CN109150516A - The signature and/or encryption method of browser file, device, browser and medium - Google Patents
The signature and/or encryption method of browser file, device, browser and medium Download PDFInfo
- Publication number
- CN109150516A CN109150516A CN201811016964.XA CN201811016964A CN109150516A CN 109150516 A CN109150516 A CN 109150516A CN 201811016964 A CN201811016964 A CN 201811016964A CN 109150516 A CN109150516 A CN 109150516A
- Authority
- CN
- China
- Prior art keywords
- file
- signature
- browser
- digital certificate
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
Abstract
The invention discloses the unified signatures and/or encryption method of a kind of browser file, comprising the following steps: when detecting browser file to be released, by the browser Document encapsulation at the package file of preset format;Obtain publishing side private key and digital certificate and/or subscription end digital certificate;According to the private key of the publishing side and digital certificate and/or the digital certificate of subscription end, the package file is signed and/or encrypted by preset algorithm.The invention also discloses a kind of browser, a kind of unified signature of browser file and encryption device and a kind of computer readable storage mediums.Browser provided by the invention includes encrypted signature interface, different types of Document encapsulation is MIME by encrypted signature interface by browser, then it reuses PKCS7 it is signed and/or is encrypted, it realizes and unified signature and/or encryption is directly carried out to file by browser, improve the reliability and safety of browser file.
Description
Technical field
The present invention relates to the unified signature and/or encryption method of information security field more particularly to a kind of browser file,
Device and computer readable storage medium.
Background technique
Signature (also known as public key digital signature, Electronic Signature) is a kind of similar common physical signature write on paper, but
It is that the technology in public key encryption field has been used to realize, is a kind of method for the authentication information owner.Encryption is one kind to letter
Breath is encrypted, and is allowed and is only possessed the digital technology that the talent for reading permission reads information.
With the development of internet technology, people's lives and network technology are closer and closer inseparable.Browser is interconnection
Net transmits the main tool of the information such as various files, photo, audio and video.Conventionally, as internet has out
Putting property, unsigned and encryption browser file are easy to be distorted or intercepted by third party user, lead to the peace of browser file
Full property and reliability are lower.
Above content is only used to facilitate the understanding of the technical scheme, and is not represented and is recognized that above content is existing skill
Art.
Summary of the invention
The main purpose of the present invention is to provide the unified signature and/or encryption method of a kind of browser file, device and
Computer readable storage medium, it is intended to unified signature and/or encryption are carried out to browser file, promoted information safety and can
By property.
To achieve the above object, the present invention provides the unified signature and/or encryption method of a kind of browser file, described clear
It lookes at the unified signature of device file and/or encryption method includes the following steps:
When detecting browser file to be released, by the browser Document encapsulation at the encapsulation text of preset format
Part;
Obtain publishing side private key and digital certificate and/or subscription end digital certificate;
According to the private key of the publishing side and digital certificate and/or the digital certificate of subscription end, by preset algorithm to institute
Package file is stated to be signed and/or encrypted.
Preferably, described according to the private key and digital certificate of the publishing side and/or the digital certificate of subscription end, pass through
The step of preset algorithm is signed and/or encrypted to the package file include:
The package file is encoded to the encoded file of preset structure;
It is inputted the encoded file, the private key of publishing side and digital certificate as the signature of the preset algorithm, it is raw
At signed data;
It is stabbed by third party's time-stamping service acquisition time;
The timestamp is added to the signed data, generates signature file.
Preferably, the preset format includes multipurpose internet extension MIME format;The preset structure includes public key
Encryption standard content information structure;The preset algorithm includes public key cryptography standards PKCS.
Preferably, the private key and digital certificate and/or subscription end digital certificate according to the publishing side, to the envelope
After the step of dress file is signed and/or is encrypted, further includes:
When receiving the signature file, the signing messages of the signature file is obtained;
When the signing messages is not tampered with, pass through the preset algorithm parsing signature file;
The signing messages of signature file and the browser text to be released are obtained and exported according to parsing result
The original text of part, wherein the signing messages includes authentication rank, signature at least one of time and signing certificate.
Preferably, after the described the step of timestamp is added to the signed data, generates signature file, also
Include:
Random key is generated, and passes through the random key encapsulation signature file;
The random key is encapsulated by the digital certificate of the subscription end;
The signature file that will be encapsulated by the random key, and the institute of the digital certificate encapsulation by the subscription end
It states random key and is encoded into encryption file.
Preferably, the private key and digital certificate and/or subscription end digital certificate according to the publishing side, passes through public key
The step of encryption standard is signed and/or encrypted to the package file include:
The package file is encoded to the encoded file of the preset structure;
Random key is generated, and the encoded file is encapsulated by random key;
The random key is encapsulated by the digital certificate of the subscription end;
The coding file that will be encapsulated by the random key, and by described in the encapsulation of the digital certificate of the subscription end
Random key is encoded into encryption file.
Preferably, the private key and digital certificate and/or subscription end digital certificate according to the publishing side, passes through public key
After the step of encryption standard is signed and/or is encrypted to the package file, further includes:
When receiving the encryption file, the digital certificate of the subscription end is obtained, wherein the subscription end number is demonstrate,proved
School bag includes the private key of subscription end;
The encryption file is parsed according to the key of the subscription end private, obtains the random key;
The browser file to be released is parsed according to the random key.
