CN106611130A - File processing method and device - Google Patents

File processing method and device Download PDF

Info

Publication number
CN106611130A
CN106611130A CN201611250389.0A CN201611250389A CN106611130A CN 106611130 A CN106611130 A CN 106611130A CN 201611250389 A CN201611250389 A CN 201611250389A CN 106611130 A CN106611130 A CN 106611130A
Authority
CN
China
Prior art keywords
file
encryption
seed information
original document
encryption file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201611250389.0A
Other languages
Chinese (zh)
Inventor
白敏�
吕玉超
高雪峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Qihoo Technology Co Ltd
Beijing Qianxin Technology Co Ltd
Original Assignee
Beijing Qihoo Technology Co Ltd
Beijing Qianxin Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Qihoo Technology Co Ltd, Beijing Qianxin Technology Co Ltd filed Critical Beijing Qihoo Technology Co Ltd
Priority to CN201611250389.0A priority Critical patent/CN106611130A/en
Publication of CN106611130A publication Critical patent/CN106611130A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention provides a file processing method and a file processing device. The method specifically comprises the steps of generating seed information corresponding to an original file; encrypting the original file according to the seed information, thus acquiring an encrypted file corresponding to the original file; and packaging the seed information into a message header of the encrypted file, and storing the packaged encrypted file. According to the method and device provided by the invention, the encrypted file is independent, even one encrypted file is cracked, the other encrypted files cannot be cracked according to a cracking mode of the encrypted file, and thus information security of a cloud server can be improved.

