrypting the second encrypted document by using the private key in each pair of asymmetric keys of the at least one pair of asymmetric keys to obtain the symmetric key and the first encrypted document; and using the The symmetric key decrypts the first encrypted document to obtain the original document.

優選地,所述解密模組藉由所述至少一對非對稱金鑰的所述每一對非對稱金鑰中的私密金鑰對所述標頭檔中與所述每一對非對稱金鑰對應的密文進行解密得到所述對稱金鑰。 Preferably, the decryption module uses the private key in each pair of asymmetric keys of the at least one pair of asymmetric keys to pair the header file with each pair of asymmetric keys in the header file. The ciphertext corresponding to the key is decrypted to obtain the symmetric key.

本申請的第三方面提供一種電子設備,所述電子設備包括處理器及記憶體,所述處理器用於執行所述記憶體中存儲的電腦程式時實現上述檔案加密與解密方法。 A third aspect of the present application provides an electronic device, the electronic device includes a processor and a memory, and the processor is configured to implement the above file encryption and decryption method when executing a computer program stored in the memory.

本案藉由將由原始文檔的MD5值,並計算所述MD5值、至少一對非對稱金鑰的公開金鑰、第一密文組成的第一總長度作為第一加密文檔的標頭檔,並將所述標頭檔、所述至少一對非對稱金鑰中的公開金鑰及所述第一密文添加到所述第一加密文檔中生成第二加密文檔,能夠避免使用同一把金鑰進行解密檔案時降低檔案的安全性的問題,及避免對檔案進行再加密造成的使用不便的問題。 In this case, the first total length composed of the MD5 value of the original document, and calculating the MD5 value, the public key of at least one pair of asymmetric keys, and the first ciphertext is used as the header file of the first encrypted document, and The header file, the public key in the at least one pair of asymmetric keys, and the first ciphertext are added to the first encrypted document to generate a second encrypted document, which can avoid using the same key The problem of reducing the security of the file when decrypting the file and avoiding the problem of inconvenience caused by re-encrypting the file.

30:檔案加密與解密裝置 30: File encryption and decryption device

301:第一金鑰生成模組 301: The first key generation module

302:第二金鑰生成模組 302: Second key generation module

303:第一加密模組 303: The first encryption module

304:密文生成模組 304: Ciphertext generation module

305:計算模組 305: Computing Modules

306:第二加密模組 306: Second encryption module

307:解密模組 307: Decryption Module

6:電子設備 6: Electronic equipment

61:記憶體 61: Memory

62:處理器 62: Processor

63:電腦程式 63: Computer Programs

S11~S16:步驟 S11~S16: Steps

圖1為本發明一實施方式中檔案加密與解密方法的流程圖。 FIG. 1 is a flowchart of a file encryption and decryption method according to an embodiment of the present invention.

圖2為本發明一實施方式中檔案加密與解密裝置的結構圖。 FIG. 2 is a structural diagram of a file encryption and decryption apparatus according to an embodiment of the present invention.

圖3為本發明一實施方式中電子設備的示意圖。 FIG. 3 is a schematic diagram of an electronic device in an embodiment of the present invention.

為了能夠更清楚地理解本發明的上述目的、特徵和優點,下面結合附圖和具體實施例對本發明進行詳細描述。需要說明的是,在不衝突的情況下,本申請的實施例及實施例中的特徵可以相互組合。 In order to more clearly understand the above objects, features and advantages of the present invention, the present invention will be described in detail below with reference to the accompanying drawings and specific embodiments. It should be noted that the embodiments of the present application and the features in the embodiments may be combined with each other in the case of no conflict.

在下面的描述中闡述了很多具體細節以便於充分理解本發明,所描述的實施例僅僅是本發明一部分實施例,而不是全部的實施例。基於本發明中的實施例,本領域普通技術人員在沒有做出創造性勞動前提下所獲得的所有其他實施例,都屬於本發明保護的範圍。 In the following description, many specific details are set forth in order to facilitate a full understanding of the present invention, and the described embodiments are only some, but not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

除非另有定義,本文所使用的所有的技術和科學術語與屬於本發明的技術領域的技術人員通常理解的含義相同。本文中在本發明的說明書中所使用的術語只是為了描述具體的實施例的目的,不是旨在於限制本發明。 Unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terms used herein in the description of the present invention are for the purpose of describing specific embodiments only, and are not intended to limit the present invention.

優選地,本發明檔案加密與解密方法應用在一個或者多個電子設備中。所述電子設備是一種能夠按照事先設定或存儲的指令,自動進行數值計算和/或資訊處理的設備,其硬體包括但不限於微處理器、專用積體電路(Application Specific Integrated Circuit,ASIC)、可程式設計閘陣列(Field-Programmable Gate Array,FPGA)、數字訊號處理器(Digital Signal Processor,DSP)、嵌入式設備等。 Preferably, the file encryption and decryption method of the present invention is applied in one or more electronic devices. The electronic device is a device that can automatically perform numerical calculations and/or information processing according to pre-set or stored instructions, and its hardware includes but is not limited to microprocessors, application specific integrated circuits (ASICs) , Programmable Gate Array (Field-Programmable Gate Array, FPGA), Digital Signal Processor (Digital Signal Processor, DSP), embedded devices, etc.

所述電子設備可以是桌上型電腦、筆記型電腦、平板電腦及雲端伺服器等計算設備。所述設備可以與使用者藉由鍵盤、滑鼠、遙控器、觸控板或聲控設備等方式進行人機交互。 The electronic device may be a computing device such as a desktop computer, a notebook computer, a tablet computer, and a cloud server. The device can interact with the user by means of a keyboard, a mouse, a remote control, a touch pad or a voice control device.

實施例1 Example 1

圖1是本發明一實施方式中檔案加密與解密方法的流程圖。根據不同的需求,所述流程圖中步驟的順序可以改變,某些步驟可以省略。 FIG. 1 is a flowchart of a file encryption and decryption method according to an embodiment of the present invention. According to different requirements, the order of the steps in the flowchart can be changed, and some steps can be omitted.

參考圖1所示,所述檔案加密與解密方法具體包括以下步驟。 Referring to FIG. 1 , the file encryption and decryption method specifically includes the following steps.

步驟S11,藉由對稱式加密演算法產生對稱金鑰。 In step S11, a symmetric key is generated by a symmetric encryption algorithm.

本實施方式中,藉由對稱式加密演算法生成對稱金鑰,並藉由對稱金鑰對原始文檔進行加密或藉由對稱金鑰對加密檔進行解密得到原始文檔。本實施方式中,所述對稱式加密演算法包括,但不限於DES演算法、3DES演算法、TDEA演算法、Blowfish演算法、RC5演算法。 In this embodiment, a symmetric key is generated by a symmetric encryption algorithm, and the original document is encrypted by the symmetric key or the encrypted file is decrypted by the symmetric key to obtain the original document. In this embodiment, the symmetric encryption algorithm includes, but is not limited to, the DES algorithm, the 3DES algorithm, the TDEA algorithm, the Blowfish algorithm, and the RC5 algorithm.

