CN107612683A - A kind of encipher-decipher method, device, system, equipment and storage medium - Google Patents

A kind of encipher-decipher method, device, system, equipment and storage medium Download PDF

Info

Publication number
CN107612683A
CN107612683A CN201710944069.3A CN201710944069A CN107612683A CN 107612683 A CN107612683 A CN 107612683A CN 201710944069 A CN201710944069 A CN 201710944069A CN 107612683 A CN107612683 A CN 107612683A
Authority
CN
China
Prior art keywords
key
encryption
computing
algorithm
terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710944069.3A
Other languages
Chinese (zh)
Other versions
CN107612683B (en
Inventor
谈剑锋
丁震宇
李坤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Peoplenet Security Technology Co Ltd
Original Assignee
Shanghai Peoplenet Security Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Peoplenet Security Technology Co Ltd filed Critical Shanghai Peoplenet Security Technology Co Ltd
Priority to CN201710944069.3A priority Critical patent/CN107612683B/en
Publication of CN107612683A publication Critical patent/CN107612683A/en
Application granted granted Critical
Publication of CN107612683B publication Critical patent/CN107612683B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of encipher-decipher method, device, system, equipment and storage medium, methods described includes:Terminal obtains the key file of encryption, wherein the key file includes the round key and algorithm parameter of each wheel;The key file of the encryption is dispersed at least two subfiles and stored respectively by the terminal;When needing to carry out encryption and decryption, the terminal treats processing information according at least two subfile and preset algorithm and carries out encryption and decryption computing.The embodiment of the present invention makes in encryption process that key call flow is more hidden, ensure that in terminal internal memory to be not in complete clear text key, solves the problems, such as that existing enciphering and deciphering algorithm security is not high, realize the reinforcing to encryption process.

