Summary of the invention
The main purpose of the present invention is to provide a kind of data ciphering method and devices, it is intended to improve Information Security.
To achieve these objectives, the present invention proposes a kind of data ciphering method, comprising steps of
Default at least two group keys;
One group is chosen from preset key as master key;
Data are encrypted according to the master key and 3DES encryption algorithm.
Preferably, described to choose one group from preset key as master key and include:
A random number is generated, chooses one group from preset key as main close according to the random number and preset algorithm
Key.
Preferably, preset every group key has a call number, the preset algorithm are as follows: N=<(n &0x07) %5>,
Middle N is cipher key index number, and n is random number.
Preferably, described encryption is carried out to data according to the master key and 3DES encryption algorithm to include:
Dispersion factor Kc is generated according to the master key, random number and terminal exclusive identification code;
Data are encrypted using the dispersion factor Kc and 3DES encryption algorithm.
Preferably, described to include: according to the master key, random number and terminal exclusive identification code generation dispersion factor Kc
A, dispersion factor 1 is obtained according to the terminal exclusive identification code, dispersion factor 2 is obtained according to the random number;
B, it regard the dispersion factor 1 as source data, carries out 3des-ecb calculating with the master key, obtain data k1;
C, the result obtained after the dispersion factor 1 being carried out XOR operation is carried out as source data with the master key
3des-ecb is calculated, and obtains data k2;
D, the dispersion factor 1 is replaced using the dispersion factor 2, replaces the master key using k1+k2, repeats step
B and c obtains K1 and K2, defines dispersion factor Kc=k1+k2.
The present invention proposes a kind of data encryption device, including setup module, selection module and encrypting module simultaneously, in which:
Setup module, for default at least two group keys;
Module is chosen, for choosing one group from preset key as master key;
Encrypting module, for being encrypted according to the master key and 3DES encryption algorithm to data.
Preferably, the selection module is used for: a random number is generated, according to the random number and preset algorithm from preset
One group is chosen in key as master key.
Preferably, the setup module is used for: working out a call number for preset every group key;The preset algorithm are as follows: N
=<(n&0x07) %5>, wherein N is cipher key index number, and n is random number.
Preferably, the encrypting module is used for:
Dispersion factor Kc is generated according to the master key, random number and terminal exclusive identification code;
Data are encrypted using the dispersion factor Kc and 3DES encryption algorithm.
Preferably, the encrypting module generates the dispersion factor Kc by following steps:
A, dispersion factor 1 is obtained according to the terminal exclusive identification code, dispersion factor 2 is obtained according to the random number;
B, it regard the dispersion factor 1 as source data, carries out 3des-ecb calculating with the master key, obtain data k1;
C, the result obtained after the dispersion factor 1 being carried out XOR operation is carried out as source data with the master key
3des-ecb is calculated, and obtains data k2;
D, the dispersion factor 1 is replaced using the dispersion factor 2, replaces the master key using k1+k2, repeats step
B and c obtains K1 and K2, defines the dispersion factor Kc=K1+K2.
A kind of data ciphering method provided by the present invention, by presetting multiple groups key, from multiple groups key when encrypting every time
It is middle to choose one group as master key, so that used key is all not quite similar when encrypting every time, therefore it is not easy to be broken by other people
Solution, improves the safety of data.
Further, dispersion factor Kc (session key) is generated according to master key, recycles dispersion factor Kc as encryption
Data key carries out 3DES encryption, more difficult to be cracked by other people, further improves the safety of data.
Specific embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
Then data ciphering method of the invention chooses one group by presetting at least two group keys from preset key
As master key, finally data are encrypted according to master key and 3DES encryption algorithm, including directly utilize master key logarithm
Dispersion factor Kc is generated according to progress 3DES encryption, or according to master key, recycles dispersion factor Kc to carry out 3DES to data and adds
It is close.It is described in detail below by way of specific embodiment.
Referring to Fig. 1, data ciphering method first embodiment of the invention is proposed, the data ciphering method includes following step
It is rapid:
Step S10: default multiple groups key
Pre-buried multiple groups key or at least two groups key are needed in the present embodiment, in terminal and server, it is more in principle
It is better, the present embodiment preferably pre-buried 5 group key.
