The content of the invention
It is an object of the invention to provide the encryption and decryption method and system of a kind of virtual machine image file, so as to solve
Foregoing problems present in prior art.
To achieve these goals, the technical solution adopted by the present invention is as follows:
A kind of encryption method of virtual machine image file, comprises the following steps:
S1, to virtual machine image file, the one-to-one corresponding set up between the system time and AES of each data is closed
System, forms AES combination;
S2, receives each be-encrypted data, and obtain corresponding system time;
S3, in the AES combination, is retrieved according to the system time got in step S2, obtains each
The corresponding AES of the be-encrypted data;
S4, is encrypted to the be-encrypted data using the AES and key, obtains encryption data;
S5, the system time got in step S2 is added to behind the encryption data, and will be all described in
Encryption data is write in virtual machine image file.
Preferably, the system time in step S1 and S2 is accurate to microsecond.
Specifically, in step S1, the one-to-one corresponding set up between the system time of each data and AES is closed
System, specifically, by the system time of each data divided by the AES species, the remainder for obtaining and the encryption
One-to-one relationship is set up between algorithm;It is described in the AES combination in step S3, got according in step S2
System time retrieved, specifically, the system time got in the rapid S2 is obtained divided by the species of the AES
To remainder, by the use of the obtained remainder as key, retrieved in the AES combination.
Preferably, in step S4, the key is using MD5 values.
A kind of encryption system of virtual machine image file, including:
Decision-making module:For to virtual machine image file, setting up between the system time of each data and AES
One-to-one relationship, forms AES combination;It is additionally operable in the AES combination, each is received according to encrypting module
The system time got during be-encrypted data is retrieved, and obtains the corresponding AES of each described be-encrypted data;
Encrypting module:For receiving each be-encrypted data, and obtain corresponding system time;It is additionally operable to add using described
The be-encrypted data is encrypted for close algorithm and key, obtains encryption data;It is additionally operable to that each be-encrypted data will be received
When the system time that gets be added to behind the encryption data, and all encryption datas are write into virtual machine
In image file.
A kind of decryption method of virtual machine image file, comprises the following steps:
S1, to virtual machine image file, the one-to-one corresponding set up between the system time of each data and AES is closed
System, forms AES combination;
S2, receives each encryption data, and obtain the system time when encryption data is encrypted;
S3, in the AES combination, system time when being encrypted according to the encryption data is retrieved, and is obtained
The corresponding AES of each encryption data;
S4, obtains the corresponding decipherment algorithm of the AES;
S5, is decrypted to the encryption data using the decipherment algorithm and key, obtains ciphertext data.
Preferably, the system time in step S1 and S2 is accurate to microsecond.
Specifically, in step S1, the one-to-one corresponding between the system time and AES for setting up each data is closed
System, specifically, by the system time of each data divided by the AES species, the remainder for obtaining with it is described plus
One-to-one relationship is set up between close algorithm;It is described in the AES combination in step S3, obtained according in step 2
To system time retrieved, specifically, the encryption data encryption when system time divided by the AES kind
Class, obtains remainder, by the use of the obtained remainder as key, is retrieved in the AES combination.
Preferably, in step S5, the key is using MD5 values.
A kind of decryption system of virtual machine image file, including:
Decision-making module:For to virtual machine image file, set up each encryption data system time and AES it
Between one-to-one relationship, formed AES combination;It is additionally operable in the AES combination, according to the encryption data
System time during encryption is retrieved, and obtains the corresponding AES of each described encryption data;
Deciphering module:For receiving each encryption data, and obtain the system time when encryption data is encrypted;Also use
In the corresponding decipherment algorithm of the acquisition AES;It is additionally operable to enter the encryption data using the decipherment algorithm and key
Row decryption, obtains ciphertext data.
The beneficial effects of the invention are as follows:By will be set up between AES and the system time of each data in the present invention
One-to-one relationship, forms complicated AES combination, and using the complicated AES combination to virtual machine image text
Part is encrypted and decrypted.Even if so that hacker has got image file and key, if adding for the complexity can not be obtained
Close algorithm combination, cannot also be decrypted to virtual machine image file, so as to ensure that the safety of image file.
Embodiment
In order to make the purpose , technical scheme and advantage of the present invention be clearer, below in conjunction with accompanying drawing, the present invention is entered
Row is further described.It should be appreciated that specific embodiment described herein is only used to explain the present invention, it is not used to
Limit the present invention.
