CN105989306B - File signature method and device and file verification method and device for operating system - Google Patents

File signature method and device and file verification method and device for operating system Download PDF

Info

Publication number
CN105989306B
CN105989306B CN201510079120.XA CN201510079120A CN105989306B CN 105989306 B CN105989306 B CN 105989306B CN 201510079120 A CN201510079120 A CN 201510079120A CN 105989306 B CN105989306 B CN 105989306B
Authority
CN
China
Prior art keywords
file
hash value
image
signature
acquiring
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510079120.XA
Other languages
Chinese (zh)
Other versions
CN105989306A (en
Inventor
张敏
冉小凯
刘翔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201510079120.XA priority Critical patent/CN105989306B/en
Priority to PCT/CN2015/078902 priority patent/WO2016127516A1/en
Publication of CN105989306A publication Critical patent/CN105989306A/en
Application granted granted Critical
Publication of CN105989306B publication Critical patent/CN105989306B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a file signature method, a file verification method and a file verification device of an operating system. The file checking method comprises the following steps: acquiring a mirror image file of an operating system; acquiring a signature strategy file and a private key file; according to the signature strategy file and the private key file, digitally signing and encrypting files meeting conditions in the image files to obtain a safe image file; acquiring a check strategy file and a public key file; and verifying the security mirror image file according to the verification policy file and the public key file, and if the verification condition is met, determining that the file of the operating system is secure. The invention only checks the files recorded by the checking strategy file, improves the checking efficiency, simultaneously, the file digital signature of the invention is directly stored in the file attribute items of the checked files, and the system can access the files and read the signature information at the same time after starting, thus being very convenient; the invention can prevent the system file from being tampered, and can upgrade single or a plurality of files.

