CN105227312A - Intelligent code key password authentification extracting method - Google Patents
Intelligent code key password authentification extracting method Download PDFInfo
- Publication number
- CN105227312A CN105227312A CN201410315542.8A CN201410315542A CN105227312A CN 105227312 A CN105227312 A CN 105227312A CN 201410315542 A CN201410315542 A CN 201410315542A CN 105227312 A CN105227312 A CN 105227312A
- Authority
- CN
- China
- Prior art keywords
- key
- keyblob
- intelligent code
- code key
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
What the present invention relates to is a kind of extraction and verification method of encrypted message of intelligent code key.The key information of intelligent code key exports in KEYBLOB data block by the present invention, afterwards by obtaining the cleartext information of key to the deblocking of KEYBLOB data block.According to the key obtained, verification of correctness can be carried out to the algorithm of intelligent code key.The compliance that this invention can be applied to intelligent code key detects, and has certain using value for the production firm of intelligent code key and Product checking department.
Description
Technical field
The invention provides a kind of extraction and verification method of intelligent code key USBKey encrypted message, encrypted message here refers to the session key information be stored in intelligent code key, instead of the PIN code that user inputs usually.Utilize the present invention can detect the correctness of algorithm of intelligent code key.The invention belongs to information security field.
Background technology
Intelligent code key, as one of the instrument of authenticating user identification, is having a very wide range of applications at present.At some in particular cases, such as to intelligent code key carry out compliance detect time, need read the key information stored in intelligent code key and obtain whole clear datas, with work such as the checkings after carrying out.Microsoft formulate CryptoAPI be the interface standard that intelligent code key is managed more common at present, based on CryptoAPI interface standard and intelligent code key, various secure authentication technology and system can be realized.
Through finding the data-searching of prior art, CryptoAPI does not provide the method directly derived the plaintext of the key information that intelligent code key stores.Only in the help and support website of Microsoft (http://support.microsoft.com/kb/228786/en-us), a kind of method based on the session key information importing and exporting of " index 1 " key is provided.Although this method can carry out derivation and the importing of key, complicated operation, the session key information producing " index 1 " double secret key intelligent code key is dexterously needed to be encrypted or to decipher.This can affect the performance of detection system to a great extent, and when generating " index 1 " key, generally need the PIN code inputting intelligent key key just can obtain corresponding authority, this is the restrictive condition suffered by said method.
Summary of the invention
The present invention is directed to the deficiencies in the prior art, provide a kind of intelligent code key key information based on CryptoAPI interface extract and verify the method for intelligent code key cryptographic algorithm correctness.This method, when reading session key information, does not need input PIN code to extract.Therefore the restrictive condition of this method is less, also can extract session key information when not knowing PIN code.
The present invention is achieved through the following technical solutions, first the present invention obtains the KEYBLOB blocks of files information of key by the CryptExportKey method of CryptoAPI, secondly corresponding data processing is carried out to KEYBLOB blocks of files information, finally obtain the cleartext information of key.After obtaining the cleartext information of key, other Encryption Tool is utilized to carry out correctness test to the algorithm of intelligent code key.Because common session key information can directly derive in PLAINTEXTKEYBLOB mode, in this manner, do not need to produce other double secret key session key information and carry out extra cryptographic operation, therefore can not produce the operation of input PIN code yet.Thus simplify the process extracting key information.
The present invention includes following steps:
Step one, obtains intelligent code key key handles, and key handles obtains by CryptGenKey or CryptGetUserKey method, and session key handle stores with HCryptKey type in CryptoAPI.
Step 2: utilize CryptExportKey method to derive the KEYBLOB blocks of files of the session key that intelligent code key stores.KEYBLOB blocks of files is the packet after encapsulating key data, according to the type of key and the setting of deriving method parameter, there is polytype KEYBLOB blocks of files.If adopt ciphertext mode to derive, then need the key of specifying encryption key data.
Step 3: according to the type of KEYBLOB blocks of files, deblocking KEYBLOB block header information, deciphering KEYBLOB data message, obtains the cleartext information of key.If the type of KEYBLOB blocks of files is PLAIBTEXTKEYBLOB, so data message is without the need to being decrypted, and what obtain after removing header information is exactly key plain information; If KEYBLOB blocks of files is other types, as SIMPLEBLOB, so after removal header information, also need decrypt data, the key of deciphering comes from step 2 the key used when deriving KEYBLOB.
Step 4: first three step has completed the extraction of key information, the cryptographic algorithm of this step to intelligent code key is verified.Use intelligent code key to be expressly encrypted appointment, utilize other Encryption Tool to be encrypted identical plaintext, the result obtained after comparing encryption simultaneously.
The method of the invention is extracted by analyzing the key information of KEYBLOB block data structure to intelligent code key and verifies, for common session key, achieves the extraction just carrying out key information when not inputting PIN code.Achieve the system to intelligent code key cryptographic algorithm verifying correctness on this basis.
