The method that rsa encryption storage is carried out to data dictionary information
Technical field
The present invention relates to field of cloud computer technology, and in particular to a kind of pair of data dictionary information carries out rsa encryption storage
Method.
Background technique
The mode of the cloud computing node data dictionary information storage of mainstream at present, or realized by traditional mode,
These modes include passing through the storage of XML format file, utilization using the txt file storage of text file, by application architecture
The tables of data of relevant database is stored.
Traditional mode there is a problem of following under new cloud computing environment:
1, it is stored in an operating system using TXT or XML format file, is easy to be immediately seen file by system manager
Content, and modify, and the access limit of file is influenced by the directory permission of operating system.It is easy by operation system
Other users in system are seen.
2, it is stored using relevant database, after database is by rogue attacks, content can also be stolen easily by hacker
It takes, generates data information leakage.
So if needing the individual requirement for business, the data dictionary information in cloud computing environment is encrypted
Storage, especially user require the requirement for increasing safety using different encrypted datas, the current mainstream of this point
Cloud computing platform and conventional tool are not accomplished also.
Summary of the invention
To overcome the above deficiencies, the invention provides a kind of compatibility by force, execution efficiency is high, safety coefficient is high
To data dictionary information carry out rsa encryption storage method.
The present invention overcomes the technical solution used by its technical problem to be:
The method that a kind of pair of data dictionary information carries out rsa encryption storage, includes the following steps:
A) cloud computing platform is built, which includes that N number of can service with independently operated service node
Node includes management node A, Journal node L, data memory node D and service providing node S;
B) management node A is initialized, after the completion of initialization, Key file and mouth needed for so that management node A is provided certification
It enables, authentication information needed for rsa encryption storage is included in Key file;
C) all service nodes of cloud computing will be participated in register to management node A, when registration provides Key file and password
As certification foundation, after succeeding in registration, by all service nodes after certification, the service of oneself providing is needed to the data issued
Dictionary information is encrypted with the Key file that RSA Algorithm combination A node provides, and file is sent to management node A after encryption;
D) their own is used to provide the key that the Key file of certification is decrypted as RSA on management node A, while handle connects
The each service node received sends the data dictionary information come up and verification is decrypted, and after verification is errorless, management node A is phase
Close after information summarize merging and encrypted with RSA Algorithm, and be stored in local, encrypted information be handed down to it is each need using
The service node of data dictionary information;
E) service providing node S and data memory node D is after receiving the data dictionary information that management node A is issued,
Using the Key file in the management node A of storage itself as the key of RSA, verification is decrypted to data dictionary ciphertext, is solved
It is close it is errorless after, the data dictionary information that management node A is issued is stored in this intra-node in the form of ciphertext, and after decryption
Data dictionary information cache in the memory of this node.
Further, the process of the initialization management node A in step b) are as follows:
B-1) start management node A;
B-2 it after) management node A starts successfully, initializes local Embedded database engine and opens database file, it
Enter wait state afterwards, data memory node D, service providing node S and Journal node L is waited to come to register.
Further, the service node registered in step c) to management node A provides section as data memory node D, service
Point S and Journal node L.
Further, the process registered in step c) to management node A are as follows:
C-1 the service node for) starting pre-registration after the service node starts successfully, inquires local data base, obtains this
Service node configuration information is put into memory;
C-2 it after) configuration information obtains successfully, is registered to management node A, the management node A service note provided is provided at this time
Volume code and service access password issue registration request to management node A;
C-3) management node A is verified after receiving registration request, the letter of pre-registration service node after being verified
Breath is saved in own resource library, and has increased the service node of registration newly on the management console of management node A.
Further, each service node received is sent the data dictionary to come up in management node A in step d)
After information is collected, management node A encrypts information using local Key file and password as keyword by RSA Algorithm,
Encrypted information preservation is in this intra-node, and management node A is by calling service providing node S's and data memory node D
Download function,
Encrypted data dictionary information is sent in all data memory node D and service providing node S.
Further, service providing node S receives foundation after the data dictionary information that management node A is issued in step e)
The Key file of the management node A of this node storage is decrypted and verifies to encryption information, by verifying errorless rear storage encryption
For data information afterwards to this intra-node, data memory node D receives foundation after the data dictionary information that management node A is issued
The Key file of the management node A of this node storage carries out RSA decryption and verification to encryption information, by verifying errorless rear storage
Encrypted data information feeds back to management node A if information is not inconsistent hop algorithm verification to this intra-node, carries out different
Often processing.
The beneficial effects of the present invention are: based on multiple cloud computing environment can be can adapt to independently operated service node
The hardware and software device of lower complexity and a variety of development languages do not depend on specific equipment or software, and the prior art is all to rely on spy
Operating system or software tool are determined to realize, compared with prior art, the method for the invention has stronger compatibility.We
Key file of the method according to management node A, the key of flexible setting RSA Algorithm, and school is decrypted using multiple nodal parallels
It tests, regular traffic execution can not be influenced.And the storage of conventional information all requires operating system and software, in the process of storage
In, the fixed key Encryption Algorithm of operating system or specific data base management system is inevitably relied on, it is third-party by calling
Software completes encryption and decryption, and required time is long, and the file of generation is big, it is more to occupy host resource, or even can interfere with regular traffic
Using.Therefore this method has the characteristics that execution efficiency is high.Since the data comprising system important information are high-intensitive, randomness
Strong key encipherment protection, it is big to crack difficulty, is unidirectionally decrypted on each node, can effectively take precautions against information leakage;And
Traditional approach, as long as one account password of leakage, either the account mouth of the administrator of operating system or database administrator
It enables, can all sensitive data be caused to be compromised away.Therefore this method can protect sensitive data.
Detailed description of the invention
Fig. 1 is the flow chart that data encryption of the invention issues;
Fig. 2 is the flow chart that cloud computing platform service node of the invention read, stored encryption data;
Fig. 3 is the flow chart that cloud computing platform of the invention handles the reception of data dictionary information, decryption, verification and storage.
Specific embodiment
With reference to the accompanying drawing 1, the present invention will be further described for attached drawing 2.
The method that a kind of pair of data dictionary information carries out rsa encryption storage, includes the following steps:
A) cloud computing platform is built, which includes that N number of can service with independently operated service node
Node includes management node A, Journal node L, data memory node D and service providing node S.
B) management node A is initialized, after the completion of initialization, Key file and mouth needed for so that management node A is provided certification
It enables, authentication information needed for rsa encryption storage is included in Key file.
C) all service nodes of cloud computing will be participated in register to management node A, when registration provides Key file and password
As certification foundation, after succeeding in registration, by all service nodes after certification, the service of oneself providing is needed to the data issued
Dictionary information is encrypted with the Key file that RSA Algorithm combination A node provides, and file is sent to management node A after encryption.
D) their own is used to provide the key that the Key file of certification is decrypted as RSA on management node A, while handle connects
The each service node received sends the data dictionary information come up and verification is decrypted, and after verification is errorless, management node A is phase
Close after information summarize merging and encrypted with RSA Algorithm, and be stored in local, encrypted information be handed down to it is each need using
The service node of data dictionary information.
E) service providing node S and data memory node D is after receiving the data dictionary information that management node A is issued,
Using the Key file in the management node A of storage itself as the key of RSA, verification is decrypted to data dictionary ciphertext, is solved
It is close it is errorless after, the data dictionary information that management node A is issued is stored in this intra-node in the form of ciphertext, and after decryption
Data dictionary information cache in the memory of this node.
The method for carrying out rsa encryption storage to data dictionary information of the invention independently operated can be serviced based on multiple
Node can adapt to hardware and software device complicated under cloud computing environment and a variety of development languages, not depend on specific equipment or soft
Part, and the prior art is all to rely on specific operation system or software tool to realize, compared with prior art, side of the present invention
Method has stronger compatibility.Key file of this method according to management node A, the key of flexible setting RSA Algorithm, and utilize
Verification is decrypted in multiple nodal parallels, can not influence regular traffic execution.And the storage of conventional information is to operating system and soft
Part all requires, and during storage, inevitably relies on operating system or the fixed key of specific data base management system adds
Close algorithm, by calling third-party software to complete encryption and decryption, required time is long, and the file of generation is big, and occupancy host resource is more,
The application of regular traffic can even be interfered with.Therefore this method has the characteristics that execution efficiency is high.Due to including the important letter of system
The data of breath are high-intensitive, the strong key encipherment protection of randomness, and it is big to crack difficulty, unidirectionally decrypted on each node,
Information leakage can effectively be taken precautions against;And traditional approach, as long as one account password of leakage, either the administrator of operating system is gone back
It is the account password of database administrator, can all sensitive data is caused to be compromised away.Therefore this method can protect sensitive number
According to.
Embodiment 1:
The process of initialization management node A in step b) are as follows:
B-1) start management node A;
B-2 it after) management node A starts successfully, initializes local Embedded database engine and opens database file, it
Enter wait state afterwards, data memory node D, service providing node S and Journal node L is waited to come to register.
So-called RSA cryptographic algorithms are current most influential public key encryption algorithms, and are generally considered at present most
One of outstanding public key scheme.RSA is first algorithm that can be used to encrypt sum number space signature simultaneously, it can resist current
Until known all cryptographic attacks, public key data encryption standard is recommended as by ISO.RSA cryptographic algorithms are based on one very
Simple number theory is true: it is very easy that two Big primes are multiplied, but wants at that time, but wants to carry out factor to its product at that time
Decomposition is extremely difficult, therefore product can be disclosed as encryption key.So-called " data dictionary information ", refers to service node
When the service of offer, for defining data type and standard, the data information of reference role is played.
Embodiment 2:
The service node registered in step c) to management node A is data memory node D, service providing node S and log
Node L.What each type of service node reported, when being that node oneself provides service, need to issue the data dictionary information come out.
According to RSA Algorithm, the Key the file information provided using management node A is encrypted these information.Management section is uploaded to after encryption
Point A.
Embodiment 3:
The process registered in step c) to management node A are as follows:
C-1 the service node for) starting pre-registration after the service node starts successfully, inquires local data base, obtains this
Service node configuration information is put into memory;
C-2 it after) configuration information obtains successfully, is registered to management node A, the management node A service note provided is provided at this time
Volume code and service access password issue registration request to management node A;
C-3) management node A is verified after receiving registration request, the letter of pre-registration service node after being verified
Breath is saved in own resource library, and has increased the service node of registration newly on the management console of management node A.
Embodiment 4:
The each service node received is sent the data dictionary information come up in management node A in step d) to collect
Afterwards, management node A encrypts information using local Key file and password as keyword by RSA Algorithm, encrypted
Information preservation passes through the download function for calling service providing node S and data memory node D in this intra-node, management node A,
Encrypted data dictionary information is sent in all data memory node D and service providing node S.
Embodiment 5:
Service providing node S is deposited after receiving the data dictionary information that management node A is issued according to this node in step e)
The Key file of the management node A of storage is decrypted and verifies to encryption information, by verifying the errorless rear encrypted data of storage
To this intra-node, data memory node D is deposited after receiving the data dictionary information that management node A is issued according to this node information
The Key file of the management node A of storage carries out RSA decryption and verification to encryption information, encrypted by verifying errorless rear storage
Data information feeds back to management node A if information is not inconsistent hop algorithm verification to this intra-node, carries out abnormality processing.
The method of the invention for carrying out AES encryption storage to data navigation information is made below by a specific example
It further illustrates out:
Hardware environment preparation is carried out first, comprising:
Equipment: three servers, interchanger
Operating system: Server2008 or Linux may be used
Software: MySQL5.1 or more version, Tomcat6 or more version, Java1.7 or more version
Technique preparation: WebService WSDL communication protocol, SpringMVC Web frame
Specific implementation step are as follows:
Step 1: building a cloud computing platform, software installation is completed on three servers, then in every server
Three service nodes of upper creation, altogether 9 service nodes.Including: management node A, data memory node D1, D2, D3,
D4, D5, service providing node S1, S2 and Journal node L1.First start management node, then log-on data memory node,
Service providing node, Journal node.
Service node can be understood as one group of service processes on a server, this group of service processes can mutually match
It closes, service request needed for completing cloud computing.Each service node has the attribute of oneself, and nodal community refers to service node
The function that upper this group of service processes are capable of providing.The nodal community that each service node has oneself basic, and provide substantially
Servicing communications interface (such as Node registers, node identities verifying etc.).In addition, each node is different according to preset function, mention
For additional service.Node is divided into several major class according to the difference of attribute (service provided):
Management node A: it is responsible in the entire cloud computing framework of management, all service nodes;The safety certification of responsible node and
The publication of information;
Journal node L: it is responsible for recording the operation log information of each node;
Data memory node D: it is responsible for storing the data information of submission according to preset value.And operation log information is sent
It is saved to Journal node L.
Service providing node S: it is responsible for all kinds of requests that response user sends, and carries out analysis summary, after analysis is split
Information, be sent to each data memory node D, and receive, summarize the response message of data memory node D.
Step 2: initialization management node A
1, management node A starts
After management node A starts successfully, inquiry local data base obtains this service node configuration information and is put into memory.Configuration
Information is as shown in the table, it includes:
Serial number |
Content |
Type |
Example |
1 |
Service registration code |
String |
IP141-SERVER-KEY |
2 |
Service access address |
String |
Http: // 192.168.1.100:8080/Manager/webservices, support Https |
3 |
Service access user name |
String |
Admin |
4 |
Service access password |
String |
123 (supporting the encryption of the various ways such as MD5) |
5 |
Service node type |
String |
A: management node |
6 |
Service node version |
String |
1.0 |
After configuration information obtains successfully, into wait state, data storage service node, service node and log section are waited
Point comes to register.