Step S11: one group is chosen from multiple groups key as master key
Before encrypting to data, one group of master key as encryption is selected from pre-buried multiple groups key first.?
When selecting master key, it can be randomly selected, can also be selected according to preset rules or preset algorithm.
Step S12: data are encrypted using master key and 3DES encryption algorithm
After having selected master key, then using the master key to data carry out 3DES encryption, specific cipher mode with it is existing
The 3DES encryption of technology is identical, and this will not be repeated here.
According to 3DES encryption principle, before being encrypted to data, it is necessary to assure the integer that data length to be encrypted is 8
Times, if the multiple less than 8, need to be filled the be-encrypted data, mends " 20 " such as behind be-encrypted data, until
Add to 8 integral multiple.Such as, it is assumed that be-encrypted data is one group of 16 binary data: 0x31,0x32,0x33,0x34,
0x35,0x36,0x37,0x38,0x39 }, become after being filled to it: 0x31,0x32,0x33,0x34,0x35,0x36,
0x37,0x38,0x39,0x20,0x20,0x20,0x20,0x20,0x20,0x20}。
The data ciphering method of the present embodiment, due to having preset multiple groups key, used key is not when encryption every time
It is identical to the greatest extent, therefore be not easy to be cracked by other people, improve the safety of data.
Referring to fig. 2, propose that data encryption algorithm second embodiment of the invention, the data encryption algorithm include following step
It is rapid:
Step S20: default multiple groups key
In the present embodiment, each terminal has an exclusive identification code, and pre-buried multiple groups key is needed in terminal and server,
Or at least two groups key, The more the better in principle, the present embodiment preferably pre-buried 5 group key, such as set key group are as follows:
{0xd1,0x21,0xf0,0x1c,0x2d,0xb6,0x30,0xa2,0x33,0x81,0x24,0x9f,0x7b,
0x1e,0x6f,0x62,
0x11,0xA2,0xB1,0x1C,0x2D,0xD6,0x30,0xA2,0x33,0x81,0x24,0x9F,0x7B,
0x1C,0x6A,0x32,
0x21,0x21,0xF0,0x1C,0x2D,0xB6,0x30,0xA2,0x33,0x81,0x54,0x9F,0x7B,
0x11,0x6F,0x66,
0xA1,0x21,0xF0,0x1C,0x2D,0xB6,0x30,0xA2,0x33,0x81,0x24,0x9F,0x7B,
0x1E,0x6B,0x42,
0xB1,0x21,0xF0,0x2C,0x2D,0xB6,0x30,0xA2,0x33,0x81,0x24,0x9F,0x7B,
0x1E,0x6A,0xF3};
Meanwhile the present embodiment is also numbered the key of generation, works out a call number for each key.For example, 5 groups close
Key respectively corresponds call number 1-5.
Step S21: a random number is generated
When needing to encrypt data, a random number is firstly generated.
Step S22: one group is chosen from multiple groups key as master key according to random number and preset algorithm
In the present embodiment, preset algorithm is preferably expression formula N=<(n & 0x07) %5>, and wherein N is cipher key index number, n
For random number.Assuming that random number is 25, then cipher key index N=<(25 & 0x07) %5>=1 can be obtained according to preset algorithm, i.e.,
The key that Selecting Index number is 1 is as master key.
It will be understood by those skilled in the art that the preset algorithm is not limited to this, it can according to need and arbitrarily set
It is fixed.It, then should be with when generating some random number for example, it is also possible to random number is limited to any one in cipher key index number
The corresponding key of machine number is selected as master key, and the random number such as generated is 3, then the key that Selecting Index number is 3.
Step S23: dispersion factor Kc is generated according to master key, random number and terminal exclusive identification code
Step S24: data are encrypted using dispersion factor Kc and 3DES encryption algorithm
The present embodiment generates dispersion factor Kc (session key) according to master key, recycles dispersion factor Kc close as encrypting
Key to data carry out 3DES encryption, therefore it is more difficult cracked by other people, further improve the safety of data.
