CN108900307A - FPGA (field programmable Gate array) implementation method for PGP (packet data protocol) key management authentication password recovery algorithm - Google Patents

FPGA (field programmable Gate array) implementation method for PGP (packet data protocol) key management authentication password recovery algorithm Download PDF

Info

Publication number
CN108900307A
CN108900307A CN201810734669.1A CN201810734669A CN108900307A CN 108900307 A CN108900307 A CN 108900307A CN 201810734669 A CN201810734669 A CN 201810734669A CN 108900307 A CN108900307 A CN 108900307A
Authority
CN
China
Prior art keywords
module
fpga
authentication password
control module
pgp
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810734669.1A
Other languages
Chinese (zh)
Other versions
CN108900307B (en
Inventor
李晓潮
赵禀睿
吴孔程
林捷
陈艺慧
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tuoer Microelectronics Co ltd
Original Assignee
Xiamen University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xiamen University filed Critical Xiamen University
Priority to CN201810734669.1A priority Critical patent/CN108900307B/en
Publication of CN108900307A publication Critical patent/CN108900307A/en
Application granted granted Critical
Publication of CN108900307B publication Critical patent/CN108900307B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry

Abstract

the FPGA implementation method of PGP key management authentication password recovery algorithm, aiming at the encryption combination of Twofish-256 algorithm and S2K algorithm in PGP key management authentication, utilizes a programmable logic circuit part in the FPGA to implement PGP authentication password recovery circuit, and utilizes a processor part in the FPGA to implement the scheduling of the whole password recovery system. P L part is composed of modules of control, authentication password generation, S2K function, counter, symmetric key selection, Twofish-256 decryption, SHA-1 inspection and the like.PS part is a processor module in the FPGA, and the PS part is connected with P L part by an AXI bus inside the FPGA to implement the control and data interaction on the PGP authentication password recovery circuit.

Description

The FPGA implementation method of PGP key management authentication password recovery algorithms
Technical field
The present invention relates to information securities, restore special chip electricity particularly with regard to a kind of high speed password based on FPGA The key management authentication password recovery system for being directed to PGP encryption software is realized on road using FPGA, is directed to Twofish- based on FPGA 256 with the PGP key management authentication password algorithm of S2K (SHA-1) algorithm combination carry out password recovery special circuit system and The FPGA implementation method of its PGP key management authentication password recovery algorithms realized.
Background technique
Field programmable gate array (Field-Programmable Gate Array, FPGA) is a kind of electricity of semi-custom Road chip has Resources on Chip abundant for exploitation, and design method is flexible and convenient, has both solved what custom circuit can not upgrade Deficiency, and overcome the limited disadvantage of conventional programmable device gate circuit number.FPGA is in calculated performance than CPU (Central Processing Unit) by force, then smaller than GPU (Graphic Processing Unit) in power consumption, this makes FPGA more suitable It closes and carries out this calculating work for continuing high intensity of password recovery.It not only include traditional programmable patrol in modern FPGA device It collects circuit PL (Programmable logic), is also added into piece inner treater system PS (Processing System).The portion PL Divide and is mainly made of programmable circuit logic unit, and the part PS is made of arm processor, is connect between two parts by bus Mouth carries out data interaction.During password recovery algorithm based on FPGA is realized, high performance password recovery counting circuit is in the part PL It realizes, PS is responsible for part the work of control and driving counting circuit, and the part PL together constitutes password recovery algorithm with the part PS Special circuit system.
PGP (Pretty GoodPrivacy) is a kind of encryption software, is widely used in email encryption, file encryption and hard The security systems such as disk encryption.PGP will be generated a session key at random, be encrypted using session key when encrypting user data User data, and session key will be saved after public key encryption;When decrypted user data, system will first use private key decrypted session The ciphertext of key obtains session key, then the ciphertext with session key decrypted user data.The private key of PGP is typically stored at SKR (Secret Key Ring) file, and protected by cryptographic authentication mechanisms, which is exactly the PGP of the invention referred to close Key administrative authentication password.SKR file is the private key ring file of PGP encryption software, is not only stored in this document by PGP key pipe The encrypted private key of authentication password is managed, further includes the various parameters information used when encryption.SKR file has stringent storage lattice Formula can accurately obtain the parameter information in ciphering process by parsing SKR file, it will be able to attempt to carry out PGP key management The recovery of authentication password.PGP key management authentication password will cause the private key that can not be obtained for encryption data once losing, Cause the data encrypted that can not read.Restore the PGP key pipe of loss or forgetting therefore, it is necessary to a kind of password recovery method Manage authentication password.
Similar research at present for PGP key management authentication password restoration methods and realization is as follows, (the Wu Hua such as Wu Hua Deng, PGP privacy enhanced mail breaking techniques are studied, information security and communication security, and 2014,12:It is proposed that one kind is directed in 116-119) The PGP key management authentication password crack method of AES-256 and SHA-1 algorithm combination, but the document provides only one kind and cracks Method is not directed to this method in the specific implementation of associated computing platform.(Deng Huijie, the PGP based on pass-phrase are cracked Deng Huijie Research and realize, Shanghai Communications University, 2011,9, master thesis) in propose for AES-256 and S2K (SHA-256) The PGP key management authentication password restoration methods of algorithm combination, this method is realized on CPU platform.Koichi Shimizu etc. (Koichi Shimizu etc., High-speed search system for PGPpassphrases, Cryptology and Network Security, CANS2008 proceeding, 2008,332-348) it proposes for AES With the PGP key management authentication password restoration methods of S2K (SHA-256) algorithm combination, and algorithm is completed in FPGA platform Realization.
So far there are no report relevant to PGP key management authentication password recovery.
Summary of the invention
The purpose of the present invention is to provide a kind of PGP keys for being directed to Twofish-256 and S2K (SHA-1) algorithm combination The FPGA implementation method of administrative authentication password recovery algorithm.With traditional method phase for carrying out password recovery by software mode Than realizing that password recovery algorithm has the characteristics that high speed and low-power consumption based on FPGA.
The present invention includes the following steps:
1) user is on console by the way that in network connection to FPGA piece inner treater, the SKR PGP software to be decrypted is literary Part is sent in FPGA piece inner treater, and sends sign on to FPGA piece inner treater;
2) after FPGA piece inner treater receives SKR file and sign on, which is parsed with fixed format, The data that password recovery needs are obtained, these data are stored in FPGA piece inner treater;The number that the password recovery needs According to including the number of iterations, initial vector, salt figure, private key ciphertext and private key hashed value ciphertext etc.;
3) SKR file is after the completion of FPGA piece inner treater is parsed and stored, FPGA piece inner treater by AXI bus to Control module sends reset signal, resets control module and sends reset signal from control module to other each modules, makes to own Module is all reset to original state;
4) after each module resets to original state, FPGA piece inner treater passes through number needed for decryption of the AXI bus by storage It is believed that breath is transmitted in the corresponding registers of control module;
5) after the corresponding registers of control module receive data information, FPGA piece inner treater passes through AXI bus to control Module sends commencing signal, and control module is started to work, while control module guides other modules to start to work;
6) start to restore PGP key management authentication password:It is close that authentication password generation module generates PGP key management certification Code;PGP key management authentication password enters S2K function module and generates symmetric key;Symmetric key is input to Twofish-256 solution In close module, and ciphertext and other relevant informations are obtained from control module, symmetrically decrypted, to SHA-1 after decryption completion The inspection module output private key decrypted and the hashed value decrypted, SHA-1 inspection module calculate hashed value according to private key, Calculated hashed value is compared with the hashed value decrypted, comparing result is sent into control module;
7) after control module receives comparing result, judge comparing result, if comparison is correct, enter step 8);Otherwise Step 6) is returned to, whether correct continues to verify next PGP key management authentication password;
8) after control module judgement comparison is correct, which is sent in piece by control module It manages in device, and sends reset signal to other modules of FPGA password recovery counting circuit, make FPGA password recovery counting circuit It stops working;
9) user sees the PGP key management authentication password recovered, PGP key management authentication password on console Recovery terminates.
Realization of the PGP key management authentication password recovery algorithms on FPGA is made of PS and PL two parts.
The present invention realizes FPGA piece inner treater using the part piece inner treater PS in FPGA, and the part is for parsing SKR file parses the hashed value ciphertext of the number of iterations, salt figure, initial vector, private key ciphertext and private key.In addition, FPGA piece Inner treater is also integrated with the function that PGP key management certification FPGA password recovery counting circuit is driven and encapsulated, and mentions Console where enabling user for interface goes to debug and the PGP key management is called to authenticate FPGA password by network Restore counting circuit.FPGA piece inner treater is also responsible for some miscellaneous functions, including sends reset signal to control module, starts Signal, the time of record PGP key management certification FPGA password recovery counting circuit work, the current number for having examined password of record Amount, output operation information etc..
Realize that PGP key management FPGA authentication password restores to calculate electricity using the part programmable logic circuit PL in FPGA Road is made of 16 circuit modules, including:Control module, authentication password generation module, 10 S2K function modules, counter mould Block, symmetric key selecting module, the symmetrical deciphering module of Twofish-256, SHA-1 inspection module.In control module and FPGA piece The controls such as processor is interconnected by AXI bus, and FPGA piece inner treater module sends beginning to control module and resets refer to It enables, further includes the information such as the SKR file salt figure of parsing.The control module at the end PL sends current to the FPGA piece inner treater at the end PS The status information of password recovery.The output of control module is connected with the input of authentication password generation module, generates to authentication password Module exports the enabling signal of PGP key management certification FPGA password recovery counting circuit.The input of control module and certification are close The output of code generation module is connected, for receiving correct PGP key management from authentication password generation module in successful decryption Authentication password;The output of authentication password generation module is connect with the input of 10 S2K function modules, to 10 S2K function modules Export PGP key management authentication password.The input of 10 S2K function modules is connected with the output of control module, from control module The information such as salt figure, the number of iterations needed for obtaining S2K function.The output of 10 S2K function modules all with key selecting module Input connection exports 10 groups of symmetric keys to symmetric key selecting module;The input of counter module and the output of control module It is connected, receives the control signal that control module is sent;The output of counter module is connect with the input of key selecting module, Xiang Mi The output order of key selecting module output symmetric key.The input of the another output link control module of counter module, to Control module exports location order of the current PGP key management authentication password in epicycle password authentification;Key selecting module Output is connect with the input of Twofish-256 deciphering module, exports a symmetric key to Twofish-256 deciphering module; The output of the input link control module of the symmetrical deciphering module of Twofish-256 receives the cipher-text information sent from control module With initial vector information.The input of the output connection key SHA-1 inspection module of the symmetrical deciphering module of Twofish-256, to The SHA-1 inspection module output private key decrypted and the hashed value decrypted;The output connection control mould of SHA-1 inspection module Block exports comparing result to control module.
The function corresponding function of each module is as follows in the PGP key management certification FPGA password recovery counting circuit:
Control module, control module dispatch PGP key pipe for other coupled modules of the part PL to be monitored and controlled It manages authentication password and restores function, while control module and FPGA piece inner treater carry out data communication, obtain PGP key management and recognize Initialization data and configuration data needed for demonstrate,proving password recovery.
Authentication password generation module traverses the password in password space, generates PGP key management authentication password.
10 S2K function modules, using authentication password generation module generate user password and control module in store Configuration data generate 10 groups of Twofish-256 decryption needed for symmetric keys;Such Parallel Design is solved from system architecture The shortcomings that S2K function operation overlong time of having determined, Twofish-256 deciphering module 7 is allowed continuously to obtain input key value, It the time to be entered such as substantially reduces, improves the working efficiency of PGP key management authentication password recovery system.Symmetric key Selecting module stores this 10 groups of symmetric keys;Counting module count down to 10 under the control of control module, from 1, symmetric key choosing It selects module and 10 groups of Twofish symmetric keys is selected according to the count value, one corresponding symmetric key of output arrives In Twofish-256 deciphering module;Twofish-256 deciphering module by control module obtain SKR file cipher-text information with And initial vector information, symmetric key is obtained by symmetric key selecting module, using symmetric key to ciphertext under CFB mode Information carries out Twofish-256 decryption, the private key decrypted and the hashed value decrypted, and they are sent into SHA-1 inspection It tests in module;SHA-1 inspection module obtains the private key of Twofish-256 deciphering module output, by private key hash is calculated Value, while the hashed value decrypted in Twofish-256 deciphering module is obtained, the hashed value being calculated is dissipated with what is decrypted Train value is compared, and comparison result is sent into control module;Control module decides whether to continue PGP key management according to comparison result Authentication password recovery process.
Encrypted set of the present invention for Twofish-256 algorithm and S2K (SHA-1) algorithm in PGP key management certification It closes, PGP authentication password restoring circuit is realized using the programmable logic circuit part (PL) in FPGA, using handling in FPGA piece Realize the scheduling of entire password recovery system in device part (PS).The part PL mainly by being formed with lower module, including:Control module, Authentication password generation module, S2K function module, counter module, symmetric key selecting module, Twofish-256 deciphering module, SHA-1 inspection module.The part PS is mainly FPGA piece inner treater module.The part PS passes through AXI bus inside FPGA and the portion PL Divide connection, realizes control and data interaction to PGP authentication password restoring circuit.The PGP key management that the present invention finally realizes Authentication password restores special circuit, password recovery speed and lower power consumption with high speed, while having both flexibility, practical Property and specific aim, PGP software code restore related fields application value with higher.
Detailed description of the invention
Fig. 1 is the FPGA implementation flow chart of PGP key management authentication password recovery algorithms of the present invention.
Fig. 2 is that the FPGA of PGP key management authentication password recovery algorithms of the present invention realizes block diagram.
Specific embodiment
Present invention will now be described in further detail with reference to the embodiments and the accompanying drawings.
As shown in Figure 1, the embodiment of the present invention includes following steps:
1) user is on console by the way that in network connection to FPGA piece inner treater, the SKR PGP software to be decrypted is literary Part is sent in FPGA piece inner treater, and sends sign on to FPGA piece inner treater;
2) after FPGA piece inner treater receives SKR file and sign on, which is parsed with fixed format, The data that password recovery needs are obtained, these data are stored in FPGA piece inner treater;The number that the password recovery needs According to including the number of iterations, initial vector, salt figure, private key ciphertext and private key hashed value ciphertext etc.;
3) SKR file is after the completion of FPGA piece inner treater is parsed and stored, FPGA piece inner treater by AXI bus to Control module sends reset signal, resets control module and sends reset signal from control module to other each modules, makes to own Module is all reset to original state;
4) after each module resets to original state, FPGA piece inner treater passes through number needed for decryption of the AXI bus by storage It is believed that breath is transmitted in the corresponding registers of control module;
5) after the corresponding registers of control module receive data information, FPGA piece inner treater passes through AXI bus to control Module sends commencing signal, and control module is started to work, while control module guides other modules to start to work;
6) start to restore PGP key management authentication password:It is close that authentication password generation module generates PGP key management certification Code;PGP key management authentication password enters S2K function module and generates symmetric key;Symmetric key is input to Twofish-256 solution In close module, and ciphertext and other relevant informations are obtained from control module, symmetrically decrypted, to SHA-1 after decryption completion The inspection module output private key decrypted and the hashed value decrypted, SHA-1 inspection module calculate hashed value according to private key, Calculated hashed value is compared with the hashed value decrypted, comparing result is sent into control module;
7) after control module receives comparing result, judge comparing result, if comparison is correct, enter step 8);Otherwise Step 6) is returned to, whether correct continues to verify next PGP key management authentication password;
8) after control module judgement comparison is correct, which is sent in piece by control module It manages in device, and sends reset signal to other modules of FPGA password recovery counting circuit, make FPGA password recovery counting circuit It stops working;
9) user sees the PGP key management authentication password recovered, PGP key management authentication password on console Recovery terminates.
As shown in Fig. 2, a SKR file of PGP encryption software is input into FPGA piece inner treater 1, by SKR file In private key ciphertext, private key hashed value ciphertext, the salt figure of S2K function and the number of iterations parse, and pass through AXI bus transfer Into the register in control module 2, while FPGA piece inner treater 1 sends the letter started to work to control module 2 by AXI Number;After control module 2 receives the signal of start-up operation, sign on is sent to authentication password generation module 3;Authentication password is raw After receiving sign at module 3, starts to construct key management authentication password, generate 10 groups of authentication passwords every time, and every time will The PGP key management authentication password correspondence of 10 groups of constructions is input in 10 S2K function modules 41~410;10 S2K Function Modules Block 41~410 receives the PGP key management authentication password of construction, while the salt of S2K function needs is obtained from control module 2 The parameters such as value, the number of iterations generate 10 groups of symmetric keys, are input in symmetric key selecting module 6;Counter module 5 generates One count value, the count value indicate that symmetric key selecting module currently exports position of the key in 10 keys of epicycle;It is right Claim the output of key selecting module 6 to connect with Twofish-256 deciphering module 7, enters the key into Twofish-256 decryption In module 7, meanwhile, Twofish-256 deciphering module 7 obtains private key ciphertext and private key hashed value ciphertext from control module 2, and Initial vector, the Twofish-256 decryption by CFB mode calculate the private key that output decrypts and the hashed value decrypted, and The private key decrypted and the hashed value decrypted are output in SHA-1 inspection module 8;SHA-1 inspection module 8 obtains private key, The hashed value of private key is calculated, the hashed value decrypted exported in Twofish-256 deciphering module 7 and SHA-1 are examined The hashed value being calculated in module 8 compares, if the two is different, issues and instructs to control module 2, continue this wheel The verifying of remaining symmetric key in 10 symmetric keys;If it is identical to authenticate to the two, issues and instruct to control module 2, from meter Number device module 5 obtains current count value, is assured that correct PGP key management authentication password is close in certification according to count value The position stored in code generation module 3, at this point, the PGP key management authentication password is just output to by authentication password generation module 3 In control module 2, this correct PGP key management authentication password is output to FPGA piece by AXI bus again by control module 2 In inner treater 1.The information and the PGP key management recovered that FPGA piece inner treater 1 is successfully recovered to console output Authentication password.
The specific working mode of counter module 5 is as follows:
The output valve of counter module 5 respectively corresponds 10 groups pairs of the output of S2K function module 41~410 between 0~9 Claim the order of key.In PGP key management authentication password recovery process, if it is wrong for demonstrating symmetric key in control module 2 Accidentally, the count value of counter module 5 adds 1, and sends count value in symmetric key selecting module 6, keeps its output next A symmetric key;If it is wrong, the clearing of counter module 5, the sending of control module 2 that this 10 groups of symmetric keys, which are all verified, Instruction makes authentication password generation module 3 construct 10 groups of new PGP key management authentication passwords;If control module 2 authenticates to Correct symmetric key, then counter module just recognizes the symmetric key and corresponding PGP key management according to count value Card password is output in control module 2.

Claims (10)

  1. The FPGA implementation method of 1.PGP key management authentication password recovery algorithms, it is characterised in that include the following steps:
    1) user passes through network connection to FPGA piece inner treater, the SKR file quilt of PGP software to be decrypted on console It is sent in FPGA piece inner treater, and sends sign on to FPGA piece inner treater;
    2) after FPGA piece inner treater receives SKR file and sign on, which is parsed with fixed format, is obtained The data that password recovery needs, these data are stored in FPGA piece inner treater;The data packet that the password recovery needs Include the number of iterations, initial vector, salt figure, private key ciphertext and private key hashed value ciphertext;
    3) for SKR file after the completion of FPGA piece inner treater is parsed and stored, FPGA piece inner treater passes through AXI bus to control Module sends reset signal, resets control module and sends reset signal from control module to other each modules, makes all modules All it is reset to original state;
    4) after each module resets to original state, data needed for FPGA piece inner treater passes through decryption of the AXI bus by storage are believed Breath is transmitted in the corresponding registers of control module;
    5) after the corresponding registers of control module receive data information, FPGA piece inner treater passes through AXI bus to control module Commencing signal is sent, control module is started to work, while control module guides other modules to start to work;
    6) start to restore PGP key management authentication password:Authentication password generation module generates PGP key management authentication password;PGP Key management authentication password enters S2K function module and generates symmetric key;Symmetric key is input to Twofish-256 deciphering module In, and ciphertext and other relevant informations are obtained from control module, it is symmetrically decrypted, examines mould to SHA-1 after decryption completion The block output private key decrypted and the hashed value decrypted, SHA-1 inspection module calculate hashed value according to private key, will calculate Hashed value out is compared with the hashed value decrypted, and comparing result is sent into control module;
    7) after control module receives comparing result, judge comparing result, if comparison is correct, enter step 8);Otherwise it returns to Whether step 6) continues to verify next PGP key management authentication password correct;
    8) after control module judgement comparison is correct, which is sent to piece inner treater by control module In, reset signal is sent to other modules of FPGA password recovery counting circuit, FPGA password recovery counting circuit is made to stop work Make;
    9) user sees that the PGP key management authentication password recovered, PGP key management authentication password restore on console Terminate.
  2. 2. the FPGA implementation method of PGP key management authentication password recovery algorithms as described in claim 1, it is characterised in that described Realization of the PGP key management authentication password recovery algorithms on FPGA is made of PS and PL two parts.
  3. 3. the FPGA implementation method of PGP key management authentication password recovery algorithms as described in claim 1, it is characterised in that described FPGA piece inner treater includes that reset signal, commencing signal, record PGP key management certification FPGA password are sent to control module Restore the time of counting circuit work, record has currently examined the quantity of password, output operation information.
  4. 4. the FPGA implementation method of PGP key management authentication password recovery algorithms as described in claim 1, it is characterised in that PGP Key management FPGA authentication password restores counting circuit, is made of 16 circuit modules, including:Control module, authentication password are raw At module, 10 S2K function modules, counter module, symmetric key selecting module, the symmetrical deciphering module of Twofish-256, SHA-1 inspection module.
  5. 5. the FPGA implementation method of PGP key management authentication password recovery algorithms as claimed in claim 4, it is characterised in that described Control module is interconnected with FPGA piece inner treater by AXI bus, and FPGA piece inner treater module is sent to control module Start and reset control instruction, further includes the SKR file salt value information of parsing, the control module at the end PL is into the FPGA piece at the end PS Processor sends the status information that current password restores, and the output of control module is connected with the input of authentication password generation module, To the enabling signal of authentication password generation module output PGP key management certification FPGA password recovery counting circuit, control module Input be connected with the output of authentication password generation module, it is correct for being received in successful decryption from authentication password generation module PGP key management authentication password.
  6. 6. the FPGA implementation method of PGP key management authentication password recovery algorithms as claimed in claim 4, it is characterised in that described The output of authentication password generation module is connect with the input of 10 S2K function modules, close to 10 S2K function module output PGP Key administrative authentication password.
  7. 7. the FPGA implementation method of PGP key management authentication password recovery algorithms as claimed in claim 4, it is characterised in that described The input of 10 S2K function modules is connected with the output of control module, from salt figure needed for control module acquisition S2K function, repeatedly For number information;The output of 10 S2K function modules is connect with the input of key selecting module, defeated to symmetric key selecting module 10 groups of symmetric keys out.
  8. 8. the FPGA implementation method of PGP key management authentication password recovery algorithms as claimed in claim 4, it is characterised in that described The input of counter module is connected with the output of control module, receives the control signal that control module is sent;Counter module Output is connect with the input of key selecting module, to the output order of key selecting module output symmetric key;Counter module Another output link control module input, it is close in epicycle to export current PGP key management authentication password to control module Location order in code verifying.
  9. 9. the FPGA implementation method of PGP key management authentication password recovery algorithms as claimed in claim 4, it is characterised in that described The output of symmetric key selecting module is connect with the input of Twofish-256 deciphering module, defeated to Twofish-256 deciphering module A symmetric key out.
  10. 10. the FPGA implementation method of PGP key management authentication password recovery algorithms as claimed in claim 4, it is characterised in that institute The output of the input link control module of the symmetrical deciphering module of Twofish-256 is stated, the ciphertext letter sent from control module is received Breath and initial vector information;The input of the output connection key SHA-1 inspection module of the symmetrical deciphering module of Twofish-256, to The SHA-1 inspection module output private key decrypted and the hashed value decrypted;The output connection control mould of SHA-1 inspection module Block exports comparing result to control module.
CN201810734669.1A 2018-07-06 2018-07-06 FPGA (field programmable Gate array) implementation method for PGP (packet data protocol) key management authentication password recovery algorithm Active CN108900307B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810734669.1A CN108900307B (en) 2018-07-06 2018-07-06 FPGA (field programmable Gate array) implementation method for PGP (packet data protocol) key management authentication password recovery algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810734669.1A CN108900307B (en) 2018-07-06 2018-07-06 FPGA (field programmable Gate array) implementation method for PGP (packet data protocol) key management authentication password recovery algorithm

Publications (2)

Publication Number Publication Date
CN108900307A true CN108900307A (en) 2018-11-27
CN108900307B CN108900307B (en) 2020-03-24

Family

ID=64348508

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810734669.1A Active CN108900307B (en) 2018-07-06 2018-07-06 FPGA (field programmable Gate array) implementation method for PGP (packet data protocol) key management authentication password recovery algorithm

Country Status (1)

Country Link
CN (1) CN108900307B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110516809A (en) * 2019-08-22 2019-11-29 山东浪潮人工智能研究院有限公司 A kind of realization device of the privacy interpolator arithmetic based on FPGA+RISC-V

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070074045A1 (en) * 2002-09-30 2007-03-29 Van Essen Brian C Method of securing programmable logic configuration data
WO2011089143A1 (en) * 2010-01-20 2011-07-28 Intrinsic Id B.V. Device and method for obtaining a cryptographic key
CN106027261A (en) * 2016-05-18 2016-10-12 厦门大学 FPGA (field programmable Gate array) -based LUKS (Luk authentication and Key recovery) chip circuit and password recovery method thereof
CN107291898A (en) * 2017-06-22 2017-10-24 厦门大学 MySQL authentication password recovery system based on FPGA and method thereof

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070074045A1 (en) * 2002-09-30 2007-03-29 Van Essen Brian C Method of securing programmable logic configuration data
WO2011089143A1 (en) * 2010-01-20 2011-07-28 Intrinsic Id B.V. Device and method for obtaining a cryptographic key
CN106027261A (en) * 2016-05-18 2016-10-12 厦门大学 FPGA (field programmable Gate array) -based LUKS (Luk authentication and Key recovery) chip circuit and password recovery method thereof
CN107291898A (en) * 2017-06-22 2017-10-24 厦门大学 MySQL authentication password recovery system based on FPGA and method thereof

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
KOICHI SHIMIZU: "High-Speed Search System for PGP Passphrases", 《CRYPTOLOGY AND NETWORK SECURITY, CANS2008》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110516809A (en) * 2019-08-22 2019-11-29 山东浪潮人工智能研究院有限公司 A kind of realization device of the privacy interpolator arithmetic based on FPGA+RISC-V
CN110516809B (en) * 2019-08-22 2022-05-24 山东浪潮科学研究院有限公司 Implementation device of privacy amplification algorithm based on FPGA + RISC-V

Also Published As

Publication number Publication date
CN108900307B (en) 2020-03-24

Similar Documents

Publication Publication Date Title
US8516268B2 (en) Secure field-programmable gate array (FPGA) architecture
CN101854243B (en) Circuit system design encryption circuit and encryption method thereof
CN104618338B (en) A kind of Industrial Ethernet encryption of communicated data transparent transmission module
CN104579679B (en) Wireless public network data forwarding method for agriculture distribution communication equipment
CN105357218B (en) A kind of router and its encipher-decipher method having hardware enciphering and deciphering function
CN101478548B (en) Data transmission ciphering and integrity checking method
CN107678763A (en) Electric energy meter upgrade method and system based on digital signature technology
CN105790927B (en) A kind of bus graded encryption system
CN104253694A (en) Encrypting method for network data transmission
CN113346995B (en) Method and system for preventing falsification in mail transmission process based on quantum security key
WO2023005734A1 (en) Vehicle data uploading method and apparatus, and vehicle, system and storage medium
CN104901935A (en) Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem)
CN100440775C (en) Encryption communication method and device
CN110958219A (en) SM2 proxy re-encryption method and device for medical cloud shared data
CN109586920A (en) A kind of trust authentication method and device
CN113452687B (en) Method and system for encrypting sent mail based on quantum security key
CN210955077U (en) Bus encryption and decryption device based on state cryptographic algorithm and PUF
CN113312608A (en) Electric power metering terminal identity authentication method and system based on timestamp
KR100986758B1 (en) Security dedicated device for securities of communication apparatus
CN114499857A (en) Method for realizing data correctness and consistency in big data quantum encryption and decryption
CN114598533A (en) Block chain side chain cross-chain identity trusted authentication and data encryption transmission method
CN109995785A (en) File security unlocking method in local area network based on quantum cryptography
CN103873257A (en) Secrete key updating, digital signature and signature verification method and device
CN109413644B (en) LoRa encryption authentication communication method, storage medium and electronic terminal
CN108900307A (en) FPGA (field programmable Gate array) implementation method for PGP (packet data protocol) key management authentication password recovery algorithm

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20220512

Address after: 710000 A201, zero one Plaza, Xi'an Software Park, No. 72, Keji Second Road, high tech Zone, Xi'an, Shaanxi

Patentee after: Tuoer Microelectronics Co.,Ltd.

Address before: Xiamen City, Fujian Province, 361005 South Siming Road No. 422

Patentee before: XIAMEN University

TR01 Transfer of patent right