A kind of intelligent code key with local data encryption function
Technical field
The present invention relates to field of information security technology, specifically a kind of practical, band local data encryption function
Intelligent code key.
Background technology
IT application process is rapidly accelerated, and ecommerce and the fast development of E-Government, also brings various information therewith
Safety problem, the raising of generality, and safety applications functional requirement is used intelligent code key to increase.
Designed now with the USB Key based on various crypto chips, but its functional type is single, and crypto chip does not obtain
Make full use of.For the user of intelligent code key, higher is also often required to its computer local data security, is had local
The demand of data encryption.Common local data is encrypted has speed advantage using software cryptography, but software cryptography mode is harder
Part cipher mode security is poor.And the local data based on external encryption chip is encrypted and non-national secret algorithm is for special occasions
The Password Management policy of our countries is not met, it is also possible to leave stealthy back door hidden danger.Local data encryption need to set password to test
Card process, increase secret grade.
Deficiency and demand for more than, it is proposed that a kind of intelligent code key with local data encryption function.
The content of the invention
The technical assignment of the present invention is to be directed to above weak point, there is provided a kind of practical, band local data encryption work(
The intelligent code key of energy.
A kind of intelligent code key with local data encryption function, including encryption chip, be connected with the encryption chip
Storage chip, power circuit, connecting interface, ancillary equipment;Wherein,
Encryption chip is the microprocessor of an integrated processor, input/output port and memory;
Massive store chip is NAND Flash chips, and the chip has NAND Flash controller, with outside Flash
Local data encryption storage is completed in connection;
Power circuit is connected with main control chip and mass storage respectively, and monitoring provides stabilized power source;
Connecting interface is used to connect local computer computer;
Ancillary equipment, including LED light, the ancillary equipment is connected with encryption chip indicates USB Key working condition.
In the encryption chip, processor is used to produce and using RSA key pair and pair to Large Volume Data encryption and decryption
Claim encryption key pair;Memory includes RAM, EEPROM and NORFLASH, wherein:The NORFLASH of memory includes
EFLASH, DFLASH, ROM portion, wherein EFLASH part storage key are to, certificate and cryptography information, DFLASH parts
Programme-control code is deposited, ROM storages start code.
The cipher key has two kinds of functions:USB Key functions and local data encryption and decryption functions, wherein,
USB Key functions are verified by PIN code, then pass through system specifically, user first uses CA user management instruments
In control read cipher key in certificate and private key information;Cipher key USB Key are stepped on using private key signature encryption user
Record information;Ciphertext after original text, the digital certificate of oneself and signature, which is packaged into message and is sent to certificate server, to be verified;Such as
Fruit checking is all by the way that certificate server is then using client public key decryption ciphertext;Compare message and original text after DecryptDecryption again, it is identical then
Represent that the authentication that user submits passes through;
Local data encryption and decryption functions are that the random number of generation is encryption dispersion factor in KEY, uses SM4 national secret algorithms
Ciphertext will be encrypted in plain text, while using the interior public key encryption random numbers for generating key pair of KEY into digital envelope, by digital envelope
Encrypted result is combined into ciphertext, host computer is uploaded to and is stored in encryption file;Local encryption data is decrypted, reads encryption
The content of file, parses digital envelope and ciphertext respectively, and digital envelope is untied with the private key preserved in Key, uses random number
As decryption factor, the ciphertext DecryptDecryption that will be parsed, you can complete local data decryption.
When above-mentioned cipher key is used to carry out encryption and decryption to the local data on computer, by by the local data on computer
It is transferred to after slave computer and is carried out in slave computer.
Before local data encryption, initialized first, i.e., COS codes are divided into two passages, intelligent code key leads to
Road and local data encrypted tunnel, ciphering process are carried out in local data encrypted tunnel, are then inputted password authentication and are somebody's turn to do
The right to use of local data encrypted tunnel, obtains size and the path of select file, and file size is stored in into file front end,
Ciphering process data are transmitted using 184KB sizes as block, and equipment, which is often wrapped, at most passes 8KB data, is finally delivered to slave computer
And it is encrypted in slave computer.
