TWI762120B - File encryption and decryption method, device , and electronic device - Google Patents
File encryption and decryption method, device , and electronic device Download PDFInfo
- Publication number
- TWI762120B TWI762120B TW109146560A TW109146560A TWI762120B TW I762120 B TWI762120 B TW I762120B TW 109146560 A TW109146560 A TW 109146560A TW 109146560 A TW109146560 A TW 109146560A TW I762120 B TWI762120 B TW I762120B
- Authority
- TW
- Taiwan
- Prior art keywords
- key
- pair
- asymmetric keys
- asymmetric
- ciphertext
- Prior art date
Links
Images
Abstract
Description
本發明涉及檔案加密領域,具體涉及一種檔案加密與解密方法、裝置及電子設備。 The invention relates to the field of file encryption, in particular to a file encryption and decryption method, device and electronic equipment.
現有文檔的常見的加密方式通常是藉由一把對稱式金鑰或是兩把非對稱式的金鑰進行加密和解密。上述方法限制使用特定且唯一的金鑰才能解密,造成多人使用文檔時均藉由同一把金鑰進行解密,降低了文檔的安全性。此外,如果希望避免第三人擁有同樣的金鑰,例如將已經加密過的文檔分享給第三人時不希望第三人擁有同樣的金鑰,此時勢必使用另一把金鑰對已經加密的文檔再次進行加密,進而造成使用的不便。 The common encryption method of existing documents is usually to encrypt and decrypt with a symmetric key or two asymmetric keys. The above method restricts the use of a specific and unique key to decrypt, so that when multiple people use the document, they all use the same key to decrypt the document, which reduces the security of the document. In addition, if you want to prevent a third party from having the same key, for example, when you share an encrypted document with a third party, you do not want the third party to have the same key, then you must use another key pair that has been encrypted The document is encrypted again, which will cause inconvenience to use.
鑒於以上內容,有必要提出一種檔案加密與解密方法、裝置及電子設備,以避免使用同一把金鑰進行解密檔案時降低檔案的安全性的問題,及避免對檔案進行再加密造成的使用不便的問題。 In view of the above, it is necessary to propose a file encryption and decryption method, device and electronic device, so as to avoid the problem of reducing the security of the file when using the same key to decrypt the file, and to avoid the inconvenience caused by re-encrypting the file. question.
本申請的第一方面提供一種檔案加密與解密方法,所述方法包括:藉由對稱式加密演算法產生對稱金鑰;藉由非對稱式加密演算法產生至少一對非對稱金鑰,每一對非對稱金鑰包括公開金鑰及私密金鑰; 將原始文檔藉由對稱金鑰進行加密產生第一加密文檔;將所述至少一對非對稱金鑰中的公開金鑰對所述對稱金鑰進行加密生成第一密文;計算所述原始文檔的MD5值,並計算所述MD5值、所述至少一對非對稱金鑰的公開金鑰、所述第一密文的第一總長度;將所述第一總長度作為所述第一加密文檔的標頭檔,並將所述標頭檔、所述至少一對非對稱金鑰中的公開金鑰及所述第一密文添加到所述第一加密文檔中生成第二加密文檔。 A first aspect of the present application provides a file encryption and decryption method, the method includes: generating a symmetric key by a symmetric encryption algorithm; generating at least one pair of asymmetric keys by an asymmetric encryption algorithm, each For asymmetric keys, including public key and private key; encrypting the original document with a symmetric key to generate a first encrypted document; encrypting the symmetric key with the public key in the at least a pair of asymmetric keys to generate a first ciphertext; calculating the original document and calculate the MD5 value, the public key of the at least one pair of asymmetric keys, and the first total length of the first ciphertext; take the first total length as the first encryption A header file of the document, and the header file, the public key in the at least one pair of asymmetric keys, and the first ciphertext are added to the first encrypted document to generate a second encrypted document.
優選地,所述方法還包括:藉由所述至少一對非對稱金鑰的每一對非對稱金鑰中的私密金鑰對所述第二加密文檔進行解密得到所述對稱金鑰及所述第一加密文檔;及利用所述對稱金鑰對所述第一加密文檔進行解密得到所述原始文檔。 Preferably, the method further comprises: decrypting the second encrypted document by using the private key in each pair of asymmetric keys of the at least one pair of asymmetric keys to obtain the symmetric key and all and decrypting the first encrypted document by using the symmetric key to obtain the original document.
優選地,所述藉由所述至少一對非對稱金鑰的每一對非對稱金鑰中的私密金鑰對所述第二加密文檔進行解密得到所述對稱金鑰包括:藉由所述至少一對非對稱金鑰的所述每一對非對稱金鑰中的私密金鑰對所述標頭檔中與所述每一對非對稱金鑰對應的密文進行解密得到所述對稱金鑰。 Preferably, obtaining the symmetric key by decrypting the second encrypted document with the private key in each pair of asymmetric keys of the at least one pair of asymmetric keys comprises: The private key in each pair of asymmetric keys of at least one pair of asymmetric keys decrypts the ciphertext corresponding to each pair of asymmetric keys in the header file to obtain the symmetric key key.
優選地,所述藉由非對稱式加密方法產生至少一對非對稱金鑰包括:根據所述原始文檔的分享數量確定出所述非對稱金鑰的數量。 Preferably, the generating at least one pair of asymmetric keys by the asymmetric encryption method includes: determining the number of the asymmetric keys according to the number of shares of the original document.