Description

File signature method and device and file verification method and device for operating system
Technical Field
The invention relates to the technical field of intelligent equipment safety, in particular to a file signature method, a file verification method and a file verification device of an operating system.
Background
At present, security events of an intelligent setting operating system, such as an android system, are endless, and one of the main reasons is that the content or the attribute of a key file of the system is tampered. One of the two tampering methods is runtime tampering, that is, a cracking tool is executed on a running operating system to forcibly modify a specified file on a memory or a disk. The other is that the operating system of the device is subjected to flash tampering under the condition of non-operation, and the disk file is directly modified, so that the operating system of the device does not normally operate, the safety protection capability is relatively weak, and a cracker can take the device.
The existing disk image tamper-resistant patent documents include: the method and the device for preventing data from being tampered refer to that whether the modification operation of a first application program on determined protected data is legal operation is judged by an operating system kernel according to a pre-stored security policy. However, the method has the disadvantage that the file image on the disk or the FLASH cannot be tampered in a FLASH writing mode under the condition that the equipment is not operated. The implementation principles OF a system start VERIFICATION method, a system start VERIFICATION device and a terminal, an OPTIMIZED STARTUP VERIFICATION OF FILE SYSTEM INTEGRITY and a system for realizing system file integrity VERIFICATION in a system boot area determine that in the VERIFICATION methods, VERIFICATION actions can only occur during the device start boot period. A software tamper-proof verification method and a software tamper-proof verification device refer to a verification method for comparing a file verification value with a server verification value. However, the method has a disadvantage that there is a dependence on the network speed, and the verification efficiency of the method is very low in the case that the network condition is not good or in the case that the number of files to be verified is large and the verification is frequent.
INTELLIGENT MOBILE TERMINAL AND DATA PROCESSING METHOD THEREFOR introduces a signature library and a filter module, the signature library is used for signature check of all files accessed by a processor, the signature library is stored in a hidden partition, and once the signature of the accessed file does not exist or is incorrect, the file is accessed by a CPU through the filter module. The method has the disadvantages that obvious performance is caused, the number of files of a file system of a general operating system is very large, if each file has a signature stored in a signature library, a large space is additionally consumed, and moreover, signature verification is carried out on each file of the system, the boot starting speed of the operating system is seriously slowed down, and the user experience is reduced. The method for verifying the image file in operation refers to that a new file image is formed after the file image is subjected to digital signature, so that the digital signature of the file image can be checked at regular time when equipment is started or after the equipment is started, and the anti-tampering effect is achieved. The invention has the disadvantages that the whole file mirror image can only be verified, the content of the mirror image file cannot be selectively verified, and the existing file mirror image is generally large, such as hundreds of megabytes, so that the verification efficiency is very high.
Disclosure of Invention
The technical problem to be solved by the invention is to provide a file signature method, a file verification method and a file verification device for an operating system, which are used for completing verification of key files through signature strategy files and verification strategy files, thereby avoiding verification of all files and improving verification efficiency.
In order to solve the technical problems, the invention adopts the following technical scheme:
according to an aspect of an embodiment of the present invention, a file signature method for an operating system is provided, including: acquiring a mirror image file of an operating system; acquiring a signature strategy file and a private key file; and according to the signature strategy file and the private key file, digitally signing and encrypting files meeting conditions in the image files to obtain the safe image files.
Optionally, the obtaining the image file of the operating system includes: obtaining an operating system source file; and compiling the source file of the operating system to generate the image file.
Optionally, the private key file is an asymmetric password private key file.
Optionally, the digitally signing and encrypting a file meeting a condition in the image file according to the signature policy file and the private key file to obtain a secure image file includes: acquiring a directory in the signature policy file; determining a mirror image file corresponding to a directory in the signature policy file in the mirror image file; and signing and encrypting the image file to obtain the safe image file.
Optionally, the step of signing and encrypting the image file to obtain the secure image file includes: acquiring a first hash value corresponding to the file content of the image file corresponding to the directory in the signature policy file; encrypting the first hash value according to the private key file, and storing the encrypted first hash value into a first attribute entry of the file attribute of the image file; acquiring a second hash value corresponding to the file attribute of the image file corresponding to the directory in the signature policy file; and encrypting the second hash value according to the private key file, and storing the encrypted second hash value into a second attribute entry of the file attribute of the image file to obtain the secure image file.
Optionally, the file signing method further includes: acquiring an update file corresponding to a file needing to be updated in an operating system; and carrying out digital signature on the update file to obtain an upgrade package.
Optionally, the performing digital signature on the update file to obtain an upgrade package includes: acquiring a first hash value corresponding to the file content of the updated file and a second hash value corresponding to the file attribute of the updated file; storing the first hash value, the second hash value, the file name and the file path of the file which is corresponding to the updated file and needs to be updated into an update information file; obtaining a hash value corresponding to the file content of the upgrade information file, encrypting the hash value according to the private key file, and storing an encryption result in the upgrade information file; and packaging the update file and the upgrade information file to obtain the upgrade package.