In addition, to achieve the above object, the present invention also provides a kind of browsers, which is characterized in that the browser includes
Signature and encipheror, the signature and encipheror execute on the browser and realize browser file as described above
The step of unified signature and/or encryption method.
In addition, to achieve the above object, unify signature and encrypting module the present invention also provides a kind of browser file,
It is characterized in that, described device includes: memory, processor and is stored on the memory and can run on the processor
Signature and encipheror, the signature and encipheror realize browser file as described above when being executed by the processor
Unified signature and/or the step of encryption method.
In addition, to achieve the above object, the present invention also provides a kind of computer readable storage mediums, which is characterized in that institute
It states and is stored with signature and encipheror on computer readable storage medium, the signature and encipheror are real when being executed by processor
Now the step of unified signature and/or encryption method of browser file as described above.
The unified signature and/or encryption method of a kind of browser file that the embodiment of the present invention proposes, device, browser and
Computer readable storage medium, when detecting browser file to be released, by the browser Document encapsulation at multipurpose
Then the package file of the Internet mail extension format obtains publishing side private key and number by the certificate management module of publishing side
Certificate and/or subscription end digital certificate are finally demonstrate,proved according to the private key of the publishing side and digital certificate and/or subscription end number
Book is signed and/or is encrypted to the package file by public key cryptography standards.In this way, realizing through unified kind of signature
And/or encryption method is signed and/or is encrypted to browser file to be released, thus realize to browser file into
The unified signature of row and encryption, promote the purpose of the safety and reliability of information.
Detailed description of the invention
Fig. 1 is the terminal structure schematic diagram for the hardware running environment that the embodiment of the present invention is related to;
Fig. 2 is the unified signature of browser file of the present invention and/or the flow diagram of encryption method first embodiment;
Fig. 3 is the flow diagram for the refinement flow diagram that publishing side signs to browser file in the present invention;
Fig. 4 is the flow diagram that subscription end handles signature file in the present invention;
Fig. 5 is the flow diagram that publishing side encrypts the browser file signed in the present invention;
Fig. 6 is the flow diagram that publishing side encrypts the browser file unsigned in the present invention;
Fig. 7 is the flow diagram of subscription end processing encryption file in the present invention.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Specific embodiment
It should be appreciated that described herein, specific examples are only used to explain the present invention, is not intended to limit the present invention.
The primary solutions of the embodiment of the present invention are:
When detecting browser file to be released, the browser Document encapsulation is expanded at multipurpose internet mail
Open up the package file of format;
Publishing side private key and digital certificate and/or subscription end digital certificate are obtained by the certificate management module of publishing side;
According to the private key of the publishing side and digital certificate and/or subscription end digital certificate, pass through public key cryptography standards pair
The package file is signed and/or is encrypted.
The unified signature and/or encryption method for a kind of browser file that the embodiment of the present invention proposes, by MIME and
PKCS realizes unified signature and the encryption of browser file, thus information security and reliable when solving browser release information
The low technical problem of property.
As shown in Figure 1, Fig. 1 is the terminal structure schematic diagram for the hardware running environment that the embodiment of the present invention is related to.
The terminal of that embodiment of the invention can be PC machine and/or intelligent mobile terminal etc..
As shown in Figure 1, the terminal may include: processor 1001, such as CPU, and communication bus 1002, display 1003,
Network interface 1004, memory 1005.Wherein, communication bus 1002 is for realizing the connection communication between these components.Storage
Device 1005 can be high speed RAM memory, be also possible to stable memory (non-volatile memory), such as disk
Memory.Memory 1005 optionally can also be the storage device independently of aforementioned processor 1001.
Terminal as shown in Figure 1 can run the browser, when the browser is run on the terminal, Ke Yishi
The now unified signature and/or encryption method of browser file as described above.The browser both can be used as subscription end, can also
Using as publishing side.
It will be understood by those skilled in the art that the restriction of the not structure paired terminal of terminal structure shown in Fig. 1, can wrap
It includes than illustrating more or fewer components, perhaps combines certain components or different component layouts.
As shown in Figure 1, as may include operating system, net in a kind of memory 1005 of computer readable storage medium
Network communication module, Subscriber Interface Module SIM and signature and encipheror.
In terminal shown in Fig. 1, network interface 1004 is mainly used for connecting background server, carries out with background server
Data communication;User interface 1003 is mainly used for connecting client (user terminal), carries out data communication with client, and then realize
Pass through the purpose of client output data;And processor 1001 can be used for calling the signature stored in memory 1005 and encryption
Program, and execute following operation:
When detecting browser file to be released, by the browser Document encapsulation at the encapsulation text of preset format
Part;
Obtain publishing side private key and digital certificate and/or subscription end digital certificate;
According to the private key of the publishing side and digital certificate and/or the digital certificate of subscription end, by preset algorithm to institute
Package file is stated to be signed and/or encrypted.
Further, processor 1001 can call the signature and encipheror stored in memory 1005, also execute with
Lower operation:
The package file is encoded to the encoded file of preset structure;
It is inputted the encoded file, the private key of publishing side and digital certificate as the signature of the preset algorithm, it is raw
At signed data;
It is stabbed by third party's time-stamping service acquisition time;
The timestamp is added to the signed data, generates signature file.
Further, processor 1001 can call the signature and encipheror stored in memory 1005, also execute with
Lower operation:
When receiving the signature file, the signing messages of the signature file is obtained;
When the signing messages is not tampered with, pass through the preset algorithm parsing signature file;
The signing messages of signature file and the browser text to be released are obtained and exported according to parsing result
The original text of part, wherein the signing messages includes authentication rank, signature at least one of time and signing certificate.
Further, processor 1001 can call the signature and encipheror stored in memory 1005, also execute with
Lower operation:
Random key is generated, and passes through the random key encapsulation signature file;
The random key is encapsulated by the digital certificate of the subscription end;
The signature file that will be encapsulated by the random key, and the institute of the digital certificate encapsulation by the subscription end
It states random key and is encoded into encryption file.
Further, processor 1001 can call the signature and encipheror stored in memory 1005, also execute with
Lower operation:
The package file is encoded to the encoded file of the preset structure;
Random key is generated, and the encoded file is encapsulated by random key;
The random key is encapsulated by the digital certificate of the subscription end;
The coding file that will be encapsulated by the random key, and by described in the encapsulation of the digital certificate of the subscription end
Random key is encoded into encryption file.
Further, processor 1001 can call the signature and encipheror stored in memory 1005, also execute with
Lower operation:
When receiving the encryption file, the digital certificate of the subscription end is obtained, wherein the subscription end number is demonstrate,proved
School bag includes the private key of subscription end;
The encryption file is parsed according to the key of the subscription end private, obtains the random key;
The browser file to be released is parsed according to the random key.
Referring to Fig. 2, the unified signature and/or encryption method first embodiment of browser file of the present invention, the browser
The unification of file is signed and/or encryption method includes:
Step 100, when detecting browser file to be released, by the browser Document encapsulation at preset format
Package file;
In the present embodiment, it when browser receives the instruction of file publishing, is determined according to described instruction to be released
File, i.e., browser file to be released.It then is MIME (Multipurpose by the browser Document encapsulation
Internet Mail Extensions, multipurpose internet mail extension) format.
Specifically, the initial purpose of MIME is the multimedia number in order to add non-document file when sending Email
According to e-mail client software can be handled according to its type.MIME support active file type include: .gif,
.pdf .ppt .doc .js .zip .mp3 and .wav etc., therefore various types of files can be encapsulated by using MIME.
Wherein MIME TYPE (type) defines the type of Content-Type abundant (content type) for specified file, and
Supplement type can constantly be extended.In conjunction with Content-Disposition (capacity configuration) specified file treatment mechanism,
Content-Disposition is fixed to use attachment (attachment), and uses the original of the specified encapsulation of filename parameter
File (file i.e. to be processed) filename (such as: sample.txt), Content-Transfer-Encoding (compile by content transmission
Code) specified file transmission coding mode, (such as: base64), the MIME formatted file after encapsulation can be various applied fields
Scape provides the method for file type and document analysis, it is hereby achieved that original file.
For example, the file structure of MIME file is as follows:
MIME:
Content-Type:application/text
Content-Disposition:attachment;Filename=sample.txt
Content-Transfer-Encoding:base64
MIAGCSqGSIb3DQEHAqCAMIACA......
Step S200, publishing side private key and digital certificate and/or subscription end digital certificate are obtained;
In the present embodiment, the browser includes certificate library manager, and the browser is executing the certificate pipe
When managing program, local certificate can manually be imported by user with realizing, or the number of network storage is obtained by internet
The purpose of certificate.The local certificate manually imported and the digital certificate obtained by interconnection constitute the browser
Certificate repository.Publishing side private key and digital certificate can be obtained from the certificate repository.
The digital certificate of the subscriber can be obtained by certificate repository, wherein the data in the certificate repository may include
The data in the network credentials library (or cloud certificate repository) in cloud server are stored in, also may include that browser has been downloaded, simultaneously
Data in the local certificate repository of caching, i.e. browser can be supported simultaneously by clear when executing the certificate management programme
It lookes at the built-in certificate library of operating system where device or the certificate repository in External memory equipment obtains digital certificate and/or key.Its
In, the digital certificate of the subscriber is for encrypting.
Step S300, according to the private key of the publishing side and digital certificate and/or the digital certificate of subscription end, by pre-
Imputation method is signed and/or is encrypted to the package file.
In the present embodiment, the MIME formatted file that will first encapsulate passes through DER (Distinguished Encoding
Rules can distinguish coding rule) it is encoded to PKCS (Public-Key Cryptography Standards, public key encryption mark
Quasi- agreement) 7.ContentInfo structure encoded file.Wherein, the coding Document encapsulation is described to be released clear
Look at the data content (document content information of browser file i.e. to be released) of device file.
For example, the structure of ContentInfo may is that
ContentInfo::=SEQUENCE
ContentType ContentType,
content[0]EXPLICIT ANY DEFINED BY contentType OPTIONAL}
Then, the digital certificate and private key of publishing side, the digital certificate of subscription end are obtained by browser.It then can root
Signature operation is carried out to the encoded file according to the digital certificate and private key of the publishing side, generates signature file;It can also be with
Cryptographic operation is carried out to the encoded file according to the digital certificate of the subscription end, generates encryption file;It can also basis
The digital certificate of the subscription end carries out cryptographic operation to the signature file, generates encrypted signature file.
Specifically, the specific steps for carrying out signature operation to the encoded file may is that
Using the encoded file, the digital certificate of publishing side and certificate and private key as the input quantity of digital signature, generate
The signature file of public key cryptography standards signed data type;
It is stabbed by third party's time-stamping service acquisition time;
The timestamp is added to the signature file, generates signature file.
In addition, the specific steps for carrying out cryptographic operation to the encoded file may is that
Random key is generated, and the coding file is encapsulated by random key;
The random key is encapsulated by the digital certificate of the subscription end;
The coding file that will be encapsulated by the random key, and encapsulated by the digital certificate of the subscription end random
Key coding is at encryption file.
In addition, the step of carrying out cryptographic operation to the signature file can be:
Random key is generated, and passes through the random key encapsulation signature file;
The random key is encapsulated by the digital certificate of the subscription end;
The signature file that will be encapsulated by the random key, and by the digital certificate of the subscription end encapsulate with
Secret key is encoded into encryption file.
In the present embodiment, a kind of realize on a web browser is provided based on MIME and PKCS7 technology to carry out various files
Unified addition digital signature and the method encrypted, can not accomplish copyright protection when solving file publishing on internet and prevent
Only the problem of information leakage.It is signed by browser tune user key and digital certificate to clear text file to be released, uses number
It can prevent content from illegally being distorted and being encroached right in the file distribution to browser that word certificate signature is crossed, pass through browser number
Certificate carries out encryption publication to file, and only legitimate user could call user key to decrypt in encrypted by browser
Hold file.
Further, referring to Fig. 3, the unified signature and/or encryption method second embodiment of browser file of the present invention, base
In above-mentioned first embodiment, the step S300 includes:
Step S301, the package file is encoded to the encoded file of preset structure;
Step S302, using the encoded file, the private key of publishing side and digital certificate as the label of the preset algorithm
Name input, generates signed data;
Step S303, it is stabbed by third party's time-stamping service acquisition time;
Step S304, the timestamp is added to the signed data, generates signature file.
Specifically, the MIME formatted file that will first encapsulate, by DER (Distinguished Encoding Rules,
Can distinguish coding rule) it is encoded to PKCS (Public-Key Cryptography Standards, public key cryptography standards agreement)
The encoded file of 7.ContentInfo structure.Wherein, the coding Document encapsulation is the browser file to be released
Data content (document content information of browser file i.e. to be released).
For example, the structure of ContentInfo may is that
ContentInfo::=SEQUENCE
ContentType ContentType,
content[0]EXPLICIT ANY DEFINED BY contentType OPTIONAL}
Then, using the encoded file and the digital certificate of the publishing side as the input of PKCS digital signature program
Amount generates PKCS7.SignedData categorical data.Wherein, signature process be based on ContentInfo.content and
SignedData.authenticated attributes calculates abstract messageDigest according to signature rule, then uses
PrivateKey (passing through the private key of the CA publishing side obtained) calculates EncryptedDigest.And ContentInfo
With certificate Certificate, and EncryptedDigest and digest algorithm that calculating is got
DigestAlgorithmIdentifiers and other SignedData member's structures are assembled into SignedData signature jointly
Data.
Further, abstract hash is calculated to the EncryptedDigest, and according to RFC3161 timestamp standard, from
One timestamp of third party's trusted timestamp service acquisition.Wherein the timestamp be able to demonstrate that signature there are the times.Then
Time stamp data is attached in the SignedData, the signed data of having time stamp is constructed.
Further, by the band timestamp SignedData (i.e. with the signed data of timestamp) according to PKCS7 standard,
The PKCS7.ContentInfo of a signature is encoded to DER.Wherein SignedData is ContentInfo.content, and
ContentInfo.contentType uses signedData type (oid 1.2.840.113549.1.7.2).
This signature ContentInfo is encoded with DER finally and saves as disk file, the use of .p7m is suffix name guarantor
It deposits.The suffix is that .p7m file is exactly a signature file.
In the present embodiment, the purpose signed to browser file to be released is realized by PKCS7 technology, this
When sample is made in file distribution to browser, it can prevent content from illegally being distorted.
Further, referring to Fig. 4, the unified signature and/or encryption method 3rd embodiment of browser file of the present invention, base
After above-mentioned second embodiment, the step S300, further includes:
Step S400, when receiving the signature file, the signing messages of the signature file is obtained;
Step S500, when the signing messages is not tampered with, pass through the preset algorithm parsing signature file;
Step S600, the signing messages of signature file and described to be released is obtained and exported according to parsing result
Browser file original text, wherein the signing messages include authentication rank, signature the time and signing certificate in extremely
It is one few.
In the present embodiment, clear when user clicks file link by browser, or adds local file to browser
Device of looking at first judges the file link or whether local file is P7M file, the P7M file chain issued on WEB when the user clicks
It connects or user is when being locally dragged in or inputting a P7M file into browser.First determine whether it is signature file.Institute
State file be signature file when, first obtain its secret value EncryptedDigest, based on PM7 document text it is (i.e. described to be released
Browser file) the signing messages such as coding file ContentInfo, publishing side digital certificate and timestamp, and according to institute
It states signing messages and verifies whether the signature file is tampered.When the signature file is not tampered with, parsed by PKCS
The package file, and the browser file to be released is parsed by MIME.
Specifically, p7m DER code parsing, structure PKCS7.ContentInfo.It parses
ContentInfo.contentType determines current file for signature file if it is signedData type.
When determining the file for signature file, SignedData.contentInfo, signing certificate are parsed
The abstract secret value of Certificate, signature attribute authenticated attributes and signature
EncryptedDigest, and it is defined as parsing gained encryptedDigest.
Further, encryptedDigest is calculated according to endorsement method, is defined as calculating gained
EncryptedDigest, and obtained by encryptedDigest obtained by the parsing and the calculating
Whether encryptedDigest consistent, if unanimously, verify signature timestamp validity and verifying digital certificate whether by
It revokes, otherwise, it is determined that the signature file has been tampered.Wherein when verification time stamp validity, it can be determined that when parsing gained
Between stamp with calculate obtained by timestamp it is whether consistent, when consistent, the timestamp is effective, otherwise in vain.Have in the timestamp
Effect and the digital certificate are to determine that signature file is to be tampered when being revoked.
When the signature file is not tampered with, the certificate information of publishing side and the plaintext of the signature file are parsed
Information, and export the certificate information and the signature file.The parsing of certificate information can pass through
The parsing of X509.Certificate format.
In addition, specific step is as follows for the parsing of the cleartext information of the signature file:
Step 1: the content OCTECT parsed in verifying signature in SignedData.contentInfo
STRING is decoded as MIME file;
Step 2: the Content-Type of the mark file type in MIME is parsed, in conjunction with Content-
Attachment attachment and the filename parameter and Content-Transfer-Encoding of Disposition mark refer to
The coding for determining file transmission parses original file (cleartext information of the i.e. described signature file), using filename into
Row name saves (filename, that is, browser file to be released).In the present embodiment, it is detected in browser
When file, first judge whether the file is signature file, the file be signature file when, judge the file whether by
It distorts, when the signature file is not tampered with, parses the browser file to be released, file label can be passed through in this way
Name determines the ownership person of the file.
Finally, when browser resolves go out the cleartext information of signature file, the browser rendering text of having signed
Then the cleartext information and signing messages of part pass through display device the output cleartext information of signature file and the institute of terminal
State signing messages, in this way, allow user get information about current file copyright owner information.
It should be noted that the signing messages includes in authentication rank, signature time, timestamp and signing certificate
At least one.It may include the corresponding icon of the signing messages, the A.L.S. in the display interface of the signature file
Ceasing corresponding icon may include stamped signature icon, and to indicate whether current file has signed data, level of identity icon is used
To indicate that the different identity certification level of current file, identity describe icon, to show the name and certificate issuance of signer
Person's title, timestamp icon, for showing the time source etc. of the signature time.Wherein, the timestamp icon is for sentencing
Whether signature time of breaking is reliable, wherein the timestamp is third party's evidence, such as can be true according to RF3161 standard
It is fixed.
In the present embodiment, when receiving signature file, first the signature file is verified, then in the label
Name file is to parse when being tampered and export the signing certificate of signature file and original text in plain text, so that subscriber
The signing messages that present displayed content can be learned by output data improves the reliability of current output content.
Further, referring to Fig. 5, the unified signature and/or encryption method fourth embodiment of browser file of the present invention, base
After above-mentioned first to 3rd embodiment, the step S304, further includes:
Step S305, random key is generated, and passes through the random key encapsulation signature file;
Step S306, the random key is encapsulated by the digital certificate of the subscription end;
Step S307, the signature file that will be encapsulated by the random key, and demonstrate,proved by the number of the subscription end
The random key of book encapsulation is encoded into encryption file.
In the present embodiment, according to the digital certificate of subscription end, signature file is encrypted.The number card of subscription end
School bag contains public key and private key.Wherein public key can disclose, for encrypting file to specified encryption people, but private key only subscriber
Oneself uniquely possesses, for the file of encryption to be decrypted.
Specifically, since the signature file is PKCS7.ContentInfo data structure, so to signature file
When being encrypted, a random key key is first generated by system, then (is ordered when there are multiple using the public key certificate of subscription end
When readding end, multiple and different public key certificate is used), RecipientInfos is encapsulated as to random secret key key encryption.
Further, using random key key to the file to be processed for including in signature file
ContentInfo.content is encapsulated as the data of PKCS7.EncryptedContentInfo data type, this Encryp
TedContentInfo.contentType uses the ContentInfo.contentType of file to be processed, finally, again by institute
It states RecipientInfos and EncryptedContentInfo and is encoded to PKCS7.EnvelopedData data structure, generate
Encrypt file.
In the present embodiment, random key is encapsulated using subscription end public key, reuses random key package file content letter
Breath, ultimately produces encryption file, so that the safety is improved for file transmission.
Further, referring to Fig. 6, the unified signature and/or the 5th embodiment of encryption method of browser file of the present invention, base
In above-mentioned first to fourth embodiment, the step S300 includes:
Step 308, the encoded file that the package file is encoded to the preset structure;
Step 309 generates random key, and encapsulates the encoded file by random key;
Step 310 encapsulates the random key by the digital certificate of the subscription end;
Step 311, the coding file that will be encapsulated by the random key, and sealed by the digital certificate of the subscription end
The random key of dress is encoded into encryption file.
In the present embodiment, the package file is first encoded to the encoded file of PKCS content information structure, then
By the numeric word certificate of subscription end, signature file is encrypted.The digital certificate of subscription end includes public key and private key.Its
Middle public key can be disclosed to specified encryption people to encrypt file, but only recipient oneself uniquely possesses private key, for encryption
File be decrypted.
Specifically, a random key key is first generated by system, it is then (more when existing using the public key certificate of subscription end
When a subscription end, multiple and different public key certificate is used), RecipientInfos is encapsulated as to random secret key key encryption.
Further, using random key key to the file to be processed for including in encoded file
ContentInfo.content is encapsulated as the data of PKCS7.EncryptedContentInfo data type, the Encryp
TedContentInfo.contentType uses the ContentInfo.contentType of file to be processed, finally, again by institute
It states RecipientInfos and EncryptedContentInfo and is encoded to PKCS7.EnvelopedData data structure, generate
Encrypt file.
In the present embodiment, random key is encapsulated using subscription end public key, believed using random key package file content
Breath, ultimately produces encryption file, so that the safety is improved for file transmission.
Further, referring to Fig. 7, the unified signature and/or encryption method sixth embodiment of browser file of the present invention, base
After the above-mentioned first to the 5th embodiment, the step S300, further includes:
Step 700, when receiving the encryption file, the digital certificate of the subscription end is obtained, wherein the subscription
End digital certificate includes the private key of subscription end;
Step 800 parses the encryption file according to the key of the subscription end private, obtains the random key;
Step 900 parses the browser file to be released according to the random key.
In the present embodiment, when receiving file, first judge whether the file is encryption file, is encryption in file
When file, the private key of subscription end is obtained by the certificate management module, and parse in encryption file by the private key
Random key.Further, original document (browser file i.e. to be released) is parsed further according to the random key.
Specifically, when sewing the file for .p7m upon receipt, by file described in DER code parsing, when what is parsed
When ContentInfo.contentType is envelopedData type (oid 1.2.840.113549.1.7.2), determine
The file is encryption file.
Obtain subscription end private key, and by the private key of the subscription end decrypted from RecipientInfos described in
Machine code key key.Further, EnvelopedContentInfo.encryptConte is decrypted by the random secret key key
Nt, the result decrypted are exactly encrypted ContentInfo.content.
According to the EnvelopedContentInfo.contentType that decrypts of decrypted result judgement whether be
SignedData (oid 1.2.840.113549.1.7.2), if it is, obtain is a signed data for decryption, if
EnvelopedContentInfo.contentType is data type (oid 1.2.840.113549.1.7.1), then parses
The file to be processed out.
In addition, being shown in the display interface of the file when the file is encryption file and encrypting icon, described in expression
File is encryption file.
In the present embodiment, when receiving file, first judge whether the file is encryption file, is encryption in file
When file, the private key of subscription end is obtained, and the random key in encryption file is parsed by the private key.Further, then
Original document is parsed according to the random key, in this way, the purpose of parsing encryption file is realized, to improve information biography
Defeated safety.
In addition, the embodiment of the present invention also proposes a kind of browser, which is characterized in that the browser includes: signature and adds
Close program, the signature and encipheror realize the unified signature of browser file as described above when being executed by the processor
And/or the step of encryption method.
In addition, the embodiment of the present invention also proposes that a kind of unification of browser file is signed and/or encryption device, feature exist
In the unified signature and/or encryption device of the browser file include: browser, memory, processor and be stored in described
On memory and the signature and encipheror that can run on the processor, the signature and encipheror are by the processor
The step of unified signature and/or encryption method of browser file as described above are realized when execution.
In addition, the embodiment of the present invention also proposes a kind of computer readable storage medium, which is characterized in that the computer can
It reads to be stored with signature and encipheror on storage medium, the signature and encipheror are realized when being executed by processor as above real
The step of applying the unified signature and/or encryption method of browser file described in example.
It should be noted that, in this document, the terms "include", "comprise" or its any other variant are intended to non-row
His property includes, so that the process, method, article or the system that include a series of elements not only include those elements, and
And further include other elements that are not explicitly listed, or further include for this process, method, article or system institute it is intrinsic
Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including being somebody's turn to do
There is also other identical elements in the process, method of element, article or system.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side
Method can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but in many cases
The former is more preferably embodiment.Based on this understanding, technical solution of the present invention substantially in other words does the prior art
The part contributed out can be embodied in the form of software products, which is stored in one as described above
In computer readable storage medium (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that a terminal device (can
To be mobile phone, computer, server or the network equipment etc.) execute method described in each embodiment of the present invention.
The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair
Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills
Art field, is included within the scope of the present invention.
Claims (10)
1. the unified signature and/or encryption method of a kind of browser file, which is characterized in that the unified label of the browser file
Name and/or encryption method the following steps are included:
When detecting browser file to be released, by the browser Document encapsulation at the package file of preset format;
The private key and digital certificate and/or subscription end digital certificate of acquisition publishing side;
According to the private key of the publishing side and digital certificate and/or the digital certificate of subscription end, by preset algorithm to the envelope
Dress file is signed and/or is encrypted.
2. the unified signature and/or encryption method of browser file as described in claim 1, which is characterized in that the basis
The private key and digital certificate of the publishing side and/or the digital certificate of subscription end, by preset algorithm to the package file into
Row signs and/or includes: the step of encryption
The package file is encoded to the encoded file of preset structure;
It is inputted the encoded file, the private key of publishing side and digital certificate as the signature of the preset algorithm, generates label
Name data;
It is stabbed by third party's time-stamping service acquisition time;
The timestamp is added to the signed data, generates signature file.
3. the unified signature and/or encryption method of browser file as claimed in claim 2, which is characterized in that described default
Format includes multipurpose internet extension MIME format;The preset structure includes public key cryptography standards content information structure;Institute
Stating preset algorithm includes public key cryptography standards PKCS.
4. the unified signature and/or encryption method of browser file as claimed in claim 2, which is characterized in that the basis
The private key and digital certificate and/or subscription end digital certificate of the publishing side, are signed and/or are added to the package file
After close step, further includes:
When receiving the signature file, the signing messages of the signature file is obtained;
When the signing messages is not tampered with, pass through the preset algorithm parsing signature file;
The signing messages of signature file and the browser file to be released are obtained and exported according to parsing result
Original text, wherein the signing messages includes authentication rank, signature at least one of time and signing certificate.
5. the unified signature and/or encryption method of browser file as claimed in claim 2, which is characterized in that described by institute
After the step of stating timestamp and be added to the signed data, generating signature file, further includes:
Random key is generated, and passes through the random key encapsulation signature file;
The random key is encapsulated by the digital certificate of the subscription end;
The signature file that will be encapsulated by the random key, and by described in the encapsulation of the digital certificate of the subscription end with
Secret key is encoded into encryption file.
6. the unified signature and/or encryption method of browser file as described in claim 1, which is characterized in that the basis
The private key and digital certificate and/or subscription end digital certificate of the publishing side, by public key cryptography standards to the package file
It is signed and/or includes: the step of encryption
The package file is encoded to the encoded file of the preset structure;
Random key is generated, and the encoded file is encapsulated by random key;
The random key is encapsulated by the digital certificate of the subscription end;
The coding file that will be encapsulated by the random key, and encapsulated by the digital certificate of the subscription end described random
Key coding is at encryption file.
7. the unified signature and/or encryption method of the browser file as described in claim 5-6, which is characterized in that described
According to the private key and digital certificate and/or subscription end digital certificate of the publishing side, by public key cryptography standards to the encapsulation text
After the step of part is signed and/or is encrypted, further includes:
When receiving the encryption file, the digital certificate of the subscription end is obtained, wherein the subscription end digital certificate packet
Include the private key of subscription end;
The encryption file is parsed according to the key of the subscription end private, obtains the random key;
The browser file to be released is parsed according to the random key.
8. a kind of browser, which is characterized in that the browser includes: memory, processor and is stored on the memory
And the signature and encipheror that can be run on the processor, when the signature and encipheror are executed by the processor
The step of realizing the unified signature and/or encryption method of the browser file as described in any one of claims 1 to 7.
9. the unified signature and/or encryption device of a kind of browser file, which is characterized in that the unified label of the browser file
Name and/or encryption device include browser as claimed in claim 8.
10. a kind of computer readable storage medium, which is characterized in that be stored on the computer readable storage medium signature and
Encipheror, the signature and encipheror realize the browsing as described in any one of claims 1 to 7 when being executed by processor
The step of unified signature and/or encryption method of device file.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811016964.XA CN109150516A (en) | 2018-08-31 | 2018-08-31 | The signature and/or encryption method of browser file, device, browser and medium |
PCT/CN2018/104856 WO2020042217A1 (en) | 2018-08-31 | 2018-09-10 | Method and apparatus for signing and/or encrypting browser file, browser, and medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811016964.XA CN109150516A (en) | 2018-08-31 | 2018-08-31 | The signature and/or encryption method of browser file, device, browser and medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109150516A true CN109150516A (en) | 2019-01-04 |
Family
ID=64826223
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811016964.XA Pending CN109150516A (en) | 2018-08-31 | 2018-08-31 | The signature and/or encryption method of browser file, device, browser and medium |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN109150516A (en) |
WO (1) | WO2020042217A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113541973A (en) * | 2021-09-17 | 2021-10-22 | 杭州天谷信息科技有限公司 | Electronic signature packaging method |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101026674A (en) * | 2006-02-15 | 2007-08-29 | 佳能株式会社 | Communication apparatus and communication control method of the apparatus |
CN101742508A (en) * | 2009-12-21 | 2010-06-16 | 中兴通讯股份有限公司 | System and method for transmitting files between WAPI terminal and application server |
CN102164037A (en) * | 2011-03-31 | 2011-08-24 | 北京飞天诚信科技有限公司 | Digital signing system and method |
CN103124981A (en) * | 2010-07-08 | 2013-05-29 | 情报通信产业振兴院 | Electronic document distribution system and electronic document distribution method |
CN103580868A (en) * | 2013-08-29 | 2014-02-12 | 国家电网公司 | Secure transmission method of electronic official document secure transmission system |
CN105282143A (en) * | 2015-09-09 | 2016-01-27 | 民航局空管局技术中心 | Message access control method, device and system |
CN106452793A (en) * | 2016-11-21 | 2017-02-22 | 航天信息股份有限公司 | Method and system of electronic signature |
CN107346399A (en) * | 2017-06-14 | 2017-11-14 | 山东同智伟业软件股份有限公司 | Electronic signature method and system |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106330462A (en) * | 2016-09-05 | 2017-01-11 | 广东省电子商务认证有限公司 | PDF signature method and system capable of supporting multiple algorithms |
CN106789963B (en) * | 2016-12-02 | 2020-12-22 | 北京梆梆安全科技有限公司 | Asymmetric white-box password encryption method, device and equipment |
CN108173860A (en) * | 2017-12-29 | 2018-06-15 | 深圳市泛海三江科技发展有限公司 | A kind of MQTT connection methods, system, terminal and the server of low side constrained devices |
-
2018
- 2018-08-31 CN CN201811016964.XA patent/CN109150516A/en active Pending
- 2018-09-10 WO PCT/CN2018/104856 patent/WO2020042217A1/en active Application Filing
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101026674A (en) * | 2006-02-15 | 2007-08-29 | 佳能株式会社 | Communication apparatus and communication control method of the apparatus |
CN101742508A (en) * | 2009-12-21 | 2010-06-16 | 中兴通讯股份有限公司 | System and method for transmitting files between WAPI terminal and application server |
CN103124981A (en) * | 2010-07-08 | 2013-05-29 | 情报通信产业振兴院 | Electronic document distribution system and electronic document distribution method |
CN102164037A (en) * | 2011-03-31 | 2011-08-24 | 北京飞天诚信科技有限公司 | Digital signing system and method |
CN103580868A (en) * | 2013-08-29 | 2014-02-12 | 国家电网公司 | Secure transmission method of electronic official document secure transmission system |
CN105282143A (en) * | 2015-09-09 | 2016-01-27 | 民航局空管局技术中心 | Message access control method, device and system |
CN106452793A (en) * | 2016-11-21 | 2017-02-22 | 航天信息股份有限公司 | Method and system of electronic signature |
CN107346399A (en) * | 2017-06-14 | 2017-11-14 | 山东同智伟业软件股份有限公司 | Electronic signature method and system |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113541973A (en) * | 2021-09-17 | 2021-10-22 | 杭州天谷信息科技有限公司 | Electronic signature packaging method |
CN113541973B (en) * | 2021-09-17 | 2021-12-21 | 杭州天谷信息科技有限公司 | Electronic signature packaging method |
Also Published As
Publication number | Publication date |
---|---|
WO2020042217A1 (en) | 2020-03-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Zhang et al. | Deco: Liberating web data using decentralized oracles for tls | |
CN1522516B (en) | Secure header information for multi-content e-mail | |
US8799981B2 (en) | Privacy protection system | |
US20020184485A1 (en) | Method for electronic communication providing self-encrypting and self-verification capabilities | |
US20020044662A1 (en) | Service message management system and method | |
US20040003248A1 (en) | Protection of web pages using digital signatures | |
CN111241533A (en) | Block chain-based password management method and device and computer-readable storage medium | |
CN102024107A (en) | Application software control platform, developer terminal as well as application software distribution system and method | |
US20040078577A1 (en) | Method and apparatus for providing xml document encryption | |
WO2007106280A1 (en) | Generation of electronic signatures | |
US20100199099A1 (en) | User friendly Authentication and Login Method Using Multiple X509 Digital Certificates | |
Gruschka et al. | Server-side streaming processing of ws-security | |
Jøsang et al. | Security in mobile communications: challenges and opportunities | |
AU2004240278A1 (en) | Method and apparatus for creating and validating an encrypted digital receipt for third-party electronic commerce transactions | |
CN109150516A (en) | The signature and/or encryption method of browser file, device, browser and medium | |
CN113014394A (en) | Electronic data evidence storing method and system based on alliance chain | |
Gerić et al. | XML digital signature and its role in information system security | |
CN108989055A (en) | The signature and encryption method, device and storage medium of compatible files in different types | |
CN115022042A (en) | Compliance code verification method for protecting data privacy and computer readable medium | |
Komathy et al. | Security for XML messaging services—a component-based approach | |
Taft et al. | The application/pdf media type | |
CN106156625A (en) | The method of a kind of plug-in unit signature and electronic equipment | |
Rane et al. | Application-level and database security for e-commerce application | |
Chaudhary et al. | A security solution for the transmission of confidential data and efficient file authentication based on DES, AES, DSS and RSA | |
CN110490003B (en) | User trusted data generation method, user trusted data acquisition method, device and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20190711 Address after: 518000 Nanhai Avenue, Nanshan District, Shenzhen City, Guangdong Province, No. 1057 Science and Technology Building Phase II Building 502 Applicant after: WOTRUS CA Ltd. Address before: 518067 Shenzhen Nanshan District, Guangdong Province, China Merchants Street Science and Technology Building Phase II A Block 502 Applicant before: MIXIN TECHNOLOGY (SHENZHEN) Co.,Ltd. |
|
TA01 | Transfer of patent application right | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190104 |
|
RJ01 | Rejection of invention patent application after publication |