步驟S12,藉由非對稱式加密演算法產生至少一對非對稱金鑰,每一對非對稱金鑰包括公開金鑰及私密金鑰。 In step S12, at least one pair of asymmetric keys is generated by an asymmetric encryption algorithm, and each pair of asymmetric keys includes a public key and a private key.

本實施方式中,藉由非對稱式加密演算法產生至少一對非對稱金鑰,其中所述至少一對非對稱金鑰中的公開金鑰用於對原始文檔進行加密,所述至少一對非對稱金鑰中的私密金鑰用於對原始文檔進行解密。本實施方式中,所述非對稱金鑰演算法包括,但不限於RSA演算法、Elganal演算法、背包演算法、Rabin演算法、D-H演算法及橢圓曲線加密演算法。 In this embodiment, at least one pair of asymmetric keys is generated by an asymmetric encryption algorithm, wherein the public key in the at least one pair of asymmetric keys is used to encrypt the original document, and the at least one pair of asymmetric keys is used to encrypt the original document. The private key in the asymmetric key is used to decrypt the original document. In this embodiment, the asymmetric key algorithm includes, but is not limited to, the RSA algorithm, the Elganal algorithm, the knapsack algorithm, the Rabin algorithm, the D-H algorithm, and the elliptic curve encryption algorithm.

本實施方式中,所述非對稱金鑰包括多對,所述藉由非對稱式加密方法產生至少一對非對稱金鑰包括:根據所述原始文檔的分享數量確定出所述非對稱金鑰的數量。例如,所述原始文檔需要分給使用者A、用戶B、用戶C三個用戶時,所述方法確定所述原始的分享數量為三個,並根據所述原始文檔的分享數量確定出所述非對稱金鑰的數量為三個,及藉由非對稱式加密演算法產生三對非對稱金鑰。其中,三對中的非對稱金鑰的每一對非對稱金鑰中的私密金鑰分別分配給用戶A、用戶B、用戶C,使得用戶A、使用者B、使用者C根據分配的私密金鑰對經過相應的公開金鑰加密的文檔進行解密。 In this embodiment, the asymmetric keys include multiple pairs, and the generating at least one pair of asymmetric keys by an asymmetric encryption method includes: determining the asymmetric keys according to the number of shares of the original document quantity. For example, when the original document needs to be distributed to three users, user A, user B, and user C, the method determines that the original sharing quantity is three, and determines the original sharing quantity according to the sharing quantity of the original document. The number of asymmetric keys is three, and three pairs of asymmetric keys are generated by an asymmetric encryption algorithm. Among them, the private keys in each of the three pairs of asymmetric keys are allocated to user A, user B, and user C, respectively, so that user A, user B, and user C The key decrypts the document encrypted by the corresponding public key.

步驟S13,將原始文檔藉由對稱金鑰進行加密產生第一加密文檔。 Step S13, encrypting the original document with a symmetric key to generate a first encrypted document.

步驟S14,將所述至少一對非對稱金鑰中的公開金鑰對所述對稱金鑰進行加密生成第一密文。 Step S14, encrypting the symmetric key with the public key in the at least one pair of asymmetric keys to generate a first ciphertext.

步驟S15,計算所述原始文檔的MD5值,並計算所述MD5值、所述至少一對非對稱金鑰的公開金鑰、所述第一密文的第一總長度。 Step S15: Calculate the MD5 value of the original document, and calculate the MD5 value, the public key of the at least one pair of asymmetric keys, and the first total length of the first ciphertext.

步驟S16,將所述第一總長度作為所述第一加密文檔的標頭檔,並將所述標頭檔、所述至少一對非對稱金鑰中的公開金鑰及所述第一密文添加到所述第一加密文檔中生成第二加密文檔。 Step S16, use the first total length as the header file of the first encrypted document, and use the header file, the public key in the at least one pair of asymmetric keys, and the first encryption key. document is added to the first encrypted document to generate a second encrypted document.

本實施方式中,所述方法還包括:藉由所述至少一對非對稱金鑰的每一對非對稱金鑰中的私密金鑰對所述第二加密文檔進行解密得到所述對稱金鑰及所述第一加密文檔;及利用所述對稱金鑰對所述第一加密文檔進行解密 得到所述原始文檔。本實施方式中,所述藉由所述至少一對非對稱金鑰的每一對非對稱金鑰中的私密金鑰對所述第二加密文檔進行解密得到所述對稱金鑰包括:藉由所述至少一對非對稱金鑰的每一對非對稱金鑰中的私密金鑰對所述標頭檔中與所述每一對非對稱金鑰對應的密文進行解密得到所述對稱金鑰。其中,與所述每一對非對稱金鑰對應的密文是由所述每一對非對稱金鑰中的公開金鑰對所述對稱金鑰進行加密生成的。 In this embodiment, the method further includes: decrypting the second encrypted document by using the private key in each pair of asymmetric keys of the at least one pair of asymmetric keys to obtain the symmetric key and the first encrypted document; and decrypt the first encrypted document using the symmetric key Get the original document. In this embodiment, the obtaining the symmetric key by decrypting the second encrypted document using the private key in each pair of asymmetric keys of the at least one pair of asymmetric keys includes: The private key in each pair of asymmetric keys of the at least one pair of asymmetric keys decrypts the ciphertext corresponding to each pair of asymmetric keys in the header file to obtain the symmetric key key. The ciphertext corresponding to each pair of asymmetric keys is generated by encrypting the symmetric key with the public key in each pair of asymmetric keys.

本實施方式中,所述方法還包括:接收增加一對或多對非對稱金鑰的指令;根據所述指令增加一對或多對新增的非對稱金鑰;將所述新增的非對稱金鑰中的公開金鑰對所述對稱金鑰進行加密生成第二密文;計算所述MD5值、所述至少一對非對稱金鑰的公開金鑰、所述新增的非對稱金鑰、所述第一密文、所述第二密文的第二總長度;及將所述第二總長度作為所述第二加密文檔的標頭檔,並將所述第二加密文檔的標頭檔、所述至少一對非對稱金鑰中的公開金鑰、所述新增的非對稱金鑰中的公開金鑰、及所述第一密文、所述第二密文添加到所述第一加密文檔中生成第三加密文檔。 In this embodiment, the method further includes: receiving an instruction to add one or more pairs of asymmetric keys; adding one or more pairs of newly added asymmetric keys according to the instructions; The public key in the symmetric key encrypts the symmetric key to generate a second ciphertext; calculates the MD5 value, the public key of the at least one pair of asymmetric keys, and the newly added asymmetric key key, the first ciphertext, the second total length of the second ciphertext; and the second total length as the header file of the second encrypted document, and the second encrypted document The header file, the public key in the at least one pair of asymmetric keys, the public key in the newly added asymmetric key, and the first ciphertext and the second ciphertext are added to the A third encrypted document is generated from the first encrypted document.