According to another aspect of the embodiments of the present invention, there is provided a file verification method for an operating system, including: acquiring a mirror image file of an operating system; acquiring a signature strategy file and a private key file; according to the signature strategy file and the private key file, digitally signing and encrypting files meeting conditions in the image files to obtain a safe image file; acquiring a check strategy file and a public key file; and verifying the security mirror image file according to the verification policy file and the public key file, and if the verification condition is met, determining that the file of the operating system is secure.
Optionally, the digitally signing and encrypting a file meeting a condition in the image file according to the signature policy file and the private key file to obtain a secure image file includes: acquiring a directory in the signature policy file; determining a mirror image file corresponding to a directory in the signature policy file in the mirror image file; and signing and encrypting the image file to obtain the safe image file.
Optionally, the step of signing and encrypting the image file to obtain the secure image file includes: acquiring a first hash value corresponding to the file content of the image file corresponding to the directory in the signature policy file; encrypting the first hash value according to the private key file, and storing the encrypted first hash value into a first attribute entry of the file attribute of the image file; acquiring a second hash value corresponding to the file attribute of the image file corresponding to the directory in the signature policy file; and encrypting the second hash value according to the private key file, and storing the encrypted second hash value into a second attribute entry of the file attribute of the image file to obtain the secure image file.
Optionally, the verifying the secure image file according to the signing policy file and the public key file, and if the verification condition is met, the step of regarding that the file of the operating system is secure includes: acquiring a directory in the check strategy file; determining a security image file corresponding to a directory in the check strategy file in the security image files; acquiring a second hash value corresponding to the file attribute of the security image file corresponding to the directory in the check strategy file; decrypting a second hash value in a second attribute entry of the secure image file corresponding to the directory in the signing policy file according to the public key file; comparing the second hash value decrypted by the public key file with a second hash value corresponding to the file attribute of the secure image file corresponding to the directory in the check and sign policy file, and if the second hash value is the same as the second hash value, decrypting the first hash value in the first attribute entry of the secure image file corresponding to the directory in the check and sign policy file according to the public key file; acquiring a first hash value corresponding to the file content of the security image file corresponding to the directory in the check strategy file; and comparing the first hash value decrypted by the public key file with the first hash value corresponding to the file content of the security image file corresponding to the directory in the verification policy file, and if the first hash value is the same as the first hash value, determining that the file of the operating system is secure.
Optionally, the file verification method further includes: acquiring an update file corresponding to a file needing to be updated in an operating system; carrying out digital signature on the update file to obtain an upgrade package; and checking the upgrading package, and replacing the files needing to be upgraded with the files in the upgrading package if the upgrading package meets the checking condition.
Optionally, the performing digital signature on the update file to obtain an upgrade package includes: acquiring a first hash value corresponding to the file content of the updated file and a second hash value corresponding to the file attribute of the updated file; storing the first hash value, the second hash value, the file name and the file path of the file which is corresponding to the updated file and needs to be updated into an update information file; obtaining a hash value corresponding to the file content of the upgrade information file, encrypting the hash value according to the private key file, and storing an encryption result in the upgrade information file; and packaging the update file and the upgrade information file to obtain the upgrade package.
Optionally, the verifying the upgrade package, and if the verification condition is met, replacing the file to be upgraded with the file in the upgrade package includes: acquiring a hash value corresponding to the file content of the upgrade information file in the upgrade package; decrypting the hash value corresponding to the file content of the upgrade information file in the upgrade package according to the public key file; and comparing the hash value decrypted by the public key file with the hash value corresponding to the file content of the acquired upgrade information file, if the hash values are the same, replacing the file corresponding to the update file in the operating system by using the update file in the upgrade package according to the upgrade package, and respectively storing the first hash value and the second hash value of the update file in the upgrade information file into the first attribute entry and the second attribute entry of the update file.
Optionally, the obtaining the image file of the operating system includes: obtaining an operating system source file; and compiling the source file of the operating system to generate the image file.
According to another aspect of the embodiments of the present invention, there is provided a file signing apparatus of an operating system, including: the first acquisition module is used for acquiring a mirror image file of the operating system; the second acquisition module is used for acquiring the signature strategy file and the private key file; and the first signature module is used for digitally signing and encrypting the files meeting the conditions in the image files according to the signature strategy files and the private key files to obtain the safe image files.
According to another aspect of the embodiments of the present invention, there is provided a file verification apparatus for an operating system, including: the third acquisition module is used for acquiring the mirror image file of the operating system; the fourth acquisition module is used for acquiring the signature strategy file and the private key file; the second signature module is used for digitally signing and encrypting the files meeting the conditions in the image files according to the signature strategy files and the private key files to obtain safe image files; the fifth acquisition module is used for acquiring the check strategy file and the public key file; and the verification module is used for verifying the security mirror image file according to the verification strategy file and the public key file, and if the verification condition is met, the file security of the operating system is considered.
