CN106611130A - File processing method and device - Google Patents
File processing method and device Download PDFInfo
- Publication number
- CN106611130A CN106611130A CN201611250389.0A CN201611250389A CN106611130A CN 106611130 A CN106611130 A CN 106611130A CN 201611250389 A CN201611250389 A CN 201611250389A CN 106611130 A CN106611130 A CN 106611130A
- Authority
- CN
- China
- Prior art keywords
- file
- encryption
- seed information
- original document
- encryption file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention provides a file processing method and a file processing device. The method specifically comprises the steps of generating seed information corresponding to an original file; encrypting the original file according to the seed information, thus acquiring an encrypted file corresponding to the original file; and packaging the seed information into a message header of the encrypted file, and storing the packaged encrypted file. According to the method and device provided by the invention, the encrypted file is independent, even one encrypted file is cracked, the other encrypted files cannot be cracked according to a cracking mode of the encrypted file, and thus information security of a cloud server can be improved.
Description
Technical field
The present invention relates to communication technical field, more particularly to a kind of document handling method and device.
Background technology
With the fast development of network technology, user can be by the local data in the equipment such as PC, mobile terminal
Cloud Server is uploaded to, using Cloud Server personal data are stored, user can be whenever and wherever possible by network to being stored in cloud clothes
Data in business device are browsed, downloaded, change etc. to be operated, and is that user brings great convenience.
At present, some disabled users attack to illegally obtain the data in Cloud Server to the interface of Cloud Server
Hit, and the interface of Cloud Server is once subjected to attack and the user data stored in Cloud Server will be caused to reveal or lose.
Therefore, in order to ensure confidentiality and the safety of user data, Cloud Server can be encrypted storage to the data that user uploads.
Inventor has found that in the practice of the invention existing Cloud Server generally adopts unified AES pair
Data in Cloud Server are encrypted storage, once the unified AES is cracked, then all numbers in Cloud Server
It is that user data brings potential safety hazard according to will all face the risk revealed or lose.
The content of the invention
In view of the above problems, it is proposed that the present invention so as to provide one kind overcome the problems referred to above or at least in part solve on
State a kind of document handling method and device of problem.
According to one aspect of the present invention, there is provided a kind of document handling method, including:
Generate the corresponding seed information of original document;
The original document is encrypted according to the seed information, obtains the corresponding encryption of the original document
File;
The seed information is encapsulated in the heading of the encryption file, the encryption file after storage enclosure.
Alternatively, it is described the original document is encrypted according to the seed information, obtain the original text
Part it is corresponding encryption file the step of, including:
The corresponding encryption key of the original document is generated according to the seed information;
Using the encryption key, the original document is encrypted according to preset AES, is encrypted
File.
Alternatively, it is described that the step of original document is corresponding to encrypt key is generated according to the seed information, including:
The seed information is carried out plus salt treatment;
Pair plus salt treatment after seed information carry out Message Digest Algorithm 5 MD5 hashings, obtain it is corresponding dissipate
Train value;
Shift operation is carried out to the hashed value according to presetting rule and/or presetting bit replacement is processed, obtain encrypting key.
Alternatively, methods described also includes:
The encryption file is parsed, the corresponding seed information of the encryption file is obtained;
Process is decrypted to the encryption file according to the seed information, original document is obtained;
Send the original document.
Alternatively, the step that the encryption file is parsed, the corresponding seed information of the encryption file is obtained
Suddenly, including:
The encryption file is parsed, the message header of the encryption file is obtained;
The seed information of the encryption file is read from the message header.
Alternatively, it is described that process is decrypted to the encryption file according to the seed information, obtain original document
Step, including:
The corresponding decryption key of the original document is generated according to the seed information;
Using the decryption key, process is decrypted to the encryption file according to preset decipherment algorithm, obtains original
File.
Alternatively, the seed information is the random number generated by Generating Random Number.
Alternatively, methods described is applied to cloud proxy server, and methods described also includes:
The encryption file after by encapsulation is sent to Cloud Server.
According to a further aspect in the invention, there is provided a kind of document handling apparatus, including:
Seed generation module, for generating the corresponding seed information of original document;
File encryption module, for being encrypted to the original document according to the seed information, obtains described
The corresponding encryption file of original document;
Encapsulation storage module, for the seed information to be encapsulated in the heading of the encryption file, storage enclosure
Encryption file afterwards.
Alternatively, the file encryption module, including:
Encryption key generates submodule, secret for generating the corresponding encryption of the original document according to the seed information
Key;
Encryption submodule, for using the encryption key, carrying out adding to the original document according to preset AES
Close process, obtains encrypting file.