The ciphering process is:First read the random number of encryption chip hardware generation, by the use of rsa public key encryptions random number as
Digital envelope, encrypted buffer area is stored in, the front end as file;The byte of front end two for receiving data is extracted simultaneously, is sentenced
The size of disconnected file, is then encrypted if greater than 184KB in units of 184KB, is otherwise carried out with actual file size
Encryption;Encryption be the random number for first reading the generation of encryption chip hardware as Crypted password, mould is encrypted by hardware
The plaintext received is encrypted to ciphertext by block with symmetric encipherment algorithm SM4;Data after encryption are also stored in encrypted buffer area,
The back of digital envelope is put into, forms final encryption file, and file store path storage is encrypted according to host computer and uploaded to
Host computer.
The key is to being a pair of the RSA generated inside key by GenRSAKey functions using the corresponding engine of chip
Key pair.
The decrypting process is:Decrypting process is after input password authentication obtains the local data encrypted tunnel right to use, first
The front end content of extraction encryption file is digital envelope, decrypts random number with the RSA private keys in key, judges file size, such as
Fruit is more than 184KB, then is clear crytpographic key by adding to random number otherwise with actual file size in units of 184KB sizes
Close chip decrypts original text with SM4 algorithms, uploads to host computer and decrypts the storage of file store path according to host computer, so as to complete
The hardware enciphering and deciphering process of paired computer local data.
A kind of intelligent code key with local data encryption function of the present invention, has advantages below:
By the decryption function to local data and intelligent code key function forming in same circuit, USB is added
Key application of function and practicality, it is easy to use;Using same encryption main control chip, increase the utilization rate of crypto chip, reduce
Cost, improve cost performance;
Password encryption chip uses domestic crypto chip, to meet China to the national Password Management policy of special occasions
It is required that reduce the hidden danger that external product back door is come to special occasions data safety storage tape;
Cipher mode is all realized using national secret algorithm and hardware encryption, improves security;
The mass data at encryption and decryption PC ends can be carried out as the hardware key of encryption and decryption, the encryption to local data can only be used same
One encrypted U disk carries out encryption and decryption, and PIN verification process is set during use, increases secret grade, improves security, and practicality is high, full
The sufficient market demand is easy to spread.
Brief description of the drawings
Accompanying drawing 1 realizes structured flowchart for the present invention's.
Accompanying drawing 2 is encryption and decryption flow chart of the invention.
Embodiment
The invention will be further described with specific embodiment below in conjunction with the accompanying drawings.
The present invention provides a kind of intelligent code key with local data encryption function, as shown in Figure 1,
Storage chip, power circuit, connecting interface, the ancillary equipment being connected including encryption chip, with the encryption chip,
Cipher mode is all encrypted using national secret algorithm hardware and realized, improves security.;Wherein,
Encryption chip is the microprocessor of an integrated processor, input/output port and memory;
Massive store chip is NAND Flash chips, and the chip has NAND Flash controller, with outside Flash
Local data encryption storage is completed in connection;
Power circuit is connected with main control chip and mass storage respectively, and monitoring provides stabilized power source;
Connecting interface is used to connect local computer computer;
Ancillary equipment, including LED light, the ancillary equipment is connected with encryption chip indicates USB Key working condition.
In the encryption chip, processor is used to produce and using RSA key pair and pair to Large Volume Data encryption and decryption
Claim encryption key pair;Memory includes RAM, EEPROM and NORFLASH, wherein:The NORFLASH of memory includes
EFLASH, DFLASH, ROM portion, wherein EFLASH part storage key are to, certificate and cryptography information, DFLASH parts
Programme-control code is deposited, ROM storages start code.
As shown in Figure 2, in actual use, after hardware USB Key are inserted into PC ends, driven without installing, main frame is certainly
It is dynamic to be identified as MassStorage equipment, judge whether Key is initialized, otherwise may be used if being initialized first using needs
Directly use, CD area can be now shown in my computer, is next divided into following two applicable cases:
If using USB Key functions, user need to first use CA user management instruments, verify by PIN code, then pass through
Control in system reads certificate and private key information in USB Key.USB Key log in letter using private key signature encryption user
Breath.Ciphertext after original text, the digital certificate of oneself and signature, which is packaged into message and is sent to certificate server, to be verified.If test
Card is all by the way that certificate server is then using client public key decryption ciphertext.Compare message and original text after DecryptDecryption again, it is identical, represent
The authentication that user submits passes through.
If carrying out local data encryption to computer end, the random number of generation is encryption dispersion factor in KEY, uses SM4
National secret algorithm will be encrypted to ciphertext in plain text, while using the interior public key encryption random numbers for generating key pair of KEY into digital envelope, will
Digital envelope and ciphertext are combined into encrypted result, upload to host computer and are stored in encryption file.Local encryption data is decrypted,
The content of encryption file is read, digital envelope and ciphertext is parsed respectively, digital envelope is untied with the private key preserved in Key,
By the use of random number as decryption factor, the ciphertext DecryptDecryption that will be parsed, you can complete local data decryption.
When above-mentioned cipher key is used to carry out encryption and decryption to the local data on computer, by by the local data on computer
It is transferred to after slave computer and is carried out in slave computer.
Before local data encryption, initialized first, i.e., COS codes are divided into two passages, intelligent code key leads to
Road and local data encrypted tunnel, ciphering process are carried out in local data encrypted tunnel, are then inputted password authentication and are somebody's turn to do
The right to use of local data encrypted tunnel, obtains size and the path of select file, and file size is stored in into file front end,
Ciphering process data are transmitted using 184KB sizes as block, and equipment, which is often wrapped, at most passes 8KB data, is finally delivered to slave computer
And it is encrypted in slave computer.
The ciphering process is:First read the random number of encryption chip hardware generation, by the use of rsa public key encryptions random number as
Digital envelope, encrypted buffer area is stored in, the front end as file;The byte of front end two for receiving data is extracted simultaneously, is sentenced
The size of disconnected file, is then encrypted if greater than 184KB in units of 184KB, is otherwise carried out with actual file size
Encryption;Encryption be the random number for first reading the generation of encryption chip hardware as Crypted password, mould is encrypted by hardware
The plaintext received is encrypted to ciphertext by block with symmetric encipherment algorithm SM4;Data after encryption are also stored in encrypted buffer area,
The back of digital envelope is put into, forms final encryption file, and file store path storage is encrypted according to host computer and uploaded to
Host computer.And private key does not go out KEY, the hardware encryption process that the Inter Milan algorithm based on the close chip of state is realized is completed.
The key is to being a pair of the RSA generated inside key by GenRSAKey functions using the corresponding engine of chip
Key pair.
The decrypting process is:Decrypting process is after input password authentication obtains the local data encrypted tunnel right to use, first
The front end content of extraction encryption file is digital envelope, decrypts random number with the RSA private keys in key, judges file size, such as
Fruit is more than 184KB, then is clear crytpographic key by adding to random number otherwise with actual file size in units of 184KB sizes
Close chip decrypts original text with SM4 algorithms, uploads to host computer and decrypts the storage of file store path according to host computer, so as to complete
The hardware enciphering and deciphering process of paired computer local data.
Above-mentioned embodiment is only the specific case of the present invention, and scope of patent protection of the invention includes but is not limited to
Above-mentioned embodiment, a kind of right of any intelligent code key with local data encryption function for meeting the present invention will
The appropriate change or replacement that ask book and any technical field those of ordinary skill is done to it, should all fall into the present invention
Scope of patent protection.