The embodiment of the invention has the beneficial effects that: according to the embodiment of the invention, the key files in the mirror image files are signed through the signature strategy files, so that the verification of all files is avoided, and the verification efficiency is improved; furthermore, the file digital signature is directly stored in the file attribute entry of the verified file, the file is accessed after the system is started, and the signature information is read conveniently, so that the CPU expense for reading an additional signature file in the process of verifying the signature in a general method is saved, and the verification efficiency is greatly improved; the embodiment of the invention can prevent the system file from being tampered, and can upgrade a single file or a plurality of files, the upgrading mode is verified, the safety problem of the system upgrading is ensured, the user experience is improved on the premise of ensuring the safety, and the maintenance cost of the system upgrading is reduced.
Drawings
Fig. 1 is a schematic diagram illustrating a file signature method of an operating system according to an embodiment of the present invention;
FIG. 2 is a diagram illustrating a file-checking method of an operating system according to an embodiment of the present invention;
FIG. 3 is a flowchart illustrating an actual application of the file signing method of the operating system according to the embodiment of the present invention;
FIG. 4 is a flowchart illustrating an actual application of the file-checking method of the operating system according to the embodiment of the present invention;
fig. 5 is a flowchart illustrating an actual application of the file-checking method for an operating system according to an embodiment of the present invention during system upgrade;
FIG. 6 is a diagram of a file signing apparatus of an operating system according to an embodiment of the present invention;
fig. 7 is a schematic diagram of a file checking apparatus of an operating system according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in detail with reference to the accompanying drawings and specific embodiments.
As shown in fig. 1, a schematic diagram of a file signature method for an operating system provided in an embodiment of the present invention includes the following steps:
and step S100, acquiring an image file of the operating system.
Here, the image file of the operating system is generated by compiling the source file by the compiling server.
And step S200, acquiring a signature strategy file and a private key file.
The signature policy file is written by a user according to a specified syntax, wherein the signature policy file comprises names or characteristics of a series of files to be verified, the files conforming to the file names or characteristics in the signature policy file are signed, the private key file is an asymmetric password private key file, the signature policy file is obtained by the prior art, for example, the signature policy file is generated by using an RSA 1024 algorithm in cryptographic algorithms such as openSSL, and the directory of the signature policy file contains the file names of the signature policy file.
And step S300, according to the signature strategy file and the private key file, digitally signing and encrypting files meeting conditions in the mirror image file to obtain a safe mirror image file.
The file to be digitally signed is present in a directory in the signature policy file, and the image file is digitally signed according to the directory, wherein the signature mode is that a hash value corresponding to the file content of the image file is calculated, the hash value is encrypted through a private key file, and the encrypted hash value is stored in the file attribute of the image file, wherein the file attribute further comprises an extended attribute, specifically, a first attribute entry is created in the file attribute to store the encrypted hash value; calculating hash values corresponding to all file attributes of the image file, encrypting the hash values through a private key file, and storing the encrypted hash values into a second attribute entry of the image file, preferably, the hash values in the first attribute entry and the second attribute entry are encrypted by adopting different private key files.
When the operating system is upgraded, in order to avoid errors occurring during file verification, the files which are changed before and after the upgrade are determined, and the update files corresponding to the files needing to be upgraded in the operating system are digitally signed, wherein the digital signature method is the same as the digital signature method for the files in the directory of the signature policy file, and is not repeated herein.
As shown in fig. 2, a schematic diagram of a file verification method for an operating system according to an embodiment of the present invention includes the following steps:
and step S400, acquiring an image file of the operating system.
Here, the image file of the operating system is generated by compiling the source file by the compiling server.
And step S500, acquiring a signature strategy file and a private key file.
The signature policy file is written by a user according to a specified syntax, wherein the signature policy file comprises names or characteristics of a series of files to be verified, the files conforming to the file names or characteristics in the signature policy file are signed, the private key file is an asymmetric password private key file, the signature policy file is obtained by the prior art, for example, the signature policy file is generated by using an RSA 1024 algorithm in cryptographic algorithms such as openSSL, and the directory of the signature policy file contains the file names of the signature policy file.
And S600, according to the signature strategy file and the private key file, digitally signing and encrypting files meeting conditions in the mirror image file to obtain the safe mirror image file.
The file to be digitally signed is present in a directory in the signature policy file, and the image file is digitally signed according to the directory, wherein the signature mode is that a hash value corresponding to the file content of the image file is calculated, the hash value is encrypted through a private key file, and the encrypted hash value is stored in the file attribute of the image file, wherein the file attribute further comprises an extended attribute, specifically, a first attribute entry is created in the file attribute to store the encrypted hash value; calculating hash values corresponding to all file attributes of the image file, encrypting the hash values through a private key file, and storing the encrypted hash values into a second attribute entry of the image file, preferably, the hash values in the first attribute entry and the second attribute entry are encrypted by adopting different private key files.
And S700, acquiring a verification policy file and a public key file.
Here, the directory in the signing policy file is the same as the directory in the signing policy file, and the public key file corresponds to the private key file, and the encrypted hash value of the private key file can be decrypted.
And step S800, verifying the security mirror image file according to the verification policy file and the public key file, and if the verification condition is met, determining that the file of the operating system is secure.
Here, there is a file to be verified in a directory in the verification policy file, and the image file is digitally signed according to the directory, where the directory of the verification policy file contains its own file name, and the verification is performed through the following steps:
and step S810, acquiring a directory in the check strategy file.
And step S820, determining the security image file corresponding to the directory in the signing policy file in the security image file.
Step S830, a second hash value corresponding to the file attribute of the secure image file corresponding to the directory in the check strategy file is obtained.
Step 840, according to the public key file, decrypting a second hash value in a second attribute entry of the secure image file corresponding to the directory in the signing policy file.
Step S850, comparing the second hash value decrypted by the public key file with the second hash value corresponding to the file attribute of the secure image file corresponding to the directory in the check policy file, and if the second hash value is the same as the second hash value, decrypting the first hash value in the first attribute entry of the secure image file corresponding to the directory in the check policy file according to the public key file.
Step S860, obtain a first hash value corresponding to the file content of the secure image file corresponding to the directory in the check policy file.
Step S870, comparing the first hash value decrypted by the public key file with the first hash value corresponding to the file content of the secure image file corresponding to the directory in the verification policy file, and if the first hash value is the same as the first hash value, determining that the secure image file is secure.
When the operating system is upgraded, in order to avoid errors during file verification, files which are changed before and after the upgrade are determined, digital signature is carried out on an update file corresponding to a file which needs to be upgraded in the operating system, signature information, the name and the path of the update file are stored in an upgrade information file, then a hash value corresponding to the file content of the upgrade information file is calculated, the hash value is encrypted, the encrypted result is also stored in the upgrade information file, during verification, only whether the upgrade information file exists and is tampered or not needs to be verified, if the upgrade information file passes the verification, the signature information of the update file is inquired according to the file name and the path of the update file, and the inquired signature information is stored in the file attribute of the update file. The embodiment of the invention can prevent the system file from being tampered, and can upgrade a single file or a plurality of files, and the upgrading mode is verified, thereby ensuring the safety problem of system upgrading. And the user experience is improved on the premise of ensuring safety, and the maintenance cost of system upgrading is reduced.
According to the embodiment of the invention, the key files in the mirror image files are signed through the signature strategy files, so that the verification of all files is avoided, and the verification efficiency is improved; furthermore, the file digital signature is directly stored in the file attribute entry of the verified file, the file is accessed after the system is started, the signature information is read conveniently, the CPU expense for reading an additional signature file in the process of verifying the signature in a general method is saved, and the verification efficiency is greatly improved.
As shown in fig. 3, a flowchart of an actual application of the file signing method for the operating system according to the embodiment of the present invention includes the following steps:
step 301, the compiled image file of the operating system is handed to a file signing and injection tool. Specifically, the compiling server completes source code compiling, generates a system.img image file in ext4 format by partitioning the system file, and the file signing and injecting tool is an executable program and is responsible for scanning all file names and attributes in the image file of the operating system, and simultaneously compares signing conditions in the signing policy file and digitally signs the file meeting the conditions.
Step 302, the file signing and injection tool mounts the image file, and the user creates a signature policy file and a private key file of the asymmetric password according to the requirements of the user and gives the signature policy file and the private key file to the file signing and injection tool. Specifically, the signature policy file comprises all files with the user name of root, the private key file of the asymmetric password is a public and private key pair which runs an opennssl public method on the compiling server to generate a group of asymmetric passwords, and an encryption algorithm adopts RSA 1024.
Step 303, the file signature and injection tool scans and analyzes the file contents hung in the mirror image file in sequence.
Step 304, whether the file name or the attribute meets the conditions described by the signature policy file.
Step 305, ignoring no processing and continuing to scan the next file.
And step 306, calculating the hash value of the file content, encrypting the hash value by using a private key, and writing the encryption result into the first attribute item of the attribute node corresponding to the file.
Step 307, calculating hash values of all attributes including the first attribute entry, encrypting the hash values by using a private key, and writing an encryption result into a second attribute entry of the attribute node corresponding to the file.
And step 308, after the file is scanned, digitally signing the signature strategy file and storing the signature strategy file in the file attribute entry.
Step 309, the mount of the image file is cancelled, and the image file of the original operating system is signed, injected and converted into a secure image file.
As shown in fig. 4, a flowchart of an actual application of the file checking method for the operating system provided in the embodiment of the present invention includes the following steps:
step 401, powering on the system, starting the firmware and boot starter of the device first, and starting the kernel of the boot operating system.
Step 402, after the kernel is started, the kernel firstly runs a check executing tool, and the check executing tool acquires the public key or the digital certificate file and the signature policy file from the read-only root partition of the kernel and performs signature check on the signature policy file. Specifically, the check execution tool is an executable program, can run independently, is stored in a secure read-only partition of the system, and can be executed first when the system is started by modifying an init.rc file of the system.
And step 403, judging whether the signature of the signature strategy file passes or not.
Step 404, the verification fails, the kernel stops booting, and performs predefined security protection behavior, such as popping a security alarm on the user interface.
Step 405, the operating system kernel boots up normally, mounts the signed system image file and the signed user image file, and generates a signed system file partition of the operating system and a signed user data partition of the operating system.
Step 406, the check executing tool scans all the file names and file attributes in the mounted system files and user data partitions.
Step 407, whether the file name or file attribute meets the conditions in the collation policy file.
And step 408, if the file does not belong to the verification range, ignoring the file, and continuously scanning the next file.
Step 409, verifying whether the file information is tampered by using the digital signature stored in the second attribute item; the specific verification executing tool inquires file attribute items of the file to be verified, wherein the file attribute items comprise possible extended attribute items, if second attribute items exist, the total hash value of other file attributes except the second attribute items is calculated and compared with the hash value of the digital signature in the second attribute items after the digital signature is decrypted by a public key or a digital certificate file, and if the second attribute items are inconsistent, the file verification is considered to fail; if so, step 410 continues.
Step 410, verifying whether the file information is tampered by using the digital signature stored in the first attribute item; a specific verification executing tool inquires file attribute items of a file to be verified, including possible extension attribute items, inquires whether a first attribute item exists, if so, calculates a total hash value of the file content of the file, compares the total hash value with the hash value of a digital signature in the first attribute item after decryption by a public key or a digital certificate file, and if not, determines that the file verification fails; and if the file attribute information is consistent, the file attribute information is not tampered.
Step 411, when the file is failed to be checked during starting, the file is refused to continue to be started to execute the predefined security protection behavior, for example, a security warning is popped up on the user interface.
And step 412, the file is verified, the system continues to conduct operation, and the kernel driver needs to perform real-time verification before opening or operating the file every time.
And step 413, checking whether the file passes through in real time.
Step 414, executing the predefined security protection behavior, the kernel may refuse to open or execute the file, or may choose to record the verification failure in the log.
Step 415, the file is opened or executed normally.
As shown in fig. 5, a flowchart of an actual application of the file checking method for the operating system provided in the embodiment of the present invention during system upgrade includes the following steps:
step 501, comparing the file list with the difference before and after upgrading, submitting the file list to a file signature and injection tool, and scanning all the files in the upgrade package in sequence.
Step 502, whether the file belongs to the file needing to be upgraded and signed.
Step 503, ignore the file, and continue to scan the next file. Specifically, if the user modifies the source code of the system as required and recompiles the source code, the file a and the file B in the recompiled image are both modified, and the file a and the file B can be detected through the steps 501 and 503.
Step 504, file signing and injection tool referring to steps 306 and 307 in fig. 3, digitally signs the file. Specifically, the files a and B in the upgrade package are digitally signed, instead of the files a and B in the original system.
And 505, calculating a digital abstract of the upgrade information file by the file signing and injection tool, encrypting the digital abstract by using a private key file of an asymmetric password to generate digital signature information, storing the signature information at the tail of the upgrade information file, and merging the upgrade information file into a system upgrade package for repacking.
Step 506, the device to be upgraded is powered on, the firmware and the boot starter of the device are started first, and the kernel carrying the upgrade function of the operating system is booted.
And 507, reading the system upgrade package by the kernel, verifying the integrity of the upgrade package, searching and extracting an upgrade information file from the upgrade package, and verifying the digital signature of the file by using a public key. The kernel with the upgrading function reads the system upgrading package, verifies the integrity of the system upgrading package, then searches and extracts the upgrading information file, obtains the digital signature information from the upgrading information file content, and adopts a public key or a digital certificate file to compare the digital signature at the tail of the upgrading information file. If the upgrade information file does not exist or the upgrade information file does not pass, the kernel should terminate the upgrade process, and prompt the user with an alarm screen or adopt other self-defined security protection behaviors.
And step 508, whether the upgrade information file exists and whether the verification passes if the upgrade information file exists.
In step 509, the kernel terminates the upgrade process and performs predefined security protection actions, such as popping a security alert on a user interface.
And 510, expanding a system upgrade package by the kernel with the upgrade function, copying the files in the upgrade package on the equipment to be upgraded to replace the source file, and finishing the upgrade operation.
The embodiment of the invention can prevent the system file from being tampered, and can upgrade a single file or a plurality of files, the upgrading mode is verified, the safety problem of the system upgrading is ensured, the user experience is improved on the premise of ensuring the safety, and the maintenance cost of the system upgrading is reduced.
As shown in fig. 6, an embodiment of the present invention further provides a schematic diagram of a file signing apparatus of an operating system, including: a first obtaining module 61, configured to obtain an image file of an operating system; a second obtaining module 62, configured to obtain a signature policy file and a private key file; and the first signature module 63 is configured to digitally sign and encrypt a file meeting a condition in the mirror image file according to the signature policy file and the private key file, so as to obtain a secure mirror image file.
It should be noted that the apparatus is an apparatus corresponding to the file signature method of the operating system, and all implementation manners in the method embodiments are applicable to the embodiment of the apparatus, and the same technical effect can be achieved.
As shown in fig. 7, an embodiment of the present invention further provides a schematic diagram of a file checking device of an operating system, including: a third obtaining module 71, configured to obtain an image file of the operating system; a fourth obtaining module 72, configured to obtain a signature policy file and a private key file; the second signature module 73 is configured to digitally sign and encrypt a file meeting a condition in the mirror image file according to the signature policy file and the private key file, so as to obtain a secure mirror image file; a fifth obtaining module 74, configured to obtain a check policy file and a public key file; and the verification module 75 is configured to verify the secure image file according to the verification policy file and the public key file, and if the verification condition is met, consider that the file of the operating system is secure.
It should be noted that the apparatus is an apparatus corresponding to the file signature method of the operating system, and all implementation manners in the method embodiments are applicable to the embodiment of the apparatus, and the same technical effect can be achieved.
The foregoing is a preferred embodiment of the present invention, and it should be noted that those skilled in the art can make various improvements and modifications without departing from the principle of the present invention, and those improvements and modifications are also within the scope of the present invention.

Claims (15)

1. A file signature method of an operating system is characterized by comprising the following steps:
acquiring a mirror image file of an operating system;
acquiring a signature strategy file and a private key file;
and according to the signature strategy file and the private key file, digitally signing the files which are packed in the image file and need to be digitally signed in the directory in the signature strategy file, and encrypting the hash value corresponding to the content of the files and the hash values corresponding to the attributes of all the files in the image file to obtain the safe image file.
2. The file signing method of claim 1, wherein said obtaining an image file of an operating system comprises:
obtaining an operating system source file;
and compiling the source file of the operating system to generate the image file.
3. The file signing method of claim 1, wherein the private key file is an asymmetric cryptographic private key file.
4. The file signature method of claim 1, wherein the step of encrypting the hash value corresponding to the file content and the hash values corresponding to all file attributes in the image file to obtain the secure image file comprises:
acquiring a first hash value corresponding to the file content of the image file corresponding to the directory in the signature policy file;
encrypting the first hash value according to the private key file, and storing the encrypted first hash value into a first attribute entry of the file attribute of the image file;
acquiring a second hash value corresponding to the file attribute of the image file corresponding to the directory in the signature policy file;
and encrypting the second hash value according to the private key file, and storing the encrypted second hash value into a second attribute entry of the file attribute of the image file to obtain the secure image file.
5. The file signing method of claim 1, wherein the file signing method further comprises:
acquiring an update file corresponding to a file needing to be updated in the image files;
and carrying out digital signature and encryption on the update file to obtain a safe update file.
6. The file signing method of claim 5, wherein said digitally signing and encrypting said update file to obtain a secure update file comprises:
acquiring a first hash value corresponding to the file content of the updated file;
encrypting the first hash value according to the private key file, and storing the encrypted first hash value into a first attribute entry of the file attribute of the update file;
acquiring a second hash value corresponding to the file attribute of the updated file;
and encrypting the second hash value according to the private key file, and storing the encrypted second hash value into a second attribute entry of the file attribute of the update file to obtain the safe update file.
7. A file checking method of an operating system is characterized by comprising the following steps:
acquiring a mirror image file of an operating system;
acquiring a signature strategy file and a private key file;
according to the signature strategy file and the private key file, digitally signing the files which are packed in the image file and need to be digitally signed in the directory in the signature strategy file, and encrypting the hash value corresponding to the content of the files and the hash values corresponding to the attributes of all the files in the image file to obtain a safe image file;
acquiring a check strategy file and a public key file;
and verifying the security mirror image file according to the verification policy file and the public key file, and if the verification condition is met, determining that the file of the operating system is secure.
8. The file verification method of claim 7, wherein the step of encrypting the hash value corresponding to the file content and the hash values corresponding to all file attributes in the image file to obtain the secure image file comprises:
acquiring a first hash value corresponding to the file content of the image file corresponding to the directory in the signature policy file;
encrypting the first hash value according to the private key file, and storing the encrypted first hash value into a first attribute entry of the file attribute of the image file;
acquiring a second hash value corresponding to the file attribute of the image file corresponding to the directory in the signature policy file;
and encrypting the second hash value according to the private key file, and storing the encrypted second hash value into a second attribute entry of the file attribute of the image file to obtain the secure image file.
9. The file verification method according to claim 8, wherein the step of verifying the secure image file according to the verification policy file and the public key file, and if the verification condition is met, considering that the secure image file is secure comprises:
acquiring a directory in the check strategy file;
determining a security image file corresponding to a directory in the check strategy file in the security image files;
acquiring a second hash value corresponding to the file attribute of the security image file corresponding to the directory in the check strategy file;
decrypting a second hash value in a second attribute entry of the secure image file corresponding to the directory in the signing policy file according to the public key file;
comparing the second hash value decrypted by the public key file with a second hash value corresponding to the file attribute of the secure image file corresponding to the directory in the check and sign policy file, and if the second hash value is the same as the second hash value, decrypting the first hash value in the first attribute entry of the secure image file corresponding to the directory in the check and sign policy file according to the public key file;
acquiring a first hash value corresponding to the file content of the security image file corresponding to the directory in the check strategy file;
and comparing the first hash value decrypted by the public key file with the first hash value corresponding to the file content of the secure image file corresponding to the directory in the verification policy file, and if the first hash value is the same as the first hash value, determining that the secure image file is secure.
10. The file verification method of claim 7, wherein the file verification method further comprises:
acquiring an update file corresponding to a file needing to be updated in the image files;
carrying out digital signature and encryption on the update file to obtain a safe update file;
and verifying the safe update file, and replacing the file needing to be upgraded with the safe update file if the safe update file meets the verification condition.
11. The file verification method of claim 10, wherein said digitally signing and encrypting the update file to obtain a secure update file comprises:
acquiring a first hash value corresponding to the file content of the updated file;
encrypting the first hash value according to the private key file, and storing the encrypted first hash value into a first attribute entry of the file attribute of the update file;
acquiring a second hash value corresponding to the file attribute of the updated file;
and encrypting the second hash value according to the private key file, and storing the encrypted second hash value into a second attribute entry of the file attribute of the update file to obtain the safe update file.
12. The file verification method of claim 11, wherein the verifying the security update file, and if a verification condition is met, replacing the file to be upgraded with the security update file comprises:
acquiring a second hash value corresponding to the file attribute of the security update file;
decrypting a second hash value in a second attribute entry of the security update file according to the public key file;
comparing the second hash value decrypted by the public key file with a second hash value corresponding to the file attribute of the security update file, and if the second hash value is the same as the second hash value, decrypting the first hash value in the first attribute entry of the security update file according to the public key file;
acquiring a first hash value corresponding to the file content of the security update file;
and comparing the first hash value decrypted by the public key file with the first hash value corresponding to the file content of the safe updating file, and if the first hash value is the same and meets the verification condition, replacing the file needing to be updated with the safe updating file.
13. The file verification method of claim 7, wherein the obtaining the image file of the operating system comprises:
obtaining an operating system source file;
and compiling the source file of the operating system to generate the image file.
14. A file signing apparatus for an operating system, comprising:
the first acquisition module is used for acquiring a mirror image file of the operating system;
the second acquisition module is used for acquiring the signature strategy file and the private key file;
and the first signature module is used for digitally signing the files which are packed in the image files and need to be digitally signed in the directory in the signature policy file according to the signature policy file and the private key file, and encrypting the hash value corresponding to the file content and the hash values corresponding to all the file attributes in the image files to obtain the safe image files.
15. A file verification apparatus for an operating system, comprising:
the third acquisition module is used for acquiring the mirror image file of the operating system;
the fourth acquisition module is used for acquiring the signature strategy file and the private key file;
the second signature module is used for digitally signing the files which are packed in the image files and need to be digitally signed in the directory in the signature strategy file according to the signature strategy file and the private key file, and encrypting the hash value corresponding to the file content and the hash values corresponding to all the file attributes in the image files to obtain the safe image files;
the fifth acquisition module is used for acquiring the check strategy file and the public key file;
and the verification module is used for verifying the security mirror image file according to the verification strategy file and the public key file, and if the verification condition is met, the file security of the operating system is considered.
CN201510079120.XA 2015-02-13 2015-02-13 File signature method and device and file verification method and device for operating system Active CN105989306B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201510079120.XA CN105989306B (en) 2015-02-13 2015-02-13 File signature method and device and file verification method and device for operating system
PCT/CN2015/078902 WO2016127516A1 (en) 2015-02-13 2015-05-13 File signature method for operating system, file check method, and apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510079120.XA CN105989306B (en) 2015-02-13 2015-02-13 File signature method and device and file verification method and device for operating system