Alternatively, the encryption key generates submodule, including:
Salt adding processing unit, for carrying out adding salt treatment to the seed information;
Hashing unit, adds the seed information after salt treatment to carry out Message Digest Algorithm 5 MD5 hash for pair
Process, obtain corresponding hashed value;
Displacement replacement unit, for shift operation and/or presetting bit replacement to be carried out to the hashed value according to presetting rule
Process, obtain encrypting key.
Alternatively, described device also includes:
Document analysis module, for parsing to the encryption file, obtains the corresponding seed letter of the encryption file
Breath;
File decryption module, for being decrypted process to the encryption file according to the seed information, obtains original
File;
First sending module, for sending the original document.
Alternatively, the document analysis module, including:
Analyzing sub-module, for parsing to the encryption file, obtains the message header of the encryption file;
Reading submodule, for reading the seed information of the encryption file from the message header.
Alternatively, the file decryption module, including:
Decruption key generates submodule, secret for generating the corresponding decryption of the original document according to the seed information
Key;
Decryption submodule, for using the decryption key, solving to the encryption file according to preset decipherment algorithm
Close process, obtains original document.
Alternatively, the seed information is the random number generated by Generating Random Number.
Alternatively, described device is applied to cloud proxy server, and described device also includes:
Second sending module, sends to Cloud Server for the encryption file after by encapsulation.
A kind of document handling method for providing according to embodiments of the present invention and device, for original document corresponding kind is generated
Sub-information, is encrypted according to the seed information to the original document, obtains the corresponding encryption of the original document
File, because different original documents can correspond to different seed informations, therefore, original document is carried out according to seed information
The encryption file that encryption is obtained has independence, even if some encryption file is cracked, also cannot add ciphertext according to this
The mode that cracks of part cracks other encryption files, such that it is able to improve the information security of Cloud Server.
Additionally, the embodiment of the present invention can be added with according to seed information, being packaged and storing to encrypting file with setting up
Corresponding relation between ciphertext part and seed information, such that it is able to easily the encryption file after encapsulation being parsed and being solved
It is close, to obtain original document.
Described above is only the general introduction of technical solution of the present invention, in order to better understand the technological means of the present invention,
And can be practiced according to the content of description, and in order to allow the present invention above and other objects, features and advantages can
Become apparent, below especially exemplified by the specific embodiment of the present invention.
Description of the drawings
By the detailed description for reading hereafter optional embodiment, various other advantages and benefit is common for this area
Technical staff will be clear from understanding.Accompanying drawing is only used for illustrating the purpose of optional embodiment, and is not considered as to the present invention
Restriction.And in whole accompanying drawing, it is denoted by the same reference numerals identical part.In the accompanying drawings:
The step of Fig. 1 shows a kind of document handling method according to an embodiment of the invention flow chart;
Fig. 2 shows a kind of schematic network structure including cloud proxy server of the present invention;
The step of Fig. 3 shows a kind of document handling method according to an embodiment of the invention flow chart;
The step of Fig. 4 shows a kind of document handling method according to an embodiment of the invention flow chart;And
Fig. 5 shows a kind of structured flowchart of document handling apparatus according to an embodiment of the invention.
Specific embodiment
The exemplary embodiment of the disclosure is more fully described below with reference to accompanying drawings.Although showing the disclosure in accompanying drawing
Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure and should not be by embodiments set forth here
Limited.On the contrary, there is provided these embodiments are able to be best understood from the disclosure, and can be by the scope of the present disclosure
Complete conveys to those skilled in the art.
Embodiment of the method one
With reference to Fig. 1, flow chart the step of show a kind of document handling method according to an embodiment of the invention, specifically
May include steps of:
Step 101, the corresponding seed information of generation original document;
The embodiment of the present invention can be applicable to the application scenarios of Cloud Server, the Cloud Server can receive user pass through client
The original document that end uploads, and the original document is encrypted and is stored;So, user is being received for cloud service
During the access request of the encryption file stored in device, the encryption file can be decrypted and obtain original document, and be returned
To user.It is appreciated that the application scenarios of above-mentioned Cloud Server are intended only as application example, actually the embodiment of the present invention for
Specific application scenarios are not any limitation as.
The original document can include any type of data file, such as picture, video etc..Embodiment of the present invention pin
Corresponding seed information is generated to original document, original document is encrypted according to the seed information, due to difference
The original document different seed informations of correspondence, therefore, original document is encrypted according to seed information it is obtaining plus
Ciphertext part has independence, even if some encryption file is cracked, also cannot be cracked according to the mode that cracks of the encryption file
Others encryption file, therefore the safety of data can be improved.