Description

A kind of encipher-decipher method, device, system, equipment and storage medium
Technical field
The present embodiments relate to information security technology, more particularly to a kind of encipher-decipher method, device, system, equipment and Storage medium.
Background technology
With the development of the technologies such as software, hardware, network, increasing software is published to personal computer, flat board electricity The computing terminals such as brain, mobile phone are run, however, these application software often operate in unsafe terminal, its application is pacified for information Bring pressure entirely.
In existing enciphering and deciphering algorithm, such as symmetric key algorithm is grouped, key (character string forms) oneself keeping, algorithm Security of the security based on key.When terminal carries out encryption and decryption operation processing information is treated using key and default algorithm Encryption and decryption operation is carried out, i.e., is inputted key and pending information into preset algorithm, you can draw the information after encryption and decryption.
As can be seen here, malicious user can be cracked etc. mode by attack and control terminal, and utilize various reverse-engineering skills Art, instrument control the whole process that software in terminal performs, and easily can illegally obtain the close of crypto module in software Key, so as to the encryption process to crack.
The content of the invention
The present invention provides a kind of encipher-decipher method, device, system, equipment and storage medium, to realize to encryption process Reinforcing.
In a first aspect, the embodiments of the invention provide a kind of encipher-decipher method, including:
Terminal obtains the key file of encryption, wherein the key file includes the round key and algorithm parameter of each wheel;
The key file of the encryption is dispersed at least two subfiles and stored respectively by the terminal;
When needing to carry out encryption and decryption, the terminal is according at least two subfile and preset algorithm to pending letter Breath carries out encryption and decryption computing.
Second aspect, the embodiment of the present invention additionally provide a kind of ciphering and deciphering device, including:
Key file acquisition module, for obtaining the key file of encryption, wherein the key file includes the wheel of each wheel Key and algorithm parameter;
Subfile memory module, for the key file of the encryption to be dispersed into at least two subfiles and deposited respectively Storage;
Computing module, for when needing to carry out encryption and decryption, being treated according at least two subfile and preset algorithm Processing information carries out encryption and decryption computing.
The third aspect, the embodiment of the present invention additionally provide a kind of encrypting and deciphering system, including:Terminal and key server;
Wherein, the terminal includes ciphering and deciphering device as described above;
The key server includes:
Round key generation module, for generating the round key and algorithm parameter of each round according to key;
Key file generation module, for whole round key and whole algorithm parameters to be formed into the key file;
Key file encrypting module, for the key file to be encrypted;
Key file sending module, for the key file of encryption to be sent to the terminal.
Fourth aspect, the embodiment of the present invention additionally provide a kind of equipment, and the equipment includes:
One or more processors;
Storage device, for storing one or more programs;
When one or more of programs are by one or more of computing devices so that one or more of processing Device realizes the encipher-decipher method as described in any embodiment of the present invention.
5th aspect, the embodiment of the present invention additionally provide a kind of computer-readable recording medium, are stored thereon with computer Program, the encipher-decipher method as described in any embodiment of the present invention is realized when the program is executed by processor.
The embodiment of the present invention obtains the key file of encryption by terminal, wherein the round key of key file including each wheel and Algorithm parameter, the key file of encryption is dispersed at least two subfiles and stored respectively, when needing to carry out encryption and decryption, root Processing information is treated according at least two subfiles and preset algorithm and carries out encryption and decryption computing, key in encryption process is called stream Cheng Gengjia is hidden, ensure that in terminal internal memory to be not in complete clear text key, solves existing enciphering and deciphering algorithm security The problem of not high, realize the reinforcing to encryption process.
Brief description of the drawings
Fig. 1 is the flow chart of the encipher-decipher method in the embodiment of the present invention one;
Fig. 2 is the flow chart of the encipher-decipher method in the embodiment of the present invention two;
Fig. 3 a are the flow charts of the encipher-decipher method in the embodiment of the present invention three;
Fig. 3 b are to be obtained in the encipher-decipher method in the embodiment of the present invention three when the round key needed for front-wheel sequence computing and calculation The flow chart of method parameter;
Fig. 4 is the structural representation of the ciphering and deciphering device in the embodiment of the present invention four;
Fig. 5 is the structural representation of the encrypting and deciphering system in the embodiment of the present invention five;
Fig. 6 is the structural representation of the equipment in the embodiment of the present invention six.
Embodiment
The present invention is described in further detail with reference to the accompanying drawings and examples.It is understood that this place is retouched The specific embodiment stated is used only for explaining the present invention, rather than limitation of the invention.It also should be noted that in order to just Part related to the present invention rather than entire infrastructure are illustrate only in description, accompanying drawing.
The embodiment of the present invention is mainly entered to packet symmetric key algorithm (including AES and corresponding decipherment algorithm) Row improves, and packet symmetric key algorithm carries out the establishment of S boxes and the change of round key based on key, for example, DES (Data Encryption Standard, data encryption standards), SM4 etc..
Embodiment one
Fig. 1 is the flow chart of the encipher-decipher method in the embodiment of the present invention one, and the present embodiment is applicable to carry out plaintext Encryption and/or the situation that ciphertext is decrypted, this method can be performed by ciphering and deciphering device, and the ciphering and deciphering device can use The mode of software and/or hardware realizes, for example, the ciphering and deciphering device is configured in computer, mobile phone, tablet personal computer, wearable Smart machine etc. can be provided in the terminal of encryption and decryption functions.As shown in figure 1, this method specifically includes:
S110, terminal obtain the key file of encryption, wherein the key file includes the round key and algorithm ginseng of each wheel Number.
Before treating processing information and carrying out encryption and decryption computing, terminal needs to obtain the key needed for encryption and decryption computing first File.Wherein, key file includes the round key and algorithm parameter needed when carrying out each round wheel sequence computing in encryption process. In the present embodiment, the key file that terminal obtains is encryption, and the key file of encryption can make key file safer, It ensure that when not performing enciphering and deciphering algorithm, be not in the key file of plaintext in terminal internal memory.
The key file of the encryption is dispersed at least two subfiles and stored respectively by S120, the terminal.
In the present embodiment, after the key file of encryption is received, the key file of encryption is dispersed into N number of son by terminal File is simultaneously stored into local file system respectively.Wherein, N value and the wheel ordinal number amount of round key and the operational capability of terminal It is relevant.For example, when it is 32 to take turns ordinal number amount, the key file of encryption can be dispersed into 32 subfiles and stored respectively;Consider To treatment effeciency, the key file of encryption can be also dispersed into the subfile less than wheel ordinal number amount, for example, being dispersed into 15 Ziwens Part simultaneously stores respectively.This storage mode makes to be not in complete key text in terminal internal memory when not performing enciphering and deciphering algorithm Part, it ensure that the security of key file.
S130, when need carry out encryption and decryption when, the terminal is treated according at least two subfile and preset algorithm Processing information carries out encryption and decryption computing.
