The content of the invention
In order to solve the above problems, the invention provides a kind of FAT32 file system datas encryption protecting method, and it is wrapped
Include:Preamble reception step, FAT32 file system data information, institute are intercepted and captured before FAT32 file system is stored in storage medium
Stating FAT32 file system datas information includes FAT table, DBR areas and data numeric field data;Address date analyzing step, described in reception
The FAT32 file system datas information that preamble reception step is sent, and parsed with by the data field region and FAT
Table, DBR are distinguished and left;The data encryption step of symmetry algorithm, use symmetry algorithm to be encrypted the data numeric field data with
Encryption data is obtained, to obtain the data encrypted are not done without encrypting to FAT table and DBR areas, wherein, encryption key and decryption
Key is identical and unique, and the step is carried out when CPU writes the file of FAT32 forms to the storage medium;Data forwarding walks
Suddenly, the encryption data that the data encryption step through the symmetry algorithm is obtained and the data encrypted are not done forwarded.
According to FAT32 file system datas encryption protecting method as described above, it is preferable that in the data encryption of symmetry algorithm
Before step, the FAT32 file system datas encryption method also includes:The enabled step of encryption, notifies the symmetry algorithm
Whether the currently processed data of data encryption step are encrypted.
According to FAT32 file system datas encryption protecting method as described above, it is preferable that the FAT32 file system number
Also include according to encryption protecting method:The data decryption step of symmetry algorithm, the data encryption step through the symmetry algorithm is obtained
To encryption data be decrypted, the step CPU from the storage medium read FAT32 forms file when carry out.
According to FAT32 file system datas encryption protecting method as described above, it is preferable that in the data deciphering of symmetry algorithm
Before step, the FAT32 file system datas encryption protecting method also includes:The enabled step of decryption, notify the symmetrical calculation
Whether the data that the data decryption step of method is currently processed are decrypted.
According to FAT32 file system datas encryption protecting method as described above, it is preferable that by through the symmetry algorithm
When the encryption data and clear data that data encryption step obtains are stored, for storing the plaintext of the clear data
Storage region and the storage index in the cipher text storage area domain for storing the encryption data are a public index.
The beneficial effect that technical scheme provided in an embodiment of the present invention is brought is:
Feature division is not encrypted for subregion in the present invention.Change traditional first agreement encrypted partition, after used
Mode.By the way of whether real-time man-machine interface mark needs to encrypt.Parsed for this to FTA32 file system
When, it is different from traditional approach encrypted partition internal data and all encrypts, including (data numeric field data, FAT table data);This method is only
Encrypted data fields partial data (FAT table data are not encrypted).Because file system is in actual use, file index is by FAT table
Carry out, and all (index and ciphertext index in plain text) is a public index to the file inside this subregion, cleartext-ciphertext is unified
Encryption and decryption index management is carried out by same FAT table, shares its global storage space, you can realize plaintext region and ciphertext region
Dynamic size distribution, so as to reducing to the full extent because cleartext-ciphertext is stored separately the wasted storage brought, have higher
Practical value.
Embodiment
The present invention is described in further details with reference to the accompanying drawings and detailed description.
Referring to Fig. 1-Fig. 3, the embodiments of the invention provide a kind of FAT32 file system datas encryption protecting method, and it is wrapped
Include following steps:
Preamble reception step, FAT32 file system datas letter is intercepted and captured before FAT32 file system is stored in storage medium
Breath, FAT32 file system datas information include FAT table, DBR areas and data numeric field data;
Address date analyzing step, the FAT32 file system data information that preamble reception step is sent is received, and solved
Analyse to distinguish and leave data field region and FAT table, DBR;
Specifically, address date analyzing step parsing data method need analysis judgment to go out, data field partial data and
Non-data domain partial data, so as to define the data of part FAT32 file system whether be encryption actually active part.And
Be not by subregion is different or hidden partition form judge the partial data whether be encryption actually active part.I.e. originally
Method encrypted data fields part in file system, and it is different from the form that other modes data field is encrypted together with FAT table.
The data encryption step of symmetry algorithm, symmetry algorithm is used to be encrypted data numeric field data to obtain encryption number
According to, to obtain the data encrypted are not done without encrypting to FAT table and DBR areas, wherein, encryption key it is identical with decruption key and
Uniquely, the step is carried out when CPU writes the file of FAT32 forms to storage medium;
Data forwarding step, the encryption data that the data encryption step through symmetry algorithm is obtained and does not do the data encrypted
Forwarded.
Specifically, data forwarding step includes:
When the encryption data and clear data for obtaining the data encryption step through symmetry algorithm are stored, it is used for
Store the storage index (FAT table) in the stored in clear region and the cipher text storage area domain for storing encryption data of clear data
For a public index (FAT table).The file index in stored in clear region and cipher text storage area domain is not individually divided into two
Individual or multiple independent indexes (FAT table)
For the ease of the use of user, that is, meet the needs of personalized, before the data encryption step of symmetry algorithm,
FAT32 file system data encryption methods also include:The enabled step of encryption, notifies the data encryption step of symmetry algorithm currently to locate
Whether the data of reason are encrypted.In practice, the pattern of human intervention can be used to cause the step to perform or abandon.
FAT32 file system data encryption protecting methods also include:
The data decryption step of symmetry algorithm, the encryption data obtained to the data encryption step through symmetry algorithm solve
Close, the step is carried out when CPU reads the file of FAT32 forms from storage medium.
Before the data decryption step of symmetry algorithm, FAT32 file system data encryption protecting methods also include:Decryption
Enabled step, notifies whether the currently processed data of the data decryption step of symmetry algorithm are decrypted.