Alternatively, the embodiment of the present invention be not any limitation as the granularity of original document corresponding to above-mentioned seed information.
For example, a seed information can be individually created to each file with file as granularity, so it is corresponding according to its to each file
Seed information is individually encrypted.Or, with catalogue as granularity, a seed is generated to the All Files under certain catalogue
Information, and then the All Files under the catalogue is encrypted according to the seed information unification.
In a kind of alternative embodiment of the present invention, the seed information can be to be generated by Generating Random Number
Random number, the seed information different to ensure different original document correspondences.Specifically, in the original document for receiving user's upload
Afterwards, random number can be generated as the corresponding seed information of the original document according to default Generating Random Number.Certainly, energy
Enough ensure that seed information has any seed generating algorithm of randomness and uniqueness in the protection domain of the embodiment of the present invention
Within.
Step 102, the original document is encrypted according to the seed information, obtains the original document pair
The encryption file answered;
It is described the original document is encrypted according to the seed information in a kind of alternative embodiment of the present invention
Process, obtain the step of original document is corresponding to encrypt file, specifically can include:
Step S11, the corresponding encryption key of the original document is generated according to the seed information;
The embodiment of the present invention generates the corresponding encryption key of the original document according to seed information so that different is original
File can correspond to different encryption keys, even if some encryption key is cracked, also not interfere with other encryption keys,
The difficulty that encryption key is cracked can be improved, and then the safety of encryption key can be improved.
In an embodiment of the present invention, MD5 (Message Digest directly can be carried out to seed information
Algorithm, Message Digest Algorithm 5) process and obtain hashed value, and using the hashed value as encryption key, wherein,
MD5 is safer as irreversible encryption method, but if individually adopting MD5 algorithms, the seed letter shorter for length
Breath yet suffers from the risk cracked by rainbow table.
For the risk cracked by rainbow table that the shorter seed information of above-mentioned length is present, can in the another kind of the present invention
It is described the step of generate the original document corresponding encryption key according to the seed information in selecting embodiment, specifically can be with
Including:
Step S111, the seed information is carried out plus salt treatment;
The embodiment of the present invention was first carried out plus salt treatment before MD5 hashings are carried out to seed information to seed information,
That is, in the case where seed information is shorter, the longer character string of the preceding paragraph, this section of character string can be added after the seed information
" salt " is properly termed as, then the seed information again pair plus after salt treatment calculates the corresponding hashed values of MD5, can increase seed information
The anti-safety for pushing away difficulty, and then encryption key being improved.
Step S112, pair plus salt treatment after seed information carry out Message Digest Algorithm 5 MD5 hashings, obtain
Corresponding hashed value;
Step S113, shift operation and/or presetting bit replacement are carried out to the hashed value according to presetting rule process, obtain
Encryption key.
By seed information is carried out plus salt treatment and MD5 hashings after, the hashed value for obtaining can as plus
Close key, the encryption key is safer, even if disabled user obtains the encryption key, it is also difficult to anti-to release seed letter
Breath.However, in order to prevent disabled user from seed information, the embodiment of the present invention are obtained by way of Brute Force to encrypting key
To the hashed value obtained after MD5 hashings, further perform shift operation and presetting bit replacement is processed, finally give more
The encryption key of safety, that is, the safety of encryption key can be improved further, and further increases the anti-of seed information
Push away difficulty.
Wherein, the shift operation refer to the hashed value by binary form all of numeral to the left or to the right
The corresponding digit of movement.The presetting bit is replaced and refers to a certain position therein be replaced by binary form the hashed value
For default value, for example, binary second is replaced with into 0.It is appreciated that the embodiment of the present invention is carried out to the hashed value
Shift operation and/or presetting bit are replaced the presetting rule for processing and are not any limitation as.
In actual applications, the embodiment of the present invention can be carried out first after shift operation to the hashed value, then to displacement fortune
Hashed value after calculation carries out presetting bit replacement process, obtains encrypting key.Or, shift operation can also be chosen and presetting bit is replaced
Any one changed in processing is processed the hashed value, obtains encrypting key.Thus, the encryption of the embodiment of the present invention is secret
Key generating process is complex, improves the safety of encryption key.
In a kind of alternative embodiment of the present invention, can generate in the internal memory of Cloud Server or cloud proxy server
The encryption key, and generate encryption key be not stored in disk, with prevent disabled user pass through read Cloud Server
Or the disk of cloud proxy server obtains encryption key, is further ensured that the safety of encryption key.
Step S12, using the encryption key, the original document is encrypted according to preset AES,
Obtain encrypting file.