Accompanying drawing explanation
Fig. 1: intelligent code key code extraction and checking flow chart.
Fig. 2: PLAINTEXTKEYBLOB data deblocking flow process.
Fig. 3: SIMPLEBLOB data deblocking flow process.
Embodiment
Below in conjunction with accompanying drawing, embodiments of the invention are elaborated.Intelligent code key of the present invention extracts the method for encrypted message, utilize CryptoAPI interface that encrypted message is exported to KEYBLOB data, again KEYBLOB data deblocking is obtained to the cleartext information of key in intelligent code key, and realize the checking to cryptographic algorithm on this basis.
The present embodiment with structure key intelligent code key compliance detection system for target, and disclosed in supposing that the cryptographic algorithm that detects is.
With reference to shown in Fig. 1, intelligent code key code extraction and checking as follows:
The first step, after intelligent code key inserts detection system, obtains key handles.In this step, first need to utilize CryptAcquireContext method to obtain CSP(CryptographicServiceProvider, Cryptographic Service Provider) container, CSP, usually used as the driving of intelligent code key, is the realization of intelligent code key production firm to CryptoAPI interface.Afterwards, CryptGenKey or CryptGetUserKey method is used to obtain the key handles needing extraction.In the compliance detection system of intelligent code key, do not need to extract the key in the digital certificate in intelligent code key, only need to use CryptGenKey to produce interim session key.In the process producing session key, need the parameter of specifying key, comprise the second parameter of the ID(CryptGenKey of key algorithm) and whether support to derive (the 3rd parameter of CryptGenKey).The present invention needs to derive key, and therefore the 3rd parameter must be set to CRYPT_EXPORTABLE.The key handles that this step obtains stores with HCRYPTKEY form.
Second step, derives the KEYBLOB blocks of files of the session key that intelligent code key stores.In this step, need to call CryptExportKey method for twice and derive session key in KEYBLOB blocks of files.Wherein, first time calls the length that the method can obtain the KEYBLOB data block derived.Afterwards, according to the length obtained to internal memory application space, second time calls the method, then all exported in specified memory space by session key.It should be noted that, as the intelligent code key compliance detection system of checking conversation key safety, not needing the session key to deriving to be encrypted protection.Therefore, can be set to PLAINTEXTKEYBLOB to the KEYBLOB type parameter in CryptExportKey, processing procedure so below can be very simple.In other cases, KEYBLOB may be set to SIMPLEBLOB, now key data encrypted after export again, encryption key can produce with CryptGenKey, but it should be noted that, type of encryption key is now necessary for AT_KEYEXCHANGE, and generation exchange key generally needs input PIN code to obtain.
3rd step, deblocking KEYBLOB block header information, deciphering KEYBLOB data message, obtains the cleartext information of key.In this step, according to the type of KEYBLOB, corresponding process can be different.For the data block of PLAINTEXTKEYBLOB type, handling process as shown in Figure 2, directly removes front 12 bytes of data block, and what obtain is exactly the cleartext information of key; For the data block of SIMPLEBLOB type, as shown in Figure 3, equally also be need first to remove head 12 bytes, but SIMPLEBLOB data block is encrypted key, so also need to call CryptDecrypt method, use the exchange double secret key decrypt data in second step, finally obtain key data.
4th step, verifies the cryptographic algorithm of intelligent code key.In this step, need to utilize existing Encryption Tool, as online encrypting web program, the checking of secondary encryption algorithm.First, use intelligent code key to be encrypted fixing plaintext, encryption key parameters uses the key handles obtained in first step.Secondly, utilize ready-made Encryption Tool, the key data using the 3rd step to obtain is encrypted fixing plaintext.The encrypted result that both produce is contrasted, thus the correctness result of checking intelligent code key cryptographic algorithm.Here it is noted that two kinds of cipher modes must be consistent with encryption mode to the fill method of clear data.CryptoAPI acquiescence adopts PKCS(ThePublic-KeyCryptographyStandards) filling mode and ECB encryption mode.
Claims (3)
1. intelligent code key code extraction and verification method, is characterized in that comprising the steps:
Step one, obtains intelligent code key key handles;
Step 2, derives the KEYBLOB blocks of files of the session key that intelligent code key stores;
Step 3, according to the type of KEYBLOB blocks of files, deblocking KEYBLOB block header information, deciphering KEYBLOB data message, obtains the cleartext information of key;
Step 4, uses intelligent code key to be expressly encrypted appointment, utilizes other Encryption Tool simultaneously, uses the identical plaintext of the double secret key in step 3 to be encrypted, the result obtained after comparing encryption.
2. intelligent code key code extraction as claimed in claim 1 and verification method, it is characterized in that, the session key KEYBLOB derived can be PLAINTEXTKEYBLOB or SIMPLEBLOB type, and the former does not need to specify exchange key, and the latter must specify exchange key; Exchange key to be produced at random by CSP.