Wherein, preset algorithm includes AES and decipherment algorithm.It is different from existing encryption and decryption calculating process, in this reality Apply in example, when needing to carry out encryption and decryption computing, be no longer disposable loading key, will directly be carried out after the completion of algorithm initialization Computing exports encryption and decryption operation result, but is treated according to the subfile and preset algorithm of the key file stored in above-mentioned steps Processing information enters road wheel sequence computing, and being loaded into round key step by step by wheel sequence carries out computing, completes to treat the encryption and decryption of processing information Operation.It is not in complete clear text key text when this encryption process ensure that execution enciphering and deciphering algorithm, in terminal internal memory Part, hacker is not easy to track whole clear text key files when being attacked terminal.
The embodiment of the present invention carries out the separation of algorithm and cipher key related information, key relevant portion is all detached written Basic operation is only stayed in part, algorithm part.The key file of encryption is obtained by terminal, wherein wheel of the key file including each wheel is close Key and algorithm parameter, the key file of encryption is dispersed at least two subfiles and stored respectively, when need carry out encryption and decryption When, treat processing information according at least two subfiles and preset algorithm and carry out encryption and decryption computing, make key in encryption process Call flow is more hidden, ensure that in terminal internal memory to be not in complete clear text key, and the key of terminal local encryption Deposited after file is discrete so that the intrusion scene of hacker is lifted at double, solves that existing enciphering and deciphering algorithm security is not high to ask Topic, realizes the reinforcing to encryption process.
Embodiment two
Fig. 2 is the flow chart of the encipher-decipher method in the embodiment of the present invention two, and the present embodiment is on the basis of embodiment one Further optimized, there is provided the source of key file.As shown in Fig. 2 methods described includes:
S210, key server generate the round key and algorithm parameter of each round according to key.
In the present embodiment, as the round key and algorithm parameter needed for key server generation encryption and decryption computing.Specifically, The round key and algorithm of key server each round according to caused by key and round key generating algorithm generate the key computing Parameter, wherein round key generating algorithm are identical with the algorithm that round key is generated in existing enciphering and deciphering algorithm.
It should be noted that because the round key and algorithm parameter of each round are generated according to key, therefore use this The ciphertext or plaintext that the enciphering and deciphering algorithm that inventive embodiments provide generates in terminal, carry out corresponding decryption in server end or add During close operation, existing enciphering and deciphering algorithm can be used to carry out computing.After the enciphering and deciphering algorithm that terminal is used is improved, no Need to modify to enciphering and deciphering algorithm corresponding to server end, simplify the calculating process of server end after algorithm improvement.
Whole round key and whole algorithm parameters are formed the key file by S220, the key server.
In the present embodiment, after key server generates the round key and algorithm parameter of each round according to key, will generate Whole round key and whole algorithm parameters formed key file.Specifically, the round key and algorithm parameter in key file can To be formed with being cascaded according to wheel sequence, wheel order sequence when being encrypted or decrypted with guarantee.
SM4 algorithms are that block length is 128 bits, and key length is 128 bits, the grouping algorithms of 32 wheels.With SM4 algorithms Exemplified by, key file is by 32 inputiCascade composition, wherein inputi={ rki, { } }, inputiIndicate store path index Address, the round key and algorithm parameter of the i-th wheel, rk are obtained from the index addressiRepresent the wheel of the i-th wheel generated according to key Key, { } represent the algorithm parameter relevant with key.
The key file is encrypted for S230, the key server, and the key file of encryption is sent to institute State terminal.
After ensureing that the safety of key file, key server generate key file, the key file of generation is carried out Encryption is sent to terminal.In the present embodiment, it is unrestricted to the cipher mode of key file, because server end security compared with Height, therefore can be used existing cipher mode that key file is encrypted.
S240, terminal obtain the key file of encryption, wherein the key file includes the round key and algorithm ginseng of each wheel Number.
The key file of the encryption is dispersed at least two subfiles and stored respectively by S250, the terminal.
S260, when need carry out encryption and decryption when, the terminal is treated according at least two subfile and preset algorithm Processing information carries out encryption and decryption computing.
The embodiment of the present invention adds each according to key generation using key server on the basis of above-described embodiment The round key and algorithm parameter of wheel, whole round key and whole algorithm parameters are formed into key file, key file is added It is close, and the key file of encryption is sent to terminal.Using this method, realize in reinforcing of the key server end to key, Solve the problems, such as that existing enciphering and deciphering algorithm security is not high, realize the reinforcing to encryption process.
Embodiment three
Fig. 3 a are the flow chart of the encipher-decipher method in the embodiment of the present invention three, and the present embodiment is based on above-described embodiment Further optimized.As shown in Figure 3 a, methods described includes:
S310, key server generate the round key and algorithm parameter of each round according to key.
Whole round key and whole algorithm parameters are formed the key file by S320, the key server.
The key file is encrypted for S330, the key server, and the key file of encryption is sent to institute State terminal.
S340, terminal obtain the key file of encryption, wherein the key file includes the round key and algorithm ginseng of each wheel Number.
The key file of the encryption is dispersed at least two subfiles by S350, the terminal, and at least two by described in Individual subfile is discrete to be stored into local file system.
In order to ensure to be not in complete clear text key in the terminal, terminal obtains the encryption that key server is sent After key file, the key file of encryption need to be dispersed at least two subfiles, and by scattered subfile it is discrete store to In local file system.Optionally, terminal can be by scattered subfile random storage into local file system, also can be by default Rule store into local file system.
S360, the terminal record the store path of each subfile.
Scattered subfile is stored to local file system, terminal records the store path of each subfile, so as to When entering road wheel sequence computing in subsequent step, round key and algorithm ginseng according to corresponding to the path finding of record when the operation of front-wheel sequence Number.Specifically, can associate store path with preset algorithm in a manner of index of reference, ensure that algorithm can be from correct storage road Correct round key is called in footpath, work as front-wheel sequence computing, such as input described belowi
Optionally, the round key of each round and the incidence relation of algorithm parameter, such as the round key by same wheel can be established Identical identification code is set with algorithm parameter, ensures the round key and algorithm parameter called to same wheel computing is belonged to, enters the trade Front-wheel sequence computing.
S370, when needing to carry out encryption and decryption, the terminal first algorithm according to corresponding to pending computing, from corresponding Store path obtain round key and algorithm parameter needed for the front-wheel sequence computing.
When needing to carry out encryption and decryption, terminal algorithm according to corresponding to determining pending computing, specifically, pending add Close computing, the first algorithm are the AES in preset algorithm;Pending decryption computing, the first algorithm are the solution in preset algorithm Close algorithm.The round key and algorithm parameter used when front-wheel sequence computing is obtained from pre-recorded store path, to use The round key and algorithm parameter of acquisition treat processing information and carry out computing.
By taking SM4 algorithms as an example, when needing to be encrypted computing, terminal determines the first algorithm corresponding to cryptographic calculation to add Close algorithm.During SM4 algorithm for encryption, round key is rk using order0-rk31, for example, when carrying out the 0th wheel computing, The 0th round key rk for taking turns cryptographic calculation and using is obtained according to pre-recorded store path0And algorithm parameter.When needs are solved During close computing, terminal determines that the first algorithm corresponding to decryption computing is decipherment algorithm.Using in SM4 algorithm decrypting processes, wheel is close Key is rk using order31-rk0, for example, when carrying out the 0th wheel computing, the 0th wheel is obtained according to pre-recorded store path and transported Calculate the round key rk that decryption computing uses31And algorithm parameter.
S380, terminal treat processing information according to the round key of acquisition, algorithm parameter and the first algorithm and carry out encryption and decryption fortune Calculate, and using when the result of front-wheel sequence computing be used as the input of next round wheel sequence computing, continue acquisition next round wheel sequence computing needed for Round key and algorithm parameter to enter road wheel sequence computing, until all wheel sequence computings are completed, antitone mapping is carried out to operation result, Export the encryption and decryption result of pending information.
By taking the ciphering process of SM4 algorithms as an example, AES is performed by 32 iteration function orders, wherein the i-th wheel wheel letter Several computings are:
Wherein, i=0,1 ..., 31, inputiStore path index address is indicated, the i-th wheel is obtained from the index address Round key and algorithm parameter;Represent XOR;T is a solidification computing unrelated with key;rkiRepresent the i-th wheel Round key;Xi,Xi+1,Xi+2,Xi+3The input data of the wheel computing of expression i-th, totally 128;Xi+4Represent the output number of the i-th wheel computing According to.
When needing to be encrypted computing, pending information is (X in plain text0, X1, X2, X3), terminal is loaded into crypto process, first First according to acquisition round function rk0And algorithm parameter carries out F0Computing, obtain output X during i=04, and by the output X of the wheel4Make For the input of next round, continue to obtain round function rk needed for the operation of next round wheel sequence1And algorithm parameter carries out F1Computing, until 32 Individual wheel sequence computing is completed, and forms the result X of wheel sequence computing32、X33、X34、X35, carried out finally by the result to taking turns sequence computing anti- Sequence converts:(Y0, Y1, Y2, Y3)=(X35, X34, X33, X32), the ciphertext (Y after output encryption0, Y1, Y2, Y3)。
The technical scheme of the present embodiment, at least two subfiles are dispersed into by the key file of encryption to terminal and deposited respectively Storage and terminal are treated processing information progress encryption and decryption computing according at least two subfiles and preset algorithm and illustrated. Utilize this method so that call the process of round key and algorithm parameter more hidden in encryption process, ensure that in terminal Be not in complete clear text key in depositing, realize the reinforcing to encryption process.
Fig. 3 b are to be obtained in the encipher-decipher method in the embodiment of the present invention three when the round key needed for front-wheel sequence computing and calculation The flow chart of method parameter, reference picture 3b, first algorithm according to corresponding to pending computing of terminal described in S370, from corresponding Store path is obtained when the round key needed for front-wheel sequence computing and algorithm parameter include:
Subfile corresponding to the path indexing acquisition of S371, the terminal in first algorithm.
By taking SM4 algorithms as an example, in the present embodiment, when needing to be encrypted computing, terminal is loaded into crypto process, first The wheel sequence computing of the 0th wheel is carried out, according to F0Input0Index position obtains input0Ciphertext, that is, obtain the 0th wheel wheel sequence computing Corresponding subfile.Wherein, the subfile includes the round key and algorithm parameter when front-wheel sequence computing.
Subfile described in S372, the terminal-pair is decrypted, and obtains when the round key and algorithm needed for front-wheel sequence computing Parameter.
Terminal is according to F0Input0Index position obtains input0Ciphertext after, to input0Ciphertext decryption obtains input0 Plaintext, from input0Plaintext in obtain when front-wheel sequence operation needed for round function rk0And algorithm parameter.In the present embodiment, To input0The decryption method that is decrypted of ciphertext be not limited, the encryption method carried out with key server to key file It is corresponding.Preferably, input of the decryption method provided in an embodiment of the present invention to acquisition can be used0Ciphertext be decrypted, Make decrypting process safer.
S373, after having performed when front-wheel sequence computing, the terminal deletion decrypts obtained round key and algorithm parameter.
In the present embodiment, after the computing of each round wheel sequence is finished, by the round key used when front-wheel sequence computing and calculation The plaintext of method parameter is deleted so that and terminal internal memory in sequence calculating process is taken turns is not in complete round key and algorithm parameter, Strengthen the process of encryption and decryption.
In addition, it is contemplated that each round wheel sequence computing is required for carrying out input and output (IO) operation, preferably can be by round key As storehouse processing, ensure also will not excessively reduce performance while security.
Example IV
Fig. 4 is the structural representation of the ciphering and deciphering device in the embodiment of the present invention four.The ciphering and deciphering device can be configured at In terminal, as shown in figure 4, described device includes:
Key file acquisition module 410, for obtaining the key file of encryption, wherein the key file includes each wheel Round key and algorithm parameter;
Subfile memory module 420, for the key file of the encryption to be dispersed into at least two subfiles and difference Storage;
Computing module 430, for when need carry out encryption and decryption when, according at least two subfile and preset algorithm pair Pending information carries out encryption and decryption computing.
Further, the subfile memory module 420 includes:
File dispersal unit, for the key file of the encryption to be dispersed into at least two subfiles;
Subfile memory cell, for storing at least two subfile is discrete into local file system;
Path recording unit, for recording the store path of each subfile.
Further, the computing module 430 includes:
Round key acquiring unit, for the first algorithm according to corresponding to pending computing, obtained from corresponding store path Take when the round key and algorithm parameter needed for front-wheel sequence computing;
Sequence arithmetic element is taken turns, for the round key according to acquisition, algorithm parameter and first algorithm to described pending Information carries out encryption and decryption computing, and using when the result of front-wheel sequence computing is as the input of next round wheel sequence computing, continues under acquisition Round key and algorithm parameter needed for rounds of sequence computings is to enter road wheel sequence computing, until all wheel sequence computings completions, to computing As a result antitone mapping is carried out, exports the encryption and decryption result of the pending information.
Further, the round key acquiring unit includes:
Subfile obtains subelement, for subfile corresponding to the path indexing acquisition in first algorithm;
Subfile decrypts subelement, for the subfile to be decrypted, obtains when the wheel needed for front-wheel sequence computing is close Key and algorithm parameter;
Round key deletes subelement, for after having performed when front-wheel sequence computing, deleting round key and the calculation that decryption obtains Method parameter.
The technical scheme of the embodiment of the present invention, the key file of encryption is obtained by key file acquisition module, wherein close Key file includes the round key and algorithm parameter of each wheel, and the key file of encryption is dispersed at least two by subfile memory module Subfile simultaneously stores respectively, computing module when need carry out encryption and decryption when, according at least two subfiles and preset algorithm pair Pending information carries out encryption and decryption computing, makes in encryption process that key call flow is more hidden, ensure that in terminal internal memory Be not in complete clear text key, solve the problems, such as that existing enciphering and deciphering algorithm security is not high, realize to encryption and decryption mistake The reinforcing of journey.
The ciphering and deciphering device that the embodiment of the present invention is provided can perform the encryption and decryption side that any embodiment of the present invention is provided Method, possess the corresponding functional module of execution method and beneficial effect.
Embodiment five
Fig. 5 is the structural representation of the encrypting and deciphering system in the embodiment of the present invention five.As shown in figure 5, the system includes: Terminal 100 and key server 200.
Wherein, the terminal 100 includes the ciphering and deciphering device that any embodiment of the present invention provides;
The key server 200 includes:
Round key generation module 201, for generating the round key and algorithm parameter of each round according to key;
Key file generation module 202, for whole round key and whole algorithm parameters to be formed into the key file;
Key file sending module 203, sent for the key file to be encrypted, and by the key file of encryption To the terminal.
The technical scheme of the embodiment of the present invention, key server generation include the round key of each wheel and the key of algorithm parameter File, is sent to terminal after the key file is encrypted, the key file of encryption is dispersed at least two Ziwens by terminal Part simultaneously stores respectively, and when needing to carry out encryption and decryption, terminal treats processing information according at least two subfiles and preset algorithm Encryption and decryption computing is carried out, makes in encryption process that key call flow is more hidden, ensure that in terminal internal memory and be not in Whole clear text key, solve the problems, such as that existing enciphering and deciphering algorithm security is not high, realize the reinforcing to encryption process.
The encrypting and deciphering system that the embodiment of the present invention is provided can perform the encryption and decryption side that any embodiment of the present invention is provided Method, possess the corresponding functional module of execution method and beneficial effect.
Embodiment six
Fig. 6 is the structural representation of the equipment in the embodiment of the present invention six.Fig. 6 is shown suitable for being used for realizing that the present invention is real Apply the block diagram of the example devices 612 of mode.The equipment 612 that Fig. 6 is shown is only an example, should not be to the embodiment of the present invention Function and use range bring any restrictions.
As shown in fig. 6, equipment 612 is showed in the form of universal computing device.The component of equipment 612 can include but unlimited In:One or more processor or processing unit 616, system storage 628, connection different system component (including system Memory 628 and processing unit 616) bus 618.
Bus 618 represents the one or more in a few class bus structures, including memory bus or Memory Controller, Peripheral bus, graphics acceleration port, processor or the local bus using any bus structures in a variety of bus structures.Lift For example, these architectures include but is not limited to industry standard architecture (ISA) bus, MCA (MAC) Bus, enhanced isa bus, VESA's (VESA) local bus and periphery component interconnection (PCI) bus.
Equipment 612 typically comprises various computing systems computer-readable recording medium.These media can be it is any can be by equipment 612 usable mediums accessed, including volatibility and non-volatile media, moveable and immovable medium.
System storage 628 can include the computer system readable media of form of volatile memory, such as deposit at random Access to memory (RAM) 630 and/or cache memory 632.Equipment 612 may further include other removable/not removable Dynamic, volatile/non-volatile computer system storage medium.Only as an example, storage system 634 can be used for read-write can not Mobile, non-volatile magnetic media (Fig. 6 do not show, commonly referred to as " hard disk drive ").Although not shown in Fig. 6, Ke Yiti For the disc driver for being read and write to may move non-volatile magnetic disk (such as " floppy disk "), and to may move non-volatile light The CD drive of disk (such as CD-ROM, DVD-ROM or other optical mediums) read-write.In these cases, each driver It can be connected by one or more data media interfaces with bus 618.Memory 628 can include at least one program and produce Product, the program product have one group of (for example, at least one) program module, and these program modules are configured to perform of the invention each The function of embodiment.
Program/utility 640 with one group of (at least one) program module 642, can be stored in such as memory In 628, such program module 642 includes but is not limited to operating system, one or more application program, other program modules And routine data, the realization of network environment may be included in each or certain combination in these examples.Program module 642 Generally perform the function and/or method in embodiment described in the invention.
Equipment 612 can also be logical with one or more external equipments 614 (such as keyboard, sensing equipment, display 624 etc.) Letter, can also enable a user to the equipment communication interacted with the equipment 612 with one or more, and/or with causing the equipment 612 Any equipment (such as network interface card, the modem etc.) communication that can be communicated with one or more of the other computing device.This Kind communication can be carried out by input/output (I/O) interface 622.Also, equipment 612 can also by network adapter 620 with One or more network (such as LAN (LAN), wide area network (WAN) and/or public network, such as internet) communication.Such as Shown in figure, network adapter 620 is communicated by bus 618 with other modules of equipment 612.It should be understood that although do not show in Fig. 6 Go out, other hardware and/or software module can be used with bonding apparatus 612, included but is not limited to:It is microcode, device driver, superfluous Remaining processing unit, external disk drive array, RAID system, tape drive and data backup storage system etc..
Processing unit 616 is stored in program in system storage 628 by operation, so as to perform various function application with And data processing, such as realize the encipher-decipher method that any embodiment of the present invention is provided.
Embodiment seven
The embodiment of the present invention seven additionally provides a kind of computer-readable recording medium, is stored thereon with computer program, should The encipher-decipher method provided such as the embodiment of the present invention is realized when program is executed by processor, this method includes:
Terminal obtains the key file of encryption, wherein the key file includes the round key and algorithm parameter of each wheel;
The key file of the encryption is dispersed at least two subfiles and stored respectively by the terminal;
When needing to carry out encryption and decryption, the terminal is according at least two subfile and preset algorithm to pending letter Breath carries out encryption and decryption computing.
Certainly, a kind of computer-readable recording medium that the embodiment of the present invention is provided, the computer program stored thereon The method operation being not limited to the described above, can also carry out the correlation in the encipher-decipher method that any embodiment of the present invention is provided Operation.
The computer-readable storage medium of the embodiment of the present invention, any of one or more computer-readable media can be used Combination.Computer-readable medium can be computer-readable signal media or computer-readable recording medium.It is computer-readable Storage medium for example may be-but not limited to-the system of electricity, magnetic, optical, electromagnetic, infrared ray or semiconductor, device or Device, or any combination above.The more specifically example (non exhaustive list) of computer-readable recording medium includes:Tool There are the electrical connections of one or more wires, portable computer diskette, hard disk, random access memory (RAM), read-only storage (ROM), erasable programmable read only memory (EPROM or flash memory), optical fiber, portable compact disc read-only storage (CD- ROM), light storage device, magnetic memory device or above-mentioned any appropriate combination.In this document, computer-readable storage Medium can be any includes or the tangible medium of storage program, the program can be commanded execution system, device or device Using or it is in connection.
Computer-readable signal media can include in a base band or as carrier wave a part propagation data-signal, Wherein carry computer-readable program code.The data-signal of this propagation can take various forms, including but unlimited In electromagnetic signal, optical signal or above-mentioned any appropriate combination.Computer-readable signal media can also be that computer can Any computer-readable medium beyond storage medium is read, the computer-readable medium, which can send, propagates or transmit, to be used for By instruction execution system, device either device use or program in connection.
The program code included on computer-readable medium can be transmitted with any appropriate medium, including --- but it is unlimited In wireless, electric wire, optical cable, RF etc., or above-mentioned any appropriate combination.
It can be write with one or more programming languages or its combination for performing the computer that operates of the present invention Program code, described program design language include object oriented program language-such as Java, Smalltalk, C++, Also include conventional procedural programming language-such as " C " language or similar programming language.Program code can be with Fully perform, partly perform on the user computer on the user computer, the software kit independent as one performs, portion Divide and partly perform or performed completely on remote computer or server on the remote computer on the user computer. Be related in the situation of remote computer, remote computer can pass through the network of any kind --- including LAN (LAN) or Wide area network (WAN)-be connected to subscriber computer, or, it may be connected to outer computer (such as carried using Internet service Pass through Internet connection for business).
Pay attention to, above are only presently preferred embodiments of the present invention and institute's application technology principle.It will be appreciated by those skilled in the art that The invention is not restricted to specific embodiment described here, can carry out for a person skilled in the art various obvious changes, Readjust and substitute without departing from protection scope of the present invention.Therefore, although being carried out by above example to the present invention It is described in further detail, but the present invention is not limited only to above example, without departing from the inventive concept, also Other more equivalent embodiments can be included, and the scope of the present invention is determined by scope of the appended claims.

Claims (12)

  1. A kind of 1. encipher-decipher method, it is characterised in that including:
    Terminal obtains the key file of encryption, wherein the key file includes the round key and algorithm parameter of each wheel;
    The key file of the encryption is dispersed at least two subfiles and stored respectively by the terminal;
    When needing to carry out encryption and decryption, the terminal is treated processing information according at least two subfile and preset algorithm and entered Row encryption and decryption computing.
  2. 2. according to the method for claim 1, it is characterised in that before the key file that terminal obtains encryption, the side Method also includes:
    Key server generates the round key and algorithm parameter of each round according to key;
    Whole round key and whole algorithm parameters are formed the key file by the key server;
    The key file is encrypted the key server, and the key file of encryption is sent to the terminal.
  3. 3. according to the method for claim 1, it is characterised in that the terminal by the key file of the encryption be dispersed into Few two subfiles and respectively storage include:
    The key file of the encryption is dispersed at least two subfiles by the terminal, and by least two subfile from Dissipate and store into local file system;
    The terminal records the store path of each subfile.
  4. 4. according to the method for claim 3, it is characterised in that the terminal is according at least two subfile and presets Algorithm, which treats processing information progress encryption and decryption computing, to be included:
    The terminal first algorithm according to corresponding to pending computing, obtained from corresponding store path and work as front-wheel sequence computing institute The round key and algorithm parameter needed;
    The terminal carries out encryption and decryption according to the round key of acquisition, algorithm parameter and first algorithm to the pending information Computing, and using when the result of front-wheel sequence computing is as the input of next round wheel sequence computing, continue to obtain next round wheel sequence computing institute The round key and algorithm parameter needed, until all wheel sequence computings completions, inverted sequence change is carried out to operation result to enter road wheel sequence computing Change, export the encryption and decryption result of the pending information.
  5. 5. according to the method for claim 4, it is characterised in that the terminal first calculation according to corresponding to pending computing Method, obtained from corresponding store path when the round key needed for front-wheel sequence computing and algorithm parameter include:
    Subfile corresponding to path indexing acquisition of the terminal in first algorithm;
    Subfile described in the terminal-pair is decrypted, and obtains when the round key and algorithm parameter needed for front-wheel sequence computing;
    After having performed when front-wheel sequence computing, the terminal deletion decrypts obtained round key and algorithm parameter.
  6. A kind of 6. ciphering and deciphering device, it is characterised in that including:
    Key file acquisition module, for obtaining the key file of encryption, wherein the key file includes the round key of each wheel And algorithm parameter;
    Subfile memory module, for the key file of the encryption to be dispersed into at least two subfiles and stored respectively;
    Computing module, for when need carry out encryption and decryption when, according at least two subfile and preset algorithm to pending Information carries out encryption and decryption computing.
  7. 7. device according to claim 6, it is characterised in that the subfile memory module includes:
    File dispersal unit, for the key file of the encryption to be dispersed into at least two subfiles;
    Subfile memory cell, for storing at least two subfile is discrete into local file system;
    Path recording unit, for recording the store path of each subfile.
  8. 8. device according to claim 7, it is characterised in that the computing module includes:
    Round key acquiring unit, for the first algorithm according to corresponding to pending computing, obtain and work as from corresponding store path Round key and algorithm parameter needed for front-wheel sequence computing;
    Sequence arithmetic element is taken turns, for the round key according to acquisition, algorithm parameter and first algorithm to the pending information Carry out encryption and decryption computing, and using when the result of front-wheel sequence computing be used as the input of next round wheel sequence computing, continue acquisition next round Round key and algorithm parameter needed for wheel sequence computing is to enter road wheel sequence computing, until all wheel sequence computings completions, to operation result Antitone mapping is carried out, exports the encryption and decryption result of the pending information.
  9. 9. device according to claim 8, it is characterised in that the round key acquiring unit includes:
    Subfile obtains subelement, for subfile corresponding to the path indexing acquisition in first algorithm;
    Subfile decrypts subelement, for the subfile to be decrypted, obtain round key needed for the front-wheel sequence computing and Algorithm parameter;
    Round key deletes subelement, for after having performed when front-wheel sequence computing, deleting round key and the algorithm ginseng that decryption obtains Number.
  10. A kind of 10. encrypting and deciphering system, it is characterised in that including:Terminal and key server;
    Wherein, the terminal includes any described ciphering and deciphering device in claim 6-9;
    The key server includes:
    Round key generation module, for generating the round key and algorithm parameter of each round according to key;
    Key file generation module, for whole round key and whole algorithm parameters to be formed into the key file;
    Key file encrypting module, for the key file to be encrypted;
    Key file sending module, for the key file of encryption to be sent to the terminal.
  11. 11. a kind of equipment, it is characterised in that the equipment includes:
    One or more processors;
    Storage device, for storing one or more programs;
    When one or more of programs are by one or more of computing devices so that one or more of processors are real The now encipher-decipher method as described in any in claim 1-5.
  12. 12. a kind of computer-readable recording medium, is stored thereon with computer program, it is characterised in that the program is by processor The encipher-decipher method as described in any in claim 1-5 is realized during execution.
CN201710944069.3A 2017-09-30 2017-09-30 Encryption and decryption method, device, system, equipment and storage medium Active CN107612683B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710944069.3A CN107612683B (en) 2017-09-30 2017-09-30 Encryption and decryption method, device, system, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710944069.3A CN107612683B (en) 2017-09-30 2017-09-30 Encryption and decryption method, device, system, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN107612683A true CN107612683A (en) 2018-01-19
CN107612683B CN107612683B (en) 2020-10-27