Wherein, the preset AES can be AES (Advanced Encryption Standard, superencipherment
Standard), such as AES-128.Specifically, using the encryption key of above-mentioned generation, AES-128 encryptions are carried out to original document, is obtained
Encryption file.It is appreciated that the embodiment of the present invention is not any limitation as the concrete species of the preset AES, for example also
Can be DEA (Data Encryption Algorithm, DEA), RSA (rivest, shamir, adelman) etc..
Step 103, by the seed information be encapsulated in it is described encryption file heading in, after storage enclosure plus ciphertext
Part.
The embodiment of the present invention original document is encrypted obtain it is corresponding encryption file after, can also pair plus
Ciphertext part is packaged, and specifically, can increase self-defining heading to the encryption file, and the encryption file is corresponding
Seed information is encapsulated in the heading of encryption file, when being decrypted to the encryption file, can obtain this plus ciphertext
The corresponding seed information of part, and then be decrypted and obtain corresponding original document to encrypting file.
To sum up, the embodiment of the present invention generates corresponding seed information to original document, according to the seed information to described
Original document is encrypted, and the corresponding encryption file of the original document is obtained, because different original documents can be right
Different seed informations are answered, therefore, the encryption file for obtaining is encrypted to original document according to seed information and is had solely
Vertical property, even if some encryption file is cracked, also cannot crack other plus ciphertext according to the mode that cracks of the encryption file
Part, such that it is able to improve the information security of Cloud Server.
Additionally, the embodiment of the present invention can be added with according to seed information, being packaged and storing to encrypting file with setting up
Corresponding relation between ciphertext part and seed information, such that it is able to easily the encryption file after encapsulation being parsed and being solved
It is close, to obtain original document.
Embodiment of the method two
In order to further improve the information security of Cloud Server, the embodiment of the present invention can also be applied to cloud agency service
Device, such as Nginx servers.With reference to Fig. 2, a kind of network structure including cloud proxy server for showing the present invention is illustrated
Figure, the cloud proxy server 202 is connected between client 201 and Cloud Server 203.
With reference to Fig. 3, flow chart the step of show a kind of document handling method according to an embodiment of the invention, specifically
May include steps of:
Step 301, the corresponding seed information of generation original document;
Step 302, the original document is encrypted according to the seed information, obtains the original document pair
The encryption file answered;
Step 303, by the seed information be encapsulated in it is described encryption file heading in;
Step 304, by encapsulation after the encryption file send to Cloud Server and stored.
In embodiments of the present invention, the original text that the cloud proxy server can pass through client upload with receive user
Part, and the original document is encrypted and encapsulation process using the document handling method for providing of the invention, sealed
Encryption file after dress, the encryption file after the encapsulation is finally sent to Cloud Server stored.
When the access request of the data during the cloud proxy server receives user for Cloud Server, the cloud generation
Reason server can obtain the encryption file after the encapsulation of the user's request from Cloud Server, and the cloud proxy server is to institute
State the encryption file after encapsulation to be parsed and decryption processing, obtain corresponding original document, then the original document is returned
To user.
The original document that the embodiment of the present invention is uploaded by cloud proxy server receive user, and by cloud agency service
Device is encrypted and encapsulates to the original document, is finally deposited the encryption files passe after encapsulation to Cloud Server
Storage.Although user data is remained stored in Cloud Server, user can only be taken by cloud proxy server dereference cloud
The data stored in business device, and Cloud Server can not be directly accessed, such that it is able to the information security for further improving Cloud Server.
Embodiment of the method three
The present embodiment is applied to cloud proxy server, and by the original document that user uploads be encrypted and encapsulation at
After reason, in being stored in cloud proxy server, data interaction is carried out by cloud proxy server and user.With reference to Fig. 4, root is shown
According to one embodiment of the invention a kind of document handling method the step of flow chart, specifically may include steps of:
Step 401, the corresponding seed information of generation original document;
Step 402, the original document is encrypted according to the seed information, obtains the original document pair
The encryption file answered;
Step 403, by the seed information be encapsulated in it is described encryption file heading in, after storage enclosure plus ciphertext
Part;
Step 404, the encryption file is parsed, obtain the encryption corresponding seed information of file;
It is described that the encryption file is parsed in a kind of alternative embodiment of the present invention, obtain described plus ciphertext
The step of part corresponding seed information, specifically can include:
Step S31, to it is described encryption file parse, obtain it is described encryption file message header;
Step S32, the seed information for reading from the message header encryption file.
Step 405, according to the seed information to it is described encryption file be decrypted process, obtain original document;
Step 406, the transmission original document.
It is described the encryption file is decrypted according to the seed information in a kind of alternative embodiment of the present invention
Process, the step of obtain original document, specifically can include:
Step S41, the corresponding decryption key of the original document is generated according to the seed information;
Step S42, using the decryption key, process is decrypted to the encryption file according to preset decipherment algorithm,
Obtain original document.
In embodiments of the present invention, to encrypting during file is decrypted, the seed information that parsing is obtained by
According to being calculated with generation encryption key identical algorithm, to obtain decrypting key, and then can be according to the decryption secret key pair
Encryption file is decrypted process, obtains original document, wherein, the preset decipherment algorithm is identical with preset AES.
Alternatively, it is identical with the generation method of decryption key due to encrypting key, and hence it is also possible to directly secret using encryption
Key is decrypted process to the encryption file.For the accuracy for ensureing to decrypt, the embodiment of the present invention is believed according to the seed
Breath generates the corresponding decryption key of the original document, and the encryption key and decryption key are compared, if the two
Identical, then explanation encryption file is legal, and the encryption file can be decrypted;Otherwise, illustrate that encryption file is illegal, then refuse
The definitely encryption file is decrypted, to avoid sending the file of decryption error to user.
To sum up, the embodiment of the present invention can be applicable to cloud proxy server, and the original document that user uploads is carried out to add
After close and encapsulation process, in being stored in cloud proxy server, user is received for data in the cloud proxy server
During access request, cloud proxy server directly can be parsed and solved to the encryption file after the encapsulation of the user's request
It is close, obtain original document and be sent to user, cloud proxy server without interacting with Cloud Server, such that it is able to improve number
According to the efficiency of transmission, and mitigate the burden of Cloud Server.
Device embodiment
With reference to Fig. 5, a kind of structured flowchart of document handling apparatus according to an embodiment of the invention is shown, specifically may be used
To include such as lower module:
Seed generation module 501, for generating the corresponding seed information of original document;
File encryption module 502, for being encrypted to the original document according to the seed information, obtains institute
State the corresponding encryption file of original document;
Encapsulation storage module 503, for the seed information to be encapsulated in the heading of the encryption file, storage envelope
Encryption file after dress.
In a kind of alternative embodiment of the present invention, the file encryption module 502 specifically can include:
Encryption key generates submodule, secret for generating the corresponding encryption of the original document according to the seed information
Key;
Encryption submodule, for using the encryption key, carrying out adding to the original document according to preset AES
Close process, obtains encrypting file.
In another kind of alternative embodiment of the present invention, the encryption key generates submodule, specifically can include:
Salt adding processing unit, for carrying out adding salt treatment to the seed information;
Hashing unit, adds the seed information after salt treatment to carry out Message Digest Algorithm 5 MD5 hash for pair
Process, obtain corresponding hashed value;
Displacement replacement unit, for shift operation and/or presetting bit replacement to be carried out to the hashed value according to presetting rule
Process, obtain encrypting key.
In another alternative embodiment of the present invention, described device can also include:
Document analysis module, for parsing to the encryption file, obtains the corresponding seed letter of the encryption file
Breath;
File decryption module, for being decrypted process to the encryption file according to the seed information, obtains original
File;
First sending module, for sending the original document.
In another alternative embodiment of the present invention, the document analysis module specifically can include:
Analyzing sub-module, for parsing to the encryption file, obtains the message header of the encryption file;
Reading submodule, for reading the seed information of the encryption file from the message header.
In another alternative embodiment of the present invention, the file decryption module specifically can include:
Decruption key generates submodule, secret for generating the corresponding decryption of the original document according to the seed information
Key;
Decryption submodule, for using the decryption key, solving to the encryption file according to preset decipherment algorithm
Close process, obtains original document.
The present invention another alternative embodiment in, the seed information be by Generating Random Number generate with
Machine number.
In another alternative embodiment of the present invention, described device can be applicable to cloud proxy server, and described device is also
Can include:
Second sending module, sends to Cloud Server for the encryption file after by encapsulation.
For device embodiment, due to itself and embodiment of the method basic simlarity, so description is fairly simple, it is related
Part is illustrated referring to the part of embodiment of the method.
Provided herein algorithm and display be not inherently related to any certain computer, virtual system or other equipment.
Various general-purpose systems can also be used together based on teaching in this.As described above, construct required by this kind of system
Structure be obvious.Additionally, the present invention is also not for any certain programmed language.It is understood that, it is possible to use it is various
Programming language realizes the content of invention described herein, and the description done to language-specific above is to disclose this
Bright preferred forms.
