CN107682156A - A kind of encryption communication method and device based on SM9 algorithms - Google Patents

A kind of encryption communication method and device based on SM9 algorithms Download PDF

Info

Publication number
CN107682156A
CN107682156A CN201711137150.7A CN201711137150A CN107682156A CN 107682156 A CN107682156 A CN 107682156A CN 201711137150 A CN201711137150 A CN 201711137150A CN 107682156 A CN107682156 A CN 107682156A
Authority
CN
China
Prior art keywords
encryption
user equipment
encryption key
information
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711137150.7A
Other languages
Chinese (zh)
Inventor
宋志华
徐波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SHANDONG YUWENG INFORMATION TECHNOLOGY Co Ltd
Original Assignee
SHANDONG YUWENG INFORMATION TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SHANDONG YUWENG INFORMATION TECHNOLOGY Co Ltd filed Critical SHANDONG YUWENG INFORMATION TECHNOLOGY Co Ltd
Priority to CN201711137150.7A priority Critical patent/CN107682156A/en
Publication of CN107682156A publication Critical patent/CN107682156A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The present invention provides a kind of encryption communication method and device based on SM9 algorithms.This method includes:First user equipment the first encryption key is encrypted using SM9 algorithms, the first encryption key after being encrypted using the identification information of second user equipment as SM9 public keys;First encryption key is the encryption key of default first AES;First user equipment is encrypted to information to be sent using first AES according to the first encryption key after the encryption, obtains encryption information;First user equipment sends the first encryption key after the encryption information and the encryption to the second user equipment.The embodiment of the present invention realizes the secure communication between multiple user equipmenies, and message mass-sends safely function.