It should be noted that:Above-mentioned encrypting/decrypting method is applied to bridge joint in any type of operating system and FAT32 texts
Between part system.Characterized in that, when operating system (OS) writes FAT32 file system datas, realized and added by this method
Close service.When operating system reads data from FAT32 file system, decryption service is realized by this method.
The embodiments of the invention provide a kind of FAT32 file system datas encipherment protection device, it includes preamble reception mould
Block, address date parsing module, the number FAT32 file system data encipherment protection devices of symmetry algorithm are according to encrypting module and data
Forwarding module.
Preamble reception device:For a kind of data processing module, its module application position is operating system (OS) and file system
Between the medium (CD, hard disk, FLASH storage mediums) of (FS) data storage of uniting.Its physical manifestation is hardware or soft
Part.Its function is that all files system data information is intercepted and captured before FAT32 file system is stored in storage medium, including FAT
Table, DBR areas, data field etc..The data message that the module is intercepted and captured is forwarded to address date parsing module.
Address date parsing module:For a kind of data resolution module, its module application position is after preposition receiving device.
Receive preamble reception apparatus module and change the whole FAT32 file system datas come, and parsed.The module is by number of files
Separated according to numeric field data and FAT32 chained lists, DBR areas etc., and the data division for needing to decrypt is forwarded to the data of symmetry algorithm
Encrypting module;
The data encryption module of symmetry algorithm:One kind data is encrypted/deciphering module by symmetry algorithm.It is applied
Position is after address date parsing module.For to forwarding the data message come to be encrypted and decrypted.Encryption key and solution
Key is identical and unique.Its encryption behavior refers to be carried out when writing the file of FAT32 forms from CPU to storage medium.It is solved
Space-in is carried out to refer to when reading the file of FAT32 forms from storage medium from CPU.The module only adds to data numeric field data
It is close, for FAT table, DBR regional documents without encryption.The module can enable module by encryption/transparent transmission and be controlled, and open
Open and close encrypting and decrypting function;
Data forwarding module:A kind of data forwarding module, its forward data received including preamble reception device after not
The data encrypted, including FAT table, DBR areas are done, and claims the data after data encryption module encryption/decryption of algorithm;
FAT32 file system data encipherment protection devices also include:Encryption/transparent transmission enables module:One kind is used to notify to claim
The data encryption module of algorithm is currently needed for the module whether data of processing are encrypted/decrypt.Its advice method can lead to
With hardware or software.The module reserves man-machine interface and is used for whether the module by the pattern notification of human intervention to start encryption
Function;It can be realized the module in a manner of man-machine interaction, open or forbid encryption/decryption functionality.The feature of its module
Show as a kind of physical equipment of hardware or a kind of software program.
During practical application, since 0 sector for boot sector, DBR areas (DOS BOOT RECORD) is that operating system is drawn
Lead the meaning of recording areas, generally take up the 0th sector of subregion totally 512 bytes (special circumstances will also take other reserve sectors,
We first say the 0th fan).In this 512 bytes, it is that manufacturer indicates and operating system version number again by jump instruction in fact,
BPB (BIOS Parameter Block), extend BPB, OS bootstrap, a few part compositions of end mark.DBR phases in FAT32
It is as follows to close implication:
FAT1, FAT2, it is two chained lists, have recorded whether corresponding cluster has taken ground with next cluster respectively
Location.It can be discussed in detail below.
Root directory table have recorded the related data of file of storage, including filename, file size, starting cluster, during establishment
Between etc. information.Want to realize the encryption storage to encryption data, it is necessary to information above is realized and filtered, and passes through this method pair
Information above does not do encryption and decryption processing, operating system is correctly identified, file format in storage medium, and cluster uses feelings
Condition.Because the starting cluster of information above in media as well can be according to the different and variant of amount of capacity, it is necessary to according to actual conditions
Calculate specific address.
DBR
Storage location is fixed as 512 bytes in the 0th sector to DBR in media as well, DBR reserve sectors defined in DBR
Size, so DBR=Reserved sector
FAT1 FAT2
FAT32 relevant information defined in DBR.
FAT=sector per FAT*numbers of FATS
Root directory table
4k catalogue list files can be created after formatting after immediately following FAT table, catalogue listing as a kind of special in FAT32
File, its store mode by generic-document store in the way of carry out.
That is the starting 4k files of root are stored in immediately following the position after FAT table, and when catalogue listing is not enough, meeting
Inquiry FAT table continues to preserve file directory in other places.Therefore, the position of catalogue listing and do not know, it is desirable to preserve all
Catalogue listing FAT table must be traveled through, and the position that FAT table is preserved preserves, in data communication phase, to FAT table
Read-write operation does not do encryption and decryption processing.
Pass through filter operation of the stage of communication to DBR+FAT+ roots, you can realize the dynamic encryption to file.
In summary, the embodiment of the present invention has the beneficial effect that:
Feature division is not encrypted for subregion in the present invention.Change traditional first agreement encrypted partition, after used
Mode.By the way of whether real-time man-machine interface mark needs to encrypt.Parsed for this to FTA32 file system
When, it is different from traditional approach encrypted partition internal data and all encrypts, including (data numeric field data, FAT table data);This method is only
Encrypted data fields partial data (FAT table data are not encrypted).Because file system is in actual use, file index is by FAT table
Carry out, and all (index and ciphertext index in plain text) is a public index to the file inside this subregion, cleartext-ciphertext is unified
Encryption and decryption index management is carried out by same FAT table, shares its global storage space, you can realize plaintext region and ciphertext region
Dynamic size distribution, so as to reducing to the full extent because cleartext-ciphertext is stored separately the wasted storage brought, have higher
Practical value.
Unspecified part of the present invention belongs to general knowledge as well known to those skilled in the art.