Wherein, as shown in figure 3, for step S23, dispersion factor Kc can preferably be generated in the following manner:
Step S231: obtaining dispersion factor 1 according to terminal exclusive identification code, obtains dispersion factor 2 according to random number
Wherein, it when terminal exclusive identification code (or terminal number) and random number are less than 8 bytes, need to be filled below
" 20 " supply 8 bytes as dispersion factor 1 and dispersion factor 2.
Assuming that terminal exclusive identification code is 0x0001020304, then dispersion factor 1 is 0x0001020304202020;At random
Number is 0x12345678, then dispersion factor 2 is 0x1234567820202020.
In certain embodiments, dispersion factor 1 can also be obtained according to random number, according to terminal unique identification in turn
Code obtains dispersion factor 2.
Step S232: regarding dispersion factor 1 as source data, carries out 3des-ecb calculating with master key, obtains data k1
For example, it is assumed that dispersion factor 1 be 0x001020304202020, master key 0xd1,0x21,0xf0,0x1c,
0x2d, 0xb6,0x30,0xa2,0x33,0x81,0x24,0x9f, 0x7b, 0x1e, 0x6f, 0x62, dispersion factor and master is close
Key carries out 3des-ecb calculating, obtains data k1=0xb96a353f973a160a.
Step S233: the result obtained after dispersion factor 1 is carried out XOR operation is carried out as source data with master key
3des-ecb is calculated, and obtains data k2
For example, it is assumed that dispersion factor 1 is 0x0001020304, XOR operation ^0xFF is carried out, obtained result is as source number
According to master key 0xd1,0x21,0xf0,0x1c, 0x2d, 0xb6,0x30,0xa2,0x33,0x81,0x24,0x9f, 0x7b,
0x1e, 0x6f, 0x62 carry out 3des-ecb calculating, obtain data k2=0x870ab659763d2d8b.
Step S234: regarding dispersion factor 2 as source data, carries out 3des-ecb calculating with (k1+k2), obtains data K1.
It is 0x2123ad971821f2a4 as obtained K1 in the present embodiment.
Step S235: the result obtained after dispersion factor 2 is carried out XOR operation is carried out as source data with (k1+k2)
3des-ecb is calculated, and obtains data K2.If the K2 in the present embodiment is 0xd52991bea64dd60c.
Step S234 and S235 and step S232 and S233 only need to replace dispersion factor 1 using dispersion factor 2 to similar,
It utilizes (k1+k2) to replace master key, repeats step S232 and S233, details are not described herein.
Step S236: dispersion factor Kc=K1+K2 is obtained
Finally, (K1+K2) is used as dispersion factor Kc, 3DES encryption is carried out to data using dispersion factor Kc.
It will be understood by those skilled in the art that the mode for generating dispersion factor Kc is not limited to this, it can also be other logical
Generating mode.
It is as shown in Figure 4 to the decryption process of aforementioned encryption data, comprising the following steps:
Step S30: random numbers in plain text and terminal exclusive identification code are parsed from encryption data
Step S31: master key is obtained according to random number and preset algorithm
Step S32: dispersion factor Kc is generated according to master key, random number and terminal exclusive identification code
Step S31 and S32 are identical as the step S22 and S23 when encryption respectively, and this will not be repeated here.
Step S33: encryption data is decrypted using dispersion factor Kc
Finally it is decrypted using dispersion factor Kc as key pair encryption data, specific manner of decryption and the prior art
3DES decryption is identical, and this will not be repeated here.If there are extra filling " 20 " in the data after decryption, also need to remove " 20 ".
In the present embodiment, being encrypted to data is terminal, is decrypted data for terminal or server.
Referring to Fig. 5, one embodiment of encryption device of the invention is proposed, the encryption device can be terminal, or answer
Module product for terminal.The encryption device includes setup module, chooses module and encrypting module.
Setup module: for default at least two group keys.
Setup module two or more sets pre-buried keys in the terminal, it is The more the better in principle, preferably pre-buried 5 groups of the present embodiment
Key.Preferably, the key of generation can also be numbered in setup module, work out a call number for each key.For example, 5
Group key respectively corresponds call number 1-5.