Description

A kind of encryption communication method and device based on SM9 algorithms
Technical field
The present invention relates to field of information security technology, more particularly to a kind of encryption communication method and dress based on SM9 algorithms Put.
Background technology
As global information technology constantly improves, Chinese society informationization application level has also obtained great-leap-forward development. Electronic product emerges in an endless stream, and is very easy to the work and life of people.Significantly carried however as electronic product popularity rate Height, its safe and secret problem increasingly highlight.When being communicated between user by electronic product, Content of Communication is easily eavesdropped by illegal molecule Obtain.
Nowadays it is general to be realized using digital certificate mode safe and secret, i.e., protect data using the key of certification authority. Digital certificate is a text comprising public-key cryptography owner information and public-key cryptography through certificate authority digital signature Part.The private key pair of oneself must be used to certificate authority application digital certificate, certificate authority first by sending method, apparatus The public key of sender is encrypted, the public key after being encrypted, and the public key after encryption is made into digital certificate.Sender will be original Data, summary ciphertext, digital certificate send jointly to recipient;Wherein, ciphertext of making a summary is to initial data by digest algorithm Calculated, the ciphertext after being then encrypted using the private key of sender.Recipient uses the public key pair of certificate authority Digital certificate is decrypted, and obtains the public key of sender, then summary ciphertext is decrypted with the public key of sender, after decryption Data be compared with the data that initial data generates according to digest algorithm, you can confirm the authenticity of data.
It is above-mentioned to be carried out using digital certificate mode during Data Encryption Transmission, it is necessary to rely on third party's certificate agency granting Digital certificate, also need to take care of digital certificate using the equipment of the digital certificate, need to enter digital certificate during use Row checking.Verification process needs to rely on third party's certificate agency offer verification mode, but also must be with third party's certificate verification Mechanism keeps network-in-dialing.Because equipment can not keep network connection with third party's certificate agency in many cases, therefore very Checking can not be realized under more scenes, so as to ensure communication safety.
The content of the invention
The present invention provides a kind of encryption communication method and device based on SM9 algorithms, to realize between multiple user equipmenies Secure communication.
In a first aspect, the present invention provides a kind of encryption communication method based on SM9 algorithms, including:
First user equipment is encrypted using the identification information of second user equipment as SM9 public keys using SM9 algorithms to first Key is encrypted, the first encryption key after being encrypted;First encryption key is default first AES Encryption key;
First user equipment is treated according to the first encryption key after the encryption using first AES Send information to be encrypted, obtain encryption information;
First user equipment send the encryption information and the encryption to the second user equipment after first Encryption key.
Second aspect, the present invention provide a kind of encryption communication method based on SM9 algorithms, including:
Second user equipment obtains the SM9 private keys of the second user equipment;
The first encryption after the encryption information of second user equipment reception the first user equipment transmission and encryption Key;The encryption information be first user equipment according to the first encryption key after the encryption, using default the One AES information to be sent is encrypted after information;The first encryption key after the encryption is to set second user Standby identification information is encrypted what is obtained using SM9 algorithms as SM9 public keys to the first encryption key;First encryption Key is the encryption key of first AES;
The second user equipment is according to the SM9 private keys, using the SM9 algorithms to the first encryption after the encryption Key is decrypted, the first encryption key after being decrypted;
The second user equipment is according to the first encryption key after the decryption, using first AES to institute State encryption information to be decrypted, the information to be sent after being decrypted.
The third aspect, the present invention provide a kind of encryption communication method based on SM9 algorithms, including:
Server is entered using the identification information of the first user equipment as SM9 public keys using SM9 algorithms to the second encryption key Row encryption, obtains the second encryption key after encryption;Second encryption key is close for the encryption of default second AES Key;
The server is according to the second encryption key after the encryption, using second AES to announcement information It is encrypted, obtains the encryption announcement information;
Second after the server sends the encryption announcement information and the encryption to first user equipment adds Key.
Fourth aspect, the present invention provide a kind of first user equipment, including:
Processing module, for using the identification information of second user equipment as SM9 public keys, being added using SM9 algorithms to first Key is encrypted, the first encryption key after being encrypted;First encryption key is default first AES Encryption key;
The processing module, it is additionally operable to according to the first encryption key after the encryption, using first AES Information to be sent is encrypted, obtains encryption information;
Sending module, for the first encryption after sending the encryption information and the encryption to the second user equipment Key.
5th aspect, the present invention provide a kind of second user equipment, including:
Acquisition module, for obtaining the SM9 private keys of the second user equipment;
Receiving module, it is close for receiving the first encryption after the encryption information and encryption that first user equipment sends Key;The encryption information be first user equipment according to the first encryption key after the encryption, using default first AES information to be sent is encrypted after information;The first encryption key after the encryption is by second user equipment Identification information as SM9 public keys, what is obtained is encrypted to the first encryption key using SM9 algorithms;First encryption is close Key is the encryption key of first AES;
Processing module, for according to the SM9 private keys, being encrypted using the SM9 algorithms to first after the encryption close Key is decrypted, the first encryption key after being decrypted;
The processing module, it is additionally operable to according to the first encryption key after the decryption, using first AES The encryption information is decrypted, the information to be sent after being decrypted.
6th aspect, the present invention provide a kind of server, including:
Processing module, for using the identification information of the first user equipment as SM9 public keys, being added using SM9 algorithms to second Key is encrypted, and obtains the second encryption key after encryption;Second encryption key is default second AES Encryption key;
The processing module, it is additionally operable to according to the second encryption key after the encryption, using second AES Announcement information is encrypted, obtains the encryption announcement information;
The sending module, after sending the encryption announcement information and the encryption to first user equipment Second encryption key.
Encryption communication method and device provided by the invention based on SM9 algorithms, the first user equipment set second user Standby identification information the first encryption key is encrypted using SM9 algorithms, first after being encrypted adds as SM9 public keys Key;First encryption key is the encryption key of default first AES;First user equipment is according to institute The first encryption key after encryption is stated, information to be sent is encrypted using first AES, obtains encryption information; First user equipment sends the first encryption key after the encryption information and the encryption to the second user equipment, Above-mentioned coded communication process uses the close SM9 algorithms of state, and public key uses the identification information of unique mark user equipment, it is possible to achieve more Secure communication between individual user equipment, operating process are simple.
Brief description of the drawings
Accompanying drawing herein is merged in specification and forms the part of this specification, shows the implementation for meeting the disclosure Example, and be used to together with specification to explain the principle of the disclosure.
Fig. 1 is the schematic flow sheet of the embodiment of encryption communication method one provided by the invention;
Fig. 2 is the schematic flow sheet of another embodiment of encryption communication method provided by the invention;
Fig. 3 is the schematic flow sheet of the another embodiment of encryption communication method provided by the invention;
Fig. 4 is the schematic flow sheet of the another embodiment of encryption communication method provided by the invention;
Fig. 5 is the schematic diagram of a scenario one of the embodiment of encryption communication method one provided by the invention;
Fig. 6 is the schematic diagram of a scenario two of the embodiment of encryption communication method one provided by the invention;
Fig. 7 is the schematic diagram of a scenario of another embodiment of encryption communication method provided by the invention;
Fig. 8 is the structure chart of the embodiment of the first user equipment one provided by the invention
Fig. 9 is the structure chart of the embodiment of second user equipment one provided by the invention;
Figure 10 is the structure chart of the embodiment of server one provided by the invention.
Pass through above-mentioned accompanying drawing, it has been shown that the clear and definite embodiment of the disclosure, will hereinafter be described in more detail.These accompanying drawings It is not intended to limit the scope of disclosure design by any mode with word description, but is by reference to specific embodiment Those skilled in the art illustrate the concept of the disclosure.
Embodiment
Here exemplary embodiment will be illustrated in detail, its example is illustrated in the accompanying drawings.Following description is related to During accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represent same or analogous key element.Following exemplary embodiment Described in embodiment do not represent all embodiments consistent with the disclosure.On the contrary, they be only with it is such as appended The example of the consistent equipment of some aspects be described in detail in claims, the disclosure.
Term " first ", " second " in description and claims of this specification and the accompanying drawing etc. are to be used to distinguish Different objects, rather than for describing particular order.In addition, term " comprising " and " having " and their any deformations, it is intended that It is to cover non-exclusive include.Such as process, method, system, product or the equipment for containing series of steps or unit do not have The step of being defined in the step of having listed or unit, but alternatively also including not listing or unit, or alternatively also wrap Include for the intrinsic other steps of these processes, method, product or equipment or unit.
Fig. 1 is the schematic flow sheet of the embodiment of encryption communication method one provided by the invention.As shown in figure 1, the present embodiment The encryption communication method of offer, including:
Step 101, the first user equipment are using the identification information of second user equipment as SM9 public keys, using SM9 algorithms pair First encryption key is encrypted, the first encryption key after being encrypted;First encryption key adds for default first The encryption key of close algorithm;
Step 102, first user equipment are according to the first encryption key after the encryption, using the described first encryption Information to be sent is encrypted algorithm, obtains encryption information;
Step 103, first user equipment send the encryption information and the encryption to the second user equipment The first encryption key afterwards.
Specifically, when the first user equipment is to second user equipment transmission information, it is first determined default first encryption is calculated Method, for example, symmetric encipherment algorithm, such as DES, AES encryption algorithm.
Using the identification information of second user equipment as SM9 public keys, using the close SM9 algorithms of state to the first AES One encryption key is encrypted, then according to the first encryption key after encryption, using the first AES to information to be sent Be encrypted, obtain encryption information, most after send encryption information and encryption to second user equipment after the first encryption key.
After second user equipment receives the first encryption key after encryption information and encryption, according to second user equipment SM9 private keys, adopt and state SM9 algorithms the first encryption key after encryption is decrypted, the first encryption key after being decrypted, enter One step, second user equipment is solved according to the first encryption key after decryption using the first AES to encryption information It is close, the information to be sent after being decrypted.First AES is fixed, and the first user equipment and second user equipment are prior Consult.
Fig. 5 is the schematic diagram of a scenario one of the embodiment of encryption communication method one provided by the invention.As shown in figure 5, second uses The private key of family equipment is to be obtained from SM9 key management systems server, SM9 key management systems server keeping master key, And by the public key external disclosure of master key, and master key is taken care of in a secure manner, and user equipment key pair is issued, server root Key pair is derived according to the identification information of user equipment.
Wherein, SM9 private keys are generated according to SM9 algorithms.
User equipment clearly knows the identification information of the other user's equipment during message communicating, and the identification information is being User identity (such as system user account, identity card, cell-phone number, mailbox etc.) is uniquely determined in system.
Fig. 6 is the schematic diagram of a scenario two of the embodiment of encryption communication method one provided by the invention.Second user equipment is for example To be multiple, i.e., as shown in fig. 6, the first user equipment (user equipment A) sends message to user equipment B and user equipment C.
Wherein, in actual applications, can also be proceeded as follows before step 101:
First user equipment randomly generates first encryption key according to first AES.
The encryption communication method of the present embodiment, the first user equipment are public using the identification information of second user equipment as SM9 Key, the first encryption key is encrypted using SM9 algorithms, the first encryption key after being encrypted;First encryption is close Key is the encryption key of default first AES;First user equipment is close according to the first encryption after the encryption Key, information to be sent is encrypted using first AES, obtains encryption information;First user equipment is to institute State second user equipment and send the first encryption key after the encryption information and the encryption, above-mentioned coded communication process uses The close SM9 algorithms of state, public key use the identification information of unique mark user equipment, it is possible to achieve the safety between multiple user equipmenies Communication, operating process are simple.
Fig. 2 is the schematic flow sheet of another embodiment of encryption communication method provided by the invention.Fig. 7 is provided by the invention The schematic diagram of a scenario of another embodiment of encryption communication method.On the basis of above-described embodiment, optionally, as shown in Fig. 2, Fig. 7, The method of the present embodiment, it can also comprise the following steps:
Step 104, first user equipment obtain the SM9 private keys of first user equipment;The SM9 private keys are root According to SM9 algorithms generation;
The after the first encryption announcement information that step 105, the first user equipment the reception server are sent and encryption Two encryption keys;
Wherein, it is described first encryption announcement information be the server according to the second encryption key after the encryption, adopt Information after announcement information is encrypted with default second AES;The second encryption key after the encryption is by the The identification information of one user equipment is encrypted what is obtained using SM9 algorithms as SM9 public keys to the second encryption key;It is described Second encryption key is the encryption key of second AES;
Step 106, first user equipment according to the SM9 private keys, using the SM9 algorithms to the encryption after Second encryption key is decrypted, the second encryption key after being decrypted;
Step 107, first user equipment are according to the second encryption key after the decryption, using the described second encryption Described first encryption announcement information is decrypted algorithm, the announcement information after being decrypted.
Specifically, business system server when issuing a notice information, can also use encryption method pair as shown in Figure 1 Announcement information is encrypted, and is illustrated below exemplified by sending announcement information to the first user equipment:
Server is entered using the identification information of the first user equipment as SM9 public keys using SM9 algorithms to the second encryption key The second encryption key after the encryption that row encryption obtains, then according to the second encryption key after encryption, using default second Announcement information is encrypted AES, obtains the first encryption announcement information;Second encryption key is the second AES Encryption key.
After first user equipment receives the second encryption key after the first encryption announcement information and encryption, used according to first The SM9 private keys of family equipment, the second encryption key after encryption is decrypted using SM9 algorithms, second after being decrypted adds Key;Finally, according to the second encryption key after decryption, the first encryption announcement information is solved using the second AES It is close, the announcement information after being decrypted.
I.e. in said process business system server issue a notice information when, as shown in fig. 7, being set respectively using all users Standby identification information pair announcement information is encrypted, and user equipment is decrypted with the SM9 private keys of oneself respectively after receiving data Obtain announcement information.
, wherein it is desired to explanation, step 104-107, with step 101-103 in no particular order order.
In above-mentioned embodiment, it is possible to achieve message mass-sending function, and operating process is relatively simple safely, relatively In reducing digital certificate link using the asymmetric arithmetic arranging key process such as RSA, ECC, the expense of digital certificate is saved.
Fig. 3 is the schematic flow sheet of the another embodiment of encryption communication method provided by the invention.As shown in figure 3, this implementation The encryption communication method that example provides, including:
Step 301, second user equipment obtain the SM9 private keys of the second user equipment;
After step 302, the second user equipment receive encryption information and the encryption of the first user equipment transmission First encryption key;The encryption information is first user equipment according to the first encryption key after the encryption, use Default first AES information to be sent is encrypted after information;The first encryption key after the encryption is by the The identification information of two user equipmenies is encrypted what is obtained using SM9 algorithms as SM9 public keys to the first encryption key;It is described First encryption key is the encryption key of first AES;
Step 303, the second user equipment according to the SM9 private keys, using the SM9 algorithms to the encryption after First encryption key is decrypted, the first encryption key after being decrypted;
Step 304, the second user equipment are according to the first encryption key after the decryption, using the described first encryption The encryption information is decrypted algorithm, the information to be sent after being decrypted.
Optionally, the method for the present embodiment, in addition to:
The second encryption announcement information that the second user equipment the reception server is sent and the 3rd encryption after encryption are close Key;The second encryption announcement information be the server according to the 3rd encryption key after the encryption, using default the Three AESs announcement information is encrypted after information;The 3rd encryption key after the encryption is by second user equipment Identification information as SM9 public keys, what is obtained is encrypted to the 3rd encryption key using SM9 algorithms;3rd encryption is close Key is the encryption key of the 3rd AES;
The second user equipment is according to the SM9 private keys, using the SM9 algorithms to the 3rd encryption after the encryption Key is decrypted, the 3rd encryption key after being decrypted;
The second user equipment is according to the 3rd encryption key after the decryption, using the 3rd AES to institute State the second encryption announcement information to be decrypted, the announcement information after being decrypted.
Method provided in an embodiment of the present invention, the technical scheme with embodiment of the method shown in above-mentioned Fig. 1, its realization principle and Technique effect is similar, and here is omitted.
Fig. 4 is the schematic flow sheet of the another embodiment of encryption communication method provided by the invention.As shown in figure 4, this implementation The encryption communication method that example provides, including:
Step 401, server are added using the identification information of the first user equipment as SM9 public keys using SM9 algorithms to second Key is encrypted, and obtains the second encryption key after encryption;Second encryption key is default second AES Encryption key;
Step 402, the server are according to the second encryption key after the encryption, using second AES pair Announcement information is encrypted, and obtains the first encryption announcement information;
After step 403, the server send the encryption announcement information and the encryption to first user equipment The second encryption key.
Optionally, before step 401, can also proceed as follows:
The server randomly generates second encryption key according to second AES.
Method provided in an embodiment of the present invention, the technical scheme with embodiment of the method shown in above-mentioned Fig. 2, its realization principle and Technique effect is similar, and here is omitted.
Fig. 8 is the structure chart of the embodiment of the first user equipment one provided by the invention, as shown in figure 8, the embodiment of the present invention The first user equipment can include:
Processing module 801, for using the identification information of second user equipment as SM9 public keys, using SM9 algorithms to first Encryption key is encrypted, the first encryption key after being encrypted;First encryption key is that the default first encryption is calculated The encryption key of method;
The processing module 801, it is additionally operable to according to the first encryption key after the encryption, is calculated using the described first encryption Information to be sent is encrypted method, obtains encryption information;
Sending module 802, for first after sending the encryption information and the encryption to the second user equipment Encryption key.
Optionally, the processing module 801, is additionally operable to:
First encryption key is randomly generated according to first AES.
Optionally, in addition to:
Acquisition module 803, for obtaining the SM9 private keys of first user equipment;The SM9 private keys are according to The generation of SM9 algorithms;
Receiving module 804, for the encryption announcement information that the reception server is sent and the second encryption key after encryption;Institute State encryption announcement information be the server according to the second encryption key after the encryption, using default second AES Information after announcement information is encrypted;The second encryption key after the encryption is by the identification information of the first user equipment As SM9 public keys, what is obtained is encrypted to the second encryption key using SM9 algorithms;Second encryption key is described the The encryption key of two AESs;
Processing module 801, is additionally operable to:
According to the SM9 private keys, the second encryption key after the encryption is decrypted using the SM9 algorithms, obtained The second encryption key after to decryption;
According to the second encryption key after the decryption, the encryption announcement information is entered using second AES Row decryption, the announcement information after being decrypted.
First user equipment of the embodiment of the present invention, it can be used for the technical side for performing embodiment of the method shown in above-mentioned Fig. 1 Case, its implementing principle and technical effect is similar, and here is omitted.
Fig. 9 is the structure chart of the embodiment of second user equipment one provided by the invention, as shown in figure 9, the embodiment of the present invention Second user equipment can include:
Acquisition module 901, for obtaining the SM9 private keys of the second user equipment;
Receiving module 902, for receiving the first encryption after the encryption information and encryption that first user equipment sends Key;The encryption information be first user equipment according to the first encryption key after the encryption, using default the One AES information to be sent is encrypted after information;The first encryption key after the encryption is to set second user Standby identification information is encrypted what is obtained using SM9 algorithms as SM9 public keys to the first encryption key;First encryption Key is the encryption key of first AES;
Processing module 903, for according to the SM9 private keys, being encrypted using the SM9 algorithms to first after the encryption Key is decrypted, the first encryption key after being decrypted;
The processing module 903, it is additionally operable to according to the first encryption key after the decryption, is calculated using the described first encryption The encryption information is decrypted method, the information to be sent after being decrypted.
Optionally, receiving module 902, it is additionally operable to:
The second encryption announcement information that the reception server is sent and the 3rd encryption key after encryption;Second encryption is logical Know that information is the server according to the 3rd encryption key after the encryption, is believed notice using default 3rd AES Cease the information after being encrypted;The 3rd encryption key after the encryption is using the identification information of second user equipment as SM9 Public key, what is obtained is encrypted to the 3rd encryption key using SM9 algorithms;3rd encryption key is that the described 3rd encryption is calculated The encryption key of method;
Processing module 903, is additionally operable to:
According to the SM9 private keys, the 3rd encryption key after the encryption is decrypted using the SM9 algorithms, obtained The 3rd encryption key after to decryption;
According to the 3rd encryption key after the decryption, using the 3rd AES to the described second encryption notice letter Breath is decrypted, the announcement information after being decrypted
The second user equipment of the embodiment of the present invention, it can be used for the technical side for performing embodiment of the method shown in above-mentioned Fig. 3 Case, its implementing principle and technical effect is similar, and here is omitted.
Figure 10 is the structure chart of another embodiment of server provided by the invention, as shown in Figure 10, the embodiment of the present invention Server can include:
Processing module 1001, for using the identification information of the first user equipment as SM9 public keys, using SM9 algorithms to Two encryption keys are encrypted, and obtain the second encryption key after encryption;Second encryption key is the default second encryption The encryption key of algorithm;
The processing module 1001, it is additionally operable to according to the second encryption key after the encryption, using the described second encryption Announcement information is encrypted algorithm, obtains the encryption announcement information;
The sending module 1002, for sending the encryption announcement information and the encryption to first user equipment The second encryption key afterwards.
Optionally, the processing module 1001, is additionally operable to:
Second encryption key is randomly generated according to second AES.
The server of the embodiment of the present invention, it can be used for the technical scheme for performing embodiment of the method shown in above-mentioned Fig. 4, in fact Existing principle is similar with technique effect, and here is omitted.
Those skilled in the art will readily occur to the disclosure its after considering specification and putting into practice invention disclosed herein Its embodiment.It is contemplated that cover any modification, purposes or the adaptations of the disclosure, these modifications, purposes or Person's adaptations follow the general principle of the disclosure and including the undocumented common knowledges in the art of the disclosure Or conventional techniques.Description and embodiments are considered only as exemplary, and the true scope of the disclosure and spirit are by following Claims are pointed out.
It should be appreciated that the precision architecture that the disclosure is not limited to be described above and is shown in the drawings, and And various modifications and changes can be being carried out without departing from the scope.The scope of the present disclosure is only limited by appended claims System.