Step 3: other nodes in initialization cloud service platform, and registered to management node A
1, data memory node D starts
After node starts successfully, inquiry local data base obtains this service node configuration information and is put into memory.Configuration information
As shown in the table, it includes:
It after configuration information obtains successfully, is operated to management service Node registry, the management node A service provided is provided at this time
Registration code and service access password issue registration request to management node A and are tested after management node A receives registration request
Card, the information preservation after being verified data memory node D is into own resource library, at this time on the management console of A,
It is seen that having increased a data memory node D newly.A can feed back to mono- message to succeed in registration of D simultaneously.
2, service provides class node S starting
After node starts successfully, inquiry local data base obtains this service node configuration information and is put into memory.Configuration information
As shown in the table, it includes:
Serial number |
Content |
Type |
Example |
1 |
Service registration code |
String |
IP143-SERVER-KEY |
2 |
Service access address |
String |
Http: // 192.168.1.102:8080/Manager/webservices supports Https |
3 |
Service access user name |
String |
Admin |
4 |
Service access password |
String |
123 (supporting the encryption of the various ways such as MD5) |
5 |
Service node type |
String |
S: service node |
6 |
Service node version |
String |
1.0 |
7 |
Management service node visit address |
String |
http://192.168.1.100:8080/Manager/webservices |
8 |
Management service node visit user |
String |
Admin |
9 |
Management service node visit password |
String |
123 |
It after configuration information obtains successfully, is operated to management service Node registry, the management node A service provided is provided at this time
Registration code and service access password issue registration request to management node A, after A receives registration request, are verified, verified
Through the rear information preservation service providing node S into own resource library.Simultaneously A can feed back to S mono- succeed in registration disappear
Breath, and on the management console of A, it can be seen that increase a service providing node S newly.
3, Journal node L starts
After node starts successfully, inquiry local data base obtains this service node configuration information and is put into memory.Configuration information
As shown in the table, it includes:
It after configuration information obtains successfully, is operated to management service Node registry, the management node A service provided is provided at this time
Registration code and service access password issue registration request to management node A, after A receives registration request, are verified, verified
Through the rear information preservation Journal node L into own resource library.At this time on the management console of A, so that it may see
A Journal node L is increased newly.Meanwhile A can feed back to mono- message to succeed in registration of L.
Step 4: reporting the data after rsa encryption
After the registration operation completed to management node A, data dictionary that service node S can need oneself externally to issue
Information carries out integration encryption, encrypted information is sent to management in conjunction with the content of the A Key file issued according to RSA Algorithm
Node A.
It is as shown in the table to illustrate service access rule settings function in the picture of management node:
Data store content:
Serial number |
Explanation |
Length |
1 |
User account |
32 |
2 |
Address name |
10 |
3 |
Gender |
2 |
4 |
ID card No. |
18 |
5 |
Contact method |
32 |
6 |
Home address |
128 |
It is as shown in the table that data storage rule is arranged in management service node:
Serial number |
Explanation |
Memory node |
1 |
User account |
Data memory node D1 |
2 |
Address name |
Data memory node D1 |
3 |
Gender |
Data memory node D2 |
4 |
ID card No. |
Data memory node D2 |
5 |
Contact method |
Data memory node D3 |
6 |
Home address |
Data memory node D3 |
After management service node A receives the encryption data dictionary information that S is reported, by RSA Algorithm, in conjunction with service node
The Key file content of A, is decrypted verification.If decryption failure, A can feed back to mono- unexpected message of S;Decryption verifies successfully
Afterwards, the encryption data dictionary information that S is reported, and the download function by calling service node and data memory node are saved
The encryption data dictionary information of S is sent to all storages for needing the dictionary information and service section by (WebService service)
Point in.For data memory node, process is also the same.As shown in attached drawing 1, attached drawing 2.
Step 5: verification saves data dictionary information
After completing the 4th step, after service node S receives encrypted data dictionary information, according to the pipe being locally stored
The Key file content for managing service node A, is decrypted encryption data and verifies.After verifying successfully, the data information of encryption
It is saved in this intra-node.After memory node D receives encrypted data dictionary information, according to the management service being locally stored
The Key file content of node A, is decrypted encryption data and verifies.After verifying successfully, the data information of encryption is saved in
This intra-node.
If encryption data can not give management service node A by verification, the information for returning to invalid data format, such as attached
Shown in Fig. 3.
By above mode, it can efficiently accomplish and rsa encryption storage is carried out to the data under cloud computing environment, protect number
According to when meeting with unexpected hacker attacks or unauthorized access, it not will cause leaking data, protect secure user data.