In description mentioned herein, a large amount of details are illustrated.It is to be appreciated, however, that the enforcement of the present invention
Example can be put into practice in the case of without these details.In some instances, known method, structure is not been shown in detail
And technology, so as not to obscure the understanding of this description.
Similarly, it will be appreciated that in order to simplify the disclosure and help understand one or more in each inventive aspect, exist
Above in the description of the exemplary embodiment of the present invention, each feature of the present invention is grouped together into single enforcement sometimes
In example, figure or descriptions thereof.However, the method for the disclosure should be construed to reflect following intention:I.e. required guarantor
The more features of feature that the application claims ratio of shield is expressly recited in each claim.More precisely, such as following
Claims reflect as, inventive aspect is all features less than single embodiment disclosed above.Therefore,
Thus the claims for following specific embodiment are expressly incorporated in the specific embodiment, wherein each claim itself
All as the separate embodiments of the present invention.
Those skilled in the art are appreciated that can be carried out adaptively to the module in the equipment in embodiment
Change and they are arranged in one or more equipment different from the embodiment.Can be the module or list in embodiment
Unit or component are combined into a module or unit or component, and can be divided in addition multiple submodule or subelement or
Sub-component.In addition at least some in such feature and/or process or unit is excluded each other, can adopt any
Combine to all features disclosed in this specification (including adjoint claim, summary and accompanying drawing) and so disclosed
Where all processes or unit of method or equipment are combined.Unless expressly stated otherwise, this specification is (including adjoint power
Profit is required, summary and accompanying drawing) disclosed in each feature can it is identical by offers, be equal to or the alternative features of similar purpose carry out generation
Replace.
Although additionally, it will be appreciated by those of skill in the art that some embodiments described herein include other embodiment
In included some features rather than other features, but the combination of the feature of different embodiments means in of the invention
Within the scope of and form different embodiments.For example, in the following claims, embodiment required for protection appoint
One of meaning can in any combination mode using.
The present invention all parts embodiment can be realized with hardware, or with one or more processor operation
Software module realize, or with combinations thereof realization.It will be understood by those of skill in the art that can use in practice
During microprocessor or digital signal processor (DSP) are to realize document handling method and device according to embodiments of the present invention
The some or all functions of some or all parts.The present invention is also implemented as performing method as described herein
Some or all equipment or program of device (for example, computer program and computer program).Such reality
The program of the existing present invention can be stored on a computer-readable medium, or can have the form of one or more signal.
Such signal can be downloaded from Internet platform and obtained, or be provided on carrier signal, or in any other form
There is provided.
It should be noted that above-described embodiment the present invention will be described rather than limits the invention, and ability
Field technique personnel can design without departing from the scope of the appended claims alternative embodiment.In the claims,
Any reference markss between bracket should not be configured to limitations on claims.Word " including " is not excluded the presence of not
Element listed in the claims or step.Word "a" or "an" before element does not exclude the presence of multiple such
Element.The present invention can come real by means of the hardware for including some different elements and by means of properly programmed computer
It is existing.If in the unit claim for listing equipment for drying, several in these devices can be by same hardware branch
To embody.The use of word first, second, and third does not indicate that any order.These words can be explained and be run after fame
Claim.
The invention discloses A1, a kind of document handling method, including:
Generate the corresponding seed information of original document;
The original document is encrypted according to the seed information, obtains the corresponding encryption of the original document
File;
The seed information is encapsulated in the heading of the encryption file, the encryption file after storage enclosure.
A2, the method as described in A1, it is described the original document is encrypted according to the seed information, obtain
The step of original document corresponding encryption file, including:
The corresponding encryption key of the original document is generated according to the seed information;
Using the encryption key, the original document is encrypted according to preset AES, is encrypted
File.
A3, the method as described in A2, it is described that the corresponding encryption key of the original document is generated according to the seed information
The step of, including:
The seed information is carried out plus salt treatment;
Pair plus salt treatment after seed information carry out Message Digest Algorithm 5 MD5 hashings, obtain it is corresponding dissipate
Train value;
Shift operation is carried out to the hashed value according to presetting rule and/or presetting bit replacement is processed, obtain encrypting key.
A4, the method as described in A1, methods described also includes:
The encryption file is parsed, the corresponding seed information of the encryption file is obtained;
Process is decrypted to the encryption file according to the seed information, original document is obtained;
Send the original document.
A5, the method as described in A4, it is described that the encryption file is parsed, obtain the corresponding kind of the encryption file
The step of sub-information, including:
The encryption file is parsed, the message header of the encryption file is obtained;
The seed information of the encryption file is read from the message header.