Choose module: for choosing one group from preset key as master key.
Before being encrypted to data, have first choose module selected from pre-buried multiple groups key one group as encrypt
Master key.It when selecting master key, can be randomly selected, can also be selected according to preset rules or preset algorithm.
Preferably, it chooses module and firstly generates a random number, then according to random number and preset algorithm from multiple groups key
One group is chosen as master key.The preset algorithm is preferably expression formula N=<(n &0x07) %5>, and wherein N is cipher key index
Number, n is random number.
It will be understood by those skilled in the art that the preset algorithm is not limited to this, it can according to need and arbitrarily set
It is fixed.It, then should be with when generating some random number for example, it is also possible to random number is limited to any one in cipher key index number
The corresponding key of machine number is selected as master key, and the random number such as generated is 3, then the key that Selecting Index number is 3.
Encrypting module: for being encrypted according to master key and 3DES encryption algorithm to data.
In certain embodiments, after having selected master key, encrypting module can directly be carried out data using master key
3DES encryption, specific cipher mode is identical as the 3DES encryption of the prior art, and this will not be repeated here.
According to 3DES encryption principle, before being encrypted to data, it is necessary to assure the integer that data length to be encrypted is 8
Times, if the multiple less than 8, encrypting module if, needs to be filled the be-encrypted data, such as mends behind be-encrypted data
" 20 ", until adding to 8 integral multiple.Such as, it is assumed that be-encrypted data are as follows: 0x31,0x32,0x33,0x34,0x35,
0x36,0x37,0x38,0x39 }, become after being filled to it: 0x31,0x32,0x33,0x34,0x35,0x36,0x37,
0x38,0x39,0x20,0x20,0x20,0x20,0x20,0x20,0x20}。
To, by presetting multiple groups key so that every time encryption when the key that uses all be not quite similar, therefore be not easy by
Other people crack, and improve the safety of data.
In a preferred embodiment, encrypting module according to master key, random number and terminal exclusive identification code generate dispersion because
Sub- Kc recycles dispersion factor Kc to carry out 3DES encryption to data.
Specifically, encrypting module obtains dispersion factor 1 according to terminal exclusive identification code, dispersion factor is obtained according to random number
2;It regard dispersion factor 1 as source data, carries out 3des-ecb calculating with master key, obtain data k1;Dispersion factor 1 is carried out different
Or the result obtained after operation carries out 3des-ecb calculating with master key, obtains data k2 as source data;By dispersion factor 2
As source data, 3des-ecb calculating is carried out with (k1+k2), obtains data K1;It is obtained after dispersion factor 2 is carried out XOR operation
Result as source data, carry out 3des-ecb calculating with (k1+k2), obtain data K2;Finally obtain dispersion factor Kc=K1+
K2。
To which the present embodiment generates dispersion factor Kc (session key) according to master key, recycles dispersion factor Kc conduct
Encryption key to data carry out 3DES encryption, therefore it is more difficult cracked by other people, further improve the safety of data.
It should be understood that data encryption device provided by the above embodiment is in encryption data, only with above-mentioned each function
The division progress of module can according to need and for example, in practical application by above-mentioned function distribution by different function moulds
Block is completed.In addition, data encryption device provided by the above embodiment and data ciphering method embodiment belong to same design, have
Body realizes that process is detailed in embodiment of the method, and the technical characteristic in embodiment of the method is corresponding applicable in Installation practice, this
In repeat no more.
Those of ordinary skill in the art will appreciate that implementing the method for the above embodiments can lead to
Program is crossed to control relevant hardware and complete, the program can be stored in a computer readable storage medium, described
Storage medium can be ROM/RAM, disk, CD etc..
It should be understood that the above is only a preferred embodiment of the present invention, the scope of the patents of the invention cannot be therefore limited,
It is all to utilize equivalent structure or equivalent flow shift made by description of the invention and accompanying drawing content, it is applied directly or indirectly in
Other related technical areas are included within the scope of the present invention.