Publications (2)

Publication Number Publication Date
CN105989306A CN105989306A (en) 2016-10-05
CN105989306B true CN105989306B (en) 2020-04-28

Family

ID=56615403

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510079120.XA Active CN105989306B (en) 2015-02-13 2015-02-13 File signature method and device and file verification method and device for operating system

Country Status (2)

Country Link
CN (1) CN105989306B (en)
WO (1) WO2016127516A1 (en)

Families Citing this family (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106548092B (en) * 2016-10-31 2019-07-16 杭州嘉楠耘智信息科技有限公司 File processing method and device
CN106569865B (en) * 2016-11-14 2020-04-10 青岛海信移动通信技术股份有限公司 Method and device for manufacturing system upgrade file of terminal
CN108427888A (en) * 2017-02-15 2018-08-21 阿里巴巴集团控股有限公司 File signature method, file verification method and corresponding intrument and equipment
CN111201553B (en) * 2017-10-16 2022-04-22 华为技术有限公司 Safety element and related equipment
CN108762788B (en) * 2018-05-31 2023-07-28 杭州吉吉知识产权运营有限公司 Method and system for encrypting firmware of embedded equipment based on server
CN109766134A (en) * 2019-01-08 2019-05-17 四川虹微技术有限公司 System start method, device, electronic equipment and storage medium
CN110704852B (en) * 2019-09-26 2021-06-08 江苏方天电力技术有限公司 Encryption system for RTOS system program image file
CN111045704B (en) * 2019-11-22 2024-05-24 林洋能源科技(上海)有限公司 Method and equipment for safety upgrading of intelligent power network high-end AMI acquisition and analysis equipment
CN111158728B (en) * 2019-12-31 2024-02-02 深圳市潮流网络技术有限公司 Firmware upgrading method, firmware starting method and device
CN111241536A (en) * 2020-01-10 2020-06-05 杭州涂鸦信息技术有限公司 Method and system for loading production test image and preventing illegal swiping
CN111245616B (en) * 2020-03-10 2023-03-24 阿波罗智联(北京)科技有限公司 Authentication method, device, equipment and storage medium for network communication
CN111680298B (en) * 2020-04-29 2023-10-27 杭州涂鸦信息技术有限公司 Safe starting method of embedded system and device with storage function
CN113296873B (en) * 2020-05-15 2024-08-06 阿里巴巴集团控股有限公司 Mirror image construction method and device, terminal equipment and computer storage medium
CN112257058A (en) * 2020-10-12 2021-01-22 麒麟软件有限公司 Trusted computing verification method and system for operating system
CN112328279B (en) * 2020-11-02 2023-04-14 宁波和利时信息安全研究院有限公司 System firmware file upgrading method, device and system
CN112817644A (en) * 2021-01-20 2021-05-18 浪潮电子信息产业股份有限公司 Virtual CD driver generation method, device and computer readable storage medium
CN112817621A (en) * 2021-01-22 2021-05-18 浪潮电子信息产业股份有限公司 BIOS firmware refreshing method and device and related components
CN113037494B (en) * 2021-03-02 2023-05-23 福州汇思博信息技术有限公司 Burning piece mirror image file signature method and terminal
CN113157286A (en) * 2021-04-20 2021-07-23 深圳市优必选科技股份有限公司 System upgrading method and device
CN113391880B (en) * 2021-06-21 2023-04-07 超越科技股份有限公司 Trusted mirror image transmission method for layered double hash verification
CN114594912A (en) * 2022-03-14 2022-06-07 中国第一汽车股份有限公司 Information protection method, device, equipment and medium for vehicle instrument system
CN115941208B (en) * 2022-12-28 2024-04-02 广州文远知行科技有限公司 Method, system, equipment and medium for transmitting vehicle-end file
CN117390702B (en) * 2023-12-11 2024-03-15 厦门天锐科技股份有限公司 Split type driving and shell adding method and device, electronic equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1740941A (en) * 2004-08-25 2006-03-01 微软公司 System and method for secure execution of program code
CN101149773A (en) * 2007-08-27 2008-03-26 中国人民解放军空军电子技术研究所 Software real name authentication system and its safe checking method
CN101578609A (en) * 2007-01-07 2009-11-11 苹果公司 Secure booting a computing device
CN102572595A (en) * 2012-02-03 2012-07-11 深圳市同洲电子股份有限公司 IPTV upgrade package structure, upgrading method and startup calibration method
CN104156659A (en) * 2014-08-14 2014-11-19 电子科技大学 Embedded system secure start method

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6189100B1 (en) * 1998-06-30 2001-02-13 Microsoft Corporation Ensuring the integrity of remote boot client data
CN103250163B (en) * 2010-12-09 2016-08-10 国际商业机器公司 For encrypting and decipher the computer-readable recording medium of virtual disk
CN102025744A (en) * 2010-12-20 2011-04-20 北京世纪互联工程技术服务有限公司 Import and export system of virtual machine image in cloud computing
CN103761329B (en) * 2014-02-08 2017-06-16 广东欧珀移动通信有限公司 A kind of method and its device that brush machine is carried out to mobile device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1740941A (en) * 2004-08-25 2006-03-01 微软公司 System and method for secure execution of program code
CN101578609A (en) * 2007-01-07 2009-11-11 苹果公司 Secure booting a computing device
CN101149773A (en) * 2007-08-27 2008-03-26 中国人民解放军空军电子技术研究所 Software real name authentication system and its safe checking method
CN102572595A (en) * 2012-02-03 2012-07-11 深圳市同洲电子股份有限公司 IPTV upgrade package structure, upgrading method and startup calibration method
CN104156659A (en) * 2014-08-14 2014-11-19 电子科技大学 Embedded system secure start method

Also Published As

Publication number Publication date
CN105989306A (en) 2016-10-05
WO2016127516A1 (en) 2016-08-18

Similar Documents

Publication Publication Date Title
CN105989306B (en) File signature method and device and file verification method and device for operating system
US11176255B2 (en) Securely booting a service processor and monitoring service processor integrity
US10397230B2 (en) Service processor and system with secure booting and monitoring of service processor integrity
EP0849657B1 (en) Secure data processing method and system
TWI607376B (en) System and method for processing requests to alter system security databases and firmware stores in a unified extensible firmware interface-compliant computing device
CN102651061B (en) System and method of protecting computing device from malicious objects using complex infection schemes
US20070180509A1 (en) Practical platform for high risk applications
US9432397B2 (en) Preboot environment with system security check
JP4844102B2 (en) Subprogram and information processing apparatus for executing the subprogram
TW201500960A (en) Detection of secure variable alteration in a computing device equipped with unified extensible firmware interface (UEFI)-compliant firmware
CN112800429B (en) Method for protecting driver in UEFI BIOS firmware system based on basicity
EP3583536B1 (en) Securely defining operating system composition without multiple authoring
KR20170089859A (en) Method and device for providing verifying application integrity
KR101805310B1 (en) User apparatus based on trusted platform module and firmware updating method using the same
CN106560830A (en) Linux embedded system safety protection method and system
KR20170087887A (en) Method and device for providing verifying application integrity
CN108595950A (en) A kind of safe Enhancement Methods of SGX of combination remote authentication
CN114661540A (en) Measuring container
CN112511306A (en) Safe operation environment construction method based on mixed trust model
KR102111327B1 (en) Integrity verification system for boot process in linux and update and integrity verification method of managed machine
EP3176723B1 (en) Computer system and operating method therefor
CN114175034A (en) Verification information generation system, verification information generation method, and verification information generation program
KR102369874B1 (en) A system for remote attestation, os deployment server, attestation target device and method for updating operating system and integrity information simultaneously
CN113609529B (en) Method and system for safely supplying computer firmware
CN118349274A (en) Application program upgrading method and device for vehicle, storage medium and processor

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant