CN107682156A - A kind of encryption communication method and device based on SM9 algorithms - Google Patents
A kind of encryption communication method and device based on SM9 algorithms Download PDFInfo
- Publication number
- CN107682156A CN107682156A CN201711137150.7A CN201711137150A CN107682156A CN 107682156 A CN107682156 A CN 107682156A CN 201711137150 A CN201711137150 A CN 201711137150A CN 107682156 A CN107682156 A CN 107682156A
- Authority
- CN
- China
- Prior art keywords
- encryption
- user equipment
- encryption key
- information
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Telephonic Communication Services (AREA)
Abstract
The present invention provides a kind of encryption communication method and device based on SM9 algorithms.This method includes:First user equipment the first encryption key is encrypted using SM9 algorithms, the first encryption key after being encrypted using the identification information of second user equipment as SM9 public keys;First encryption key is the encryption key of default first AES;First user equipment is encrypted to information to be sent using first AES according to the first encryption key after the encryption, obtains encryption information;First user equipment sends the first encryption key after the encryption information and the encryption to the second user equipment.The embodiment of the present invention realizes the secure communication between multiple user equipmenies, and message mass-sends safely function.
Description
Technical field
The present invention relates to field of information security technology, more particularly to a kind of encryption communication method and dress based on SM9 algorithms
Put.
Background technology
As global information technology constantly improves, Chinese society informationization application level has also obtained great-leap-forward development.
Electronic product emerges in an endless stream, and is very easy to the work and life of people.Significantly carried however as electronic product popularity rate
Height, its safe and secret problem increasingly highlight.When being communicated between user by electronic product, Content of Communication is easily eavesdropped by illegal molecule
Obtain.
Nowadays it is general to be realized using digital certificate mode safe and secret, i.e., protect data using the key of certification authority.
Digital certificate is a text comprising public-key cryptography owner information and public-key cryptography through certificate authority digital signature
Part.The private key pair of oneself must be used to certificate authority application digital certificate, certificate authority first by sending method, apparatus
The public key of sender is encrypted, the public key after being encrypted, and the public key after encryption is made into digital certificate.Sender will be original
Data, summary ciphertext, digital certificate send jointly to recipient;Wherein, ciphertext of making a summary is to initial data by digest algorithm
Calculated, the ciphertext after being then encrypted using the private key of sender.Recipient uses the public key pair of certificate authority
Digital certificate is decrypted, and obtains the public key of sender, then summary ciphertext is decrypted with the public key of sender, after decryption
Data be compared with the data that initial data generates according to digest algorithm, you can confirm the authenticity of data.
It is above-mentioned to be carried out using digital certificate mode during Data Encryption Transmission, it is necessary to rely on third party's certificate agency granting
Digital certificate, also need to take care of digital certificate using the equipment of the digital certificate, need to enter digital certificate during use
Row checking.Verification process needs to rely on third party's certificate agency offer verification mode, but also must be with third party's certificate verification
Mechanism keeps network-in-dialing.Because equipment can not keep network connection with third party's certificate agency in many cases, therefore very
Checking can not be realized under more scenes, so as to ensure communication safety.
The content of the invention
The present invention provides a kind of encryption communication method and device based on SM9 algorithms, to realize between multiple user equipmenies
Secure communication.
In a first aspect, the present invention provides a kind of encryption communication method based on SM9 algorithms, including:
First user equipment is encrypted using the identification information of second user equipment as SM9 public keys using SM9 algorithms to first
Key is encrypted, the first encryption key after being encrypted;First encryption key is default first AES
Encryption key;
First user equipment is treated according to the first encryption key after the encryption using first AES
Send information to be encrypted, obtain encryption information;
First user equipment send the encryption information and the encryption to the second user equipment after first
Encryption key.
Second aspect, the present invention provide a kind of encryption communication method based on SM9 algorithms, including:
Second user equipment obtains the SM9 private keys of the second user equipment;
The first encryption after the encryption information of second user equipment reception the first user equipment transmission and encryption
Key;The encryption information be first user equipment according to the first encryption key after the encryption, using default the
One AES information to be sent is encrypted after information;The first encryption key after the encryption is to set second user
Standby identification information is encrypted what is obtained using SM9 algorithms as SM9 public keys to the first encryption key;First encryption
Key is the encryption key of first AES;
The second user equipment is according to the SM9 private keys, using the SM9 algorithms to the first encryption after the encryption
Key is decrypted, the first encryption key after being decrypted;
The second user equipment is according to the first encryption key after the decryption, using first AES to institute
State encryption information to be decrypted, the information to be sent after being decrypted.
The third aspect, the present invention provide a kind of encryption communication method based on SM9 algorithms, including:
Server is entered using the identification information of the first user equipment as SM9 public keys using SM9 algorithms to the second encryption key
Row encryption, obtains the second encryption key after encryption;Second encryption key is close for the encryption of default second AES
Key;
The server is according to the second encryption key after the encryption, using second AES to announcement information
It is encrypted, obtains the encryption announcement information;
Second after the server sends the encryption announcement information and the encryption to first user equipment adds
Key.
Fourth aspect, the present invention provide a kind of first user equipment, including:
Processing module, for using the identification information of second user equipment as SM9 public keys, being added using SM9 algorithms to first
Key is encrypted, the first encryption key after being encrypted;First encryption key is default first AES
Encryption key;
The processing module, it is additionally operable to according to the first encryption key after the encryption, using first AES
Information to be sent is encrypted, obtains encryption information;
Sending module, for the first encryption after sending the encryption information and the encryption to the second user equipment
Key.
5th aspect, the present invention provide a kind of second user equipment, including:
Acquisition module, for obtaining the SM9 private keys of the second user equipment;
Receiving module, it is close for receiving the first encryption after the encryption information and encryption that first user equipment sends
Key;The encryption information be first user equipment according to the first encryption key after the encryption, using default first
AES information to be sent is encrypted after information;The first encryption key after the encryption is by second user equipment
Identification information as SM9 public keys, what is obtained is encrypted to the first encryption key using SM9 algorithms;First encryption is close
Key is the encryption key of first AES;
Processing module, for according to the SM9 private keys, being encrypted using the SM9 algorithms to first after the encryption close
Key is decrypted, the first encryption key after being decrypted;
The processing module, it is additionally operable to according to the first encryption key after the decryption, using first AES
The encryption information is decrypted, the information to be sent after being decrypted.
6th aspect, the present invention provide a kind of server, including:
Processing module, for using the identification information of the first user equipment as SM9 public keys, being added using SM9 algorithms to second
Key is encrypted, and obtains the second encryption key after encryption;Second encryption key is default second AES
Encryption key;
The processing module, it is additionally operable to according to the second encryption key after the encryption, using second AES
Announcement information is encrypted, obtains the encryption announcement information;
The sending module, after sending the encryption announcement information and the encryption to first user equipment
Second encryption key.
Encryption communication method and device provided by the invention based on SM9 algorithms, the first user equipment set second user
Standby identification information the first encryption key is encrypted using SM9 algorithms, first after being encrypted adds as SM9 public keys
Key;First encryption key is the encryption key of default first AES;First user equipment is according to institute
The first encryption key after encryption is stated, information to be sent is encrypted using first AES, obtains encryption information;
First user equipment sends the first encryption key after the encryption information and the encryption to the second user equipment,
Above-mentioned coded communication process uses the close SM9 algorithms of state, and public key uses the identification information of unique mark user equipment, it is possible to achieve more
Secure communication between individual user equipment, operating process are simple.
Brief description of the drawings
Accompanying drawing herein is merged in specification and forms the part of this specification, shows the implementation for meeting the disclosure
Example, and be used to together with specification to explain the principle of the disclosure.
Fig. 1 is the schematic flow sheet of the embodiment of encryption communication method one provided by the invention;
Fig. 2 is the schematic flow sheet of another embodiment of encryption communication method provided by the invention;
Fig. 3 is the schematic flow sheet of the another embodiment of encryption communication method provided by the invention;
Fig. 4 is the schematic flow sheet of the another embodiment of encryption communication method provided by the invention;
Fig. 5 is the schematic diagram of a scenario one of the embodiment of encryption communication method one provided by the invention;
Fig. 6 is the schematic diagram of a scenario two of the embodiment of encryption communication method one provided by the invention;
Fig. 7 is the schematic diagram of a scenario of another embodiment of encryption communication method provided by the invention;
Fig. 8 is the structure chart of the embodiment of the first user equipment one provided by the invention
Fig. 9 is the structure chart of the embodiment of second user equipment one provided by the invention;
Figure 10 is the structure chart of the embodiment of server one provided by the invention.
Pass through above-mentioned accompanying drawing, it has been shown that the clear and definite embodiment of the disclosure, will hereinafter be described in more detail.These accompanying drawings
It is not intended to limit the scope of disclosure design by any mode with word description, but is by reference to specific embodiment
Those skilled in the art illustrate the concept of the disclosure.
Embodiment
Here exemplary embodiment will be illustrated in detail, its example is illustrated in the accompanying drawings.Following description is related to
During accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represent same or analogous key element.Following exemplary embodiment
Described in embodiment do not represent all embodiments consistent with the disclosure.On the contrary, they be only with it is such as appended
The example of the consistent equipment of some aspects be described in detail in claims, the disclosure.
Term " first ", " second " in description and claims of this specification and the accompanying drawing etc. are to be used to distinguish
Different objects, rather than for describing particular order.In addition, term " comprising " and " having " and their any deformations, it is intended that
It is to cover non-exclusive include.Such as process, method, system, product or the equipment for containing series of steps or unit do not have
The step of being defined in the step of having listed or unit, but alternatively also including not listing or unit, or alternatively also wrap
Include for the intrinsic other steps of these processes, method, product or equipment or unit.
Fig. 1 is the schematic flow sheet of the embodiment of encryption communication method one provided by the invention.As shown in figure 1, the present embodiment
The encryption communication method of offer, including:
Step 101, the first user equipment are using the identification information of second user equipment as SM9 public keys, using SM9 algorithms pair
First encryption key is encrypted, the first encryption key after being encrypted;First encryption key adds for default first
The encryption key of close algorithm;
Step 102, first user equipment are according to the first encryption key after the encryption, using the described first encryption
Information to be sent is encrypted algorithm, obtains encryption information;
Step 103, first user equipment send the encryption information and the encryption to the second user equipment
The first encryption key afterwards.
Specifically, when the first user equipment is to second user equipment transmission information, it is first determined default first encryption is calculated
Method, for example, symmetric encipherment algorithm, such as DES, AES encryption algorithm.
Using the identification information of second user equipment as SM9 public keys, using the close SM9 algorithms of state to the first AES
One encryption key is encrypted, then according to the first encryption key after encryption, using the first AES to information to be sent
Be encrypted, obtain encryption information, most after send encryption information and encryption to second user equipment after the first encryption key.
After second user equipment receives the first encryption key after encryption information and encryption, according to second user equipment
SM9 private keys, adopt and state SM9 algorithms the first encryption key after encryption is decrypted, the first encryption key after being decrypted, enter
One step, second user equipment is solved according to the first encryption key after decryption using the first AES to encryption information
It is close, the information to be sent after being decrypted.First AES is fixed, and the first user equipment and second user equipment are prior
Consult.
Fig. 5 is the schematic diagram of a scenario one of the embodiment of encryption communication method one provided by the invention.As shown in figure 5, second uses
The private key of family equipment is to be obtained from SM9 key management systems server, SM9 key management systems server keeping master key,
And by the public key external disclosure of master key, and master key is taken care of in a secure manner, and user equipment key pair is issued, server root
Key pair is derived according to the identification information of user equipment.
Wherein, SM9 private keys are generated according to SM9 algorithms.
User equipment clearly knows the identification information of the other user's equipment during message communicating, and the identification information is being
User identity (such as system user account, identity card, cell-phone number, mailbox etc.) is uniquely determined in system.
Fig. 6 is the schematic diagram of a scenario two of the embodiment of encryption communication method one provided by the invention.Second user equipment is for example
To be multiple, i.e., as shown in fig. 6, the first user equipment (user equipment A) sends message to user equipment B and user equipment C.
Wherein, in actual applications, can also be proceeded as follows before step 101:
First user equipment randomly generates first encryption key according to first AES.
The encryption communication method of the present embodiment, the first user equipment are public using the identification information of second user equipment as SM9
Key, the first encryption key is encrypted using SM9 algorithms, the first encryption key after being encrypted;First encryption is close
Key is the encryption key of default first AES;First user equipment is close according to the first encryption after the encryption
Key, information to be sent is encrypted using first AES, obtains encryption information;First user equipment is to institute
State second user equipment and send the first encryption key after the encryption information and the encryption, above-mentioned coded communication process uses
The close SM9 algorithms of state, public key use the identification information of unique mark user equipment, it is possible to achieve the safety between multiple user equipmenies
Communication, operating process are simple.
Fig. 2 is the schematic flow sheet of another embodiment of encryption communication method provided by the invention.Fig. 7 is provided by the invention
The schematic diagram of a scenario of another embodiment of encryption communication method.On the basis of above-described embodiment, optionally, as shown in Fig. 2, Fig. 7,
The method of the present embodiment, it can also comprise the following steps:
Step 104, first user equipment obtain the SM9 private keys of first user equipment;The SM9 private keys are root
According to SM9 algorithms generation;
The after the first encryption announcement information that step 105, the first user equipment the reception server are sent and encryption
Two encryption keys;
Wherein, it is described first encryption announcement information be the server according to the second encryption key after the encryption, adopt
Information after announcement information is encrypted with default second AES;The second encryption key after the encryption is by the
The identification information of one user equipment is encrypted what is obtained using SM9 algorithms as SM9 public keys to the second encryption key;It is described
Second encryption key is the encryption key of second AES;
Step 106, first user equipment according to the SM9 private keys, using the SM9 algorithms to the encryption after
Second encryption key is decrypted, the second encryption key after being decrypted;
Step 107, first user equipment are according to the second encryption key after the decryption, using the described second encryption
Described first encryption announcement information is decrypted algorithm, the announcement information after being decrypted.
Specifically, business system server when issuing a notice information, can also use encryption method pair as shown in Figure 1
Announcement information is encrypted, and is illustrated below exemplified by sending announcement information to the first user equipment:
Server is entered using the identification information of the first user equipment as SM9 public keys using SM9 algorithms to the second encryption key
The second encryption key after the encryption that row encryption obtains, then according to the second encryption key after encryption, using default second
Announcement information is encrypted AES, obtains the first encryption announcement information;Second encryption key is the second AES
Encryption key.
After first user equipment receives the second encryption key after the first encryption announcement information and encryption, used according to first
The SM9 private keys of family equipment, the second encryption key after encryption is decrypted using SM9 algorithms, second after being decrypted adds
Key;Finally, according to the second encryption key after decryption, the first encryption announcement information is solved using the second AES
It is close, the announcement information after being decrypted.
I.e. in said process business system server issue a notice information when, as shown in fig. 7, being set respectively using all users
Standby identification information pair announcement information is encrypted, and user equipment is decrypted with the SM9 private keys of oneself respectively after receiving data
Obtain announcement information.
, wherein it is desired to explanation, step 104-107, with step 101-103 in no particular order order.
In above-mentioned embodiment, it is possible to achieve message mass-sending function, and operating process is relatively simple safely, relatively
In reducing digital certificate link using the asymmetric arithmetic arranging key process such as RSA, ECC, the expense of digital certificate is saved.
Fig. 3 is the schematic flow sheet of the another embodiment of encryption communication method provided by the invention.As shown in figure 3, this implementation
The encryption communication method that example provides, including:
Step 301, second user equipment obtain the SM9 private keys of the second user equipment;
After step 302, the second user equipment receive encryption information and the encryption of the first user equipment transmission
First encryption key;The encryption information is first user equipment according to the first encryption key after the encryption, use
Default first AES information to be sent is encrypted after information;The first encryption key after the encryption is by the
The identification information of two user equipmenies is encrypted what is obtained using SM9 algorithms as SM9 public keys to the first encryption key;It is described
First encryption key is the encryption key of first AES;
Step 303, the second user equipment according to the SM9 private keys, using the SM9 algorithms to the encryption after
First encryption key is decrypted, the first encryption key after being decrypted;
Step 304, the second user equipment are according to the first encryption key after the decryption, using the described first encryption
The encryption information is decrypted algorithm, the information to be sent after being decrypted.
Optionally, the method for the present embodiment, in addition to:
The second encryption announcement information that the second user equipment the reception server is sent and the 3rd encryption after encryption are close
Key;The second encryption announcement information be the server according to the 3rd encryption key after the encryption, using default the
Three AESs announcement information is encrypted after information;The 3rd encryption key after the encryption is by second user equipment
Identification information as SM9 public keys, what is obtained is encrypted to the 3rd encryption key using SM9 algorithms;3rd encryption is close
Key is the encryption key of the 3rd AES;
The second user equipment is according to the SM9 private keys, using the SM9 algorithms to the 3rd encryption after the encryption
Key is decrypted, the 3rd encryption key after being decrypted;
The second user equipment is according to the 3rd encryption key after the decryption, using the 3rd AES to institute
State the second encryption announcement information to be decrypted, the announcement information after being decrypted.
Method provided in an embodiment of the present invention, the technical scheme with embodiment of the method shown in above-mentioned Fig. 1, its realization principle and
Technique effect is similar, and here is omitted.
Fig. 4 is the schematic flow sheet of the another embodiment of encryption communication method provided by the invention.As shown in figure 4, this implementation
The encryption communication method that example provides, including:
Step 401, server are added using the identification information of the first user equipment as SM9 public keys using SM9 algorithms to second
Key is encrypted, and obtains the second encryption key after encryption;Second encryption key is default second AES
Encryption key;
Step 402, the server are according to the second encryption key after the encryption, using second AES pair
Announcement information is encrypted, and obtains the first encryption announcement information;
After step 403, the server send the encryption announcement information and the encryption to first user equipment
The second encryption key.
Optionally, before step 401, can also proceed as follows:
The server randomly generates second encryption key according to second AES.
Method provided in an embodiment of the present invention, the technical scheme with embodiment of the method shown in above-mentioned Fig. 2, its realization principle and
Technique effect is similar, and here is omitted.
Fig. 8 is the structure chart of the embodiment of the first user equipment one provided by the invention, as shown in figure 8, the embodiment of the present invention
The first user equipment can include:
Processing module 801, for using the identification information of second user equipment as SM9 public keys, using SM9 algorithms to first
Encryption key is encrypted, the first encryption key after being encrypted;First encryption key is that the default first encryption is calculated
The encryption key of method;
The processing module 801, it is additionally operable to according to the first encryption key after the encryption, is calculated using the described first encryption
Information to be sent is encrypted method, obtains encryption information;
Sending module 802, for first after sending the encryption information and the encryption to the second user equipment
Encryption key.
Optionally, the processing module 801, is additionally operable to:
First encryption key is randomly generated according to first AES.
Optionally, in addition to:
Acquisition module 803, for obtaining the SM9 private keys of first user equipment;The SM9 private keys are according to
The generation of SM9 algorithms;
Receiving module 804, for the encryption announcement information that the reception server is sent and the second encryption key after encryption;Institute
State encryption announcement information be the server according to the second encryption key after the encryption, using default second AES
Information after announcement information is encrypted;The second encryption key after the encryption is by the identification information of the first user equipment
As SM9 public keys, what is obtained is encrypted to the second encryption key using SM9 algorithms;Second encryption key is described the
The encryption key of two AESs;
Processing module 801, is additionally operable to:
According to the SM9 private keys, the second encryption key after the encryption is decrypted using the SM9 algorithms, obtained
The second encryption key after to decryption;
According to the second encryption key after the decryption, the encryption announcement information is entered using second AES
Row decryption, the announcement information after being decrypted.
First user equipment of the embodiment of the present invention, it can be used for the technical side for performing embodiment of the method shown in above-mentioned Fig. 1
Case, its implementing principle and technical effect is similar, and here is omitted.
Fig. 9 is the structure chart of the embodiment of second user equipment one provided by the invention, as shown in figure 9, the embodiment of the present invention
Second user equipment can include:
Acquisition module 901, for obtaining the SM9 private keys of the second user equipment;
Receiving module 902, for receiving the first encryption after the encryption information and encryption that first user equipment sends
Key;The encryption information be first user equipment according to the first encryption key after the encryption, using default the
One AES information to be sent is encrypted after information;The first encryption key after the encryption is to set second user
Standby identification information is encrypted what is obtained using SM9 algorithms as SM9 public keys to the first encryption key;First encryption
Key is the encryption key of first AES;
Processing module 903, for according to the SM9 private keys, being encrypted using the SM9 algorithms to first after the encryption
Key is decrypted, the first encryption key after being decrypted;
The processing module 903, it is additionally operable to according to the first encryption key after the decryption, is calculated using the described first encryption
The encryption information is decrypted method, the information to be sent after being decrypted.
Optionally, receiving module 902, it is additionally operable to:
The second encryption announcement information that the reception server is sent and the 3rd encryption key after encryption;Second encryption is logical
Know that information is the server according to the 3rd encryption key after the encryption, is believed notice using default 3rd AES
Cease the information after being encrypted;The 3rd encryption key after the encryption is using the identification information of second user equipment as SM9
Public key, what is obtained is encrypted to the 3rd encryption key using SM9 algorithms;3rd encryption key is that the described 3rd encryption is calculated
The encryption key of method;
Processing module 903, is additionally operable to:
According to the SM9 private keys, the 3rd encryption key after the encryption is decrypted using the SM9 algorithms, obtained
The 3rd encryption key after to decryption;
According to the 3rd encryption key after the decryption, using the 3rd AES to the described second encryption notice letter
Breath is decrypted, the announcement information after being decrypted
The second user equipment of the embodiment of the present invention, it can be used for the technical side for performing embodiment of the method shown in above-mentioned Fig. 3
Case, its implementing principle and technical effect is similar, and here is omitted.
Figure 10 is the structure chart of another embodiment of server provided by the invention, as shown in Figure 10, the embodiment of the present invention
Server can include:
Processing module 1001, for using the identification information of the first user equipment as SM9 public keys, using SM9 algorithms to
Two encryption keys are encrypted, and obtain the second encryption key after encryption;Second encryption key is the default second encryption
The encryption key of algorithm;
The processing module 1001, it is additionally operable to according to the second encryption key after the encryption, using the described second encryption
Announcement information is encrypted algorithm, obtains the encryption announcement information;
The sending module 1002, for sending the encryption announcement information and the encryption to first user equipment
The second encryption key afterwards.
Optionally, the processing module 1001, is additionally operable to:
Second encryption key is randomly generated according to second AES.
The server of the embodiment of the present invention, it can be used for the technical scheme for performing embodiment of the method shown in above-mentioned Fig. 4, in fact
Existing principle is similar with technique effect, and here is omitted.
Those skilled in the art will readily occur to the disclosure its after considering specification and putting into practice invention disclosed herein
Its embodiment.It is contemplated that cover any modification, purposes or the adaptations of the disclosure, these modifications, purposes or
Person's adaptations follow the general principle of the disclosure and including the undocumented common knowledges in the art of the disclosure
Or conventional techniques.Description and embodiments are considered only as exemplary, and the true scope of the disclosure and spirit are by following
Claims are pointed out.
It should be appreciated that the precision architecture that the disclosure is not limited to be described above and is shown in the drawings, and
And various modifications and changes can be being carried out without departing from the scope.The scope of the present disclosure is only limited by appended claims
System.
Claims (10)
- A kind of 1. encryption communication method based on SM9 algorithms, it is characterised in that including:First user equipment is using the identification information of second user equipment as SM9 public keys, using SM9 algorithms to the first encryption key It is encrypted, the first encryption key after being encrypted;First encryption key is the encryption of default first AES Key;First user equipment is according to the first encryption key after the encryption, using first AES to be sent Information is encrypted, and obtains encryption information;First after first user equipment sends the encryption information and the encryption to the second user equipment encrypts Key.
- 2. according to the method for claim 1, it is characterised in that the first user equipment is by the identification information of second user equipment As SM9 public keys, before the first encryption key is encrypted using SM9 algorithms, in addition to:First user equipment randomly generates first encryption key according to first AES.
- 3. method according to claim 1 or 2, it is characterised in that also include:First user equipment obtains the SM9 private keys of first user equipment;The SM9 private keys are to be calculated according to the SM9 Method generation;The first encryption announcement information that the first user equipment the reception server is sent and the second encryption key after encryption;Institute It is the server according to the second encryption key after the encryption to state the first encryption announcement information, using the default second encryption Algorithm announcement information is encrypted after information;The second encryption key after the encryption is by the mark of the first user equipment Information is encrypted what is obtained using SM9 algorithms as SM9 public keys to the second encryption key;Second encryption key is institute State the encryption key of the second AES;First user equipment is according to the SM9 private keys, using the SM9 algorithms to the second encryption key after the encryption It is decrypted, the second encryption key after being decrypted;First user equipment is according to the second encryption key after the decryption, using second AES to described One encryption announcement information is decrypted, the announcement information after being decrypted.
- A kind of 4. encryption communication method based on SM9 algorithms, it is characterised in that including:Second user equipment obtains the SM9 private keys of the second user equipment;The first encryption key after the encryption information of second user equipment reception the first user equipment transmission and encryption; The encryption information be first user equipment according to the first encryption key after the encryption, using the default first encryption Algorithm information to be sent is encrypted after information;The first encryption key after the encryption is by the mark of second user equipment Information is known as SM9 public keys, and what is obtained is encrypted to the first encryption key using SM9 algorithms;First encryption key is The encryption key of first AES;The second user equipment is according to the SM9 private keys, using the SM9 algorithms to the first encryption key after the encryption It is decrypted, the first encryption key after being decrypted;The second user equipment is added according to the first encryption key after the decryption using first AES to described Confidential information is decrypted, the information to be sent after being decrypted.
- 5. according to the method for claim 4, it is characterised in that also include:The second encryption announcement information that the second user equipment the reception server is sent and the 3rd encryption key after encryption;Institute It is the server according to the 3rd encryption key after the encryption to state the second encryption announcement information, using the default 3rd encryption Algorithm announcement information is encrypted after information;The 3rd encryption key after the encryption is by the mark of second user equipment Information is encrypted what is obtained using SM9 algorithms as SM9 public keys to the 3rd encryption key;3rd encryption key is institute State the encryption key of the 3rd AES;The second user equipment is according to the SM9 private keys, using the SM9 algorithms to the 3rd encryption key after the encryption It is decrypted, the 3rd encryption key after being decrypted;The second user equipment is according to the 3rd encryption key after the decryption, using the 3rd AES to described Two encryption announcement informations are decrypted, the announcement information after being decrypted.
- A kind of 6. encryption communication method based on SM9 algorithms, it is characterised in that including:Server is added using the identification information of the first user equipment as SM9 public keys using SM9 algorithms to the second encryption key It is close, obtain the second encryption key after encryption;Second encryption key is the encryption key of default second AES;The server is carried out according to the second encryption key after the encryption using second AES to announcement information Encryption, obtains the first encryption announcement information;The second encryption after the server sends the encryption announcement information and the encryption to first user equipment is close Key.
- 7. according to the method for claim 6, it is characterised in that server using the identification information of the first user equipment as SM9 public keys, before the second encryption key is encrypted using SM9 algorithms, in addition to:The server randomly generates second encryption key according to second AES.
- A kind of 8. first user equipment, it is characterised in that including:Processing module, for using the identification information of second user equipment as SM9 public keys, being encrypted using SM9 algorithms to first close Key is encrypted, the first encryption key after being encrypted;First encryption key adds for default first AES Key;The processing module, it is additionally operable to, according to the first encryption key after the encryption, treat using first AES Send information to be encrypted, obtain encryption information;Sending module, it is close for the first encryption after sending the encryption information and the encryption to the second user equipment Key.
- A kind of 9. second user equipment, it is characterised in that including:Acquisition module, for obtaining the SM9 private keys of the second user equipment;Receiving module, for receiving the first encryption key after the encryption information and encryption that first user equipment sends;Institute It is first user equipment according to the first encryption key after the encryption to state encryption information, is calculated using the default first encryption Method information to be sent is encrypted after information;The first encryption key after the encryption is by the mark of second user equipment Information is encrypted what is obtained using SM9 algorithms as SM9 public keys to the first encryption key;First encryption key is institute State the encryption key of the first AES;Processing module, for according to the SM9 private keys, being entered using the SM9 algorithms to the first encryption key after the encryption Row decryption, the first encryption key after being decrypted;The processing module, it is additionally operable to according to the first encryption key after the decryption, using first AES to institute State encryption information to be decrypted, the information to be sent after being decrypted.
- A kind of 10. server, it is characterised in that including:Processing module, for using the identification information of the first user equipment as SM9 public keys, being encrypted using SM9 algorithms to second close Key is encrypted, and obtains the second encryption key after encryption;Second encryption key adds for default second AES Key;The processing module, it is additionally operable to according to the second encryption key after the encryption, using second AES to logical Know that information is encrypted, obtain the encryption announcement information;The sending module, for second after sending the encryption announcement information and the encryption to first user equipment Encryption key.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711137150.7A CN107682156A (en) | 2017-11-16 | 2017-11-16 | A kind of encryption communication method and device based on SM9 algorithms |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711137150.7A CN107682156A (en) | 2017-11-16 | 2017-11-16 | A kind of encryption communication method and device based on SM9 algorithms |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107682156A true CN107682156A (en) | 2018-02-09 |
Family
ID=61149574
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711137150.7A Pending CN107682156A (en) | 2017-11-16 | 2017-11-16 | A kind of encryption communication method and device based on SM9 algorithms |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107682156A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111740828A (en) * | 2020-07-29 | 2020-10-02 | 北京信安世纪科技股份有限公司 | Key generation method, device and equipment and encryption method |
CN113382002A (en) * | 2021-06-10 | 2021-09-10 | 杭州安恒信息技术股份有限公司 | Data request method, request response method, data communication system, and storage medium |
CN113691495A (en) * | 2021-07-09 | 2021-11-23 | 沈谷丰 | Network account sharing and distributing system and method based on asymmetric encryption |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100566250C (en) * | 2006-09-08 | 2009-12-02 | 苏州胜联电子信息有限公司 | A kind of point to point network identity identifying method |
CN101075874B (en) * | 2007-06-28 | 2010-06-02 | 腾讯科技(深圳)有限公司 | Certifying method and system |
CN102523563B (en) * | 2011-12-26 | 2015-04-15 | 深圳奥联信息安全技术有限公司 | Multimedia messaging service (MMS) encrypting method based on identity-based cryptograph (IBC) technology |
CN105450395A (en) * | 2015-12-30 | 2016-03-30 | 中科创达软件股份有限公司 | Information encryption and decryption processing method and system |
CN107181754A (en) * | 2017-06-06 | 2017-09-19 | 江苏信源久安信息科技有限公司 | A kind of method that many people of network file encryption and decryption mandate are shared |
-
2017
- 2017-11-16 CN CN201711137150.7A patent/CN107682156A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100566250C (en) * | 2006-09-08 | 2009-12-02 | 苏州胜联电子信息有限公司 | A kind of point to point network identity identifying method |
CN101075874B (en) * | 2007-06-28 | 2010-06-02 | 腾讯科技(深圳)有限公司 | Certifying method and system |
CN102523563B (en) * | 2011-12-26 | 2015-04-15 | 深圳奥联信息安全技术有限公司 | Multimedia messaging service (MMS) encrypting method based on identity-based cryptograph (IBC) technology |
CN105450395A (en) * | 2015-12-30 | 2016-03-30 | 中科创达软件股份有限公司 | Information encryption and decryption processing method and system |
CN107181754A (en) * | 2017-06-06 | 2017-09-19 | 江苏信源久安信息科技有限公司 | A kind of method that many people of network file encryption and decryption mandate are shared |
Non-Patent Citations (2)
Title |
---|
方言: ""更加安全易用的国产密码体系——SM9算法"", 《中国信息安全》 * |
袁峰、程朝辉: ""SM9标识密码算法综述"", 《信息安全研究》 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111740828A (en) * | 2020-07-29 | 2020-10-02 | 北京信安世纪科技股份有限公司 | Key generation method, device and equipment and encryption method |
CN111740828B (en) * | 2020-07-29 | 2021-02-12 | 北京信安世纪科技股份有限公司 | Key generation method, device and equipment and encryption and decryption method |
CN113382002A (en) * | 2021-06-10 | 2021-09-10 | 杭州安恒信息技术股份有限公司 | Data request method, request response method, data communication system, and storage medium |
CN113691495A (en) * | 2021-07-09 | 2021-11-23 | 沈谷丰 | Network account sharing and distributing system and method based on asymmetric encryption |
CN113691495B (en) * | 2021-07-09 | 2023-09-01 | 沈谷丰 | Network account sharing and distributing system and method based on asymmetric encryption |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104796265B (en) | A kind of Internet of Things identity identifying method based on Bluetooth communication access | |
US6298153B1 (en) | Digital signature method and information communication system and apparatus using such method | |
JP4866863B2 (en) | Security code generation method and user device | |
US7095851B1 (en) | Voice and data encryption method using a cryptographic key split combiner | |
US20110145576A1 (en) | Secure method of data transmission and encryption and decryption system allowing such transmission | |
CN104322003B (en) | Cryptographic authentication and identification method using real-time encryption | |
EP2361462B1 (en) | Method for generating an encryption/decryption key | |
US20130177152A1 (en) | Cryptographic Key Spilt Combiner | |
GB2401462A (en) | Security method using biometric and non-biometric data | |
CN102664898A (en) | Fingerprint identification-based encrypted transmission method, fingerprint identification-based encrypted transmission device and fingerprint identification-based encrypted transmission system | |
CN103812854A (en) | Identity authentication system, device and method and identity authentication requesting device | |
GB2487503A (en) | Authentication of digital files and associated identities using biometric information | |
US7693279B2 (en) | Security method and apparatus using biometric data | |
CN111262852B (en) | Business card signing and issuing method and system based on block chain | |
Simmons | Secure communications and asymmetric cryptosystems | |
Shukla et al. | Sampurna Suraksha: unconditionally secure and authenticated one time pad cryptosystem | |
CN109347923A (en) | Anti- quantum calculation cloud storage method and system based on unsymmetrical key pond | |
CN107682156A (en) | A kind of encryption communication method and device based on SM9 algorithms | |
JP7250960B2 (en) | User authentication and signature device using user biometrics, and method thereof | |
KR20100114321A (en) | Digital content transaction-breakdown the method thereof | |
CN115412236A (en) | Method for key management and password calculation, encryption method and device | |
JP4140617B2 (en) | Authentication system using authentication recording medium and method of creating authentication recording medium | |
AU3620400A (en) | Voice and data encryption method using a cryptographic key split combiner | |
JP4802388B2 (en) | ENCRYPTION DEVICE, DECRYPTION DEVICE, AND COMMUNICATION SYSTEM | |
CN110138547A (en) | Based on unsymmetrical key pond to and sequence number quantum communications service station cryptographic key negotiation method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180209 |