本實施方式中,所述方法還包括:藉由所述至少一對非對稱金鑰的每一對非對稱金鑰中的私密金鑰或所述新增的非對稱金鑰中的私密金鑰對所述第三加密文檔進行解密得到所述對稱金鑰及所述第一加密文檔;及利用所述對稱金鑰對所述第一加密文檔進行解密得到所述原始文檔。 In this embodiment, the method further includes: using a private key in each pair of asymmetric keys of the at least one pair of asymmetric keys or a private key in the newly added asymmetric key Decrypting the third encrypted document to obtain the symmetric key and the first encrypted document; and decrypting the first encrypted document using the symmetric key to obtain the original document.

本實施方式中,根據所述原始文檔的分享數量確定出所述非對稱金鑰的數量為三個時,所述三個非對稱金鑰分別為第一對非對稱金鑰、第二對非對稱金鑰及第三對非對稱金鑰。所述方法將所述第一對非對稱金鑰中的公開金鑰對所述對稱金鑰進行加密生成第一子密文,將所述第二對非對稱金鑰中的公開金鑰對所述對稱金鑰進行加密生成第二子密文,將所述第三對非對稱金鑰中的公開金鑰對所述對稱金鑰進行加密生成第三子密文,計算所述MD5值、所述第一對非對稱金鑰中的公開金鑰、所述第二對非對稱金鑰中的公開金鑰、所述第三對非對稱金鑰中的公開金鑰、所述第一子密文、所述第二子密文、所 述第三子密文的第一總長度,將所述第一總長度作為所述第一加密文檔的標頭檔,並將所述標頭檔、所述第一對非對稱金鑰中的公開金鑰、所述第二對非對稱金鑰中的公開金鑰、所述第三對非對稱金鑰中的公開金鑰、所述第一子密文、所述第二子密文、所述第三子密文添加到所述第一加密文檔中生成第二加密文檔。 In this implementation manner, when it is determined that the number of the asymmetric keys is three according to the number of shares of the original documents, the three asymmetric keys are respectively a first pair of asymmetric keys and a second pair of asymmetric keys. Symmetric key and a third pair of asymmetric keys. The method encrypts the symmetric key with the public key in the first pair of asymmetric keys to generate a first sub-ciphertext, and encrypts the public key in the second pair of asymmetric keys with all the keys. encrypting the symmetric key to generate a second sub-ciphertext, encrypting the symmetric key with the public key in the third pair of asymmetric keys to generate a third sub-ciphertext, calculating the MD5 value, the The public key in the first pair of asymmetric keys, the public key in the second pair of asymmetric keys, the public key in the third pair of asymmetric keys, the first subkey text, the second sub-ciphertext, the The first total length of the third sub-ciphertext, the first total length is used as the header file of the first encrypted document, and the header file, the first pair of asymmetric keys are public key, the public key in the second pair of asymmetric keys, the public key in the third pair of asymmetric keys, the first sub-ciphertext, the second sub-ciphertext, The third sub-ciphertext is added to the first encrypted document to generate a second encrypted document.

本發明藉由將由原始文檔的MD5值,並計算所述MD5值、至少一對非對稱金鑰的公開金鑰、第一密文組成的第一總長度作為第一加密文檔的標頭檔,並將所述標頭檔、所述至少一對非對稱金鑰中的公開金鑰及所述第一密文添加到所述第一加密文檔中生成第二加密文檔,能夠避免使用同一把金鑰進行解密檔案時降低檔案的安全性的問題,及避免對檔案進行再加密造成的使用不便的問題。 The present invention uses the MD5 value of the original document, and calculates the MD5 value, the public key of at least a pair of asymmetric keys, and the first total length of the first ciphertext as the header file of the first encrypted document, The header file, the public key in the at least one pair of asymmetric keys, and the first ciphertext are added to the first encrypted document to generate a second encrypted document, which can avoid using the same key When the key is used to decrypt the file, the security of the file is reduced, and the problem of inconvenience caused by re-encrypting the file is avoided.

實施例2 Example 2

圖2為本發明一實施方式中檔案加密與解密裝置30的結構圖。 FIG. 2 is a structural diagram of a file encryption and decryption apparatus 30 according to an embodiment of the present invention.

在一些實施例中,所述檔案加密與解密裝置30可以包括多個由程式碼段所組成的功能模組。所述檔案加密與解密裝置30中的各個程式段的程式碼可以存儲於記憶體中,並由至少一個處理器所執行。 In some embodiments, the file encryption and decryption device 30 may include a plurality of functional modules composed of code segments. The code of each program segment in the file encryption and decryption device 30 can be stored in memory and executed by at least one processor.

本實施例中,所述檔案加密與解密裝置30根據其所執行的功能,可以被劃分為多個功能模組。參考圖2所示,所述檔案加密與解密裝置30可以包括第一金鑰生成模組301、第二金鑰生成模組302、第一加密模組303、密文生成模組304、計算模組305、第二加密模組306及解密模組307。本發明所稱的模組是指一種能夠被至少一個處理器所執行並且能夠完成固定功能的一系列電腦程式段,其存儲在記憶體中。所述在一些實施例中,關於各模組的功能將在後續的實施例中詳述。 In this embodiment, the file encryption and decryption device 30 can be divided into a plurality of functional modules according to the functions performed by the file encryption and decryption device 30 . 2, the file encryption and decryption device 30 may include a first key generation module 301, a second key generation module 302, a first encryption module 303, a ciphertext generation module 304, a calculation module Group 305 , second encryption module 306 and decryption module 307 . The module referred to in the present invention refers to a series of computer program segments that can be executed by at least one processor and can perform fixed functions, and are stored in a memory. In some embodiments, the functions of each module will be described in detail in subsequent embodiments.

所述第一金鑰生成模組301藉由對稱式加密演算法產生對稱金鑰。 The first key generation module 301 generates a symmetric key through a symmetric encryption algorithm.

本實施方式中,藉由對稱式加密演算法生成對稱金鑰,並藉由對稱金鑰對原始文檔進行加密或藉由對稱金鑰對加密檔進行解密得到原始文檔。本實施方式中,所述對稱式加密演算法包括,但不限於DES演算法、3DES演算法、TDEA演算法、Blowfish演算法、RC5演算法。 In this embodiment, a symmetric key is generated by a symmetric encryption algorithm, and the original document is encrypted by the symmetric key or the encrypted file is decrypted by the symmetric key to obtain the original document. In this embodiment, the symmetric encryption algorithm includes, but is not limited to, the DES algorithm, the 3DES algorithm, the TDEA algorithm, the Blowfish algorithm, and the RC5 algorithm.

所述第二金鑰生成模組302藉由非對稱式加密演算法產生至少一對非對稱金鑰,每一對非對稱金鑰包括公開金鑰及私密金鑰。 The second key generation module 302 generates at least a pair of asymmetric keys through an asymmetric encryption algorithm, and each pair of asymmetric keys includes a public key and a private key.