Description

A kind of document handling method and device
Technical field
The present invention relates to communication technical field, more particularly to a kind of document handling method and device.
Background technology
With the fast development of network technology, user can be by the local data in the equipment such as PC, mobile terminal Cloud Server is uploaded to, using Cloud Server personal data are stored, user can be whenever and wherever possible by network to being stored in cloud clothes Data in business device are browsed, downloaded, change etc. to be operated, and is that user brings great convenience.
At present, some disabled users attack to illegally obtain the data in Cloud Server to the interface of Cloud Server Hit, and the interface of Cloud Server is once subjected to attack and the user data stored in Cloud Server will be caused to reveal or lose. Therefore, in order to ensure confidentiality and the safety of user data, Cloud Server can be encrypted storage to the data that user uploads.
Inventor has found that in the practice of the invention existing Cloud Server generally adopts unified AES pair Data in Cloud Server are encrypted storage, once the unified AES is cracked, then all numbers in Cloud Server It is that user data brings potential safety hazard according to will all face the risk revealed or lose.
The content of the invention
In view of the above problems, it is proposed that the present invention so as to provide one kind overcome the problems referred to above or at least in part solve on State a kind of document handling method and device of problem.
According to one aspect of the present invention, there is provided a kind of document handling method, including:
Generate the corresponding seed information of original document;
The original document is encrypted according to the seed information, obtains the corresponding encryption of the original document File;
The seed information is encapsulated in the heading of the encryption file, the encryption file after storage enclosure.
Alternatively, it is described the original document is encrypted according to the seed information, obtain the original text Part it is corresponding encryption file the step of, including:
The corresponding encryption key of the original document is generated according to the seed information;
Using the encryption key, the original document is encrypted according to preset AES, is encrypted File.
Alternatively, it is described that the step of original document is corresponding to encrypt key is generated according to the seed information, including:
The seed information is carried out plus salt treatment;
Pair plus salt treatment after seed information carry out Message Digest Algorithm 5 MD5 hashings, obtain it is corresponding dissipate Train value;
Shift operation is carried out to the hashed value according to presetting rule and/or presetting bit replacement is processed, obtain encrypting key.
Alternatively, methods described also includes:
The encryption file is parsed, the corresponding seed information of the encryption file is obtained;
Process is decrypted to the encryption file according to the seed information, original document is obtained;
Send the original document.
Alternatively, the step that the encryption file is parsed, the corresponding seed information of the encryption file is obtained Suddenly, including:
The encryption file is parsed, the message header of the encryption file is obtained;
The seed information of the encryption file is read from the message header.
Alternatively, it is described that process is decrypted to the encryption file according to the seed information, obtain original document Step, including:
The corresponding decryption key of the original document is generated according to the seed information;
Using the decryption key, process is decrypted to the encryption file according to preset decipherment algorithm, obtains original File.
Alternatively, the seed information is the random number generated by Generating Random Number.
Alternatively, methods described is applied to cloud proxy server, and methods described also includes:
The encryption file after by encapsulation is sent to Cloud Server.
According to a further aspect in the invention, there is provided a kind of document handling apparatus, including:
Seed generation module, for generating the corresponding seed information of original document;
File encryption module, for being encrypted to the original document according to the seed information, obtains described The corresponding encryption file of original document;
Encapsulation storage module, for the seed information to be encapsulated in the heading of the encryption file, storage enclosure Encryption file afterwards.
Alternatively, the file encryption module, including:
Encryption key generates submodule, secret for generating the corresponding encryption of the original document according to the seed information Key;
Encryption submodule, for using the encryption key, carrying out adding to the original document according to preset AES Close process, obtains encrypting file.
Alternatively, the encryption key generates submodule, including:
Salt adding processing unit, for carrying out adding salt treatment to the seed information;
Hashing unit, adds the seed information after salt treatment to carry out Message Digest Algorithm 5 MD5 hash for pair Process, obtain corresponding hashed value;
Displacement replacement unit, for shift operation and/or presetting bit replacement to be carried out to the hashed value according to presetting rule Process, obtain encrypting key.
Alternatively, described device also includes:
Document analysis module, for parsing to the encryption file, obtains the corresponding seed letter of the encryption file Breath;
File decryption module, for being decrypted process to the encryption file according to the seed information, obtains original File;
First sending module, for sending the original document.
Alternatively, the document analysis module, including:
Analyzing sub-module, for parsing to the encryption file, obtains the message header of the encryption file;
Reading submodule, for reading the seed information of the encryption file from the message header.
Alternatively, the file decryption module, including:
Decruption key generates submodule, secret for generating the corresponding decryption of the original document according to the seed information Key;
Decryption submodule, for using the decryption key, solving to the encryption file according to preset decipherment algorithm Close process, obtains original document.
Alternatively, the seed information is the random number generated by Generating Random Number.
Alternatively, described device is applied to cloud proxy server, and described device also includes:
Second sending module, sends to Cloud Server for the encryption file after by encapsulation.
A kind of document handling method for providing according to embodiments of the present invention and device, for original document corresponding kind is generated Sub-information, is encrypted according to the seed information to the original document, obtains the corresponding encryption of the original document File, because different original documents can correspond to different seed informations, therefore, original document is carried out according to seed information The encryption file that encryption is obtained has independence, even if some encryption file is cracked, also cannot add ciphertext according to this The mode that cracks of part cracks other encryption files, such that it is able to improve the information security of Cloud Server.
Additionally, the embodiment of the present invention can be added with according to seed information, being packaged and storing to encrypting file with setting up Corresponding relation between ciphertext part and seed information, such that it is able to easily the encryption file after encapsulation being parsed and being solved It is close, to obtain original document.