Claims (10)

  1. A kind of 1. encryption communication method based on SM9 algorithms, it is characterised in that including:
    First user equipment is using the identification information of second user equipment as SM9 public keys, using SM9 algorithms to the first encryption key It is encrypted, the first encryption key after being encrypted;First encryption key is the encryption of default first AES Key;
    First user equipment is according to the first encryption key after the encryption, using first AES to be sent Information is encrypted, and obtains encryption information;
    First after first user equipment sends the encryption information and the encryption to the second user equipment encrypts Key.
  2. 2. according to the method for claim 1, it is characterised in that the first user equipment is by the identification information of second user equipment As SM9 public keys, before the first encryption key is encrypted using SM9 algorithms, in addition to:
    First user equipment randomly generates first encryption key according to first AES.
  3. 3. method according to claim 1 or 2, it is characterised in that also include:
    First user equipment obtains the SM9 private keys of first user equipment;The SM9 private keys are to be calculated according to the SM9 Method generation;
    The first encryption announcement information that the first user equipment the reception server is sent and the second encryption key after encryption;Institute It is the server according to the second encryption key after the encryption to state the first encryption announcement information, using the default second encryption Algorithm announcement information is encrypted after information;The second encryption key after the encryption is by the mark of the first user equipment Information is encrypted what is obtained using SM9 algorithms as SM9 public keys to the second encryption key;Second encryption key is institute State the encryption key of the second AES;
    First user equipment is according to the SM9 private keys, using the SM9 algorithms to the second encryption key after the encryption It is decrypted, the second encryption key after being decrypted;
    First user equipment is according to the second encryption key after the decryption, using second AES to described One encryption announcement information is decrypted, the announcement information after being decrypted.
  4. A kind of 4. encryption communication method based on SM9 algorithms, it is characterised in that including:
    Second user equipment obtains the SM9 private keys of the second user equipment;
    The first encryption key after the encryption information of second user equipment reception the first user equipment transmission and encryption; The encryption information be first user equipment according to the first encryption key after the encryption, using the default first encryption Algorithm information to be sent is encrypted after information;The first encryption key after the encryption is by the mark of second user equipment Information is known as SM9 public keys, and what is obtained is encrypted to the first encryption key using SM9 algorithms;First encryption key is The encryption key of first AES;
    The second user equipment is according to the SM9 private keys, using the SM9 algorithms to the first encryption key after the encryption It is decrypted, the first encryption key after being decrypted;
    The second user equipment is added according to the first encryption key after the decryption using first AES to described Confidential information is decrypted, the information to be sent after being decrypted.
  5. 5. according to the method for claim 4, it is characterised in that also include:
    The second encryption announcement information that the second user equipment the reception server is sent and the 3rd encryption key after encryption;Institute It is the server according to the 3rd encryption key after the encryption to state the second encryption announcement information, using the default 3rd encryption Algorithm announcement information is encrypted after information;The 3rd encryption key after the encryption is by the mark of second user equipment Information is encrypted what is obtained using SM9 algorithms as SM9 public keys to the 3rd encryption key;3rd encryption key is institute State the encryption key of the 3rd AES;
    The second user equipment is according to the SM9 private keys, using the SM9 algorithms to the 3rd encryption key after the encryption It is decrypted, the 3rd encryption key after being decrypted;
    The second user equipment is according to the 3rd encryption key after the decryption, using the 3rd AES to described Two encryption announcement informations are decrypted, the announcement information after being decrypted.
  6. A kind of 6. encryption communication method based on SM9 algorithms, it is characterised in that including:
    Server is added using the identification information of the first user equipment as SM9 public keys using SM9 algorithms to the second encryption key It is close, obtain the second encryption key after encryption;Second encryption key is the encryption key of default second AES;
    The server is carried out according to the second encryption key after the encryption using second AES to announcement information Encryption, obtains the first encryption announcement information;
    The second encryption after the server sends the encryption announcement information and the encryption to first user equipment is close Key.
  7. 7. according to the method for claim 6, it is characterised in that server using the identification information of the first user equipment as SM9 public keys, before the second encryption key is encrypted using SM9 algorithms, in addition to:
    The server randomly generates second encryption key according to second AES.
  8. A kind of 8. first user equipment, it is characterised in that including:
    Processing module, for using the identification information of second user equipment as SM9 public keys, being encrypted using SM9 algorithms to first close Key is encrypted, the first encryption key after being encrypted;First encryption key adds for default first AES Key;
    The processing module, it is additionally operable to, according to the first encryption key after the encryption, treat using first AES Send information to be encrypted, obtain encryption information;
    Sending module, it is close for the first encryption after sending the encryption information and the encryption to the second user equipment Key.
  9. A kind of 9. second user equipment, it is characterised in that including:
    Acquisition module, for obtaining the SM9 private keys of the second user equipment;
    Receiving module, for receiving the first encryption key after the encryption information and encryption that first user equipment sends;Institute It is first user equipment according to the first encryption key after the encryption to state encryption information, is calculated using the default first encryption Method information to be sent is encrypted after information;The first encryption key after the encryption is by the mark of second user equipment Information is encrypted what is obtained using SM9 algorithms as SM9 public keys to the first encryption key;First encryption key is institute State the encryption key of the first AES;
    Processing module, for according to the SM9 private keys, being entered using the SM9 algorithms to the first encryption key after the encryption Row decryption, the first encryption key after being decrypted;
    The processing module, it is additionally operable to according to the first encryption key after the decryption, using first AES to institute State encryption information to be decrypted, the information to be sent after being decrypted.
  10. A kind of 10. server, it is characterised in that including:
    Processing module, for using the identification information of the first user equipment as SM9 public keys, being encrypted using SM9 algorithms to second close Key is encrypted, and obtains the second encryption key after encryption;Second encryption key adds for default second AES Key;
    The processing module, it is additionally operable to according to the second encryption key after the encryption, using second AES to logical Know that information is encrypted, obtain the encryption announcement information;
    The sending module, for second after sending the encryption announcement information and the encryption to first user equipment Encryption key.
CN201711137150.7A 2017-11-16 2017-11-16 A kind of encryption communication method and device based on SM9 algorithms Pending CN107682156A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711137150.7A CN107682156A (en) 2017-11-16 2017-11-16 A kind of encryption communication method and device based on SM9 algorithms

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711137150.7A CN107682156A (en) 2017-11-16 2017-11-16 A kind of encryption communication method and device based on SM9 algorithms

Publications (1)

Publication Number Publication Date
CN107682156A true CN107682156A (en) 2018-02-09

Family

ID=61149574

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711137150.7A Pending CN107682156A (en) 2017-11-16 2017-11-16 A kind of encryption communication method and device based on SM9 algorithms

Country Status (1)

Country Link
CN (1) CN107682156A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111740828A (en) * 2020-07-29 2020-10-02 北京信安世纪科技股份有限公司 Key generation method, device and equipment and encryption method
CN113382002A (en) * 2021-06-10 2021-09-10 杭州安恒信息技术股份有限公司 Data request method, request response method, data communication system, and storage medium
CN113691495A (en) * 2021-07-09 2021-11-23 沈谷丰 Network account sharing and distributing system and method based on asymmetric encryption

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100566250C (en) * 2006-09-08 2009-12-02 苏州胜联电子信息有限公司 A kind of point to point network identity identifying method
CN101075874B (en) * 2007-06-28 2010-06-02 腾讯科技(深圳)有限公司 Certifying method and system
CN102523563B (en) * 2011-12-26 2015-04-15 深圳奥联信息安全技术有限公司 Multimedia messaging service (MMS) encrypting method based on identity-based cryptograph (IBC) technology
CN105450395A (en) * 2015-12-30 2016-03-30 中科创达软件股份有限公司 Information encryption and decryption processing method and system
CN107181754A (en) * 2017-06-06 2017-09-19 江苏信源久安信息科技有限公司 A kind of method that many people of network file encryption and decryption mandate are shared

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100566250C (en) * 2006-09-08 2009-12-02 苏州胜联电子信息有限公司 A kind of point to point network identity identifying method
CN101075874B (en) * 2007-06-28 2010-06-02 腾讯科技(深圳)有限公司 Certifying method and system
CN102523563B (en) * 2011-12-26 2015-04-15 深圳奥联信息安全技术有限公司 Multimedia messaging service (MMS) encrypting method based on identity-based cryptograph (IBC) technology
CN105450395A (en) * 2015-12-30 2016-03-30 中科创达软件股份有限公司 Information encryption and decryption processing method and system
CN107181754A (en) * 2017-06-06 2017-09-19 江苏信源久安信息科技有限公司 A kind of method that many people of network file encryption and decryption mandate are shared

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
方言: ""更加安全易用的国产密码体系——SM9算法"", 《中国信息安全》 *
袁峰、程朝辉: ""SM9标识密码算法综述"", 《信息安全研究》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111740828A (en) * 2020-07-29 2020-10-02 北京信安世纪科技股份有限公司 Key generation method, device and equipment and encryption method
CN111740828B (en) * 2020-07-29 2021-02-12 北京信安世纪科技股份有限公司 Key generation method, device and equipment and encryption and decryption method
CN113382002A (en) * 2021-06-10 2021-09-10 杭州安恒信息技术股份有限公司 Data request method, request response method, data communication system, and storage medium
CN113691495A (en) * 2021-07-09 2021-11-23 沈谷丰 Network account sharing and distributing system and method based on asymmetric encryption
CN113691495B (en) * 2021-07-09 2023-09-01 沈谷丰 Network account sharing and distributing system and method based on asymmetric encryption

Similar Documents

Publication Publication Date Title
CN104796265B (en) A kind of Internet of Things identity identifying method based on Bluetooth communication access
US6298153B1 (en) Digital signature method and information communication system and apparatus using such method
JP4866863B2 (en) Security code generation method and user device
US7095851B1 (en) Voice and data encryption method using a cryptographic key split combiner
US20110145576A1 (en) Secure method of data transmission and encryption and decryption system allowing such transmission
CN104322003B (en) Cryptographic authentication and identification method using real-time encryption
EP2361462B1 (en) Method for generating an encryption/decryption key
US20130177152A1 (en) Cryptographic Key Spilt Combiner
GB2401462A (en) Security method using biometric and non-biometric data
CN102664898A (en) Fingerprint identification-based encrypted transmission method, fingerprint identification-based encrypted transmission device and fingerprint identification-based encrypted transmission system
CN103812854A (en) Identity authentication system, device and method and identity authentication requesting device
GB2487503A (en) Authentication of digital files and associated identities using biometric information
US7693279B2 (en) Security method and apparatus using biometric data
CN111262852B (en) Business card signing and issuing method and system based on block chain
Simmons Secure communications and asymmetric cryptosystems
Shukla et al. Sampurna Suraksha: unconditionally secure and authenticated one time pad cryptosystem
CN109347923A (en) Anti- quantum calculation cloud storage method and system based on unsymmetrical key pond
CN107682156A (en) A kind of encryption communication method and device based on SM9 algorithms
JP7250960B2 (en) User authentication and signature device using user biometrics, and method thereof
KR20100114321A (en) Digital content transaction-breakdown the method thereof
CN115412236A (en) Method for key management and password calculation, encryption method and device
JP4140617B2 (en) Authentication system using authentication recording medium and method of creating authentication recording medium
AU3620400A (en) Voice and data encryption method using a cryptographic key split combiner
JP4802388B2 (en) ENCRYPTION DEVICE, DECRYPTION DEVICE, AND COMMUNICATION SYSTEM
CN110138547A (en) Based on unsymmetrical key pond to and sequence number quantum communications service station cryptographic key negotiation method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180209