優選地,所述方法還包括:接收增加一對或多對非對稱金鑰的指令;根據所述指令增加一對或多對新增的非對稱金鑰;將所述新增的非對稱金鑰中的公開金鑰對所述對稱金鑰進行加密生成第二密文 Preferably, the method further comprises: receiving an instruction to add one or more pairs of asymmetric keys; adding one or more pairs of newly added asymmetric keys according to the instructions; The public key in the key encrypts the symmetric key to generate a second ciphertext
計算所述MD5值、所述至少一對非對稱金鑰的公開金鑰、所述新增的非對稱金鑰、所述第一密文、所述第二密文的第二總長度;及將所述第二總長度作為所述第二加密文檔的標頭檔,並將所述第二加密文檔的標頭檔、所述至少一對非對稱金鑰中的公開金鑰、所述新增的非對稱金鑰中的公開金鑰、及所述第一密文、所述第二密文添加到所述第一加密文檔中生成第三加密文檔。 calculating the MD5 value, the public key of the at least one pair of asymmetric keys, the newly added asymmetric key, the first ciphertext, the second total length of the second ciphertext; and The second total length is used as the header file of the second encrypted document, and the header file of the second encrypted document, the public key in the at least one pair of asymmetric keys, the new The public key in the added asymmetric key, the first ciphertext, and the second ciphertext are added to the first encrypted document to generate a third encrypted document.
優選地,所述方法還包括:藉由所述至少一對非對稱金鑰的每一對非對稱金鑰中的私密金鑰或所述新增的非對稱金鑰中的私密金鑰對所述第三加密文檔進行解密得到所述對稱金鑰及所述第一加密文檔;及利用所述對稱金鑰對所述第一加密文檔進行解密得到所述原始文檔。 Preferably, the method further comprises: using a private key in each pair of asymmetric keys of the at least one pair of asymmetric keys or a pair of private keys in the newly added asymmetric key decrypting the third encrypted document to obtain the symmetric key and the first encrypted document; and decrypting the first encrypted document using the symmetric key to obtain the original document.
本申請的第二方面提供一種檔案加密與解密裝置,所述裝置包括:第一金鑰生成模組,用於藉由對稱式加密演算法產生對稱金鑰;第二金鑰生成模組,用於藉由非對稱式加密演算法產生至少一對非對稱金鑰,每一對非對稱金鑰包括公開金鑰及私密金鑰;第一加密模組,用於將原始文檔藉由對稱金鑰進行加密產生第一加密文檔;密文生成模組,用於將所述至少一對非對稱金鑰中的公開金鑰對所述對稱金鑰進行加密生成第一密文;計算模組,用於計算所述原始文檔的MD5值,並計算所述MD5值、所述至少一對非對稱金鑰的公開金鑰、所述第一密文的第一總長度;第二加密模組,用於將所述第一總長度作為所述第一加密文檔的標頭檔,並將所述標頭檔、所述至少一對非對稱金鑰中的公開金鑰及所述第一密文添加到所述第一加密文檔中生成第二加密文檔。 A second aspect of the present application provides a file encryption and decryption device, the device includes: a first key generation module for generating a symmetric key by using a symmetric encryption algorithm; a second key generation module for using generating at least a pair of asymmetric keys by an asymmetric encryption algorithm, each pair of asymmetric keys includes a public key and a private key; the first encryption module is used for encrypting the original document by the symmetric key performing encryption to generate a first encrypted document; a ciphertext generation module, used for encrypting the symmetric key with the public key in the at least one pair of asymmetric keys to generate a first ciphertext; a calculation module, using In calculating the MD5 value of the original document, and calculating the MD5 value, the public key of the at least one pair of asymmetric keys, and the first total length of the first ciphertext; the second encryption module, using taking the first total length as the header file of the first encrypted document, and adding the header file, the public key in the at least one pair of asymmetric keys, and the first ciphertext A second encrypted document is generated from the first encrypted document.
優選地,所述裝置還包括解密模組,所述解密模組用於: 藉由所述至少一對非對稱金鑰的每一對非對稱金鑰中的私密金鑰對所述第二加密文檔進行解密得到所述對稱金鑰及所述第一加密文檔;及利用所述對稱金鑰對所述第一加密文檔進行解密得到所述原始文檔。 Preferably, the device further includes a decryption module, and the decryption module is used for: Decrypting the second encrypted document by using the private key in each pair of asymmetric keys of the at least one pair of asymmetric keys to obtain the symmetric key and the first encrypted document; and using the The symmetric key decrypts the first encrypted document to obtain the original document.
優選地,所述解密模組藉由所述至少一對非對稱金鑰的所述每一對非對稱金鑰中的私密金鑰對所述標頭檔中與所述每一對非對稱金鑰對應的密文進行解密得到所述對稱金鑰。 Preferably, the decryption module uses the private key in each pair of asymmetric keys of the at least one pair of asymmetric keys to pair the header file with each pair of asymmetric keys in the header file. The ciphertext corresponding to the key is decrypted to obtain the symmetric key.
本申請的第三方面提供一種電子設備,所述電子設備包括處理器及記憶體,所述處理器用於執行所述記憶體中存儲的電腦程式時實現上述檔案加密與解密方法。 A third aspect of the present application provides an electronic device, the electronic device includes a processor and a memory, and the processor is configured to implement the above file encryption and decryption method when executing a computer program stored in the memory.
本案藉由將由原始文檔的MD5值,並計算所述MD5值、至少一對非對稱金鑰的公開金鑰、第一密文組成的第一總長度作為第一加密文檔的標頭檔,並將所述標頭檔、所述至少一對非對稱金鑰中的公開金鑰及所述第一密文添加到所述第一加密文檔中生成第二加密文檔,能夠避免使用同一把金鑰進行解密檔案時降低檔案的安全性的問題,及避免對檔案進行再加密造成的使用不便的問題。 In this case, the first total length composed of the MD5 value of the original document, and calculating the MD5 value, the public key of at least one pair of asymmetric keys, and the first ciphertext is used as the header file of the first encrypted document, and The header file, the public key in the at least one pair of asymmetric keys, and the first ciphertext are added to the first encrypted document to generate a second encrypted document, which can avoid using the same key The problem of reducing the security of the file when decrypting the file and avoiding the problem of inconvenience caused by re-encrypting the file.
30:檔案加密與解密裝置 30: File encryption and decryption device
301:第一金鑰生成模組 301: The first key generation module
302:第二金鑰生成模組 302: Second key generation module
303:第一加密模組 303: The first encryption module
304:密文生成模組 304: Ciphertext generation module
305:計算模組 305: Computing Modules
306:第二加密模組 306: Second encryption module
307:解密模組 307: Decryption Module
6:電子設備 6: Electronic equipment
61:記憶體 61: Memory
62:處理器 62: Processor
63:電腦程式 63: Computer Programs
S11~S16:步驟 S11~S16: Steps
圖1為本發明一實施方式中檔案加密與解密方法的流程圖。 FIG. 1 is a flowchart of a file encryption and decryption method according to an embodiment of the present invention.
圖2為本發明一實施方式中檔案加密與解密裝置的結構圖。 FIG. 2 is a structural diagram of a file encryption and decryption apparatus according to an embodiment of the present invention.
圖3為本發明一實施方式中電子設備的示意圖。 FIG. 3 is a schematic diagram of an electronic device in an embodiment of the present invention.
為了能夠更清楚地理解本發明的上述目的、特徵和優點,下面結合附圖和具體實施例對本發明進行詳細描述。需要說明的是,在不衝突的情況下,本申請的實施例及實施例中的特徵可以相互組合。 In order to more clearly understand the above objects, features and advantages of the present invention, the present invention will be described in detail below with reference to the accompanying drawings and specific embodiments. It should be noted that the embodiments of the present application and the features in the embodiments may be combined with each other in the case of no conflict.
在下面的描述中闡述了很多具體細節以便於充分理解本發明,所描述的實施例僅僅是本發明一部分實施例,而不是全部的實施例。基於本發明中的實施例,本領域普通技術人員在沒有做出創造性勞動前提下所獲得的所有其他實施例,都屬於本發明保護的範圍。 In the following description, many specific details are set forth in order to facilitate a full understanding of the present invention, and the described embodiments are only some, but not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.
除非另有定義,本文所使用的所有的技術和科學術語與屬於本發明的技術領域的技術人員通常理解的含義相同。本文中在本發明的說明書中所使用的術語只是為了描述具體的實施例的目的,不是旨在於限制本發明。 Unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terms used herein in the description of the present invention are for the purpose of describing specific embodiments only, and are not intended to limit the present invention.
優選地,本發明檔案加密與解密方法應用在一個或者多個電子設備中。所述電子設備是一種能夠按照事先設定或存儲的指令,自動進行數值計算和/或資訊處理的設備,其硬體包括但不限於微處理器、專用積體電路(Application Specific Integrated Circuit,ASIC)、可程式設計閘陣列(Field-Programmable Gate Array,FPGA)、數字訊號處理器(Digital Signal Processor,DSP)、嵌入式設備等。 Preferably, the file encryption and decryption method of the present invention is applied in one or more electronic devices. The electronic device is a device that can automatically perform numerical calculations and/or information processing according to pre-set or stored instructions, and its hardware includes but is not limited to microprocessors, application specific integrated circuits (ASICs) , Programmable Gate Array (Field-Programmable Gate Array, FPGA), Digital Signal Processor (Digital Signal Processor, DSP), embedded devices, etc.
所述電子設備可以是桌上型電腦、筆記型電腦、平板電腦及雲端伺服器等計算設備。所述設備可以與使用者藉由鍵盤、滑鼠、遙控器、觸控板或聲控設備等方式進行人機交互。 The electronic device may be a computing device such as a desktop computer, a notebook computer, a tablet computer, and a cloud server. The device can interact with the user by means of a keyboard, a mouse, a remote control, a touch pad or a voice control device.
實施例1 Example 1
圖1是本發明一實施方式中檔案加密與解密方法的流程圖。根據不同的需求,所述流程圖中步驟的順序可以改變,某些步驟可以省略。 FIG. 1 is a flowchart of a file encryption and decryption method according to an embodiment of the present invention. According to different requirements, the order of the steps in the flowchart can be changed, and some steps can be omitted.
參考圖1所示,所述檔案加密與解密方法具體包括以下步驟。 Referring to FIG. 1 , the file encryption and decryption method specifically includes the following steps.
步驟S11,藉由對稱式加密演算法產生對稱金鑰。 In step S11, a symmetric key is generated by a symmetric encryption algorithm.
本實施方式中,藉由對稱式加密演算法生成對稱金鑰,並藉由對稱金鑰對原始文檔進行加密或藉由對稱金鑰對加密檔進行解密得到原始文檔。本實施方式中,所述對稱式加密演算法包括,但不限於DES演算法、3DES演算法、TDEA演算法、Blowfish演算法、RC5演算法。 In this embodiment, a symmetric key is generated by a symmetric encryption algorithm, and the original document is encrypted by the symmetric key or the encrypted file is decrypted by the symmetric key to obtain the original document. In this embodiment, the symmetric encryption algorithm includes, but is not limited to, the DES algorithm, the 3DES algorithm, the TDEA algorithm, the Blowfish algorithm, and the RC5 algorithm.
步驟S12,藉由非對稱式加密演算法產生至少一對非對稱金鑰,每一對非對稱金鑰包括公開金鑰及私密金鑰。 In step S12, at least one pair of asymmetric keys is generated by an asymmetric encryption algorithm, and each pair of asymmetric keys includes a public key and a private key.
本實施方式中,藉由非對稱式加密演算法產生至少一對非對稱金鑰,其中所述至少一對非對稱金鑰中的公開金鑰用於對原始文檔進行加密,所述至少一對非對稱金鑰中的私密金鑰用於對原始文檔進行解密。本實施方式中,所述非對稱金鑰演算法包括,但不限於RSA演算法、Elganal演算法、背包演算法、Rabin演算法、D-H演算法及橢圓曲線加密演算法。 In this embodiment, at least one pair of asymmetric keys is generated by an asymmetric encryption algorithm, wherein the public key in the at least one pair of asymmetric keys is used to encrypt the original document, and the at least one pair of asymmetric keys is used to encrypt the original document. The private key in the asymmetric key is used to decrypt the original document. In this embodiment, the asymmetric key algorithm includes, but is not limited to, the RSA algorithm, the Elganal algorithm, the knapsack algorithm, the Rabin algorithm, the D-H algorithm, and the elliptic curve encryption algorithm.