As shown in figure 1, the embodiments of the invention provide a kind of encryption method of virtual machine image file, including following step
Suddenly:
S1, to virtual machine image file, the one-to-one corresponding set up between the system time and AES of each data is closed
System, forms AES combination;
S2, receives each be-encrypted data, and obtain corresponding system time;
S3, in the AES combination, is retrieved according to the system time got in step 2, obtains each
The corresponding AES of the be-encrypted data;
S4, is encrypted using the AES and key to the be-encrypted data, obtains encryption data;
S5, the system time got in step 2 is added to behind the encryption data, and will be all described in plus
Ciphertext data is write in virtual machine image file.
In the prior art, when all data in virtual machine image file being encrypted, general multiple data can be adopted
Identical algorithm is used, because the AES of data is very limited, after hacker obtains the key of encryption data, it is easy to will
The image file encrypted by identical algorithms is decrypted, and so as to get the data in image file, so, has resulted in virtual machine
The potential safety hazard of image file.In the embodiment of the present invention, in order to multiple data use single calculation in solving virtual machine image file
Easily being decrypted for method encryption, causes the unsafe problem of image file there is provided a kind of encryption method, by AES and often
One-to-one relationship is set up between the system time of individual data, AES combination, in the AES combination, one is formed
System time one AES of correspondence of data, due to there are multiple data in each image file, each data has right
The system time answered, each system time one AES of correspondence, so in same image file, just having used multiple
AES is encrypted to it, and AES combination can periodically be changed with flexible and changeable.So each mirror image text
The corresponding AES combination of part may be differed also, such that it is able to realize that carrying out multiple encryption algorithms to image file adds
It is close, and be more than using single algorithm, so, after hacker obtains image file and key, just it is not easy to by adding
The image file of close algorithm combination encryption is decrypted, and so as to get the data in image file, so, ensures that mirror image
The safety of file.
Wherein, the system time in step S1 and S2 is accurate to microsecond.So, the quantity of system time can be more
Many, the AES combination of formation can be more complicated, and the encryption data for obtaining can more be difficult to decrypt.
In the embodiment of the present invention, in step S1, it is described set up between the system time of each data and AES one
One corresponding relation, specifically, by the species of the system time of each data divided by the AES, obtained remainder
One-to-one relationship is set up between the AES;It is described in the AES combination in step S3, according to step
The system time got in 2 is retrieved, specifically, the system time got in described rapid 2 is divided by the AES
Species, obtain remainder, by the use of the remainder for obtaining as key, in the AES combination retrieve.Using according to one
System time after fixed rule process can be quickly found used in the data of the system time as retrieval key
AES, so that the encryption to data is quickly realized, when system time is continually changing, it is determined which kind of AES used
Speed the processing speed of data encryption will be played an important role, and then influence system operational efficiency.Such as this area
Technical staff it should be understood that can also be processed system time using other rules, during using system after treatment
Between as retrieval key.
In the embodiment of the present invention, the key uses MD5 values.Key is set to be not easy to be cracked.
As shown in Fig. 2 another embodiment of the present invention provides a kind of encryption system of virtual machine image file, including:
Decision-making module:For to virtual machine image file, setting up between the system time and AES of each data
One-to-one relationship, forms AES combination;It is additionally operable in the AES combination, receives each according to encrypting module
The system time got during be-encrypted data is retrieved, and obtains the corresponding AES of each be-encrypted data;
Encrypting module:For receiving each be-encrypted data, and obtain corresponding system time;It is additionally operable to add using described
Close algorithm and key are encrypted to the be-encrypted data, obtain encryption data;It is additionally operable to that each be-encrypted data will be received
When the system time that gets be added to behind the encryption data, and all of encryption data is write into virtual machine
In image file.
The encryption system of the virtual machine image file provided in the embodiment of the present invention, for realizing the above embodiment of the present invention
The encryption method of the virtual machine image file of offer.
It implements process:Encrypting module receives the data from virtual machine image file, and obtains each data
Corresponding system time;Inquire about which kind of AES data encryption uses in decision-making module as key by the use of system time;Certainly
The corresponding AESs of key are fed back to encrypting module by plan module, after encrypting module gets AES, using key to this
Data are encrypted, and obtain encryption data, and system time when receiving be-encrypted data is added to behind encryption data, and
In write-in virtual machine image file.After being encrypted to all data in virtual image file, just complete to image file
Encryption.
As shown in figure 3, the embodiments of the invention provide a kind of decryption method of virtual machine image file, including following step
Suddenly:
S1, to virtual machine image file, the one-to-one corresponding set up between the system time of each data and AES is closed
System, forms AES combination;
S2, receives each encryption data, and obtain system time when encryption data is encrypted;
S3, in the AES combination, system time when being encrypted according to the encryption data is retrieved, and is obtained
The corresponding AES of each encryption data;
S4, obtains the corresponding decipherment algorithm of the AES;
S5, is decrypted using the decipherment algorithm and key to the encryption data, obtains ciphertext data.