本實施方式中,藉由非對稱式加密演算法產生至少一對非對稱金鑰,其中所述至少一對非對稱金鑰中的公開金鑰用於對原始文檔進行加密,所述至少一對非對稱金鑰中的私密金鑰用於對原始文檔進行解密。本實施方式中,所述非對稱金鑰演算法包括,但不限於RSA演算法、Elganal演算法、背包演算法、Rabin演算法、D-H演算法及橢圓曲線加密演算法。 In this embodiment, at least one pair of asymmetric keys is generated by an asymmetric encryption algorithm, wherein the public key in the at least one pair of asymmetric keys is used to encrypt the original document, and the at least one pair of asymmetric keys is used to encrypt the original document. The private key in the asymmetric key is used to decrypt the original document. In this embodiment, the asymmetric key algorithm includes, but is not limited to, the RSA algorithm, the Elganal algorithm, the knapsack algorithm, the Rabin algorithm, the D-H algorithm, and the elliptic curve encryption algorithm.

本實施方式中,所述非對稱金鑰包括多對,所述第二金鑰生成模組302根據所述原始文檔的分享數量確定出所述非對稱金鑰的數量。例如,所述原始文檔需要分給使用者A、用戶B、用戶C三個用戶時,所述第二金鑰生成模組302確定所述原始的分享數量為三個,並根據所述原始文檔的分享數量確定出所述非對稱金鑰的數量為三個,及藉由非對稱式加密演算法產生三對非對稱金鑰。其中,三對中的非對稱金鑰的每一對非對稱金鑰中的私密金鑰分別分配給用戶A、用戶B、用戶C,使得用戶A、使用者B、使用者C根據分配的私密金鑰對經過相應的公開金鑰加密的文檔進行解密。 In this embodiment, the asymmetric keys include multiple pairs, and the second key generation module 302 determines the number of the asymmetric keys according to the number of shares of the original document. For example, when the original document needs to be distributed to three users, user A, user B, and user C, the second key generation module 302 determines that the original sharing quantity is three, and according to the original document The number of sharing determines that the number of the asymmetric keys is three, and three pairs of asymmetric keys are generated by an asymmetric encryption algorithm. Among them, the private keys in each of the three pairs of asymmetric keys are allocated to user A, user B, and user C, respectively, so that user A, user B, and user C The key decrypts the document encrypted by the corresponding public key.

第一加密模組303用於將原始文檔藉由對稱金鑰進行加密產生第一加密文檔。 The first encryption module 303 is used for encrypting the original document with a symmetric key to generate a first encrypted document.

所述密文生成模組304用於將所述至少一對非對稱金鑰中的公開金鑰對所述對稱金鑰進行加密生成第一密文。 The ciphertext generating module 304 is configured to generate a first ciphertext by encrypting the symmetric key with the public key in the at least one pair of asymmetric keys.

所述計算模組305用於計算所述原始文檔的MD5值,並計算所述MD5值、所述至少一對非對稱金鑰的公開金鑰、所述第一密文的第一總長度。 The calculation module 305 is configured to calculate the MD5 value of the original document, and calculate the MD5 value, the public key of the at least one pair of asymmetric keys, and the first total length of the first ciphertext.

所述第二加密模組306用於將所述第一總長度作為所述第一加密文檔的標頭檔,並將所述標頭檔、所述至少一對非對稱金鑰中的公開金鑰及所述第一密文添加到所述第一加密文檔中生成第二加密文檔。 The second encryption module 306 is configured to use the first total length as the header file of the first encrypted document, and use the header file and the public key in the at least one pair of asymmetric keys. The key and the first ciphertext are added to the first encrypted document to generate a second encrypted document.

所述解密模組307藉由所述至少一對非對稱金鑰的每一對非對稱金鑰中的私密金鑰對所述第二加密文檔進行解密得到所述對稱金鑰及所述第一加密文檔,及利用所述對稱金鑰對所述第一加密文檔進行解密得到所述原始文檔。本實施方式中,所述解密模組307藉由所述至少一對非對稱金鑰的每一對非對稱金鑰中的私密金鑰對所述標頭檔中與所述每一對非對稱金鑰對應的密文進行解密得到所述對稱金鑰。其中,與所述每一對非對稱金鑰對應的密文是由所述每一對非對稱金鑰中的公開金鑰對所述對稱金鑰進行加密生成的。 The decryption module 307 decrypts the second encrypted document by using the private key in each pair of asymmetric keys of the at least one pair of asymmetric keys to obtain the symmetric key and the first encrypting the document, and decrypting the first encrypted document using the symmetric key to obtain the original document. In this embodiment, the decryption module 307 uses the private key in each pair of asymmetric keys of the at least one pair of asymmetric keys to pair the header file with each pair of asymmetric keys The ciphertext corresponding to the key is decrypted to obtain the symmetric key. The ciphertext corresponding to each pair of asymmetric keys is generated by encrypting the symmetric key with the public key in each pair of asymmetric keys.

本實施方式中,所述第二金鑰生成模組302還用於接收增加一對或多對非對稱金鑰的指令,並根據所述指令增加一對或多對新增的非對稱金鑰。所述密文生成模組304用於將所述新增的非對稱金鑰中的公開金鑰對所述對稱金鑰進行加密生成第二密文。所述計算模組305還用於計算所述MD5值、所述至少一對非對稱金鑰的公開金鑰、所述新增的非對稱金鑰、所述第一密文、所述第二密文的第二總長度。所述第二加密模組306還用於將所述第二總長度作為所述第二加密文檔的標頭檔,並將所述第二加密文檔的標頭檔、所述至少一對非對稱金鑰中的公開金鑰、所述新增的非對稱金鑰中的公開金鑰、及所述第一密文、所述第二密文添加到所述第一加密文檔中生成第三加密文檔。 In this embodiment, the second key generation module 302 is further configured to receive an instruction for adding one or more pairs of asymmetric keys, and add one or more pairs of newly added asymmetric keys according to the instruction . The ciphertext generating module 304 is configured to encrypt the symmetric key with the public key in the newly added asymmetric key to generate a second ciphertext. The calculation module 305 is further configured to calculate the MD5 value, the public key of the at least one pair of asymmetric keys, the newly added asymmetric key, the first ciphertext, the second The second total length of the ciphertext. The second encryption module 306 is further configured to use the second total length as the header file of the second encrypted document, and use the header file of the second encrypted document, the at least one pair of asymmetric The public key in the key, the public key in the newly added asymmetric key, and the first ciphertext and the second ciphertext are added to the first encrypted document to generate a third encryption documentation.

本實施方式中,所述解密模組307還用於藉由所述至少一對非對稱金鑰的每一對非對稱金鑰中的私密金鑰或所述新增的非對稱金鑰中的私密金鑰對所述第三加密文檔進行解密得到所述對稱金鑰及所述第一加密文檔,及利用所述對稱金鑰對所述第一加密文檔進行解密得到所述原始文檔。 In this embodiment, the decryption module 307 is further configured to use the private key in each pair of asymmetric keys of the at least one pair of asymmetric keys or the key in the newly added asymmetric key The private key decrypts the third encrypted document to obtain the symmetric key and the first encrypted document, and uses the symmetric key to decrypt the first encrypted document to obtain the original document.

本實施方式中,所述第二金鑰生成模組302根據所述原始文檔的分享數量確定出所述非對稱金鑰的數量為三個時,生成三個非對稱金鑰分別為第一對非對稱金鑰、第二對非對稱金鑰及第三對非對稱金鑰。所述密文生成模 組304將所述第一對非對稱金鑰中的公開金鑰對所述對稱金鑰進行加密生成第一子密文,將所述第二對非對稱金鑰中的公開金鑰對所述對稱金鑰進行加密生成第二子密文,將所述第三對非對稱金鑰中的公開金鑰對所述對稱金鑰進行加密生成第三子密文。所述計算模組305計算所述MD5值、所述第一對非對稱金鑰中的公開金鑰、所述第二對非對稱金鑰中的公開金鑰、所述第三對非對稱金鑰中的公開金鑰、所述第一子密文、所述第二子密文、所述第三子密文的第一總長度。所述第二加密模組306將所述第一總長度作為所述第一加密文檔的標頭檔,並將所述標頭檔、所述第一對非對稱金鑰中的公開金鑰、所述第二對非對稱金鑰中的公開金鑰、所述第三對非對稱金鑰中的公開金鑰、所述第一子密文、所述第二子密文、所述第三子密文添加到所述第一加密文檔中生成第二加密文檔。 In this embodiment, when the second key generation module 302 determines that the number of the asymmetric keys is three according to the number of shares of the original documents, the generated three asymmetric keys are the first pair respectively. Asymmetric keys, a second pair of asymmetric keys, and a third pair of asymmetric keys. The ciphertext generating module Group 304 encrypts the symmetric key with the public key in the first pair of asymmetric keys to generate a first sub-ciphertext, and encrypts the public key in the second pair of asymmetric keys with the symmetric key. The symmetric key is encrypted to generate a second sub-ciphertext, and the public key in the third pair of asymmetric keys is encrypted to the symmetric key to generate a third sub-ciphertext. The calculation module 305 calculates the MD5 value, the public key in the first pair of asymmetric keys, the public key in the second pair of asymmetric keys, and the third pair of asymmetric keys. The public key in the key, the first sub-ciphertext, the second sub-ciphertext, and the first total length of the third sub-ciphertext. The second encryption module 306 uses the first total length as the header file of the first encrypted document, and uses the header file, the public key in the first pair of asymmetric keys, The public key in the second pair of asymmetric keys, the public key in the third pair of asymmetric keys, the first sub-ciphertext, the second sub-ciphertext, the third sub-ciphertext The sub-ciphertext is added to the first encrypted document to generate a second encrypted document.

本發明藉由將由原始文檔的MD5值,並計算所述MD5值、至少一對非對稱金鑰的公開金鑰、第一密文組成的第一總長度作為第一加密文檔的標頭檔,並將所述標頭檔、所述至少一對非對稱金鑰中的公開金鑰及所述第一密文添加到所述第一加密文檔中生成第二加密文檔,能夠避免使用同一把金鑰進行解密檔案時降低檔案的安全性的問題,及避免對檔案進行再加密造成的使用不便的問題。 The present invention uses the MD5 value of the original document, and calculates the MD5 value, the public key of at least a pair of asymmetric keys, and the first total length of the first ciphertext as the header file of the first encrypted document, The header file, the public key in the at least one pair of asymmetric keys, and the first ciphertext are added to the first encrypted document to generate a second encrypted document, which can avoid using the same key When the key is used to decrypt the file, the security of the file is reduced, and the problem of inconvenience caused by re-encrypting the file is avoided.

實施例3 Example 3

圖3為本發明一實施方式中電子設備6的示意圖。 FIG. 3 is a schematic diagram of an electronic device 6 in an embodiment of the present invention.

所述電子設備6包括記憶體61、處理器62以及存儲在所述記憶體61中並可在所述處理器62上運行的電腦程式63。所述處理器62執行所述電腦程式63時實現上述檔案加密與解密方法實施例中的步驟,例如圖1所示的步驟S11~S16。或者,所述處理器62執行所述電腦程式63時實現上述檔案加密與解密裝置實施例中各模組/單元的功能,例如圖2中的模組301~307。 The electronic device 6 includes a memory 61 , a processor 62 and a computer program 63 stored in the memory 61 and executable on the processor 62 . When the processor 62 executes the computer program 63 , the steps in the above-described file encryption and decryption method embodiments are implemented, such as steps S11 to S16 shown in FIG. 1 . Alternatively, when the processor 62 executes the computer program 63, the functions of each module/unit in the above-mentioned embodiment of the file encryption and decryption apparatus, such as modules 301-307 in FIG. 2, are realized.

示例性的,所述電腦程式63可以被分割成一個或多個模組/單元,所述一個或者多個模組/單元被存儲在所述記憶體61中,並由所述處理器62執 行,以完成本發明。所述一個或多個模組/單元可以是能夠完成特定功能的一系列電腦程式指令段,所述指令段用於描述所述電腦程式63在所述電子設備6中的執行過程。例如,所述電腦程式63可以被分割成圖2中的第一金鑰生成模組301、第二金鑰生成模組302、第一加密模組303、密文生成模組304、計算模組305、第二加密模組306及解密模組307,各模組具體功能參見實施例2。 Exemplarily, the computer program 63 can be divided into one or more modules/units, and the one or more modules/units are stored in the memory 61 and executed by the processor 62. to complete the present invention. The one or more modules/units may be a series of computer program instruction segments capable of performing specific functions, and the instruction segments are used to describe the execution process of the computer program 63 in the electronic device 6 . For example, the computer program 63 can be divided into the first key generation module 301, the second key generation module 302, the first encryption module 303, the ciphertext generation module 304, and the calculation module in FIG. 2 . 305, the second encryption module 306 and the decryption module 307, the specific functions of each module refer to Embodiment 2.

本領域技術人員可以理解,所述示意圖僅僅是電子設備6的示例,並不構成對電子設備6的限定,可以包括比圖示更多或更少的部件,或者組合某些部件,或者不同的部件,例如所述電子設備6還可以包括輸入輸出設備、網路接入設備、匯流排等。 Those skilled in the art can understand that the schematic diagram is only an example of the electronic device 6, and does not constitute a limitation to the electronic device 6, and may include more or less components than the one shown, or combine some components, or different Components such as the electronic device 6 may also include input and output devices, network access devices, bus bars, and the like.

所稱處理器62可以是中央處理模組(Central Processing Unit,CPU),還可以是其他通用處理器、數位訊號處理器(Digital Signal Processor,DSP)、專用積體電路(Application Specific Integrated Circuit,ASIC)、現場可程式設計閘陣列(Field-Programmable Gate Array,FPGA)或者其他可程式設計邏輯器件、分立門或者電晶體邏輯器件、分立硬體元件等。通用處理器可以是微處理器或者所述處理器62也可以是任何常規的處理器等,所述處理器62是所述電子設備6的控制中心,利用各種介面和線路連接整個電子設備6的各個部分。 The processor 62 may be a central processing unit (CPU), or other general-purpose processors, digital signal processors (DSPs), application specific integrated circuits (ASICs) ), Field-Programmable Gate Array (FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. The general-purpose processor can be a microprocessor or the processor 62 can also be any conventional processor, etc. The processor 62 is the control center of the electronic device 6, and uses various interfaces and lines to connect the entire electronic device 6. various parts.

所述記憶體61可用於存儲所述電腦程式63和/或模組/單元,所述處理器62藉由運行或執行存儲在所述記憶體61內的電腦程式和/或模組/單元,以及調用存儲在記憶體61內的資料,實現所述電子設備6的各種功能。所述記憶體61可主要包括存儲程式區和存儲資料區,其中,存儲程式區可存儲作業系統、至少一個功能所需的應用程式(比如聲音播放功能、圖像播放功能等)等;存儲資料區可存儲根據電子設備6的使用所創建的資料(比如音訊資料、電話本等)等。此外,記憶體61可以包括高速隨機存取記憶體,還可以包括非易失性記憶體,例如硬碟、記憶體、插接式硬碟,智慧存儲卡(Smart Media Card,SMC),安全數位(Secure Digital,SD)卡,快閃記憶體卡(Flash Card)、至少一個磁碟記憶體件、快閃記憶體器件、或其他易失性固態記憶體件。 The memory 61 can be used to store the computer programs 63 and/or modules/units, and the processor 62 runs or executes the computer programs and/or modules/units stored in the memory 61, And call the data stored in the memory 61 to realize various functions of the electronic device 6 . The memory 61 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function (such as a sound playback function, an image playback function, etc.), etc.; storage data The area may store data (such as audio data, phone book, etc.) created according to the use of the electronic device 6, and the like. In addition, the memory 61 may include high-speed random access memory, and may also include non-volatile memory, such as hard disk, memory, plug-in hard disk, Smart Media Card (SMC), Secure Digital (Secure Digital, SD) card, flash memory card (Flash Card), at least one disk memory device, flash memory device, or other volatile solid state memory device.

所述電子設備6集成的模組/單元如果以軟體功能模組的形式實現並作為獨立的產品銷售或使用時,可以存儲在一個電腦可讀取存儲介質中。基於這樣的理解,本發明實現上述實施例方法中的全部或部分流程,也可以藉由電腦程式來指令相關的硬體來完成,所述的電腦程式可存儲於一電腦可讀存儲介質中,所述電腦程式在被處理器執行時,可實現上述各個方法實施例的步驟。其中,所述電腦程式包括電腦程式代碼,所述電腦程式代碼可以為原始程式碼形式、物件代碼形式、可執行檔或某些中間形式等。所述電腦可讀介質可以包括:能夠攜帶所述電腦程式代碼的任何實體或裝置、記錄介質、隨身碟、移動硬碟、磁碟、光碟、電腦記憶體、唯讀記憶體(ROM,Read-Only Memory)、隨機存取記憶體(RAM,Random Access Memory)、電載波信號、電信信號以及軟體分發介質等。需要說明的是,所述電腦可讀介質包含的內容可以根據司法管轄區內立法和專利實踐的要求進行適當的增減,例如在某些司法管轄區,根據立法和專利實踐,電腦可讀介質不包括電載波信號和電信信號。 If the modules/units integrated in the electronic device 6 are implemented in the form of software function modules and sold or used as independent products, they can be stored in a computer-readable storage medium. Based on this understanding, the present invention realizes all or part of the processes in the methods of the above embodiments, and can also be completed by instructing the relevant hardware through a computer program, and the computer program can be stored in a computer-readable storage medium, When the computer program is executed by the processor, the steps of the above method embodiments can be implemented. Wherein, the computer program includes computer program code, and the computer program code may be in the form of original code, object code, executable file, or some intermediate form. The computer-readable medium may include: any entity or device capable of carrying the computer program code, a recording medium, a flash drive, a removable hard disk, a magnetic disk, an optical disk, a computer memory, a read-only memory (ROM, Read-Only Memory); Only Memory), random access memory (RAM, Random Access Memory), electric carrier signal, telecommunication signal and software distribution medium, etc. It should be noted that the content contained in the computer-readable medium may be appropriately increased or decreased according to the requirements of legislation and patent practice in the jurisdiction, for example, in some jurisdictions, according to the legislation and patent practice, the computer-readable medium Electric carrier signals and telecommunication signals are not included.

在本發明所提供的幾個實施例中,應該理解到,所揭露的電子設備和方法,可以藉由其它的方式實現。例如,以上所描述的電子設備實施例僅僅是示意性的,例如,所述模組的劃分,僅僅為一種邏輯功能劃分,實際實現時可以有另外的劃分方式。 In the several embodiments provided by the present invention, it should be understood that the disclosed electronic devices and methods may be implemented in other manners. For example, the above-described electronic device embodiments are only illustrative. For example, the division of the modules is only a logical function division, and other division methods may be used in actual implementation.

另外,在本發明各個實施例中的各功能模組可以集成在相同處理模組中,也可以是各個模組單獨物理存在,也可以兩個或兩個以上模組集成在相同模組中。上述集成的模組既可以採用硬體的形式實現,也可以採用硬體加軟體功能模組的形式實現。 In addition, each functional module in each embodiment of the present invention may be integrated in the same processing module, or each module may exist physically alone, or two or more modules may be integrated in the same module. The above-mentioned integrated modules can be implemented in the form of hardware, or can be implemented in the form of hardware plus software function modules.

對於本領域技術人員而言,顯然本發明不限於上述示範性實施例的細節,而且在不背離本發明的精神或基本特徵的情況下,能夠以其他的具體形式實現本發明。因此,無論從哪一點來看,均應將實施例看作是示範性的,而且是非限制性的,本發明的範圍由所附請求項而不是上述說明限定,因此旨在將落在申請專利範圍的等同要件的含義和範圍內的所有變化涵括在本發明內。 不應將申請專利範圍中的任何附圖標記視為限制所涉及的申請專利範圍。此外,顯然“包括”一詞不排除其他模組或步驟,單數不排除複數。電子設備申請專利範圍中陳述的多個模組或電子設備也可以由同一個模組或電子設備藉由軟體或者硬體來實現。第一,第二等詞語用來表示名稱,而並不表示任何特定的順序。 It will be apparent to those skilled in the art that the present invention is not limited to the details of the above-described exemplary embodiments, but that the present invention may be embodied in other specific forms without departing from the spirit or essential characteristics of the invention. Therefore, the embodiments are to be regarded in all respects as exemplary and not restrictive, and the scope of the present invention is defined by the appended claims rather than the foregoing description, and is therefore intended to fall within the scope of the patent application. All changes within the meaning and scope of equivalents to the scope are encompassed within the invention. Any reference signs in the patentable scope should not be construed as limiting the claimed scope. Furthermore, it is clear that the word "comprising" does not exclude other modules or steps, and the singular does not exclude the plural. Multiple modules or electronic devices stated in the scope of the electronic device patent application can also be implemented by the same module or electronic device through software or hardware. The terms first, second, etc. are used to denote names and do not denote any particular order.