本實施方式中,所述非對稱金鑰包括多對,所述藉由非對稱式加密方法產生至少一對非對稱金鑰包括:根據所述原始文檔的分享數量確定出所述非對稱金鑰的數量。例如,所述原始文檔需要分給使用者A、用戶B、用戶C三個用戶時,所述方法確定所述原始的分享數量為三個,並根據所述原始文檔的分享數量確定出所述非對稱金鑰的數量為三個,及藉由非對稱式加密演算法產生三對非對稱金鑰。其中,三對中的非對稱金鑰的每一對非對稱金鑰中的私密金鑰分別分配給用戶A、用戶B、用戶C,使得用戶A、使用者B、使用者C根據分配的私密金鑰對經過相應的公開金鑰加密的文檔進行解密。 In this embodiment, the asymmetric keys include multiple pairs, and the generating at least one pair of asymmetric keys by an asymmetric encryption method includes: determining the asymmetric keys according to the number of shares of the original document quantity. For example, when the original document needs to be distributed to three users, user A, user B, and user C, the method determines that the original sharing quantity is three, and determines the original sharing quantity according to the sharing quantity of the original document. The number of asymmetric keys is three, and three pairs of asymmetric keys are generated by an asymmetric encryption algorithm. Among them, the private keys in each of the three pairs of asymmetric keys are allocated to user A, user B, and user C, respectively, so that user A, user B, and user C The key decrypts the document encrypted by the corresponding public key.
步驟S13,將原始文檔藉由對稱金鑰進行加密產生第一加密文檔。 Step S13, encrypting the original document with a symmetric key to generate a first encrypted document.
步驟S14,將所述至少一對非對稱金鑰中的公開金鑰對所述對稱金鑰進行加密生成第一密文。 Step S14, encrypting the symmetric key with the public key in the at least one pair of asymmetric keys to generate a first ciphertext.
步驟S15,計算所述原始文檔的MD5值,並計算所述MD5值、所述至少一對非對稱金鑰的公開金鑰、所述第一密文的第一總長度。 Step S15: Calculate the MD5 value of the original document, and calculate the MD5 value, the public key of the at least one pair of asymmetric keys, and the first total length of the first ciphertext.
步驟S16,將所述第一總長度作為所述第一加密文檔的標頭檔,並將所述標頭檔、所述至少一對非對稱金鑰中的公開金鑰及所述第一密文添加到所述第一加密文檔中生成第二加密文檔。 Step S16, use the first total length as the header file of the first encrypted document, and use the header file, the public key in the at least one pair of asymmetric keys, and the first encryption key. document is added to the first encrypted document to generate a second encrypted document.
本實施方式中,所述方法還包括:藉由所述至少一對非對稱金鑰的每一對非對稱金鑰中的私密金鑰對所述第二加密文檔進行解密得到所述對稱金鑰及所述第一加密文檔;及利用所述對稱金鑰對所述第一加密文檔進行解密 得到所述原始文檔。本實施方式中,所述藉由所述至少一對非對稱金鑰的每一對非對稱金鑰中的私密金鑰對所述第二加密文檔進行解密得到所述對稱金鑰包括:藉由所述至少一對非對稱金鑰的每一對非對稱金鑰中的私密金鑰對所述標頭檔中與所述每一對非對稱金鑰對應的密文進行解密得到所述對稱金鑰。其中,與所述每一對非對稱金鑰對應的密文是由所述每一對非對稱金鑰中的公開金鑰對所述對稱金鑰進行加密生成的。 In this embodiment, the method further includes: decrypting the second encrypted document by using the private key in each pair of asymmetric keys of the at least one pair of asymmetric keys to obtain the symmetric key and the first encrypted document; and decrypt the first encrypted document using the symmetric key Get the original document. In this embodiment, the obtaining the symmetric key by decrypting the second encrypted document using the private key in each pair of asymmetric keys of the at least one pair of asymmetric keys includes: The private key in each pair of asymmetric keys of the at least one pair of asymmetric keys decrypts the ciphertext corresponding to each pair of asymmetric keys in the header file to obtain the symmetric key key. The ciphertext corresponding to each pair of asymmetric keys is generated by encrypting the symmetric key with the public key in each pair of asymmetric keys.
本實施方式中,所述方法還包括:接收增加一對或多對非對稱金鑰的指令;根據所述指令增加一對或多對新增的非對稱金鑰;將所述新增的非對稱金鑰中的公開金鑰對所述對稱金鑰進行加密生成第二密文;計算所述MD5值、所述至少一對非對稱金鑰的公開金鑰、所述新增的非對稱金鑰、所述第一密文、所述第二密文的第二總長度;及將所述第二總長度作為所述第二加密文檔的標頭檔,並將所述第二加密文檔的標頭檔、所述至少一對非對稱金鑰中的公開金鑰、所述新增的非對稱金鑰中的公開金鑰、及所述第一密文、所述第二密文添加到所述第一加密文檔中生成第三加密文檔。 In this embodiment, the method further includes: receiving an instruction to add one or more pairs of asymmetric keys; adding one or more pairs of newly added asymmetric keys according to the instructions; The public key in the symmetric key encrypts the symmetric key to generate a second ciphertext; calculates the MD5 value, the public key of the at least one pair of asymmetric keys, and the newly added asymmetric key key, the first ciphertext, the second total length of the second ciphertext; and the second total length as the header file of the second encrypted document, and the second encrypted document The header file, the public key in the at least one pair of asymmetric keys, the public key in the newly added asymmetric key, and the first ciphertext and the second ciphertext are added to the A third encrypted document is generated from the first encrypted document.
本實施方式中,所述方法還包括:藉由所述至少一對非對稱金鑰的每一對非對稱金鑰中的私密金鑰或所述新增的非對稱金鑰中的私密金鑰對所述第三加密文檔進行解密得到所述對稱金鑰及所述第一加密文檔;及利用所述對稱金鑰對所述第一加密文檔進行解密得到所述原始文檔。 In this embodiment, the method further includes: using a private key in each pair of asymmetric keys of the at least one pair of asymmetric keys or a private key in the newly added asymmetric key Decrypting the third encrypted document to obtain the symmetric key and the first encrypted document; and decrypting the first encrypted document using the symmetric key to obtain the original document.
本實施方式中,根據所述原始文檔的分享數量確定出所述非對稱金鑰的數量為三個時,所述三個非對稱金鑰分別為第一對非對稱金鑰、第二對非對稱金鑰及第三對非對稱金鑰。所述方法將所述第一對非對稱金鑰中的公開金鑰對所述對稱金鑰進行加密生成第一子密文,將所述第二對非對稱金鑰中的公開金鑰對所述對稱金鑰進行加密生成第二子密文,將所述第三對非對稱金鑰中的公開金鑰對所述對稱金鑰進行加密生成第三子密文,計算所述MD5值、所述第一對非對稱金鑰中的公開金鑰、所述第二對非對稱金鑰中的公開金鑰、所述第三對非對稱金鑰中的公開金鑰、所述第一子密文、所述第二子密文、所 述第三子密文的第一總長度,將所述第一總長度作為所述第一加密文檔的標頭檔,並將所述標頭檔、所述第一對非對稱金鑰中的公開金鑰、所述第二對非對稱金鑰中的公開金鑰、所述第三對非對稱金鑰中的公開金鑰、所述第一子密文、所述第二子密文、所述第三子密文添加到所述第一加密文檔中生成第二加密文檔。 In this implementation manner, when it is determined that the number of the asymmetric keys is three according to the number of shares of the original documents, the three asymmetric keys are respectively a first pair of asymmetric keys and a second pair of asymmetric keys. Symmetric key and a third pair of asymmetric keys. The method encrypts the symmetric key with the public key in the first pair of asymmetric keys to generate a first sub-ciphertext, and encrypts the public key in the second pair of asymmetric keys with all the keys. encrypting the symmetric key to generate a second sub-ciphertext, encrypting the symmetric key with the public key in the third pair of asymmetric keys to generate a third sub-ciphertext, calculating the MD5 value, the The public key in the first pair of asymmetric keys, the public key in the second pair of asymmetric keys, the public key in the third pair of asymmetric keys, the first subkey text, the second sub-ciphertext, the The first total length of the third sub-ciphertext, the first total length is used as the header file of the first encrypted document, and the header file, the first pair of asymmetric keys are public key, the public key in the second pair of asymmetric keys, the public key in the third pair of asymmetric keys, the first sub-ciphertext, the second sub-ciphertext, The third sub-ciphertext is added to the first encrypted document to generate a second encrypted document.
本發明藉由將由原始文檔的MD5值,並計算所述MD5值、至少一對非對稱金鑰的公開金鑰、第一密文組成的第一總長度作為第一加密文檔的標頭檔,並將所述標頭檔、所述至少一對非對稱金鑰中的公開金鑰及所述第一密文添加到所述第一加密文檔中生成第二加密文檔,能夠避免使用同一把金鑰進行解密檔案時降低檔案的安全性的問題,及避免對檔案進行再加密造成的使用不便的問題。 The present invention uses the MD5 value of the original document, and calculates the MD5 value, the public key of at least a pair of asymmetric keys, and the first total length of the first ciphertext as the header file of the first encrypted document, The header file, the public key in the at least one pair of asymmetric keys, and the first ciphertext are added to the first encrypted document to generate a second encrypted document, which can avoid using the same key When the key is used to decrypt the file, the security of the file is reduced, and the problem of inconvenience caused by re-encrypting the file is avoided.
實施例2 Example 2
圖2為本發明一實施方式中檔案加密與解密裝置30的結構圖。
FIG. 2 is a structural diagram of a file encryption and
在一些實施例中,所述檔案加密與解密裝置30可以包括多個由程式碼段所組成的功能模組。所述檔案加密與解密裝置30中的各個程式段的程式碼可以存儲於記憶體中,並由至少一個處理器所執行。
In some embodiments, the file encryption and
本實施例中,所述檔案加密與解密裝置30根據其所執行的功能,可以被劃分為多個功能模組。參考圖2所示,所述檔案加密與解密裝置30可以包括第一金鑰生成模組301、第二金鑰生成模組302、第一加密模組303、密文生成模組304、計算模組305、第二加密模組306及解密模組307。本發明所稱的模組是指一種能夠被至少一個處理器所執行並且能夠完成固定功能的一系列電腦程式段,其存儲在記憶體中。所述在一些實施例中,關於各模組的功能將在後續的實施例中詳述。
In this embodiment, the file encryption and
所述第一金鑰生成模組301藉由對稱式加密演算法產生對稱金鑰。
The first
本實施方式中,藉由對稱式加密演算法生成對稱金鑰,並藉由對稱金鑰對原始文檔進行加密或藉由對稱金鑰對加密檔進行解密得到原始文檔。本實施方式中,所述對稱式加密演算法包括,但不限於DES演算法、3DES演算法、TDEA演算法、Blowfish演算法、RC5演算法。 In this embodiment, a symmetric key is generated by a symmetric encryption algorithm, and the original document is encrypted by the symmetric key or the encrypted file is decrypted by the symmetric key to obtain the original document. In this embodiment, the symmetric encryption algorithm includes, but is not limited to, the DES algorithm, the 3DES algorithm, the TDEA algorithm, the Blowfish algorithm, and the RC5 algorithm.
所述第二金鑰生成模組302藉由非對稱式加密演算法產生至少一對非對稱金鑰,每一對非對稱金鑰包括公開金鑰及私密金鑰。
The second
本實施方式中,藉由非對稱式加密演算法產生至少一對非對稱金鑰,其中所述至少一對非對稱金鑰中的公開金鑰用於對原始文檔進行加密,所述至少一對非對稱金鑰中的私密金鑰用於對原始文檔進行解密。本實施方式中,所述非對稱金鑰演算法包括,但不限於RSA演算法、Elganal演算法、背包演算法、Rabin演算法、D-H演算法及橢圓曲線加密演算法。 In this embodiment, at least one pair of asymmetric keys is generated by an asymmetric encryption algorithm, wherein the public key in the at least one pair of asymmetric keys is used to encrypt the original document, and the at least one pair of asymmetric keys is used to encrypt the original document. The private key in the asymmetric key is used to decrypt the original document. In this embodiment, the asymmetric key algorithm includes, but is not limited to, the RSA algorithm, the Elganal algorithm, the knapsack algorithm, the Rabin algorithm, the D-H algorithm, and the elliptic curve encryption algorithm.
本實施方式中,所述非對稱金鑰包括多對,所述第二金鑰生成模組302根據所述原始文檔的分享數量確定出所述非對稱金鑰的數量。例如,所述原始文檔需要分給使用者A、用戶B、用戶C三個用戶時,所述第二金鑰生成模組302確定所述原始的分享數量為三個,並根據所述原始文檔的分享數量確定出所述非對稱金鑰的數量為三個,及藉由非對稱式加密演算法產生三對非對稱金鑰。其中,三對中的非對稱金鑰的每一對非對稱金鑰中的私密金鑰分別分配給用戶A、用戶B、用戶C,使得用戶A、使用者B、使用者C根據分配的私密金鑰對經過相應的公開金鑰加密的文檔進行解密。
In this embodiment, the asymmetric keys include multiple pairs, and the second
第一加密模組303用於將原始文檔藉由對稱金鑰進行加密產生第一加密文檔。
The
所述密文生成模組304用於將所述至少一對非對稱金鑰中的公開金鑰對所述對稱金鑰進行加密生成第一密文。
The
所述計算模組305用於計算所述原始文檔的MD5值,並計算所述MD5值、所述至少一對非對稱金鑰的公開金鑰、所述第一密文的第一總長度。
The
所述第二加密模組306用於將所述第一總長度作為所述第一加密文檔的標頭檔,並將所述標頭檔、所述至少一對非對稱金鑰中的公開金鑰及所述第一密文添加到所述第一加密文檔中生成第二加密文檔。
The
所述解密模組307藉由所述至少一對非對稱金鑰的每一對非對稱金鑰中的私密金鑰對所述第二加密文檔進行解密得到所述對稱金鑰及所述第一加密文檔,及利用所述對稱金鑰對所述第一加密文檔進行解密得到所述原始文檔。本實施方式中,所述解密模組307藉由所述至少一對非對稱金鑰的每一對非對稱金鑰中的私密金鑰對所述標頭檔中與所述每一對非對稱金鑰對應的密文進行解密得到所述對稱金鑰。其中,與所述每一對非對稱金鑰對應的密文是由所述每一對非對稱金鑰中的公開金鑰對所述對稱金鑰進行加密生成的。
The
本實施方式中,所述第二金鑰生成模組302還用於接收增加一對或多對非對稱金鑰的指令,並根據所述指令增加一對或多對新增的非對稱金鑰。所述密文生成模組304用於將所述新增的非對稱金鑰中的公開金鑰對所述對稱金鑰進行加密生成第二密文。所述計算模組305還用於計算所述MD5值、所述至少一對非對稱金鑰的公開金鑰、所述新增的非對稱金鑰、所述第一密文、所述第二密文的第二總長度。所述第二加密模組306還用於將所述第二總長度作為所述第二加密文檔的標頭檔,並將所述第二加密文檔的標頭檔、所述至少一對非對稱金鑰中的公開金鑰、所述新增的非對稱金鑰中的公開金鑰、及所述第一密文、所述第二密文添加到所述第一加密文檔中生成第三加密文檔。
In this embodiment, the second
本實施方式中,所述解密模組307還用於藉由所述至少一對非對稱金鑰的每一對非對稱金鑰中的私密金鑰或所述新增的非對稱金鑰中的私密金鑰對所述第三加密文檔進行解密得到所述對稱金鑰及所述第一加密文檔,及利用所述對稱金鑰對所述第一加密文檔進行解密得到所述原始文檔。
In this embodiment, the
本實施方式中,所述第二金鑰生成模組302根據所述原始文檔的分享數量確定出所述非對稱金鑰的數量為三個時,生成三個非對稱金鑰分別為第一對非對稱金鑰、第二對非對稱金鑰及第三對非對稱金鑰。所述密文生成模
組304將所述第一對非對稱金鑰中的公開金鑰對所述對稱金鑰進行加密生成第一子密文,將所述第二對非對稱金鑰中的公開金鑰對所述對稱金鑰進行加密生成第二子密文,將所述第三對非對稱金鑰中的公開金鑰對所述對稱金鑰進行加密生成第三子密文。所述計算模組305計算所述MD5值、所述第一對非對稱金鑰中的公開金鑰、所述第二對非對稱金鑰中的公開金鑰、所述第三對非對稱金鑰中的公開金鑰、所述第一子密文、所述第二子密文、所述第三子密文的第一總長度。所述第二加密模組306將所述第一總長度作為所述第一加密文檔的標頭檔,並將所述標頭檔、所述第一對非對稱金鑰中的公開金鑰、所述第二對非對稱金鑰中的公開金鑰、所述第三對非對稱金鑰中的公開金鑰、所述第一子密文、所述第二子密文、所述第三子密文添加到所述第一加密文檔中生成第二加密文檔。
In this embodiment, when the second
本發明藉由將由原始文檔的MD5值,並計算所述MD5值、至少一對非對稱金鑰的公開金鑰、第一密文組成的第一總長度作為第一加密文檔的標頭檔,並將所述標頭檔、所述至少一對非對稱金鑰中的公開金鑰及所述第一密文添加到所述第一加密文檔中生成第二加密文檔,能夠避免使用同一把金鑰進行解密檔案時降低檔案的安全性的問題,及避免對檔案進行再加密造成的使用不便的問題。 The present invention uses the MD5 value of the original document, and calculates the MD5 value, the public key of at least a pair of asymmetric keys, and the first total length of the first ciphertext as the header file of the first encrypted document, The header file, the public key in the at least one pair of asymmetric keys, and the first ciphertext are added to the first encrypted document to generate a second encrypted document, which can avoid using the same key When the key is used to decrypt the file, the security of the file is reduced, and the problem of inconvenience caused by re-encrypting the file is avoided.
實施例3 Example 3
圖3為本發明一實施方式中電子設備6的示意圖。
FIG. 3 is a schematic diagram of an
所述電子設備6包括記憶體61、處理器62以及存儲在所述記憶體61中並可在所述處理器62上運行的電腦程式63。所述處理器62執行所述電腦程式63時實現上述檔案加密與解密方法實施例中的步驟,例如圖1所示的步驟S11~S16。或者,所述處理器62執行所述電腦程式63時實現上述檔案加密與解密裝置實施例中各模組/單元的功能,例如圖2中的模組301~307。
The
示例性的,所述電腦程式63可以被分割成一個或多個模組/單元,所述一個或者多個模組/單元被存儲在所述記憶體61中,並由所述處理器62執
行,以完成本發明。所述一個或多個模組/單元可以是能夠完成特定功能的一系列電腦程式指令段,所述指令段用於描述所述電腦程式63在所述電子設備6中的執行過程。例如,所述電腦程式63可以被分割成圖2中的第一金鑰生成模組301、第二金鑰生成模組302、第一加密模組303、密文生成模組304、計算模組305、第二加密模組306及解密模組307,各模組具體功能參見實施例2。
Exemplarily, the
本領域技術人員可以理解,所述示意圖僅僅是電子設備6的示例,並不構成對電子設備6的限定,可以包括比圖示更多或更少的部件,或者組合某些部件,或者不同的部件,例如所述電子設備6還可以包括輸入輸出設備、網路接入設備、匯流排等。
Those skilled in the art can understand that the schematic diagram is only an example of the
所稱處理器62可以是中央處理模組(Central Processing Unit,CPU),還可以是其他通用處理器、數位訊號處理器(Digital Signal Processor,DSP)、專用積體電路(Application Specific Integrated Circuit,ASIC)、現場可程式設計閘陣列(Field-Programmable Gate Array,FPGA)或者其他可程式設計邏輯器件、分立門或者電晶體邏輯器件、分立硬體元件等。通用處理器可以是微處理器或者所述處理器62也可以是任何常規的處理器等,所述處理器62是所述電子設備6的控制中心,利用各種介面和線路連接整個電子設備6的各個部分。
The
所述記憶體61可用於存儲所述電腦程式63和/或模組/單元,所述處理器62藉由運行或執行存儲在所述記憶體61內的電腦程式和/或模組/單元,以及調用存儲在記憶體61內的資料,實現所述電子設備6的各種功能。所述記憶體61可主要包括存儲程式區和存儲資料區,其中,存儲程式區可存儲作業系統、至少一個功能所需的應用程式(比如聲音播放功能、圖像播放功能等)等;存儲資料區可存儲根據電子設備6的使用所創建的資料(比如音訊資料、電話本等)等。此外,記憶體61可以包括高速隨機存取記憶體,還可以包括非易失性記憶體,例如硬碟、記憶體、插接式硬碟,智慧存儲卡(Smart Media Card,SMC),安全數位(Secure Digital,SD)卡,快閃記憶體卡(Flash Card)、至少一個磁碟記憶體件、快閃記憶體器件、或其他易失性固態記憶體件。
The
所述電子設備6集成的模組/單元如果以軟體功能模組的形式實現並作為獨立的產品銷售或使用時,可以存儲在一個電腦可讀取存儲介質中。基於這樣的理解,本發明實現上述實施例方法中的全部或部分流程,也可以藉由電腦程式來指令相關的硬體來完成,所述的電腦程式可存儲於一電腦可讀存儲介質中,所述電腦程式在被處理器執行時,可實現上述各個方法實施例的步驟。其中,所述電腦程式包括電腦程式代碼,所述電腦程式代碼可以為原始程式碼形式、物件代碼形式、可執行檔或某些中間形式等。所述電腦可讀介質可以包括:能夠攜帶所述電腦程式代碼的任何實體或裝置、記錄介質、隨身碟、移動硬碟、磁碟、光碟、電腦記憶體、唯讀記憶體(ROM,Read-Only Memory)、隨機存取記憶體(RAM,Random Access Memory)、電載波信號、電信信號以及軟體分發介質等。需要說明的是,所述電腦可讀介質包含的內容可以根據司法管轄區內立法和專利實踐的要求進行適當的增減,例如在某些司法管轄區,根據立法和專利實踐,電腦可讀介質不包括電載波信號和電信信號。
If the modules/units integrated in the
在本發明所提供的幾個實施例中,應該理解到,所揭露的電子設備和方法,可以藉由其它的方式實現。例如,以上所描述的電子設備實施例僅僅是示意性的,例如,所述模組的劃分,僅僅為一種邏輯功能劃分,實際實現時可以有另外的劃分方式。 In the several embodiments provided by the present invention, it should be understood that the disclosed electronic devices and methods may be implemented in other manners. For example, the above-described electronic device embodiments are only illustrative. For example, the division of the modules is only a logical function division, and other division methods may be used in actual implementation.
另外,在本發明各個實施例中的各功能模組可以集成在相同處理模組中,也可以是各個模組單獨物理存在,也可以兩個或兩個以上模組集成在相同模組中。上述集成的模組既可以採用硬體的形式實現,也可以採用硬體加軟體功能模組的形式實現。 In addition, each functional module in each embodiment of the present invention may be integrated in the same processing module, or each module may exist physically alone, or two or more modules may be integrated in the same module. The above-mentioned integrated modules can be implemented in the form of hardware, or can be implemented in the form of hardware plus software function modules.
對於本領域技術人員而言,顯然本發明不限於上述示範性實施例的細節,而且在不背離本發明的精神或基本特徵的情況下,能夠以其他的具體形式實現本發明。因此,無論從哪一點來看,均應將實施例看作是示範性的,而且是非限制性的,本發明的範圍由所附請求項而不是上述說明限定,因此旨在將落在申請專利範圍的等同要件的含義和範圍內的所有變化涵括在本發明內。 不應將申請專利範圍中的任何附圖標記視為限制所涉及的申請專利範圍。此外,顯然“包括”一詞不排除其他模組或步驟,單數不排除複數。電子設備申請專利範圍中陳述的多個模組或電子設備也可以由同一個模組或電子設備藉由軟體或者硬體來實現。第一,第二等詞語用來表示名稱,而並不表示任何特定的順序。 It will be apparent to those skilled in the art that the present invention is not limited to the details of the above-described exemplary embodiments, but that the present invention may be embodied in other specific forms without departing from the spirit or essential characteristics of the invention. Therefore, the embodiments are to be regarded in all respects as exemplary and not restrictive, and the scope of the present invention is defined by the appended claims rather than the foregoing description, and is therefore intended to fall within the scope of the patent application. All changes within the meaning and scope of equivalents to the scope are encompassed within the invention. Any reference signs in the patentable scope should not be construed as limiting the claimed scope. Furthermore, it is clear that the word "comprising" does not exclude other modules or steps, and the singular does not exclude the plural. Multiple modules or electronic devices stated in the scope of the electronic device patent application can also be implemented by the same module or electronic device through software or hardware. The terms first, second, etc. are used to denote names and do not denote any particular order.
綜上所述,本發明符合發明專利要件,爰依法提出專利申請。惟,以上所述僅為本發明之較佳實施方式,舉凡熟悉本案技藝之人士,在援依本案創作精神所作之等效修飾或變化,皆應包含於以下之申請專利範圍內。 To sum up, the present invention complies with the requirements of an invention patent, and a patent application can be filed in accordance with the law. However, the above descriptions are only the preferred embodiments of the present invention, and for those who are familiar with the techniques of this case, equivalent modifications or changes made in accordance with the creative spirit of this case shall be included in the scope of the following patent application.
S11~S16:步驟 S11~S16: Steps
Claims (9)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW109146560A TWI762120B (en) | 2020-12-28 | 2020-12-28 | File encryption and decryption method, device , and electronic device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW109146560A TWI762120B (en) | 2020-12-28 | 2020-12-28 | File encryption and decryption method, device , and electronic device |
Publications (2)
Publication Number | Publication Date |
---|---|
TWI762120B true TWI762120B (en) | 2022-04-21 |
TW202226023A TW202226023A (en) | 2022-07-01 |
Family
ID=82198909
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW109146560A TWI762120B (en) | 2020-12-28 | 2020-12-28 | File encryption and decryption method, device , and electronic device |
Country Status (1)
Country | Link |
---|---|
TW (1) | TWI762120B (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1832398A (en) * | 2006-04-14 | 2006-09-13 | 中国软件与技术服务股份有限公司 | Method and system of file encipher share |
TW201317823A (en) * | 2011-10-31 | 2013-05-01 | Chunghwa Telecom Co Ltd | Cloud secured storage system |
CN103179086A (en) * | 2011-12-21 | 2013-06-26 | 中国电信股份有限公司 | Method and system for remote storing processing of data |
TWI708508B (en) * | 2019-05-14 | 2020-10-21 | 大陸商物聯智慧科技(深圳)有限公司 | Encryption method and apparatus of video and audio signal stream |
-
2020
- 2020-12-28 TW TW109146560A patent/TWI762120B/en active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1832398A (en) * | 2006-04-14 | 2006-09-13 | 中国软件与技术服务股份有限公司 | Method and system of file encipher share |
TW201317823A (en) * | 2011-10-31 | 2013-05-01 | Chunghwa Telecom Co Ltd | Cloud secured storage system |
CN103179086A (en) * | 2011-12-21 | 2013-06-26 | 中国电信股份有限公司 | Method and system for remote storing processing of data |
TWI708508B (en) * | 2019-05-14 | 2020-10-21 | 大陸商物聯智慧科技(深圳)有限公司 | Encryption method and apparatus of video and audio signal stream |
Also Published As
Publication number | Publication date |
---|---|
TW202226023A (en) | 2022-07-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10903976B2 (en) | End-to-end secure operations using a query matrix | |
Sun et al. | A blockchain-based framework for electronic medical records sharing with fine-grained access control | |
Zhao et al. | Realizing fine-grained and flexible access control to outsourced data with attribute-based cryptosystems | |
US20180212753A1 (en) | End-To-End Secure Operations Using a Query Vector | |
CA3057391C (en) | Methods and devices for providing transaction data to blockchain system for processing | |
CA3144715A1 (en) | Systems and methods for permissioned blockchain infrastructure with fine-grained access control and confidentiality-preserving publish/subscribe messaging | |
CN109214201B (en) | Data sharing method, terminal equipment and computer readable storage medium | |
WO2019090841A1 (en) | Encrypted file retrieval method and system, terminal device and storage medium | |
US10511574B2 (en) | Methods and apparatuses for utilizing a gateway integration server to enhance application security | |
KR101615137B1 (en) | Data access method based on attributed | |
WO2020073712A1 (en) | Method for sharing secure application in mobile terminal, and mobile terminal | |
WO2022267314A1 (en) | Data processing method and apparatus based on smart contract | |
WO2023098294A1 (en) | Heterogeneous data processing method and apparatus, and electronic device | |
CN111950022A (en) | Desensitization method, device and system based on structured data | |
WO2022134812A1 (en) | Consortium blockchain-based multi-institution data processing method, apparatus, and related device | |
WO2023051337A1 (en) | Data processing method and apparatus, and device and storage medium | |
WO2021098152A1 (en) | Blockchain-based data processing method, device, and computer apparatus | |
US20220209935A1 (en) | File encryption and decryption method and electronic device using the same | |
JP2014137474A (en) | Tamper detection device, tamper detection method, and program | |
CN111010283B (en) | Method and apparatus for generating information | |
CN112464270A (en) | Bidding file encryption and decryption method, equipment and storage medium | |
TWI762120B (en) | File encryption and decryption method, device , and electronic device | |
US20220360429A1 (en) | Location-key encryption system | |
WO2019178981A1 (en) | Password management method and device employing customized rules, terminal apparatus, and storage medium | |
CN116074110B (en) | Method, system, equipment and medium for realizing encrypted file sharing in cloud environment |