Described above is only the general introduction of technical solution of the present invention, in order to better understand the technological means of the present invention, And can be practiced according to the content of description, and in order to allow the present invention above and other objects, features and advantages can Become apparent, below especially exemplified by the specific embodiment of the present invention.
Description of the drawings
By the detailed description for reading hereafter optional embodiment, various other advantages and benefit is common for this area Technical staff will be clear from understanding.Accompanying drawing is only used for illustrating the purpose of optional embodiment, and is not considered as to the present invention Restriction.And in whole accompanying drawing, it is denoted by the same reference numerals identical part.In the accompanying drawings:
The step of Fig. 1 shows a kind of document handling method according to an embodiment of the invention flow chart;
Fig. 2 shows a kind of schematic network structure including cloud proxy server of the present invention;
The step of Fig. 3 shows a kind of document handling method according to an embodiment of the invention flow chart;
The step of Fig. 4 shows a kind of document handling method according to an embodiment of the invention flow chart;And
Fig. 5 shows a kind of structured flowchart of document handling apparatus according to an embodiment of the invention.
Specific embodiment
The exemplary embodiment of the disclosure is more fully described below with reference to accompanying drawings.Although showing the disclosure in accompanying drawing Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure and should not be by embodiments set forth here Limited.On the contrary, there is provided these embodiments are able to be best understood from the disclosure, and can be by the scope of the present disclosure Complete conveys to those skilled in the art.
Embodiment of the method one
With reference to Fig. 1, flow chart the step of show a kind of document handling method according to an embodiment of the invention, specifically May include steps of:
Step 101, the corresponding seed information of generation original document;
The embodiment of the present invention can be applicable to the application scenarios of Cloud Server, the Cloud Server can receive user pass through client The original document that end uploads, and the original document is encrypted and is stored;So, user is being received for cloud service During the access request of the encryption file stored in device, the encryption file can be decrypted and obtain original document, and be returned To user.It is appreciated that the application scenarios of above-mentioned Cloud Server are intended only as application example, actually the embodiment of the present invention for Specific application scenarios are not any limitation as.
The original document can include any type of data file, such as picture, video etc..Embodiment of the present invention pin Corresponding seed information is generated to original document, original document is encrypted according to the seed information, due to difference The original document different seed informations of correspondence, therefore, original document is encrypted according to seed information it is obtaining plus Ciphertext part has independence, even if some encryption file is cracked, also cannot be cracked according to the mode that cracks of the encryption file Others encryption file, therefore the safety of data can be improved.
Alternatively, the embodiment of the present invention be not any limitation as the granularity of original document corresponding to above-mentioned seed information. For example, a seed information can be individually created to each file with file as granularity, so it is corresponding according to its to each file Seed information is individually encrypted.Or, with catalogue as granularity, a seed is generated to the All Files under certain catalogue Information, and then the All Files under the catalogue is encrypted according to the seed information unification.
In a kind of alternative embodiment of the present invention, the seed information can be to be generated by Generating Random Number Random number, the seed information different to ensure different original document correspondences.Specifically, in the original document for receiving user's upload Afterwards, random number can be generated as the corresponding seed information of the original document according to default Generating Random Number.Certainly, energy Enough ensure that seed information has any seed generating algorithm of randomness and uniqueness in the protection domain of the embodiment of the present invention Within.
Step 102, the original document is encrypted according to the seed information, obtains the original document pair The encryption file answered;
It is described the original document is encrypted according to the seed information in a kind of alternative embodiment of the present invention Process, obtain the step of original document is corresponding to encrypt file, specifically can include:
Step S11, the corresponding encryption key of the original document is generated according to the seed information;
The embodiment of the present invention generates the corresponding encryption key of the original document according to seed information so that different is original File can correspond to different encryption keys, even if some encryption key is cracked, also not interfere with other encryption keys, The difficulty that encryption key is cracked can be improved, and then the safety of encryption key can be improved.
In an embodiment of the present invention, MD5 (Message Digest directly can be carried out to seed information Algorithm, Message Digest Algorithm 5) process and obtain hashed value, and using the hashed value as encryption key, wherein, MD5 is safer as irreversible encryption method, but if individually adopting MD5 algorithms, the seed letter shorter for length Breath yet suffers from the risk cracked by rainbow table.
For the risk cracked by rainbow table that the shorter seed information of above-mentioned length is present, can in the another kind of the present invention It is described the step of generate the original document corresponding encryption key according to the seed information in selecting embodiment, specifically can be with Including:
Step S111, the seed information is carried out plus salt treatment;
The embodiment of the present invention was first carried out plus salt treatment before MD5 hashings are carried out to seed information to seed information, That is, in the case where seed information is shorter, the longer character string of the preceding paragraph, this section of character string can be added after the seed information " salt " is properly termed as, then the seed information again pair plus after salt treatment calculates the corresponding hashed values of MD5, can increase seed information The anti-safety for pushing away difficulty, and then encryption key being improved.
Step S112, pair plus salt treatment after seed information carry out Message Digest Algorithm 5 MD5 hashings, obtain Corresponding hashed value;
Step S113, shift operation and/or presetting bit replacement are carried out to the hashed value according to presetting rule process, obtain Encryption key.
By seed information is carried out plus salt treatment and MD5 hashings after, the hashed value for obtaining can as plus Close key, the encryption key is safer, even if disabled user obtains the encryption key, it is also difficult to anti-to release seed letter Breath.However, in order to prevent disabled user from seed information, the embodiment of the present invention are obtained by way of Brute Force to encrypting key To the hashed value obtained after MD5 hashings, further perform shift operation and presetting bit replacement is processed, finally give more The encryption key of safety, that is, the safety of encryption key can be improved further, and further increases the anti-of seed information Push away difficulty.