A6, the method as described in A4, it is described that process is decrypted to the encryption file according to the seed information, obtain
The step of original document, including:
The corresponding decryption key of the original document is generated according to the seed information;
Using the decryption key, process is decrypted to the encryption file according to preset decipherment algorithm, obtains original
File.
A7, the method as described in arbitrary in A1 to A6, the seed information be by Generating Random Number generate with
Machine number.
A8, the method as described in A1, methods described is applied to cloud proxy server, and methods described also includes:
The encryption file after by encapsulation is sent to Cloud Server.
The invention discloses B9, a kind of document handling apparatus, including:
Seed generation module, for generating the corresponding seed information of original document;
File encryption module, for being encrypted to the original document according to the seed information, obtains described
The corresponding encryption file of original document;
Encapsulation storage module, for the seed information to be encapsulated in the heading of the encryption file, storage enclosure
Encryption file afterwards.
B10, the device as described in B9, the file encryption module, including:
Encryption key generates submodule, secret for generating the corresponding encryption of the original document according to the seed information
Key;
Encryption submodule, for using the encryption key, carrying out adding to the original document according to preset AES
Close process, obtains encrypting file.
B11, the device as described in B10, the encryption key generates submodule, including:
Salt adding processing unit, for carrying out adding salt treatment to the seed information;
Hashing unit, adds the seed information after salt treatment to carry out Message Digest Algorithm 5 MD5 hash for pair
Process, obtain corresponding hashed value;
Displacement replacement unit, for shift operation and/or presetting bit replacement to be carried out to the hashed value according to presetting rule
Process, obtain encrypting key.
B12, the device as described in B9, described device also includes:
Document analysis module, for parsing to the encryption file, obtains the corresponding seed letter of the encryption file
Breath;
File decryption module, for being decrypted process to the encryption file according to the seed information, obtains original
File;
First sending module, for sending the original document.
B13, the device as described in B12, the document analysis module, including:
Analyzing sub-module, for parsing to the encryption file, obtains the message header of the encryption file;
Reading submodule, for reading the seed information of the encryption file from the message header.
B14, the device as described in B12, the file decryption module, including:
Decruption key generates submodule, secret for generating the corresponding decryption of the original document according to the seed information
Key;
Decryption submodule, for using the decryption key, solving to the encryption file according to preset decipherment algorithm
Close process, obtains original document.
B15, the device as described in arbitrary in B9 to B14, the seed information is to be generated by Generating Random Number
Random number.
B16, the device as described in B9, described device is applied to cloud proxy server, and described device also includes:
Second sending module, sends to Cloud Server for the encryption file after by encapsulation.
Claims (10)
1. a kind of document handling method, it is characterised in that methods described includes:
Generate the corresponding seed information of original document;
The original document is encrypted according to the seed information, obtains that the original document is corresponding plus ciphertext
Part;
The seed information is encapsulated in the heading of the encryption file, the encryption file after storage enclosure.
2. the method for claim 1, it is characterised in that described the original document is carried out according to the seed information
Encryption, obtains the step of original document is corresponding to encrypt file, including:
The corresponding encryption key of the original document is generated according to the seed information;
Using the encryption key, the original document is encrypted according to preset AES, obtains encrypting file.
3. method as claimed in claim 2, it is characterised in that described that the original document pair is generated according to the seed information
The step of encryption key answered, including:
The seed information is carried out plus salt treatment;
Pair plus salt treatment after seed information carry out Message Digest Algorithm 5 MD5 hashings, obtain corresponding hashed value;
Shift operation is carried out to the hashed value according to presetting rule and/or presetting bit replacement is processed, obtain encrypting key.
4. the method for claim 1, it is characterised in that methods described also includes:
The encryption file is parsed, the corresponding seed information of the encryption file is obtained;
Process is decrypted to the encryption file according to the seed information, original document is obtained;
Send the original document.
5. method as claimed in claim 4, it is characterised in that described that the encryption file is parsed, obtain it is described plus
The step of ciphertext part corresponding seed information, including:
The encryption file is parsed, the message header of the encryption file is obtained;
The seed information of the encryption file is read from the message header.
6. method as claimed in claim 4, it is characterised in that described the encryption file is carried out according to the seed information
Decryption processing, the step of obtain original document, including:
The corresponding decryption key of the original document is generated according to the seed information;
Using the decryption key, process is decrypted to the encryption file according to preset decipherment algorithm, obtains original document.
7. the method as described in arbitrary in claim 1 to 6, it is characterised in that the seed information is by generating random number
The random number that algorithm is generated.