Family

ID=61069077

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710944069.3A Active CN107612683B (en) 2017-09-30 2017-09-30 Encryption and decryption method, device, system, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN107612683B (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108574566A (en) * 2018-02-13 2018-09-25 北京梆梆安全科技有限公司 A kind of whitepack encipher-decipher method, device and storage medium
CN109040090A (en) * 2018-08-17 2018-12-18 北京海泰方圆科技股份有限公司 A kind of data ciphering method and device
CN109951456A (en) * 2019-02-28 2019-06-28 成都卫士通信息产业股份有限公司 Message encipher-decipher method, device, electronic equipment and computer readable storage medium
CN110197076A (en) * 2019-05-22 2019-09-03 北京航空航天大学 A kind of software optimization implementation method of SM4 Encryption Algorithm
CN111191252A (en) * 2018-11-15 2020-05-22 航天信息股份有限公司 Encryption and decryption method and device for smart card operating system and storage medium
CN113645209A (en) * 2021-07-30 2021-11-12 北京三快在线科技有限公司 Vehicle end software encryption and decryption method and device based on white box
CN113672955A (en) * 2021-08-19 2021-11-19 支付宝(杭州)信息技术有限公司 Data processing method, system and device
CN114282232A (en) * 2021-11-22 2022-04-05 岚图汽车科技有限公司 Vehicle communication key management method and device, storage medium and equipment
CN115426111A (en) * 2022-06-13 2022-12-02 中国第一汽车股份有限公司 Data encryption method and device, electronic equipment and storage medium