Wherein, the shift operation refer to the hashed value by binary form all of numeral to the left or to the right The corresponding digit of movement.The presetting bit is replaced and refers to a certain position therein be replaced by binary form the hashed value For default value, for example, binary second is replaced with into 0.It is appreciated that the embodiment of the present invention is carried out to the hashed value Shift operation and/or presetting bit are replaced the presetting rule for processing and are not any limitation as.
In actual applications, the embodiment of the present invention can be carried out first after shift operation to the hashed value, then to displacement fortune Hashed value after calculation carries out presetting bit replacement process, obtains encrypting key.Or, shift operation can also be chosen and presetting bit is replaced Any one changed in processing is processed the hashed value, obtains encrypting key.Thus, the encryption of the embodiment of the present invention is secret Key generating process is complex, improves the safety of encryption key.
In a kind of alternative embodiment of the present invention, can generate in the internal memory of Cloud Server or cloud proxy server The encryption key, and generate encryption key be not stored in disk, with prevent disabled user pass through read Cloud Server Or the disk of cloud proxy server obtains encryption key, is further ensured that the safety of encryption key.
Step S12, using the encryption key, the original document is encrypted according to preset AES, Obtain encrypting file.
Wherein, the preset AES can be AES (Advanced Encryption Standard, superencipherment Standard), such as AES-128.Specifically, using the encryption key of above-mentioned generation, AES-128 encryptions are carried out to original document, is obtained Encryption file.It is appreciated that the embodiment of the present invention is not any limitation as the concrete species of the preset AES, for example also Can be DEA (Data Encryption Algorithm, DEA), RSA (rivest, shamir, adelman) etc..
Step 103, by the seed information be encapsulated in it is described encryption file heading in, after storage enclosure plus ciphertext Part.
The embodiment of the present invention original document is encrypted obtain it is corresponding encryption file after, can also pair plus Ciphertext part is packaged, and specifically, can increase self-defining heading to the encryption file, and the encryption file is corresponding Seed information is encapsulated in the heading of encryption file, when being decrypted to the encryption file, can obtain this plus ciphertext The corresponding seed information of part, and then be decrypted and obtain corresponding original document to encrypting file.
To sum up, the embodiment of the present invention generates corresponding seed information to original document, according to the seed information to described Original document is encrypted, and the corresponding encryption file of the original document is obtained, because different original documents can be right Different seed informations are answered, therefore, the encryption file for obtaining is encrypted to original document according to seed information and is had solely Vertical property, even if some encryption file is cracked, also cannot crack other plus ciphertext according to the mode that cracks of the encryption file Part, such that it is able to improve the information security of Cloud Server.
Additionally, the embodiment of the present invention can be added with according to seed information, being packaged and storing to encrypting file with setting up Corresponding relation between ciphertext part and seed information, such that it is able to easily the encryption file after encapsulation being parsed and being solved It is close, to obtain original document.
Embodiment of the method two
In order to further improve the information security of Cloud Server, the embodiment of the present invention can also be applied to cloud agency service Device, such as Nginx servers.With reference to Fig. 2, a kind of network structure including cloud proxy server for showing the present invention is illustrated Figure, the cloud proxy server 202 is connected between client 201 and Cloud Server 203.
With reference to Fig. 3, flow chart the step of show a kind of document handling method according to an embodiment of the invention, specifically May include steps of:
Step 301, the corresponding seed information of generation original document;
Step 302, the original document is encrypted according to the seed information, obtains the original document pair The encryption file answered;
Step 303, by the seed information be encapsulated in it is described encryption file heading in;
Step 304, by encapsulation after the encryption file send to Cloud Server and stored.
In embodiments of the present invention, the original text that the cloud proxy server can pass through client upload with receive user Part, and the original document is encrypted and encapsulation process using the document handling method for providing of the invention, sealed Encryption file after dress, the encryption file after the encapsulation is finally sent to Cloud Server stored.
When the access request of the data during the cloud proxy server receives user for Cloud Server, the cloud generation Reason server can obtain the encryption file after the encapsulation of the user's request from Cloud Server, and the cloud proxy server is to institute State the encryption file after encapsulation to be parsed and decryption processing, obtain corresponding original document, then the original document is returned To user.
The original document that the embodiment of the present invention is uploaded by cloud proxy server receive user, and by cloud agency service Device is encrypted and encapsulates to the original document, is finally deposited the encryption files passe after encapsulation to Cloud Server Storage.Although user data is remained stored in Cloud Server, user can only be taken by cloud proxy server dereference cloud The data stored in business device, and Cloud Server can not be directly accessed, such that it is able to the information security for further improving Cloud Server.
Embodiment of the method three
The present embodiment is applied to cloud proxy server, and by the original document that user uploads be encrypted and encapsulation at After reason, in being stored in cloud proxy server, data interaction is carried out by cloud proxy server and user.With reference to Fig. 4, root is shown According to one embodiment of the invention a kind of document handling method the step of flow chart, specifically may include steps of:
Step 401, the corresponding seed information of generation original document;
Step 402, the original document is encrypted according to the seed information, obtains the original document pair The encryption file answered;
Step 403, by the seed information be encapsulated in it is described encryption file heading in, after storage enclosure plus ciphertext Part;
Step 404, the encryption file is parsed, obtain the encryption corresponding seed information of file;
It is described that the encryption file is parsed in a kind of alternative embodiment of the present invention, obtain described plus ciphertext The step of part corresponding seed information, specifically can include:
Step S31, to it is described encryption file parse, obtain it is described encryption file message header;
Step S32, the seed information for reading from the message header encryption file.
Step 405, according to the seed information to it is described encryption file be decrypted process, obtain original document;
Step 406, the transmission original document.
It is described the encryption file is decrypted according to the seed information in a kind of alternative embodiment of the present invention Process, the step of obtain original document, specifically can include:
Step S41, the corresponding decryption key of the original document is generated according to the seed information;
Step S42, using the decryption key, process is decrypted to the encryption file according to preset decipherment algorithm, Obtain original document.
In embodiments of the present invention, to encrypting during file is decrypted, the seed information that parsing is obtained by According to being calculated with generation encryption key identical algorithm, to obtain decrypting key, and then can be according to the decryption secret key pair Encryption file is decrypted process, obtains original document, wherein, the preset decipherment algorithm is identical with preset AES.
Alternatively, it is identical with the generation method of decryption key due to encrypting key, and hence it is also possible to directly secret using encryption Key is decrypted process to the encryption file.For the accuracy for ensureing to decrypt, the embodiment of the present invention is believed according to the seed Breath generates the corresponding decryption key of the original document, and the encryption key and decryption key are compared, if the two Identical, then explanation encryption file is legal, and the encryption file can be decrypted;Otherwise, illustrate that encryption file is illegal, then refuse The definitely encryption file is decrypted, to avoid sending the file of decryption error to user.
To sum up, the embodiment of the present invention can be applicable to cloud proxy server, and the original document that user uploads is carried out to add After close and encapsulation process, in being stored in cloud proxy server, user is received for data in the cloud proxy server During access request, cloud proxy server directly can be parsed and solved to the encryption file after the encapsulation of the user's request It is close, obtain original document and be sent to user, cloud proxy server without interacting with Cloud Server, such that it is able to improve number According to the efficiency of transmission, and mitigate the burden of Cloud Server.
Device embodiment
With reference to Fig. 5, a kind of structured flowchart of document handling apparatus according to an embodiment of the invention is shown, specifically may be used To include such as lower module:
Seed generation module 501, for generating the corresponding seed information of original document;
File encryption module 502, for being encrypted to the original document according to the seed information, obtains institute State the corresponding encryption file of original document;
Encapsulation storage module 503, for the seed information to be encapsulated in the heading of the encryption file, storage envelope Encryption file after dress.
In a kind of alternative embodiment of the present invention, the file encryption module 502 specifically can include:
Encryption key generates submodule, secret for generating the corresponding encryption of the original document according to the seed information Key;
Encryption submodule, for using the encryption key, carrying out adding to the original document according to preset AES Close process, obtains encrypting file.
In another kind of alternative embodiment of the present invention, the encryption key generates submodule, specifically can include:
Salt adding processing unit, for carrying out adding salt treatment to the seed information;
Hashing unit, adds the seed information after salt treatment to carry out Message Digest Algorithm 5 MD5 hash for pair Process, obtain corresponding hashed value;
Displacement replacement unit, for shift operation and/or presetting bit replacement to be carried out to the hashed value according to presetting rule Process, obtain encrypting key.
In another alternative embodiment of the present invention, described device can also include:
Document analysis module, for parsing to the encryption file, obtains the corresponding seed letter of the encryption file Breath;
File decryption module, for being decrypted process to the encryption file according to the seed information, obtains original File;
First sending module, for sending the original document.
In another alternative embodiment of the present invention, the document analysis module specifically can include:
Analyzing sub-module, for parsing to the encryption file, obtains the message header of the encryption file;
Reading submodule, for reading the seed information of the encryption file from the message header.
In another alternative embodiment of the present invention, the file decryption module specifically can include:
Decruption key generates submodule, secret for generating the corresponding decryption of the original document according to the seed information Key;
Decryption submodule, for using the decryption key, solving to the encryption file according to preset decipherment algorithm Close process, obtains original document.
The present invention another alternative embodiment in, the seed information be by Generating Random Number generate with Machine number.
In another alternative embodiment of the present invention, described device can be applicable to cloud proxy server, and described device is also Can include:
Second sending module, sends to Cloud Server for the encryption file after by encapsulation.
For device embodiment, due to itself and embodiment of the method basic simlarity, so description is fairly simple, it is related Part is illustrated referring to the part of embodiment of the method.
Provided herein algorithm and display be not inherently related to any certain computer, virtual system or other equipment. Various general-purpose systems can also be used together based on teaching in this.As described above, construct required by this kind of system Structure be obvious.Additionally, the present invention is also not for any certain programmed language.It is understood that, it is possible to use it is various Programming language realizes the content of invention described herein, and the description done to language-specific above is to disclose this Bright preferred forms.
In description mentioned herein, a large amount of details are illustrated.It is to be appreciated, however, that the enforcement of the present invention Example can be put into practice in the case of without these details.In some instances, known method, structure is not been shown in detail And technology, so as not to obscure the understanding of this description.
Similarly, it will be appreciated that in order to simplify the disclosure and help understand one or more in each inventive aspect, exist Above in the description of the exemplary embodiment of the present invention, each feature of the present invention is grouped together into single enforcement sometimes In example, figure or descriptions thereof.However, the method for the disclosure should be construed to reflect following intention:I.e. required guarantor The more features of feature that the application claims ratio of shield is expressly recited in each claim.More precisely, such as following Claims reflect as, inventive aspect is all features less than single embodiment disclosed above.Therefore, Thus the claims for following specific embodiment are expressly incorporated in the specific embodiment, wherein each claim itself All as the separate embodiments of the present invention.
Those skilled in the art are appreciated that can be carried out adaptively to the module in the equipment in embodiment Change and they are arranged in one or more equipment different from the embodiment.Can be the module or list in embodiment Unit or component are combined into a module or unit or component, and can be divided in addition multiple submodule or subelement or Sub-component.In addition at least some in such feature and/or process or unit is excluded each other, can adopt any Combine to all features disclosed in this specification (including adjoint claim, summary and accompanying drawing) and so disclosed Where all processes or unit of method or equipment are combined.Unless expressly stated otherwise, this specification is (including adjoint power Profit is required, summary and accompanying drawing) disclosed in each feature can it is identical by offers, be equal to or the alternative features of similar purpose carry out generation Replace.