8. the method for claim 1, it is characterised in that methods described is applied to cloud proxy server, and methods described is also
Including:
The encryption file after by encapsulation is sent to Cloud Server.
9. a kind of document handling apparatus, it is characterised in that described device includes:
Seed generation module, for generating the corresponding seed information of original document;
File encryption module, for being encrypted to the original document according to the seed information, obtains described original
The corresponding encryption file of file;
Encapsulation storage module, for the seed information to be encapsulated in the heading of the encryption file, after storage enclosure
Encryption file.
10. device as claimed in claim 9, it is characterised in that the file encryption module, including:
Encryption key generates submodule, for generating the corresponding encryption key of the original document according to the seed information;
Encryption submodule, for using the encryption key, place being encrypted to the original document according to preset AES
Reason, obtains encrypting file.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611250389.0A CN106611130A (en) | 2016-12-29 | 2016-12-29 | File processing method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611250389.0A CN106611130A (en) | 2016-12-29 | 2016-12-29 | File processing method and device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106611130A true CN106611130A (en) | 2017-05-03 |
Family
ID=58636191
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611250389.0A Pending CN106611130A (en) | 2016-12-29 | 2016-12-29 | File processing method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106611130A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109005184A (en) * | 2018-08-17 | 2018-12-14 | 上海小蚁科技有限公司 | File encrypting method and device, storage medium, terminal |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1480851A (en) * | 2002-09-04 | 2004-03-10 | 斌 杨 | Computer encryption unit and encryption method |
CN103067158A (en) * | 2012-12-27 | 2013-04-24 | 华为技术有限公司 | Encryption and decryption method, terminal device, gateway device and key management system |
CN103236930A (en) * | 2013-04-27 | 2013-08-07 | 深圳市中兴移动通信有限公司 | Data encryption method and system |
CN104268458A (en) * | 2014-09-23 | 2015-01-07 | 潍柴动力股份有限公司 | Vehicle program encrypting and verifying method and device |
-
2016
- 2016-12-29 CN CN201611250389.0A patent/CN106611130A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1480851A (en) * | 2002-09-04 | 2004-03-10 | 斌 杨 | Computer encryption unit and encryption method |
CN103067158A (en) * | 2012-12-27 | 2013-04-24 | 华为技术有限公司 | Encryption and decryption method, terminal device, gateway device and key management system |
CN103236930A (en) * | 2013-04-27 | 2013-08-07 | 深圳市中兴移动通信有限公司 | Data encryption method and system |
CN104268458A (en) * | 2014-09-23 | 2015-01-07 | 潍柴动力股份有限公司 | Vehicle program encrypting and verifying method and device |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109005184A (en) * | 2018-08-17 | 2018-12-14 | 上海小蚁科技有限公司 | File encrypting method and device, storage medium, terminal |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10652015B2 (en) | Confidential communication management | |
US10069809B2 (en) | System and method for secure transmission of web pages using encryption of their content | |
US8694467B2 (en) | Random number based data integrity verification method and system for distributed cloud storage | |
US9852300B2 (en) | Secure audit logging | |
CN104255009A (en) | Systems and methods for segment integrity and authenticity for adaptive streaming | |
CN111131282B (en) | Request encryption method and device, electronic equipment and storage medium | |
EP3068067B1 (en) | Implementing padding in a white-box implementation | |
EP3035584B1 (en) | Using single white-box implementation with multiple external encodings | |
Junghanns et al. | Engineering of secure multi-cloud storage | |
CN114785524A (en) | Electronic seal generation method, device, equipment and medium | |
EP3413509B1 (en) | Cmac computation using white-box implementations with external encodings | |
CN110008654B (en) | Electronic file processing method and device | |
CN106611130A (en) | File processing method and device | |
JP2022094333A (en) | Computer implementation method of extended key wrapping, computer program product and system (key block extended wrapping) including computer readable storage medium with program instruction | |
Haller | Cloud storage systems: From bad practice to practical attacks | |
CN112597453A (en) | Program code encryption and decryption method and device | |
Joshua et al. | AN ENHANCED SOFTWARE AS A SERVICE (SAAS) ARCHITECTURAL MODEL FOR CLOUD BASED SECURITY USING HYBRID SYMMETRIC ALGORITHM. | |
Manjula et al. | Cryptography and Adversarial Analysis for Cloud Data Security | |
CN113656810A (en) | Application program encryption method and device, electronic equipment and storage medium | |
Freitas | Privacy in Hostile Environments | |
Lenz et al. | A Secure and Confidential Javascript Crypto-Framework for Cloud Storage Applications |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20170503 |