CN109145639B - File encryption method, file decryption method and file encryption device - Google Patents
File encryption method, file decryption method and file encryption device Download PDFInfo
- Publication number
- CN109145639B CN109145639B CN201810841784.9A CN201810841784A CN109145639B CN 109145639 B CN109145639 B CN 109145639B CN 201810841784 A CN201810841784 A CN 201810841784A CN 109145639 B CN109145639 B CN 109145639B
- Authority
- CN
- China
- Prior art keywords
- file
- encrypted
- subdata
- block
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 55
- 230000000903 blocking effect Effects 0.000 claims abstract description 49
- 238000012795 verification Methods 0.000 claims description 85
- 238000004364 calculation method Methods 0.000 claims description 12
- 238000000638 solvent extraction Methods 0.000 claims description 6
- 238000010586 diagram Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 6
- 230000006870 function Effects 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 238000004422 calculation algorithm Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/08—Error detection or correction by redundancy in data representation, e.g. by using checking codes
- G06F11/10—Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's
- G06F11/1004—Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's to protect a block of data words, e.g. CRC or checksum
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Quality & Reliability (AREA)
- Storage Device Security (AREA)
Abstract
The application provides a file encryption method, a file decryption method and a file encryption device, wherein the file encryption method comprises the following steps: acquiring a file to be encrypted; generating first subdata comprising pre-blocking information and a first check code according to the file to be encrypted; generating second subdata comprising a second check code according to the first subdata, and encrypting the first subdata by adopting a first key to obtain a first subdata ciphertext; obtaining encrypted file metadata according to the first subdata ciphertext and the second subdata; dividing the file to be encrypted according to the pre-blocking information to obtain a plurality of block files and blocking metadata; respectively encrypting the plurality of block files by adopting a second key to obtain an encrypted block file corresponding to each block file; and combining the encrypted file metadata, each encrypted block file and the block metadata into an encrypted file according to a first preset sequence. The scheme of the embodiment of the application can improve the safety of the file.
Description
Technical Field
The application relates to the technical field of information security, in particular to a file encryption method, a file decryption method and a file decryption device.
Background
With the popularization of computer technology application, computers play a significant role in production and life of people. Computers often suffer from various challenges during use, wherein security of various files on the computer is a very big challenge.
In order to ensure the security of the document, various effective encryption and decryption technologies have been developed. In the prior art, various encryption algorithms are often used to encrypt files in order to ensure the security of the files, so that the files are prevented from being illegally tampered to ensure the security of the files. However, if someone else obtains the decryption key of the file in the file processed by the existing encryption and decryption methods, the file may be tampered illegally, and the security of the file processed by the encryption cannot be guaranteed.
Disclosure of Invention
In order to overcome the above-mentioned deficiencies in the prior art, the present application aims to provide a file encryption method, which includes:
acquiring a file to be encrypted;
generating first subdata comprising pre-blocking information and a first check code according to the file to be encrypted, wherein the first check code is obtained by calculation according to the file to be encrypted;
generating second subdata comprising a second check code according to the first subdata, wherein the second check code is obtained by calculation according to the first subdata;
encrypting the first subdata by adopting a first key to obtain a first subdata ciphertext;
obtaining encrypted file metadata according to the first subdata ciphertext and the second subdata;
dividing the file to be encrypted according to the pre-blocking information to obtain a plurality of block files and blocking metadata;
respectively encrypting the plurality of block files by adopting a second key to obtain an encrypted block file corresponding to each block file;
and combining the encrypted file metadata, each encrypted block file and the block metadata into an encrypted file according to a first preset sequence.
Optionally, in the step of encrypting the first sub-data by using the first key, a method of encrypting the first sub-data is symmetric encryption;
in the step of encrypting the plurality of block files respectively by using the second key, the method for encrypting the plurality of block files is symmetric encryption.
Optionally, the method further includes, before the step of generating first sub-data including pre-blocking information and a first check code according to the file to be encrypted, obtaining a sector size of a destination address;
the step of generating first subdata comprising pre-blocking information and a first check code according to the file to be encrypted comprises the following steps:
calculating a first check code corresponding to the file to be encrypted according to the file to be encrypted;
acquiring pre-blocking information according to the file to be encrypted and the sector size of the destination address;
and generating the first subdata comprising the pre-partitioning information and the first check code.
Optionally, the method further comprises the step of,
before the step of generating the first subdata comprising the pre-blocking information and the first check code, calculating a third check code corresponding to the file to be encrypted according to the file to be encrypted;
the first subdata further comprises the third check code.
Optionally, the step of blocking the file to be encrypted according to the pre-blocking information to obtain a plurality of block files and blocking metadata includes:
blocking the file to be encrypted according to the pre-blocking information to obtain a plurality of block files;
and obtaining block metadata respectively corresponding to each block file according to the pre-block information and each block file.
Optionally, the step of combining the encrypted file metadata, the encrypted block file, and the block metadata into an encrypted file according to a first preset order includes:
respectively combining each encrypted block file and the corresponding block metadata into a unit block corresponding to the block file;
and forming an encrypted file by each unit block and the encrypted file metadata according to a first preset sequence.
Another object of the present invention is to provide a file decryption method, applied to decryption of a file obtained by the encryption method described in any one of the above, including:
acquiring an encrypted file;
acquiring encrypted file metadata comprising a first subdata ciphertext and second subdata from the encrypted file, and decrypting the first subdata ciphertext to obtain first subdata and a first check code; acquiring a second check code from the second subdata;
acquiring a first verification code according to the first subdata;
verifying the first verification code by using the second verification code;
if the first verification code is verified successfully, decrypting a plurality of encrypted block files in the encrypted file and forming a temporary file;
acquiring a second verification code according to the temporary file, and verifying the second verification code by using the first verification code;
and if the second verification code is verified successfully, obtaining a decrypted file according to the temporary file.
Optionally, the step of decrypting a plurality of encrypted block files in the encrypted file to form a temporary file includes:
decrypting the plurality of encrypted block files respectively to obtain a plurality of decrypted block files;
and forming the decrypted block files into the temporary file according to a second preset sequence.
Another object of the present invention is to provide an encryption apparatus, which includes a first obtaining module, a first generating module, a first encrypting module, a second generating module, a dividing module, a second encrypting module, and a third generating module;
the first obtaining module is used for obtaining a file to be encrypted;
the first generation module is used for generating first subdata comprising pre-blocking information and a first check code according to the file to be encrypted, wherein the first check code is obtained by calculation according to the file to be encrypted;
generating second subdata comprising a second check code according to the first subdata, wherein the second check code is obtained by calculation according to the first subdata;
the first encryption module is configured to encrypt the first subdata with a first key to obtain a first subdata ciphertext;
the second generation module is used for obtaining encrypted file metadata according to the first subdata ciphertext and the second subdata;
the dividing module is used for dividing the file to be encrypted according to the pre-blocking information to obtain a plurality of block files and blocking metadata;
the second encryption module is configured to encrypt the plurality of block files respectively by using a second key to obtain an encrypted block file corresponding to each block file;
and the third generation module is used for forming the encrypted file metadata, each encrypted block file and the block metadata into an encrypted file according to a first preset sequence.
Another objective of the present invention is to provide a decryption apparatus, where the decryption apparatus includes a second obtaining module, a first decryption module, a first verification module, a second decryption module, a second verification module, and a fourth generation module;
the second obtaining module is used for obtaining the encrypted file;
the first decryption module is configured to obtain encrypted file metadata including a first sub-data ciphertext and second sub-data from the encrypted file, decrypt the first sub-data ciphertext, and obtain first sub-data and a first check code; acquiring a second check code from the second subdata;
the first verification module is used for acquiring a first verification code according to the first subdata; verifying the first verification code by using the second verification code;
the second decryption module is used for decrypting a plurality of encrypted block files in the encrypted file and forming a temporary file when the first verification code is verified successfully;
the second check module is used for acquiring a second verification code according to the temporary file and checking the second verification code by using the first verification code;
and the fourth generating module is used for obtaining a decrypted file according to the temporary file when the second verification code is verified successfully.
Compared with the prior art, the method has the following beneficial effects:
the encryption method of the embodiment of the application comprises the steps of firstly generating first subdata comprising pre-blocking information and a first check code according to a file to be encrypted, generating second subdata comprising a second check code according to the first subdata, and then encrypting the first subdata and forming encrypted file metadata together with the second subdata; and then, after dividing the file to be encrypted into a plurality of block files, encrypting each block file respectively. And finally, the encrypted file metadata and the block file form an encrypted file. In the decryption method of the embodiment of the application, after the encrypted file is obtained, the first subdata ciphertext is decrypted to obtain first subdata, the first verification code is calculated according to the first subdata, the first verification code is verified according to the second verification code, the blocking and decryption processes of the encrypted file are carried out under the condition that the first verification code is verified successfully, the decrypted block file is formed into a temporary file, the second verification code is calculated according to the temporary file, the first verification code is used for verifying the second verification code, and finally the decrypted file is generated under the condition that the second verification code is verified successfully. According to the embodiment of the application, the verification mechanism of the first subdata and the verification mechanism of the decrypted file are set, so that the probability that the file is illegally modified can be greatly reduced, and the safety of the file is greatly improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained from the drawings without inventive effort.
Fig. 1 is a schematic flowchart of a file encryption method according to an embodiment of the present application;
fig. 2 is a schematic flowchart of a file decryption method according to an embodiment of the present application;
fig. 3 is a block diagram of a file encryption apparatus according to an embodiment of the present application;
fig. 4 is a block diagram of a file decryption apparatus according to an embodiment of the present application.
Icon: 11-a first acquisition module; 12-a first generation module; 13-a first cryptographic module; 14-a second generation module; 15-a partitioning module; 16-a second encryption module; 17-a third generation module; 21-a second acquisition module; 22-a first decryption module; 23-a first checking module; 24-a second decryption module; 25-a second check-up module; 26-fourth generation module.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. The components of the embodiments of the present application, generally described and illustrated in the figures herein, can be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present application, presented in the accompanying drawings, is not intended to limit the scope of the claimed application, but is merely representative of selected embodiments of the application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
The terms "first," "second," "third," and the like are used solely to distinguish one from another and are not to be construed as indicating or implying relative importance.
In the description of the present application, it is further noted that, unless expressly stated or limited otherwise, the terms "disposed," "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meaning of the above terms in the present application can be understood in a specific case by those of ordinary skill in the art.
Referring to fig. 1, fig. 1 is a flowchart of a file encryption method according to an embodiment of the present application, and the file encryption method is described in detail below with reference to the drawings.
Step S110, obtaining a file to be encrypted.
Step S120, generating first subdata comprising pre-blocking information and a first check code according to the file to be encrypted, wherein the first check code is obtained by calculation according to the file to be encrypted.
Step S120 includes:
and calculating a first check code corresponding to the file to be encrypted according to the file to be encrypted.
And generating first subdata comprising pre-blocking information and a first check code according to the file to be encrypted.
In this embodiment, the file pre-chunking information may include the number of chunk files, the size of the chunk files, and the actual size of the tail chunk file.
In one embodiment, step S120 may be preceded by obtaining a sector size of the destination address. In this embodiment, step S120 includes:
and calculating a first check code corresponding to the file to be encrypted according to the file to be encrypted.
And acquiring pre-block information according to the file to be encrypted and the sector size of the destination address.
And generating the first subdata comprising the pre-partitioning information and the first check code.
In this embodiment, the pre-chunking information may include the number of chunk files, the size of the chunk files, the actual size of the last chunk file, and the sector size of the destination address.
In this embodiment, the pre-blocking information is generated according to the sector size of the destination address, so that the file to be encrypted can be encrypted and divided according to the sector size.
In another embodiment, before step S120, a third check code corresponding to the file to be encrypted is calculated according to the file to be encrypted.
In this embodiment, the first sub-data may further include the third check code.
And setting a third check code in the first subdata, wherein the third check code can be used for further checking the file in the decryption process.
Step S130, generating second subdata including a second check code according to the first subdata, where the second check code is calculated according to the first subdata.
The second check code in this embodiment is used to verify whether the first sub-data is modified during decryption.
In this embodiment, a second check code of the first sub-data is calculated, and then the second sub-data is composed according to the second check code, so that the second check code constitutes a part of the second sub-data. The second sub-data may further include information such as an encryption algorithm of the file.
Step S140, encrypting the first sub-data by using a first key to obtain a first sub-data ciphertext.
The first sub-data is encrypted, so that the probability of the first sub-data being modified can be reduced.
And S150, obtaining encrypted file metadata according to the first subdata ciphertext and the second subdata. The first subdata ciphertext and the second subdata form encrypted file metadata, so that the probability of modifying the first check code can be reduced, and the accuracy of file check is improved.
Step S160, dividing the file to be encrypted according to the pre-blocking information to obtain a plurality of block files and blocking metadata.
In one embodiment, the steps specifically include:
and partitioning the file to be encrypted according to the pre-partitioning information to obtain a plurality of block files.
And obtaining block metadata respectively corresponding to each block file according to the pre-block information and each block file.
In this embodiment, when the block file is a tail block, the blank portion of the block file may be filled with preset data. For example, zeros may be used to fill in blank portions of the block file.
The blocking metadata may include: flag information for marking whether the block file is a last block, and size information of the block file.
In this embodiment, before the step of obtaining the blocking metadata corresponding to each block file according to the pre-blocking information and each block file, a fourth check code corresponding to each block file of the plurality of block files may be calculated, respectively.
In this embodiment, the blocking metadata includes flag information for marking whether the block file is a last block, size information of the block file, and a fourth check code. The fourth check code of each block file may be used to check each corresponding block file.
Step S170, respectively encrypting the plurality of block files by using a second key, to obtain an encrypted block file corresponding to each of the block files.
Step S180, the encrypted file metadata, each encrypted block file, and the block metadata are combined into an encrypted file according to a first preset sequence.
In this embodiment, step S180 specifically includes:
and respectively combining each encrypted block file and the corresponding block metadata into a unit block corresponding to the block file.
And forming an encrypted file by each unit block and the encrypted file metadata according to a first preset sequence.
In one embodiment, the size of the unit block may be equal to the sector size of the destination address if step S120 is preceded by obtaining the sector size of the destination address. In this way, when writing an encrypted file to a destination address, one unit block can be written to one sector at a time, and the file writing speed can be increased.
The first preset sequence is a sequence set by human according to actual needs. For example, the metadata of the encrypted file is placed at the forefront of the encrypted file, and the rest unit blocks are sequentially arranged according to the sequence of the block file corresponding to the unit block in the file to be encrypted.
The embodiment of the present application further provides a file decryption method, which is applied to decryption of a file obtained by any one of the above encryption methods, and includes:
in step S210, an encrypted file is acquired.
The step is used for acquiring the encrypted file encrypted by the encryption method.
Step S210, obtaining encrypted file metadata including a first subdata ciphertext and second subdata from an encrypted file, decrypting the first subdata ciphertext, and obtaining first subdata and a first check code; and acquiring a second check code from the second subdata.
Step S220, a first verification code is obtained according to the first subdata.
The step is used for calculating a first verification code according to the first subdata, and when the first verification code is calculated, the first verification code is calculated by adopting a method corresponding to the calculation of the first check code in the encryption method.
Step S230, verifying the first verification code by using the second verification code.
In this step, when the first verification code is to be verified, the first verification code is compared with the second verification code, and if the first verification code is consistent with the second verification code, the first verification code is verified successfully.
In step S240, if the first verification code is verified successfully, the plurality of encrypted block files are decrypted to form a temporary file.
Step S240 specifically includes decrypting the plurality of encrypted block files, respectively, to obtain a plurality of decrypted block files.
And forming the decrypted block files into the temporary file according to a second preset sequence.
The second preset sequence is the corresponding sequence of each block file obtained after decryption in the file to be encrypted.
Step S250, acquiring a second verification code according to the temporary file, and verifying the second verification code by using the first verification code.
And step S260, if the second verification code is verified successfully, obtaining a decrypted file according to the temporary file.
As shown in fig. 3, an encryption apparatus is further provided in the embodiment of the present application, and includes a first obtaining module 11, a first generating module 12, a first encryption module 13, a second generating module 14, a dividing module 15, a second encryption module 16, and a third generating module 17.
The first obtaining module 11 is configured to obtain a file to be encrypted.
In this embodiment, the first obtaining module 11 is configured to execute step S110 shown in fig. 1, and for a detailed description of the first obtaining module 11, reference may be made to the description of step S110.
The first generating module 12 is configured to generate first subdata including pre-blocking information and a first check code according to the file to be encrypted, where the first check code is obtained by calculation according to the file to be encrypted.
And generating second subdata comprising a second check code according to the first subdata, wherein the second check code is obtained by calculation according to the first subdata.
In this embodiment, the first generating module 12 is configured to execute step S120 and step S130 shown in fig. 1, and for the specific description of the first generating module 12, reference may be made to the description of step S120 and step S130.
The first encryption module 13 is configured to encrypt the first subdata with a first key to obtain a first subdata ciphertext.
In this embodiment, the first encryption module 13 is configured to execute step S140 shown in fig. 1, and reference may be made to the description of step S140 for specific description of the first encryption module 13.
The second generating module 14 is configured to obtain metadata of the encrypted file according to the first sub-data ciphertext and the second sub-data.
In this embodiment, the second generating module 14 is configured to execute step S150 shown in fig. 1, and the detailed description about the second generating module 14 may refer to the description about step S150.
The dividing module 15 is configured to divide the file to be encrypted according to the pre-blocking information, and obtain a plurality of block files and blocking metadata.
In this embodiment, the dividing module 15 is configured to execute step S160 shown in fig. 1, and the detailed description about the dividing module 15 may refer to the description about step S160.
The second encryption module 16 is configured to encrypt the plurality of block files respectively by using a second key, so as to obtain an encrypted block file corresponding to each block file.
In this embodiment, the second encryption module 16 is configured to execute step S170 shown in fig. 1, and reference may be made to the description of step S170 for detailed description of the second encryption module 16.
The third generating module 17 is configured to combine the encrypted file metadata, each encrypted block file, and the block metadata into an encrypted file according to a first preset order.
In this embodiment, the third generating module 17 is configured to execute step S180 shown in fig. 1, and reference may be made to the description of step S180 for a detailed description of the third generating module 17.
As shown in fig. 4, an embodiment of the present application further provides a decryption apparatus, where the decryption apparatus includes a second obtaining module 21, a first decryption module 22, a first verification module 23, a second decryption module 24, a second verification module 25, and a fourth generation module 26.
The second obtaining module 21 is configured to obtain an encrypted file.
In this embodiment, the second obtaining module 21 is configured to execute step S210 shown in fig. 2, and for a detailed description of the second obtaining module 21, reference may be made to the description of step S210.
The first decryption module 22 is configured to obtain encrypted file metadata including a first sub-data ciphertext and second sub-data from an encrypted file, decrypt the first sub-data ciphertext, and obtain first sub-data and a first check code; and acquiring a second check code from the second subdata.
In this embodiment, the first decryption module 22 is configured to execute step S220 shown in fig. 2, and the detailed description about the first decryption module 22 may refer to the description about step S220.
The first check module 23 is configured to obtain a first verification code according to the first sub-data; and checking the first verification code by using the second verification code.
In this embodiment, the first check module 23 is configured to execute step S230 shown in fig. 2, and for a detailed description of the first check module 23, reference may be made to the description of step S230.
The second decryption module 24 is configured to decrypt the multiple encrypted block files and form a temporary file when the first verification code is successfully verified.
In this embodiment, the second decryption module 24 is configured to execute step S240 shown in fig. 2, and the detailed description about the second decryption module 24 may refer to the description about step S240.
The second checking module 25 is configured to obtain a second verification code according to the temporary file, and check the second verification code by using the first verification code.
In this embodiment, the second check module 25 is configured to execute step S250 shown in fig. 2, and the detailed description about the second check module 25 may refer to the description about step S250.
The fourth generating module 26 is configured to, when the second verification code is successfully verified, obtain a decrypted file according to the temporary file.
In this embodiment, the fourth generating module 26 is configured to execute step S260 shown in fig. 2, and the detailed description about the fourth generating module 26 may refer to the description about step S260.
To sum up, the encryption method according to the embodiment of the present application first generates first subdata including pre-blocking information and a first check code according to a file to be encrypted, generates second subdata including a second check code according to the first subdata, encrypts the first subdata, and then combines the first subdata with the second subdata to form metadata of an encrypted file, and then divides the file to be encrypted into a plurality of block files and then encrypts each block file respectively. And finally, the encrypted file metadata and the block file form an encrypted file. In the decryption method of the embodiment of the application, after the encrypted file is obtained, the first subdata ciphertext is decrypted to obtain first subdata, the first verification code is calculated according to the first subdata, the first verification code is verified according to the second verification code, the blocking and decryption processes of the encrypted file are carried out under the condition that the first verification code is verified successfully, the decrypted block file is formed into a temporary file, the second verification code is calculated according to the temporary file, the first verification code is used for verifying the second verification code, and finally the decrypted file is generated under the condition that the second verification code is verified successfully. According to the embodiment of the application, the verification mechanism of the first subdata and the verification mechanism of the decrypted file are set, so that the probability that the file is illegally modified can be greatly reduced, and the safety of the file is greatly improved.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The apparatus embodiments described above are merely illustrative, and for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (9)
1. A file encryption method, characterized in that the file encryption method comprises:
acquiring a file to be encrypted;
generating first subdata comprising pre-blocking information and a first check code according to the file to be encrypted, wherein the first check code is obtained by calculation according to the file to be encrypted;
generating second subdata comprising a second check code according to the first subdata, wherein the second check code is obtained by calculation according to the first subdata;
encrypting the first subdata by adopting a first key to obtain a first subdata ciphertext;
obtaining encrypted file metadata according to the first subdata ciphertext and the second subdata;
dividing the file to be encrypted according to the pre-blocking information to obtain a plurality of block files and blocking metadata;
respectively encrypting the plurality of block files by adopting a second key to obtain an encrypted block file corresponding to each block file;
the encrypted file metadata, each encrypted block file and the block metadata form an encrypted file according to a first preset sequence;
the specific steps of forming the encrypted file metadata, each encrypted block file and the block metadata into an encrypted file according to a first preset sequence include:
respectively combining each encrypted block file and the corresponding block metadata into a unit block corresponding to the block file;
and forming an encrypted file by each unit block and the encrypted file metadata according to a first preset sequence.
2. The file encryption method according to claim 1,
in the step of encrypting the first subdata by adopting the first key, the method for encrypting the first subdata is symmetric encryption;
in the step of encrypting the plurality of block files respectively by using the second key, the method for encrypting the plurality of block files is symmetric encryption.
3. The file encryption method according to claim 1, further comprising, before the step of generating first sub-data including pre-blocking information and a first check code according to the file to be encrypted, obtaining a sector size of a destination address;
the step of generating first subdata comprising pre-blocking information and a first check code according to the file to be encrypted comprises the following steps:
calculating a first check code corresponding to the file to be encrypted according to the file to be encrypted;
acquiring pre-blocking information according to the file to be encrypted and the sector size of the destination address;
and generating the first subdata comprising the pre-partitioning information and the first check code.
4. The file encryption method according to claim 1, further comprising,
before the step of generating the first subdata comprising the pre-blocking information and the first check code, calculating a third check code corresponding to the file to be encrypted according to the file to be encrypted;
the first subdata further comprises the third check code.
5. The file encryption method according to claim 1, wherein the step of blocking the file to be encrypted according to the pre-blocking information to obtain a plurality of block files and blocking metadata comprises:
blocking the file to be encrypted according to the pre-blocking information to obtain a plurality of block files;
and obtaining block metadata respectively corresponding to each block file according to the pre-block information and each block file.
6. A file decryption method applied to decryption of a file obtained by the encryption method according to any one of claims 1 to 5, comprising:
acquiring an encrypted file;
acquiring encrypted file metadata comprising a first subdata ciphertext and second subdata from the encrypted file, and decrypting the first subdata ciphertext to obtain first subdata and a first check code; acquiring a second check code from the second subdata;
acquiring a first verification code according to the first subdata;
verifying the first verification code by using the second verification code;
if the first verification code is verified successfully, decrypting a plurality of encrypted block files in the encrypted file and forming a temporary file;
acquiring a second verification code according to the temporary file, and verifying the second verification code by using the first verification code;
and if the second verification code is verified successfully, obtaining a decrypted file according to the temporary file.
7. The file decryption method according to claim 6, wherein the step of decrypting a plurality of encrypted block files in the encrypted file to constitute a temporary file comprises:
decrypting the plurality of encrypted block files respectively to obtain a plurality of decrypted block files;
and forming the decrypted block files into the temporary file according to a second preset sequence.
8. An encryption device is characterized by comprising a first obtaining module, a first generating module, a first encryption module, a second generating module, a dividing module, a second encryption module and a third generating module;
the first obtaining module is used for obtaining a file to be encrypted;
the first generation module is used for generating first subdata comprising pre-blocking information and a first check code according to the file to be encrypted, wherein the first check code is obtained by calculation according to the file to be encrypted;
generating second subdata comprising a second check code according to the first subdata, wherein the second check code is obtained by calculation according to the first subdata;
the first encryption module is configured to encrypt the first subdata with a first key to obtain a first subdata ciphertext;
the second generation module is used for obtaining encrypted file metadata according to the first subdata ciphertext and the second subdata;
the dividing module is used for dividing the file to be encrypted according to the pre-blocking information to obtain a plurality of block files and blocking metadata;
the second encryption module is configured to encrypt the plurality of block files respectively by using a second key to obtain an encrypted block file corresponding to each block file;
the third generating module is configured to combine the encrypted file metadata, each encrypted block file, and the block metadata into an encrypted file according to a first preset order;
the third generating module is specifically configured to respectively combine each encrypted block file and its corresponding block metadata into a unit block corresponding to the block file;
and forming an encrypted file by each unit block and the encrypted file metadata according to a first preset sequence.
9. A decryption apparatus, applied to decryption of a file obtained by the encryption method according to any one of claims 1 to 5, the decryption apparatus comprising a second obtaining module, a first decryption module, a first verification module, a second decryption module, a second verification module, and a fourth generation module;
the second obtaining module is used for obtaining the encrypted file;
the first decryption module is configured to obtain encrypted file metadata including a first sub-data ciphertext and second sub-data from the encrypted file, decrypt the first sub-data ciphertext, and obtain first sub-data and a first check code; acquiring a second check code from the second subdata;
the first verification module is used for acquiring a first verification code according to the first subdata; verifying the first verification code by using the second verification code;
the second decryption module is used for decrypting a plurality of encrypted block files in the encrypted file and forming a temporary file when the first verification code is verified successfully;
the second check module is used for acquiring a second verification code according to the temporary file and checking the second verification code by using the first verification code;
and the fourth generating module is used for obtaining a decrypted file according to the temporary file when the second verification code is verified successfully.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810841784.9A CN109145639B (en) | 2018-07-27 | 2018-07-27 | File encryption method, file decryption method and file encryption device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810841784.9A CN109145639B (en) | 2018-07-27 | 2018-07-27 | File encryption method, file decryption method and file encryption device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109145639A CN109145639A (en) | 2019-01-04 |
| CN109145639B true CN109145639B (en) | 2020-07-14 |
Family
ID=64798239
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810841784.9A Active CN109145639B (en) | 2018-07-27 | 2018-07-27 | File encryption method, file decryption method and file encryption device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109145639B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109977684B (en) * | 2019-02-12 | 2024-02-20 | 平安科技(深圳)有限公司 | Data transmission method and device and terminal equipment |
| CN111222152B (en) * | 2020-01-03 | 2022-10-14 | 上海达梦数据库有限公司 | Data writing method, device, equipment and storage medium |
| CN112668278B (en) * | 2020-12-23 | 2024-05-31 | 上海磐启微电子有限公司 | Environment verification system and method |
| CN112734361B (en) * | 2020-12-29 | 2021-12-07 | 卡乐电子(苏州)有限责任公司 | Distributed cooperative office data processing method and system |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103457727B (en) * | 2012-05-29 | 2018-01-23 | 华为技术有限公司 | A kind of methods, devices and systems for realizing media data processing |
| CN105468935A (en) * | 2015-11-13 | 2016-04-06 | 福州瑞芯微电子股份有限公司 | Method, sending end, tool end and burning end for guaranteeing safe burning of KEY |
| CN107204986B (en) * | 2017-06-27 | 2019-10-18 | 四川捷云信通信息技术有限公司 | Cloud stores encryption method, decryption method and cloud and stores encryption device |
| CN107609428A (en) * | 2017-08-16 | 2018-01-19 | 大唐高鸿信安(浙江)信息科技有限公司 | Date safety storing system and method |
-
2018
- 2018-07-27 CN CN201810841784.9A patent/CN109145639B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN109145639A (en) | 2019-01-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109145639B (en) | File encryption method, file decryption method and file encryption device | |
| US9288047B2 (en) | System and method for content protection based on a combination of a user pin and a device specific identifier | |
| AU2013101034B4 (en) | Registration and authentication of computing devices using a digital skeleton key | |
| CN106776904B (en) | The fuzzy query encryption method of dynamic authentication is supported in a kind of insincere cloud computing environment | |
| US11329817B2 (en) | Protecting data using controlled corruption in computer networks | |
| US10630474B2 (en) | Method and system for encrypted data synchronization for secure data management | |
| CN106878013B (en) | File encryption and decryption method and device | |
| EP2885737B1 (en) | Storing and accessing data | |
| CN104408381A (en) | Protection method of data integrity in cloud storage | |
| CN109657497B (en) | Secure file system and method thereof | |
| KR20220144810A (en) | Secret partitioning and metadata storage | |
| CN112019326A (en) | Vehicle charging safety management method and system | |
| US20210091955A1 (en) | Homomorphic encryption for password authentication | |
| CN110351297B (en) | Verification method and device applied to block chain | |
| CN112241527B (en) | Secret key generation method and system of terminal equipment of Internet of things and electronic equipment | |
| CN105760789A (en) | Protection method for encryption key in encrypted mobile solid-state disk | |
| CN112035574A (en) | Private data distributed storage method based on block chain technology | |
| CN115659417A (en) | Audit log storage method, audit log verification method, audit log storage device, audit log verification device and computer equipment | |
| CN112818404B (en) | Data access permission updating method, device, equipment and readable storage medium | |
| JP5511803B2 (en) | Techniques for performing symmetric cryptography | |
| CN111934862B (en) | Server access method and device, readable medium and electronic equipment | |
| CN117744116A (en) | Installation package protection method, decryption method, device, electronic equipment and storage medium | |
| CN111949996A (en) | Generation method, encryption method, system, device and medium of security private key | |
| CN114297673A (en) | Password verification method, solid state disk and upper computer | |
| WO2024147078A2 (en) | Self-extracting archive for data protection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 100195 Room 301, floor 3, building 103, No. 3, minzhuang Road, Haidian District, Beijing Patentee after: Mixin (Beijing) Digital Technology Co.,Ltd. Address before: 100000 301, floor 3, building 103, No. 3, minzhuang Road, Haidian District, Beijing Patentee before: BEIJING BEIXINYUAN INFORMATION SECURITY TECHNOLOGY CO.,LTD. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20240313 Address after: Room 1501, 12th Floor, Building 3, No. 34 Zhongguancun South Street, Haidian District, Beijing, 100080 Patentee after: Federation of Industry and Commerce Lingchuang (Beijing) Technology Co.,Ltd. Country or region after: China Address before: 100195 Room 301, floor 3, building 103, No. 3, minzhuang Road, Haidian District, Beijing Patentee before: Mixin (Beijing) Digital Technology Co.,Ltd. Country or region before: China |