Although additionally, it will be appreciated by those of skill in the art that some embodiments described herein include other embodiment In included some features rather than other features, but the combination of the feature of different embodiments means in of the invention Within the scope of and form different embodiments.For example, in the following claims, embodiment required for protection appoint One of meaning can in any combination mode using.
The present invention all parts embodiment can be realized with hardware, or with one or more processor operation Software module realize, or with combinations thereof realization.It will be understood by those of skill in the art that can use in practice During microprocessor or digital signal processor (DSP) are to realize document handling method and device according to embodiments of the present invention The some or all functions of some or all parts.The present invention is also implemented as performing method as described herein Some or all equipment or program of device (for example, computer program and computer program).Such reality The program of the existing present invention can be stored on a computer-readable medium, or can have the form of one or more signal. Such signal can be downloaded from Internet platform and obtained, or be provided on carrier signal, or in any other form There is provided.
It should be noted that above-described embodiment the present invention will be described rather than limits the invention, and ability Field technique personnel can design without departing from the scope of the appended claims alternative embodiment.In the claims, Any reference markss between bracket should not be configured to limitations on claims.Word " including " is not excluded the presence of not Element listed in the claims or step.Word "a" or "an" before element does not exclude the presence of multiple such Element.The present invention can come real by means of the hardware for including some different elements and by means of properly programmed computer It is existing.If in the unit claim for listing equipment for drying, several in these devices can be by same hardware branch To embody.The use of word first, second, and third does not indicate that any order.These words can be explained and be run after fame Claim.
The invention discloses A1, a kind of document handling method, including:
Generate the corresponding seed information of original document;
The original document is encrypted according to the seed information, obtains the corresponding encryption of the original document File;
The seed information is encapsulated in the heading of the encryption file, the encryption file after storage enclosure.
A2, the method as described in A1, it is described the original document is encrypted according to the seed information, obtain The step of original document corresponding encryption file, including:
The corresponding encryption key of the original document is generated according to the seed information;
Using the encryption key, the original document is encrypted according to preset AES, is encrypted File.
A3, the method as described in A2, it is described that the corresponding encryption key of the original document is generated according to the seed information The step of, including:
The seed information is carried out plus salt treatment;
Pair plus salt treatment after seed information carry out Message Digest Algorithm 5 MD5 hashings, obtain it is corresponding dissipate Train value;
Shift operation is carried out to the hashed value according to presetting rule and/or presetting bit replacement is processed, obtain encrypting key.
A4, the method as described in A1, methods described also includes:
The encryption file is parsed, the corresponding seed information of the encryption file is obtained;
Process is decrypted to the encryption file according to the seed information, original document is obtained;
Send the original document.
A5, the method as described in A4, it is described that the encryption file is parsed, obtain the corresponding kind of the encryption file The step of sub-information, including:
The encryption file is parsed, the message header of the encryption file is obtained;
The seed information of the encryption file is read from the message header.
A6, the method as described in A4, it is described that process is decrypted to the encryption file according to the seed information, obtain The step of original document, including:
The corresponding decryption key of the original document is generated according to the seed information;
Using the decryption key, process is decrypted to the encryption file according to preset decipherment algorithm, obtains original File.
A7, the method as described in arbitrary in A1 to A6, the seed information be by Generating Random Number generate with Machine number.
A8, the method as described in A1, methods described is applied to cloud proxy server, and methods described also includes:
The encryption file after by encapsulation is sent to Cloud Server.
The invention discloses B9, a kind of document handling apparatus, including:
Seed generation module, for generating the corresponding seed information of original document;
File encryption module, for being encrypted to the original document according to the seed information, obtains described The corresponding encryption file of original document;
Encapsulation storage module, for the seed information to be encapsulated in the heading of the encryption file, storage enclosure Encryption file afterwards.
B10, the device as described in B9, the file encryption module, including:
Encryption key generates submodule, secret for generating the corresponding encryption of the original document according to the seed information Key;
Encryption submodule, for using the encryption key, carrying out adding to the original document according to preset AES Close process, obtains encrypting file.
B11, the device as described in B10, the encryption key generates submodule, including:
Salt adding processing unit, for carrying out adding salt treatment to the seed information;
Hashing unit, adds the seed information after salt treatment to carry out Message Digest Algorithm 5 MD5 hash for pair Process, obtain corresponding hashed value;
Displacement replacement unit, for shift operation and/or presetting bit replacement to be carried out to the hashed value according to presetting rule Process, obtain encrypting key.
B12, the device as described in B9, described device also includes:
Document analysis module, for parsing to the encryption file, obtains the corresponding seed letter of the encryption file Breath;
File decryption module, for being decrypted process to the encryption file according to the seed information, obtains original File;
First sending module, for sending the original document.
B13, the device as described in B12, the document analysis module, including:
Analyzing sub-module, for parsing to the encryption file, obtains the message header of the encryption file;
Reading submodule, for reading the seed information of the encryption file from the message header.
B14, the device as described in B12, the file decryption module, including:
Decruption key generates submodule, secret for generating the corresponding decryption of the original document according to the seed information Key;
Decryption submodule, for using the decryption key, solving to the encryption file according to preset decipherment algorithm Close process, obtains original document.
B15, the device as described in arbitrary in B9 to B14, the seed information is to be generated by Generating Random Number Random number.
B16, the device as described in B9, described device is applied to cloud proxy server, and described device also includes:
Second sending module, sends to Cloud Server for the encryption file after by encapsulation.

Claims (10)

1. a kind of document handling method, it is characterised in that methods described includes:
Generate the corresponding seed information of original document;
The original document is encrypted according to the seed information, obtains that the original document is corresponding plus ciphertext Part;
The seed information is encapsulated in the heading of the encryption file, the encryption file after storage enclosure.
2. the method for claim 1, it is characterised in that described the original document is carried out according to the seed information Encryption, obtains the step of original document is corresponding to encrypt file, including:
The corresponding encryption key of the original document is generated according to the seed information;
Using the encryption key, the original document is encrypted according to preset AES, obtains encrypting file.
3. method as claimed in claim 2, it is characterised in that described that the original document pair is generated according to the seed information The step of encryption key answered, including:
The seed information is carried out plus salt treatment;
Pair plus salt treatment after seed information carry out Message Digest Algorithm 5 MD5 hashings, obtain corresponding hashed value;
Shift operation is carried out to the hashed value according to presetting rule and/or presetting bit replacement is processed, obtain encrypting key.
4. the method for claim 1, it is characterised in that methods described also includes:
The encryption file is parsed, the corresponding seed information of the encryption file is obtained;
Process is decrypted to the encryption file according to the seed information, original document is obtained;
Send the original document.
5. method as claimed in claim 4, it is characterised in that described that the encryption file is parsed, obtain it is described plus The step of ciphertext part corresponding seed information, including:
The encryption file is parsed, the message header of the encryption file is obtained;
The seed information of the encryption file is read from the message header.
6. method as claimed in claim 4, it is characterised in that described the encryption file is carried out according to the seed information Decryption processing, the step of obtain original document, including:
The corresponding decryption key of the original document is generated according to the seed information;
Using the decryption key, process is decrypted to the encryption file according to preset decipherment algorithm, obtains original document.
7. the method as described in arbitrary in claim 1 to 6, it is characterised in that the seed information is by generating random number The random number that algorithm is generated.
8. the method for claim 1, it is characterised in that methods described is applied to cloud proxy server, and methods described is also Including:
The encryption file after by encapsulation is sent to Cloud Server.
9. a kind of document handling apparatus, it is characterised in that described device includes:
Seed generation module, for generating the corresponding seed information of original document;
File encryption module, for being encrypted to the original document according to the seed information, obtains described original The corresponding encryption file of file;
Encapsulation storage module, for the seed information to be encapsulated in the heading of the encryption file, after storage enclosure Encryption file.
10. device as claimed in claim 9, it is characterised in that the file encryption module, including:
Encryption key generates submodule, for generating the corresponding encryption key of the original document according to the seed information;
Encryption submodule, for using the encryption key, place being encrypted to the original document according to preset AES Reason, obtains encrypting file.
CN201611250389.0A 2016-12-29 2016-12-29 File processing method and device Pending CN106611130A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611250389.0A CN106611130A (en) 2016-12-29 2016-12-29 File processing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611250389.0A CN106611130A (en) 2016-12-29 2016-12-29 File processing method and device