3. intelligent code key code extraction as claimed in claim 2 and verification method, is characterized in that, in KEYBLOB data block deblocking process, first removes 12 head byte datas; For PLAINTEXTKEYBLOB, directly obtain key data; For SIMPLEBLOB, the KEYBLOB decrypt data exchanging double secret key removal head is used to obtain key data.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410315542.8A CN105227312A (en) | 2014-07-04 | 2014-07-04 | Intelligent code key password authentification extracting method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410315542.8A CN105227312A (en) | 2014-07-04 | 2014-07-04 | Intelligent code key password authentification extracting method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN105227312A true CN105227312A (en) | 2016-01-06 |
Family
ID=54996032
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410315542.8A Pending CN105227312A (en) | 2014-07-04 | 2014-07-04 | Intelligent code key password authentification extracting method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105227312A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109800579A (en) * | 2018-12-25 | 2019-05-24 | 苏州科达科技股份有限公司 | A kind of integrity checking method of software, device and electronic equipment |
CN115208554A (en) * | 2022-09-13 | 2022-10-18 | 三未信安科技股份有限公司 | Management method and system for key self-checking, self-correcting and self-recovering |
CN116010285A (en) * | 2023-02-27 | 2023-04-25 | 北京安盟信息技术股份有限公司 | SDK automatic test method, system, medium and equipment for cloud password service product |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101296045A (en) * | 2008-06-02 | 2008-10-29 | 中兴通讯股份有限公司 | Effective service data extraction method and device |
CN103457742A (en) * | 2013-09-18 | 2013-12-18 | 浪潮电子信息产业股份有限公司 | Security suite library system based on USB KEY |
-
2014
- 2014-07-04 CN CN201410315542.8A patent/CN105227312A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101296045A (en) * | 2008-06-02 | 2008-10-29 | 中兴通讯股份有限公司 | Effective service data extraction method and device |
CN103457742A (en) * | 2013-09-18 | 2013-12-18 | 浪潮电子信息产业股份有限公司 | Security suite library system based on USB KEY |
Non-Patent Citations (1)
Title |
---|
汪圣莅: "智能密码钥匙合规性检测系统的实现", 《信息安全与通信保密》 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109800579A (en) * | 2018-12-25 | 2019-05-24 | 苏州科达科技股份有限公司 | A kind of integrity checking method of software, device and electronic equipment |
CN109800579B (en) * | 2018-12-25 | 2020-12-25 | 苏州科达科技股份有限公司 | Software integrity checking method and device and electronic equipment |
CN115208554A (en) * | 2022-09-13 | 2022-10-18 | 三未信安科技股份有限公司 | Management method and system for key self-checking, self-correcting and self-recovering |
CN116010285A (en) * | 2023-02-27 | 2023-04-25 | 北京安盟信息技术股份有限公司 | SDK automatic test method, system, medium and equipment for cloud password service product |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103714634B (en) | A kind of method of main key of secure download terminal and system | |
CN108377190B (en) | Authentication equipment and working method thereof | |
CN110401615B (en) | Identity authentication method, device, equipment, system and readable storage medium | |
CN111147225A (en) | Credible measurement and control network authentication method based on double secret values and chaotic encryption | |
CN107248075B (en) | Method and device for realizing bidirectional authentication and transaction of intelligent key equipment | |
CN103546289B (en) | USB (universal serial bus) Key based secure data transmission method and system | |
CN106452764B (en) | Method for automatically updating identification private key and password system | |
US10547451B2 (en) | Method and device for authentication | |
CN108323230B (en) | Method for transmitting key, receiving terminal and distributing terminal | |
CN106850207B (en) | Identity identifying method and system without CA | |
CN111614621B (en) | Internet of things communication method and system | |
CN110868287A (en) | Authentication encryption ciphertext coding method, system, device and storage medium | |
CN108809936B (en) | Intelligent mobile terminal identity verification method based on hybrid encryption algorithm and implementation system thereof | |
CN104322003A (en) | Cryptographic authentication and identification method using real-time encryption | |
CN103560892A (en) | Secret key generation method and secret key generation device | |
CN105281910A (en) | Internet of things lock with CA digital certificate serving as network access identity identifier and network access identity identification method | |
CN104268447A (en) | Encryption method of embedded software | |
CN102739403A (en) | Identity authentication method and device for dynamic token | |
CN114692218A (en) | Electronic signature method, equipment and system for individual user | |
CN111435390A (en) | Safety protection method for operation and maintenance tool of power distribution terminal | |
CN107528689A (en) | A kind of password amending method based on Ukey | |
CN111865579B (en) | SM2 algorithm transformation-based data encryption and decryption method and device | |
CN105142134A (en) | Parameter obtaining and transmission methods/devices | |
CN102624710A (en) | Sensitive information transmission method and sensitive information transmission system | |
CN109922022A (en) | Internet of Things communication means, platform, terminal and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20160106 |