CN108270558A - A kind of private key introduction method based on temporary key pair - Google Patents

A kind of private key introduction method based on temporary key pair Download PDF

Info

Publication number
CN108270558A
CN108270558A CN201611265622.2A CN201611265622A CN108270558A CN 108270558 A CN108270558 A CN 108270558A CN 201611265622 A CN201611265622 A CN 201611265622A CN 108270558 A CN108270558 A CN 108270558A
Authority
CN
China
Prior art keywords
key
ciphertext
private key
session
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201611265622.2A
Other languages
Chinese (zh)
Inventor
王山扣
掌晓愚
任伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
GEER SOFTWARE CO Ltd SHANGHAI
Original Assignee
GEER SOFTWARE CO Ltd SHANGHAI
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by GEER SOFTWARE CO Ltd SHANGHAI filed Critical GEER SOFTWARE CO Ltd SHANGHAI
Priority to CN201611265622.2A priority Critical patent/CN108270558A/en
Publication of CN108270558A publication Critical patent/CN108270558A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0877Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

A kind of private key introduction method based on temporary key pair disclosed by the invention, includes the following steps:Step 1, certificate request request and is sent to server-side, while be encrypted public key by ephemeral encryption public key setting by client using temporary encryption keys to Generating Certificate, and is signed using signature private key to certificate and public signature key is put into certificate extensions;Step 2, server-side carries out sign test using the public signature key in certificate extensions to data packet;Step 3, server-side is encrypted to obtain ciphertext as private key ciphertext using session key to the private key of encryption key centering that server-side generates, it is encrypted to obtain ciphertext as session ciphertext to session key using the encrypted public key in certificate request, private key ciphertext and session ciphertext is sent to client;Step 4, client is decrypted to obtain session key using ephemeral encryption private key to session ciphertext, reuses session key and private key ciphertext is decrypted private key, the private key that client obtains decryption is imported in encrypted container.

Description

A kind of private key introduction method based on temporary key pair
Technical field
The present invention relates to private key introduction method technical field more particularly to a kind of private key importing sides based on temporary key pair Method.
Background technology
SSL traffic based on digital certificate is applicable safety communication technology basis, and digital certificate is issued licence using complete set Ripe PKI technologies, the technology ensure that digital certificate issue licence during various private datas safety.
During digital certificate is issued licence, issue licence request and response of issuing licence is most important ring during digital certificate is issued licence Section, it will usually which, using a pair of of signature key as protection key, request of issuing licence by DN and protection public key and can protect private key pair The signing messages of message is sent to server-side, and server-side protection public key sign test is simultaneously private using the encryption that public key generates server-side Key encrypts the method for (protecting public key, session key encrypts encryption key to session key encryption) to ensure the safety of data Property, client obtains private key information by corresponding decryption oprerations.In the process, key pair is protected not only used signature to test Algorithm is signed, and also uses asymmetric enciphering and deciphering algorithm, but in Microsoft CSP (the Cryptographic Service of standard Provider) signature key is operated to that can not do encryption and decryption in algorithm, it is of course possible to private key without encrypting, but it is this Situation is the safety it cannot be guaranteed that private key.Or it is if protection key is encrypted using symmetric cryptography private key, symmetrically The storage of key then becomes a problem.
For this purpose, applicant carried out beneficial exploration and trial, result of the above problems is had found, will be detailed below being situated between The technical solution to continue generates in this background.
Invention content
The technical problems to be solved by the invention:It provides in view of the deficiencies of the prior art a kind of based on temporary key pair Private key introduction method.
Following technical scheme may be used to realize in technical problem solved by the invention:
A kind of private key introduction method based on temporary key pair, includes the following steps:
Step S1 generates a fixed encrypted container and a temporary encryption keys pair, client one in client Certificate request request and is sent to server-side by aspect using temporary encryption keys to Generating Certificate, while by temporary encryption keys The ephemeral encryption public key setting of centering is encrypted public key, and on the other hand certificate is carried out using the signature private key of signature key centering It signs and the public signature key of signature key centering is put into certificate extensions, so as to server-side sign test;
Step S2, server-side receive the certificate request that client sends over and using the signature public affairs in certificate extensions Key carries out sign test to data packet;
Step S3, generates an encryption key pair and a session key in server-side, on the one hand server-side uses meeting The private key of the encryption key centering of words key pair server-side generation is encrypted to obtain ciphertext as private key ciphertext, on the other hand uses Encrypted public key in certificate request is encrypted to obtain ciphertext as session ciphertext to session key, then private key ciphertext and session is close Text is sent to client;
Step S4, client receives private key ciphertext and the session ciphertext that server-side sends over, and passes through analytic message and obtain Obtain private key ciphertext and session ciphertext;
Step S5, client are decrypted to obtain using the ephemeral encryption private key of temporary encryption keys centering to session ciphertext Session key reuses the session key that decryption obtains and private key ciphertext is decrypted to obtain the encryption key pair of server-side generation In private key, client will be decrypted in the obtained encrypted container that is generated in advance of private key importing;
Step S6, client delete temporary encryption keys pair.
As a result of technical solution as above, the beneficial effects of the present invention are:The present invention issued licence in digital certificate Private key is imported into client using temporary encryption keys in journey, so as to ensure that safety of the encryption key during issuing licence.
Specific embodiment
In order to be easy to understand the technical means, the creative features, the aims and the efficiencies achieved by the present invention, further Illustrate the present invention.
A kind of private key introduction method based on temporary key pair of the present invention, includes the following steps:
Step S1 generates a fixed encrypted container A and a temporary encryption keys to B in client, interim to add Close key pair B is made of ephemeral encryption public key B1 and ephemeral encryption private key B2, and client is on the one hand using temporary encryption keys to B It Generates Certificate and asks and certificate request is sent to server-side, while by temporary encryption keys to the ephemeral encryption public key B1 in B Encrypted public key C is set as, on the other hand the signature private key D1 in D signs to certificate and will be signed close using signature key Key is put into certificate extensions the public signature key D2 in D;
Step S2 after server-side receives the certificate request that client sends over, uses the signature in certificate extensions Public key D2 carries out sign test to data packet;
Step S3 generates an encryption key to E and session key F in server-side, and encryption key is to E by private key E1 and public key E2 are formed, server-side on the one hand using session key F to the encryption key that server-side generates to the private key E1 in E into Row encryption obtains ciphertext as private key ciphertext G, and on the other hand session key F is added using the encrypted public key C in certificate request The close ciphertext that obtains is session ciphertext H, then private key ciphertext G and session ciphertext H are sent to client;
Step S4, client receives private key ciphertext G and the session ciphertext H that server-side sends over, and passes through analytic message Acquire private key ciphertext G and session ciphertext H;
Step S5, client are decrypted session ciphertext H the ephemeral encryption private key B2 in B using temporary encryption keys Session key F is obtained, decryption obtained session key F is reused and private key ciphertext G is decrypted to obtain server-side generation and add In private key E1 in close key pair E, the encrypted container A that the private key E1 importings that client obtains decryption are generated in advance;
Step S6, client delete temporary encryption keys to B.
The basic principles, main features and the advantages of the invention have been shown and described above.The technology of the industry Personnel are it should be appreciated that the present invention is not limited to the above embodiments, and the above embodiments and description only describe this The principle of invention, without departing from the spirit and scope of the present invention, various changes and improvements may be made to the invention, these changes Change and improvement all fall within the protetion scope of the claimed invention.The claimed scope of the invention by appended claims and its Equivalent thereof.

Claims (1)

1. a kind of private key introduction method based on temporary key pair, which is characterized in that include the following steps:
Step S1 generates a fixed encrypted container and a temporary encryption keys pair in client, and client is on the one hand Request and certificate request is sent to server-side to Generating Certificate using temporary encryption keys, while by temporary encryption keys centering Ephemeral encryption public key setting for encrypted public key, on the other hand signed using the signature private key of signature key centering to certificate And the public signature key of signature key centering is put into certificate extensions, so as to server-side sign test;
Step S2, server-side receive the certificate request that client sends over and using the public signature keys pair in certificate extensions Data packet carries out sign test;
Step S3, generates an encryption key pair and a session key in server-side, and server-side is on the one hand close using session Key is encrypted to obtain ciphertext as private key ciphertext to the private key of encryption key centering that server-side generates, on the other hand using certificate Encrypted public key in request is encrypted to obtain ciphertext to be session ciphertext, then private key ciphertext and session ciphertext are sent out to session key It send to client;
Step S4, client receives private key ciphertext and the session ciphertext that server-side sends over, and passes through analytic message and obtain To private key ciphertext and session ciphertext;
Step S5, client are decrypted to obtain session using the ephemeral encryption private key of temporary encryption keys centering to session ciphertext Key reuses the session key that decryption obtains and private key ciphertext is decrypted to obtain the encryption key centering of server-side generation Private key, the private key that client obtains decryption are imported in the encrypted container being generated in advance;
Step S6, client delete temporary encryption keys pair.
CN201611265622.2A 2016-12-30 2016-12-30 A kind of private key introduction method based on temporary key pair Pending CN108270558A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611265622.2A CN108270558A (en) 2016-12-30 2016-12-30 A kind of private key introduction method based on temporary key pair

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611265622.2A CN108270558A (en) 2016-12-30 2016-12-30 A kind of private key introduction method based on temporary key pair

Publications (1)

Publication Number Publication Date
CN108270558A true CN108270558A (en) 2018-07-10

Family

ID=62770314

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611265622.2A Pending CN108270558A (en) 2016-12-30 2016-12-30 A kind of private key introduction method based on temporary key pair

Country Status (1)

Country Link
CN (1) CN108270558A (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109039609A (en) * 2018-08-24 2018-12-18 深圳美图创新科技有限公司 The method and terminal of key importing terminal
CN109842489A (en) * 2018-12-24 2019-06-04 福建联迪商用设备有限公司 A kind of method that realizing secure communication, terminal and system
CN110601825A (en) * 2019-08-29 2019-12-20 北京思源理想控股集团有限公司 Ciphertext processing method and device, storage medium and electronic device
CN111628860A (en) * 2019-02-28 2020-09-04 武汉信安珞珈科技有限公司 Method for generating and applying double-key system digital certificate
CN111951463A (en) * 2020-06-05 2020-11-17 陶源 Vending machine activation system and vending machine offline vending method
CN112511297A (en) * 2020-11-30 2021-03-16 郑州信大捷安信息技术股份有限公司 Method and system for updating key pair and digital certificate
CN114389801A (en) * 2021-11-26 2022-04-22 宁波三星智能电气有限公司 Key management method for intelligent electric meter
CN114499871A (en) * 2021-12-23 2022-05-13 成都卫士通信息产业股份有限公司 Signature encryption method, device and system and computer readable storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120124367A1 (en) * 2010-11-15 2012-05-17 Trilliant Holdings Inc. System and Method for Securely Communicating Across Multiple Networks Using a Single Radio
US20120250859A1 (en) * 2011-03-28 2012-10-04 Via Technologies, Inc. Data encryption method and system and data decryption method
CN103138938A (en) * 2013-03-22 2013-06-05 中金金融认证中心有限公司 SM2 certificate application method based on cryptographic service provider (CSP)
CN103595530A (en) * 2012-08-17 2014-02-19 华为技术有限公司 Software secret key updating method and device
CN104821944A (en) * 2015-04-28 2015-08-05 广东小天才科技有限公司 Hybrid encrypted network data security method and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120124367A1 (en) * 2010-11-15 2012-05-17 Trilliant Holdings Inc. System and Method for Securely Communicating Across Multiple Networks Using a Single Radio
US20120250859A1 (en) * 2011-03-28 2012-10-04 Via Technologies, Inc. Data encryption method and system and data decryption method
CN103595530A (en) * 2012-08-17 2014-02-19 华为技术有限公司 Software secret key updating method and device
CN103138938A (en) * 2013-03-22 2013-06-05 中金金融认证中心有限公司 SM2 certificate application method based on cryptographic service provider (CSP)
CN104821944A (en) * 2015-04-28 2015-08-05 广东小天才科技有限公司 Hybrid encrypted network data security method and system

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109039609A (en) * 2018-08-24 2018-12-18 深圳美图创新科技有限公司 The method and terminal of key importing terminal
CN109842489A (en) * 2018-12-24 2019-06-04 福建联迪商用设备有限公司 A kind of method that realizing secure communication, terminal and system
CN111628860A (en) * 2019-02-28 2020-09-04 武汉信安珞珈科技有限公司 Method for generating and applying double-key system digital certificate
CN111628860B (en) * 2019-02-28 2023-08-08 武汉信安珞珈科技有限公司 Method for generating digital certificate of double-key system and application method
CN110601825A (en) * 2019-08-29 2019-12-20 北京思源理想控股集团有限公司 Ciphertext processing method and device, storage medium and electronic device
CN110601825B (en) * 2019-08-29 2022-09-30 北京思源理想控股集团有限公司 Ciphertext processing method and device, storage medium and electronic device
CN111951463A (en) * 2020-06-05 2020-11-17 陶源 Vending machine activation system and vending machine offline vending method
CN112511297A (en) * 2020-11-30 2021-03-16 郑州信大捷安信息技术股份有限公司 Method and system for updating key pair and digital certificate
CN112511297B (en) * 2020-11-30 2022-03-11 郑州信大捷安信息技术股份有限公司 Method and system for updating key pair and digital certificate
CN114389801A (en) * 2021-11-26 2022-04-22 宁波三星智能电气有限公司 Key management method for intelligent electric meter
CN114499871A (en) * 2021-12-23 2022-05-13 成都卫士通信息产业股份有限公司 Signature encryption method, device and system and computer readable storage medium
CN114499871B (en) * 2021-12-23 2024-01-09 成都卫士通信息产业股份有限公司 Signature encryption method, device and system and computer readable storage medium

Similar Documents

Publication Publication Date Title
CN108270558A (en) A kind of private key introduction method based on temporary key pair
CN106506470B (en) network data security transmission method
CN107124274B (en) Digital signature method and device based on SM2
US8130961B2 (en) Method and system for client-server mutual authentication using event-based OTP
CN101115060B (en) Method for protecting user encryption key in asymmetric cipher key transmitting process of user key management system
PH12019500938A1 (en) Data transmission method, apparatus and system
CN103634266B (en) A bidirectional authentication method for a server and a terminal
RU2018103181A (en) CONFIDENTIAL AUTHENTICATION AND SECURITY
CN108768930A (en) A kind of encrypted transmission method of data
CN102664740B (en) Remote-authorization-based bidding document encryption and decryption method
CN109005027B (en) Random data encryption and decryption method, device and system
TW202121868A (en) Data encryption and decryption method and device, storage medium and encrypted file
CN108199844B (en) Method for supporting off-line SM9 algorithm key first application downloading
CN102255725A (en) Random hybrid key encryption/decryption method
CN104092551B (en) Safe secret key transmission method based on RSA algorithm
CN105262586B (en) The method for distributing key and device of automobile burglar equipment
CN102647393B (en) Digital signage content piracy prevention method
CN104486756B (en) A kind of encryption and decryption method and system of close writing paper short message
CN105915345B (en) The implementation method of licensed-type production and restructuring in a kind of family gateway equipment production test
CN113300842B (en) Method for improving security of symmetric encryption algorithm
CN105991277B (en) Cryptographic key distribution method based on SIP communication system
CN105071934A (en) Data effective transmission method
CN110138544A (en) A kind of encrypting and decrypting system and method for internet of things equipment
CN108768958B (en) Verification method for data integrity and source based on no leakage of verified information by third party
CN103475466A (en) USBKey bus protection implementation method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 200436 Room 601, Lane 299, Lane 299, JIANGCHANG West Road, Jingan District, Shanghai

Applicant after: KOAL SOFTWARE Co.,Ltd.

Address before: 200436 Room 601, Lane 299, Lane 299, JIANGCHANG West Road, Zhabei District, Shanghai

Applicant before: SHANGHAI KOAL SOFTWARE Co.,Ltd.

SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180710