Publications (1)

Publication Number Publication Date
CN106611130A true CN106611130A (en) 2017-05-03

Family

ID=58636191

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611250389.0A Pending CN106611130A (en) 2016-12-29 2016-12-29 File processing method and device

Country Status (1)

Country Link
CN (1) CN106611130A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109005184A (en) * 2018-08-17 2018-12-14 上海小蚁科技有限公司 File encrypting method and device, storage medium, terminal

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1480851A (en) * 2002-09-04 2004-03-10 斌 杨 Computer encryption unit and encryption method
CN103067158A (en) * 2012-12-27 2013-04-24 华为技术有限公司 Encryption and decryption method, terminal device, gateway device and key management system
CN103236930A (en) * 2013-04-27 2013-08-07 深圳市中兴移动通信有限公司 Data encryption method and system
CN104268458A (en) * 2014-09-23 2015-01-07 潍柴动力股份有限公司 Vehicle program encrypting and verifying method and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1480851A (en) * 2002-09-04 2004-03-10 斌 杨 Computer encryption unit and encryption method
CN103067158A (en) * 2012-12-27 2013-04-24 华为技术有限公司 Encryption and decryption method, terminal device, gateway device and key management system
CN103236930A (en) * 2013-04-27 2013-08-07 深圳市中兴移动通信有限公司 Data encryption method and system
CN104268458A (en) * 2014-09-23 2015-01-07 潍柴动力股份有限公司 Vehicle program encrypting and verifying method and device

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109005184A (en) * 2018-08-17 2018-12-14 上海小蚁科技有限公司 File encrypting method and device, storage medium, terminal

Similar Documents

Publication Publication Date Title
US10652015B2 (en) Confidential communication management
US10069809B2 (en) System and method for secure transmission of web pages using encryption of their content
US8694467B2 (en) Random number based data integrity verification method and system for distributed cloud storage
US9852300B2 (en) Secure audit logging
CN104255009A (en) Systems and methods for segment integrity and authenticity for adaptive streaming
CN111131282B (en) Request encryption method and device, electronic equipment and storage medium
EP3068067B1 (en) Implementing padding in a white-box implementation
EP3035584B1 (en) Using single white-box implementation with multiple external encodings
Junghanns et al. Engineering of secure multi-cloud storage
CN114785524A (en) Electronic seal generation method, device, equipment and medium
EP3413509B1 (en) Cmac computation using white-box implementations with external encodings
CN110008654B (en) Electronic file processing method and device
CN106611130A (en) File processing method and device
JP2022094333A (en) Computer implementation method of extended key wrapping, computer program product and system (key block extended wrapping) including computer readable storage medium with program instruction
Haller Cloud storage systems: From bad practice to practical attacks
CN112597453A (en) Program code encryption and decryption method and device
Joshua et al. AN ENHANCED SOFTWARE AS A SERVICE (SAAS) ARCHITECTURAL MODEL FOR CLOUD BASED SECURITY USING HYBRID SYMMETRIC ALGORITHM.
Manjula et al. Cryptography and Adversarial Analysis for Cloud Data Security
CN113656810A (en) Application program encryption method and device, electronic equipment and storage medium
Freitas Privacy in Hostile Environments
Lenz et al. A Secure and Confidential Javascript Crypto-Framework for Cloud Storage Applications

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20170503