綜上所述,本發明符合發明專利要件,爰依法提出專利申請。惟,以上所述僅為本發明之較佳實施方式,舉凡熟悉本案技藝之人士,在援依本案創作精神所作之等效修飾或變化,皆應包含於以下之申請專利範圍內。 To sum up, the present invention complies with the requirements of an invention patent, and a patent application can be filed in accordance with the law. However, the above descriptions are only the preferred embodiments of the present invention, and for those who are familiar with the techniques of this case, equivalent modifications or changes made in accordance with the creative spirit of this case shall be included in the scope of the following patent application.

S11~S16:步驟 S11~S16: Steps

Claims (9)

一種檔案加密與解密方法,應用在電子設備中,其改良在於,所述方法包括:藉由對稱式加密演算法產生對稱金鑰;藉由非對稱式加密演算法產生至少一對非對稱金鑰,每一對非對稱金鑰包括公開金鑰及私密金鑰,其中,所述藉由非對稱式加密演算方法產生至少一對非對稱金鑰包括:根據所述原始文檔的分享數量確定出所述非對稱金鑰的數量;將原始文檔藉由對稱金鑰進行加密產生第一加密文檔;將所述至少一對非對稱金鑰中的公開金鑰對所述對稱金鑰進行加密生成第一密文;計算所述原始文檔的MD5值,並計算所述MD5值、所述至少一對非對稱金鑰的公開金鑰、所述第一密文的第一總長度;將所述第一總長度作為所述第一加密文檔的標頭檔,並將所述標頭檔、所述至少一對非對稱金鑰中的公開金鑰及所述第一密文添加到所述第一加密文檔中生成第二加密文檔。 A file encryption and decryption method, applied in electronic equipment, the improvement is that the method comprises: generating a symmetric key by a symmetric encryption algorithm; generating at least a pair of asymmetric keys by an asymmetric encryption algorithm , each pair of asymmetric keys includes a public key and a private key, wherein the generating at least one pair of asymmetric keys by an asymmetric encryption algorithm includes: determining the number of shares according to the original document. the number of the asymmetric keys; encrypt the original document with the symmetric key to generate a first encrypted document; encrypt the symmetric key with the public key in the at least one pair of asymmetric keys to generate the first encrypted document Ciphertext; calculate the MD5 value of the original document, and calculate the MD5 value, the public key of the at least one pair of asymmetric keys, and the first total length of the first ciphertext; The total length is used as the header file of the first encrypted document, and the header file, the public key in the at least one pair of asymmetric keys, and the first ciphertext are added to the first encrypted file A second encrypted document is generated from the document. 如請求項1所述的檔案加密與解密方法,其中,所述方法還包括:藉由所述至少一對非對稱金鑰的每一對非對稱金鑰中的私密金鑰對所述第二加密文檔進行解密得到所述對稱金鑰及所述第一加密文檔;及利用所述對稱金鑰對所述第一加密文檔進行解密得到所述原始文檔。 The file encryption and decryption method according to claim 1, wherein the method further comprises: pairing the second asymmetric key with a private key in each pair of asymmetric keys of the at least one pair of asymmetric keys Decrypt the encrypted document to obtain the symmetric key and the first encrypted document; and decrypt the first encrypted document by using the symmetric key to obtain the original document. 如請求項2所述的檔案加密與解密方法,其中,所述藉由所述至少一對非對稱金鑰的每一對非對稱金鑰中的私密金鑰對所述第二加密文檔進行解密得到所述對稱金鑰包括:藉由所述至少一對非對稱金鑰的所述每一對非對稱金鑰中的私密金鑰對所述標頭檔中與所述每一對非對稱金鑰對應的密文進行解密得到所述對稱金鑰。 The file encryption and decryption method according to claim 2, wherein the second encrypted file is decrypted by using the private key in each pair of asymmetric keys of the at least one pair of asymmetric keys Obtaining the symmetric key includes: pairing the header file with the private key in each pair of asymmetric keys of the at least one pair of asymmetric keys The ciphertext corresponding to the key is decrypted to obtain the symmetric key. 如請求項1所述的檔案加密與解密方法,其中,所述方法還包括:接收增加一對或多對非對稱金鑰的指令;根據所述指令增加一對或多對新增的非對稱金鑰;將所述新增的非對稱金鑰中的公開金鑰對所述對稱金鑰進行加密生成第二密文計算所述MD5值、所述至少一對非對稱金鑰的公開金鑰、所述新增的非對稱金鑰、所述第一密文、所述第二密文的第二總長度;及將所述第二總長度作為所述第二加密文檔的標頭檔,並將所述第二加密文檔的標頭檔、所述至少一對非對稱金鑰中的公開金鑰、所述新增的非對稱金鑰中的公開金鑰、及所述第一密文、所述第二密文添加到所述第一加密文檔中生成第三加密文檔。 The file encryption and decryption method according to claim 1, wherein the method further comprises: receiving an instruction to add one or more pairs of asymmetric keys; adding one or more pairs of newly added asymmetric keys according to the instruction key; encrypt the symmetric key with the public key in the newly added asymmetric key to generate a second ciphertext, calculate the MD5 value, the public key of the at least one pair of asymmetric keys , the newly added asymmetric key, the first ciphertext, the second total length of the second ciphertext; and the second total length as the header file of the second encrypted document, and the header file of the second encrypted document, the public key in the at least one pair of asymmetric keys, the public key in the newly added asymmetric key, and the first ciphertext . The second ciphertext is added to the first encrypted document to generate a third encrypted document. 如請求項4所述的檔案加密與解密方法,其中,所述方法還包括:藉由所述至少一對非對稱金鑰的每一對非對稱金鑰中的私密金鑰或所述新增的非對稱金鑰中的私密金鑰對所述第三加密文檔進行解密得到所述對稱金鑰及所述第一加密文檔;及利用所述對稱金鑰對所述第一加密文檔進行解密得到所述原始文檔。 The file encryption and decryption method according to claim 4, wherein the method further comprises: using the private key in each pair of asymmetric keys of the at least one pair of asymmetric keys or the new addition Decrypt the third encrypted document with the private key in the asymmetric key to obtain the symmetric key and the first encrypted document; and use the symmetric key to decrypt the first encrypted document to obtain the original document. 一種檔案加密與解密裝置,其改良在於,所述裝置包括:第一金鑰生成模組,用於藉由對稱式加密演算法產生對稱金鑰;第二金鑰生成模組,用於藉由非對稱式加密演算法產生至少一對非對稱金鑰,每一對非對稱金鑰包括公開金鑰及私密金鑰,其中,所述藉由非對稱式加密演算方法產生至少一對非對稱金鑰包括:根據所述原始文檔的分享數量確定出所述非對稱金鑰的數量;第一加密模組,用於將原始文檔藉由對稱金鑰進行加密產生第一加密文檔; 密文生成模組,用於將所述至少一對非對稱金鑰中的公開金鑰對所述對稱金鑰進行加密生成第一密文;計算模組,用於計算所述原始文檔的MD5值,並計算所述MD5值、所述至少一對非對稱金鑰的公開金鑰、所述第一密文的第一總長度;第二加密模組,用於將所述第一總長度作為所述第一加密文檔的標頭檔,並將所述標頭檔、所述至少一對非對稱金鑰中的公開金鑰及所述第一密文添加到所述第一加密文檔中生成第二加密文檔。 A file encryption and decryption device, which is improved in that the device comprises: a first key generation module for generating a symmetric key by a symmetric encryption algorithm; a second key generation module for using The asymmetric encryption algorithm generates at least a pair of asymmetric keys, each pair of asymmetric keys includes a public key and a private key, wherein the at least a pair of asymmetric keys is generated by the asymmetric encryption algorithm The key includes: determining the number of the asymmetric keys according to the number of shares of the original document; a first encryption module for encrypting the original document by the symmetric key to generate a first encrypted document; A ciphertext generation module, configured to encrypt the symmetric key with the public key in the at least a pair of asymmetric keys to generate a first ciphertext; a calculation module, used to calculate the MD5 of the original document value, and calculate the MD5 value, the public key of the at least one pair of asymmetric keys, and the first total length of the first ciphertext; the second encryption module is used to convert the first total length As a header file of the first encrypted document, and adding the header file, the public key in the at least one pair of asymmetric keys, and the first ciphertext to the first encrypted document A second encrypted document is generated. 如請求項6所述的檔案加密與解密裝置,其中,所述裝置還包括解密模組,所述解密模組用於:藉由所述至少一對非對稱金鑰的每一對非對稱金鑰中的私密金鑰對所述第二加密文檔進行解密得到所述對稱金鑰及所述第一加密文檔;及利用所述對稱金鑰對所述第一加密文檔進行解密得到所述原始文檔。 The file encryption and decryption device according to claim 6, wherein the device further comprises a decryption module, and the decryption module is used for: using each pair of asymmetric keys of the at least one pair of asymmetric keys Decrypt the second encrypted document with the private key in the key to obtain the symmetric key and the first encrypted document; and use the symmetric key to decrypt the first encrypted document to obtain the original document . 如請求項7所述的檔案加密與解密裝置,其中,所述解密模組藉由所述至少一對非對稱金鑰的所述每一對非對稱金鑰中的私密金鑰對所述標頭檔中與所述每一對非對稱金鑰對應的密文進行解密得到所述對稱金鑰。 The file encryption and decryption device of claim 7, wherein the decryption module pairs the target with a private key in each pair of asymmetric keys of the at least one pair of asymmetric keys. The ciphertext corresponding to each pair of asymmetric keys in the header file is decrypted to obtain the symmetric key. 一種電子設備,其中,所述電子設備包括處理器及記憶體,所述處理器用於執行所述記憶體中存儲的電腦程式時實現如請求項1至5中任一項所述檔案加密與解密方法。 An electronic device, wherein the electronic device includes a processor and a memory, and the processor is configured to implement file encryption and decryption as described in any one of claim 1 to 5 when executing a computer program stored in the memory method.
TW109146560A 2020-12-28 2020-12-28 File encryption and decryption method, device , and electronic device TWI762120B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW109146560A TWI762120B (en) 2020-12-28 2020-12-28 File encryption and decryption method, device , and electronic device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW109146560A TWI762120B (en) 2020-12-28 2020-12-28 File encryption and decryption method, device , and electronic device

Publications (2)

Publication Number Publication Date
TWI762120B true TWI762120B (en) 2022-04-21
TW202226023A TW202226023A (en) 2022-07-01

Family

ID=82198909

Family Applications (1)

Application Number Title Priority Date Filing Date
TW109146560A TWI762120B (en) 2020-12-28 2020-12-28 File encryption and decryption method, device , and electronic device

Country Status (1)

Country Link
TW (1) TWI762120B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1832398A (en) * 2006-04-14 2006-09-13 中国软件与技术服务股份有限公司 Method and system of file encipher share
TW201317823A (en) * 2011-10-31 2013-05-01 Chunghwa Telecom Co Ltd Cloud secured storage system
CN103179086A (en) * 2011-12-21 2013-06-26 中国电信股份有限公司 Method and system for remote storing processing of data
TWI708508B (en) * 2019-05-14 2020-10-21 大陸商物聯智慧科技(深圳)有限公司 Encryption method and apparatus of video and audio signal stream

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1832398A (en) * 2006-04-14 2006-09-13 中国软件与技术服务股份有限公司 Method and system of file encipher share
TW201317823A (en) * 2011-10-31 2013-05-01 Chunghwa Telecom Co Ltd Cloud secured storage system
CN103179086A (en) * 2011-12-21 2013-06-26 中国电信股份有限公司 Method and system for remote storing processing of data
TWI708508B (en) * 2019-05-14 2020-10-21 大陸商物聯智慧科技(深圳)有限公司 Encryption method and apparatus of video and audio signal stream

Also Published As

Publication number Publication date
TW202226023A (en) 2022-07-01

Similar Documents

Publication Publication Date Title
US10903976B2 (en) End-to-end secure operations using a query matrix
Sun et al. A blockchain-based framework for electronic medical records sharing with fine-grained access control
Zhao et al. Realizing fine-grained and flexible access control to outsourced data with attribute-based cryptosystems
US20180212753A1 (en) End-To-End Secure Operations Using a Query Vector
CA3057391C (en) Methods and devices for providing transaction data to blockchain system for processing
CA3144715A1 (en) Systems and methods for permissioned blockchain infrastructure with fine-grained access control and confidentiality-preserving publish/subscribe messaging
CN109214201B (en) Data sharing method, terminal equipment and computer readable storage medium
WO2019090841A1 (en) Encrypted file retrieval method and system, terminal device and storage medium
US10511574B2 (en) Methods and apparatuses for utilizing a gateway integration server to enhance application security
KR101615137B1 (en) Data access method based on attributed
WO2020073712A1 (en) Method for sharing secure application in mobile terminal, and mobile terminal
WO2022267314A1 (en) Data processing method and apparatus based on smart contract
WO2023098294A1 (en) Heterogeneous data processing method and apparatus, and electronic device
CN111950022A (en) Desensitization method, device and system based on structured data
WO2022134812A1 (en) Consortium blockchain-based multi-institution data processing method, apparatus, and related device
WO2023051337A1 (en) Data processing method and apparatus, and device and storage medium
WO2021098152A1 (en) Blockchain-based data processing method, device, and computer apparatus
US20220209935A1 (en) File encryption and decryption method and electronic device using the same
JP2014137474A (en) Tamper detection device, tamper detection method, and program
CN111010283B (en) Method and apparatus for generating information
CN112464270A (en) Bidding file encryption and decryption method, equipment and storage medium
TWI762120B (en) File encryption and decryption method, device , and electronic device
US20220360429A1 (en) Location-key encryption system
WO2019178981A1 (en) Password management method and device employing customized rules, terminal apparatus, and storage medium
CN116074110B (en) Method, system, equipment and medium for realizing encrypted file sharing in cloud environment