The decryption method of virtual machine image file provided in an embodiment of the present invention corresponds to the void provided in above-described embodiment
The encryption method of plan machine image file, the encryption data to being obtained using the encryption method in above-described embodiment realizes decryption.
Wherein, the system time in step S1 and S2 is accurate to microsecond.
In step S1, the one-to-one relationship between the system time and AES for setting up each data, specifically
For, by the system time of each data divided by the AES species, the remainder for obtaining and the AES it
Between set up one-to-one relationship;It is described in the AES combination in step S3, according to the system got in step 2
Time is retrieved, specifically, the system time when encryption data is encrypted obtains remaining divided by the species of the AES
Number, by the use of the remainder for obtaining as key, retrieves in the AES combination.
In step S5, the key is using MD5 values.
As shown in figure 4, in one embodiment of the invention there is provided a kind of decryption system of virtual machine image file,
Including:
Decision-making module:For to virtual machine image file, setting up between the system time of each data and AES
One-to-one relationship, forms AES combination;It is additionally operable in the AES combination, is encrypted according to the encryption data
When system time retrieved, obtain the corresponding AES of each encryption data;
Deciphering module:For receiving each encryption data, and obtain system time when encryption data is encrypted;It is additionally operable to
Obtain the corresponding decipherment algorithm of the AES;It is additionally operable to carry out the encryption data using the decipherment algorithm and key
Decryption, obtains ciphertext data.
The decryption system of the virtual machine image file provided in the embodiment of the present invention, for realizing the above embodiment of the present invention
The decryption method of the virtual machine image file of offer.
It implements process:Deciphering module receives the encryption data from virtual machine image file, and obtains each
The corresponding system time of encryption data;Inquire about when encryption data is encrypted and use in decision-making module by the use of system time as key
AES;The corresponding AESs of key are fed back to deciphering module by decision-making module, and deciphering module gets AES
Afterwards, encryption data is decrypted using key and AES corresponding decipherment algorithm, obtains ciphertext data.To virtual image
After all encryption datas in file are decrypted, the decryption to image file is just completed.
By using above-mentioned technical proposal disclosed by the invention, following beneficial effect has been obtained:In the embodiment of the present invention,
One-to-one relationship will be set up between AES and the system time of each data, AES combination is formed, in the encryption
In algorithm combination, system time one AES of correspondence of a data, due to there are multiple data in each image file,
Each data have corresponding system time, one AES of each system time correspondence, so in same image file
In, just use multiple AESs to be encrypted it, and AES combination can periodically be carried out more with flexible and changeable
Change.So the corresponding AES combination of each image file may be differed also, such that it is able to realize carrying out image file
The encryption of multiple encryption algorithms, and be more than using single algorithm, so, after hacker obtains image file and key,
Just it is not easy to be decrypted the image file by being encrypted in algorithm combination, so as to get the data in image file, this
Sample, ensures that the safety of image file.
Each embodiment in this specification is described by the way of progressive, what each embodiment was stressed be with
The difference of other embodiment, between each embodiment identical similar part mutually referring to.
Those skilled in the art should be understood that the sequential of the method and step that above-described embodiment is provided can be entered according to actual conditions
Row accommodation, is concurrently carried out also dependent on actual conditions.
All or part of step in the method that above-described embodiment is related to can be instructed by program correlation hardware come
Complete, described program can be stored in the storage medium that computer equipment can be read, for performing the various embodiments described above side
All or part of step described in method.The computer equipment, for example:Personal computer, server, the network equipment, intelligent sliding
Dynamic terminal, intelligent home device, wearable intelligent equipment, vehicle intelligent equipment etc.;Described storage medium, for example:RAM、
ROM, magnetic disc, tape, CD, flash memory, USB flash disk, mobile hard disk, storage card, memory stick, webserver storage, network cloud storage
Deng.
Finally, in addition it is also necessary to explanation, herein, such as first and second or the like relational terms be used merely to by
One entity or operation make a distinction with another entity or operation, and not necessarily require or imply these entities or operation
Between there is any this actual relation or order.And, term " including ", "comprising" or its any other variant meaning
Covering including for nonexcludability, so that process, method, commodity or equipment including a series of key elements not only include that
A little key elements, but also other key elements including being not expressly set out, or also include be this process, method, commodity or
The intrinsic key element of equipment.In the absence of more restrictions, the key element limited by sentence "including a ...", does not arrange
Except also there is other identical element in the process including the key element, method, commodity or equipment.
The above is only the preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art
For member, under the premise without departing from the principles of the invention, some improvements and modifications can also be made, these improvements and modifications also should
Depending on protection scope of the present invention.