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101320356A (en) * 2008-07-14 2008-12-10 曹乃承 Data storage method and device
CN101997833A (en) * 2009-08-10 2011-03-30 北京多思科技发展有限公司 Key storage method and device and data encryption/decryption method and device
CN103997504A (en) * 2014-06-13 2014-08-20 谭知微 Identity authentication system and method
US20140270153A1 (en) * 2013-03-13 2014-09-18 Futurewei Technologies, Inc. System and Method for Content Encryption in a Key/Value Store
CN104135371A (en) * 2014-08-18 2014-11-05 杭州华三通信技术有限公司 Password saving method and device
CN105577363A (en) * 2016-01-29 2016-05-11 江苏沁恒股份有限公司 Extensible pipelined circuit aiming at SM4 cryptographic algorithm and implementation method thereof
CN106022158A (en) * 2016-05-09 2016-10-12 福建南威软件有限公司 A takeout management system for file datas
CN106330435A (en) * 2015-07-02 2017-01-11 中兴通讯股份有限公司 Key transformation method and device, and terminal

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101320356A (en) * 2008-07-14 2008-12-10 曹乃承 Data storage method and device
CN101997833A (en) * 2009-08-10 2011-03-30 北京多思科技发展有限公司 Key storage method and device and data encryption/decryption method and device
US20140270153A1 (en) * 2013-03-13 2014-09-18 Futurewei Technologies, Inc. System and Method for Content Encryption in a Key/Value Store
CN103997504A (en) * 2014-06-13 2014-08-20 谭知微 Identity authentication system and method
CN104135371A (en) * 2014-08-18 2014-11-05 杭州华三通信技术有限公司 Password saving method and device
CN106330435A (en) * 2015-07-02 2017-01-11 中兴通讯股份有限公司 Key transformation method and device, and terminal
CN105577363A (en) * 2016-01-29 2016-05-11 江苏沁恒股份有限公司 Extensible pipelined circuit aiming at SM4 cryptographic algorithm and implementation method thereof
CN106022158A (en) * 2016-05-09 2016-10-12 福建南威软件有限公司 A takeout management system for file datas

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108574566A (en) * 2018-02-13 2018-09-25 北京梆梆安全科技有限公司 A kind of whitepack encipher-decipher method, device and storage medium
CN109040090A (en) * 2018-08-17 2018-12-18 北京海泰方圆科技股份有限公司 A kind of data ciphering method and device
CN111191252A (en) * 2018-11-15 2020-05-22 航天信息股份有限公司 Encryption and decryption method and device for smart card operating system and storage medium
CN109951456A (en) * 2019-02-28 2019-06-28 成都卫士通信息产业股份有限公司 Message encipher-decipher method, device, electronic equipment and computer readable storage medium
CN110197076A (en) * 2019-05-22 2019-09-03 北京航空航天大学 A kind of software optimization implementation method of SM4 Encryption Algorithm
CN110197076B (en) * 2019-05-22 2021-03-26 北京航空航天大学 Software optimization implementation method of SM4 encryption algorithm
CN113645209A (en) * 2021-07-30 2021-11-12 北京三快在线科技有限公司 Vehicle end software encryption and decryption method and device based on white box
CN113672955A (en) * 2021-08-19 2021-11-19 支付宝(杭州)信息技术有限公司 Data processing method, system and device
CN113672955B (en) * 2021-08-19 2024-04-19 支付宝(杭州)信息技术有限公司 Data processing method, system and device
CN114282232A (en) * 2021-11-22 2022-04-05 岚图汽车科技有限公司 Vehicle communication key management method and device, storage medium and equipment
CN115426111A (en) * 2022-06-13 2022-12-02 中国第一汽车股份有限公司 Data encryption method and device, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN107612683B (en) 2020-10-27

Similar Documents

Publication Publication Date Title
CN107612683A (en) A kind of encipher-decipher method, device, system, equipment and storage medium
US12069038B2 (en) Encryption and decryption techniques using shuffle function
CN109040090B (en) A kind of data ciphering method and device
US10447476B2 (en) Multi-key graphic cryptography for encrypting file system acceleration
CN103988464B (en) System and method for key management for issuer security domain using global platform specifications
CN105324956B (en) The method and apparatus of encrypting plaintext data
CN105408913B (en) Privacy data are handled in cloud
CN105408912B (en) Handle certification and resource grant
CN101196855B (en) Mobile encrypted memory device and cipher text storage area data encrypting and deciphering processing method
US8880879B2 (en) Accelerated cryptography with an encryption attribute
CN102073808B (en) Method for encrypting and storing information through SATA interface and encryption card
US20120269340A1 (en) Hierarchical encryption/decryption device and method thereof
CN105468940B (en) Method for protecting software and device
CN110061840A (en) Data ciphering method, device, computer equipment and storage medium
CN106067874B (en) It is a kind of by the method for data record to server end, terminal and server
CN108090366B (en) Data protection method and device, computer device and readable storage medium
CN104995633A (en) Achieving storage efficiency in presence of end-to-end encryption using downstream decrypters
CN113055153B (en) Data encryption method, system and medium based on fully homomorphic encryption algorithm
CN109613990A (en) Soft keyboard safety input method, server, client, electronic equipment and medium
CN110084599A (en) Cipher key processing method, device, equipment and storage medium
CN104735471A (en) Techniques For Secure Provisioning Of Digital Content Protection Scheme
CN109257176A (en) Decruption key segmentation and decryption method, device and medium based on SM2 algorithm
CN107306254A (en) Digital literary property protection method and system based on double layer encryption
CN107911221B (en) Key management method for secure storage of solid-state disk data
CN106612170A (en) Drm service provision apparatus and method, and content playback apparatus and method using drm service

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant