CN109150516A - The signature and/or encryption method of browser file, device, browser and medium - Google Patents

The signature and/or encryption method of browser file, device, browser and medium Download PDF

Info

Publication number
CN109150516A
CN109150516A CN201811016964.XA CN201811016964A CN109150516A CN 109150516 A CN109150516 A CN 109150516A CN 201811016964 A CN201811016964 A CN 201811016964A CN 109150516 A CN109150516 A CN 109150516A
Authority
CN
China
Prior art keywords
file
signature
browser
digital certificate
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811016964.XA
Other languages
Chinese (zh)
Inventor
王高华
苏志辉
唐占国
余鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wotrus Ca Ltd
Original Assignee
Smith Technology (shenzhen) Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Smith Technology (shenzhen) Co Ltd filed Critical Smith Technology (shenzhen) Co Ltd
Priority to CN201811016964.XA priority Critical patent/CN109150516A/en
Priority to PCT/CN2018/104856 priority patent/WO2020042217A1/en
Publication of CN109150516A publication Critical patent/CN109150516A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords

Abstract

The invention discloses the unified signatures and/or encryption method of a kind of browser file, comprising the following steps: when detecting browser file to be released, by the browser Document encapsulation at the package file of preset format;Obtain publishing side private key and digital certificate and/or subscription end digital certificate;According to the private key of the publishing side and digital certificate and/or the digital certificate of subscription end, the package file is signed and/or encrypted by preset algorithm.The invention also discloses a kind of browser, a kind of unified signature of browser file and encryption device and a kind of computer readable storage mediums.Browser provided by the invention includes encrypted signature interface, different types of Document encapsulation is MIME by encrypted signature interface by browser, then it reuses PKCS7 it is signed and/or is encrypted, it realizes and unified signature and/or encryption is directly carried out to file by browser, improve the reliability and safety of browser file.

Description

The signature and/or encryption method of browser file, device, browser and medium
Technical field
The present invention relates to the unified signature and/or encryption method of information security field more particularly to a kind of browser file, Device and computer readable storage medium.
Background technique
Signature (also known as public key digital signature, Electronic Signature) is a kind of similar common physical signature write on paper, but It is that the technology in public key encryption field has been used to realize, is a kind of method for the authentication information owner.Encryption is one kind to letter Breath is encrypted, and is allowed and is only possessed the digital technology that the talent for reading permission reads information.
With the development of internet technology, people's lives and network technology are closer and closer inseparable.Browser is interconnection Net transmits the main tool of the information such as various files, photo, audio and video.Conventionally, as internet has out Putting property, unsigned and encryption browser file are easy to be distorted or intercepted by third party user, lead to the peace of browser file Full property and reliability are lower.
Above content is only used to facilitate the understanding of the technical scheme, and is not represented and is recognized that above content is existing skill Art.
Summary of the invention
The main purpose of the present invention is to provide the unified signature and/or encryption method of a kind of browser file, device and Computer readable storage medium, it is intended to unified signature and/or encryption are carried out to browser file, promoted information safety and can By property.
To achieve the above object, the present invention provides the unified signature and/or encryption method of a kind of browser file, described clear It lookes at the unified signature of device file and/or encryption method includes the following steps:
When detecting browser file to be released, by the browser Document encapsulation at the encapsulation text of preset format Part;
Obtain publishing side private key and digital certificate and/or subscription end digital certificate;
According to the private key of the publishing side and digital certificate and/or the digital certificate of subscription end, by preset algorithm to institute Package file is stated to be signed and/or encrypted.
Preferably, described according to the private key and digital certificate of the publishing side and/or the digital certificate of subscription end, pass through The step of preset algorithm is signed and/or encrypted to the package file include:
The package file is encoded to the encoded file of preset structure;
It is inputted the encoded file, the private key of publishing side and digital certificate as the signature of the preset algorithm, it is raw At signed data;
It is stabbed by third party's time-stamping service acquisition time;
The timestamp is added to the signed data, generates signature file.
Preferably, the preset format includes multipurpose internet extension MIME format;The preset structure includes public key Encryption standard content information structure;The preset algorithm includes public key cryptography standards PKCS.
Preferably, the private key and digital certificate and/or subscription end digital certificate according to the publishing side, to the envelope After the step of dress file is signed and/or is encrypted, further includes:
When receiving the signature file, the signing messages of the signature file is obtained;
When the signing messages is not tampered with, pass through the preset algorithm parsing signature file;
The signing messages of signature file and the browser text to be released are obtained and exported according to parsing result The original text of part, wherein the signing messages includes authentication rank, signature at least one of time and signing certificate.
Preferably, after the described the step of timestamp is added to the signed data, generates signature file, also Include:
Random key is generated, and passes through the random key encapsulation signature file;
The random key is encapsulated by the digital certificate of the subscription end;
The signature file that will be encapsulated by the random key, and the institute of the digital certificate encapsulation by the subscription end It states random key and is encoded into encryption file.
Preferably, the private key and digital certificate and/or subscription end digital certificate according to the publishing side, passes through public key The step of encryption standard is signed and/or encrypted to the package file include:
The package file is encoded to the encoded file of the preset structure;
Random key is generated, and the encoded file is encapsulated by random key;
The random key is encapsulated by the digital certificate of the subscription end;
The coding file that will be encapsulated by the random key, and by described in the encapsulation of the digital certificate of the subscription end Random key is encoded into encryption file.
Preferably, the private key and digital certificate and/or subscription end digital certificate according to the publishing side, passes through public key After the step of encryption standard is signed and/or is encrypted to the package file, further includes:
When receiving the encryption file, the digital certificate of the subscription end is obtained, wherein the subscription end number is demonstrate,proved School bag includes the private key of subscription end;
The encryption file is parsed according to the key of the subscription end private, obtains the random key;
The browser file to be released is parsed according to the random key.
In addition, to achieve the above object, the present invention also provides a kind of browsers, which is characterized in that the browser includes Signature and encipheror, the signature and encipheror execute on the browser and realize browser file as described above The step of unified signature and/or encryption method.
In addition, to achieve the above object, unify signature and encrypting module the present invention also provides a kind of browser file, It is characterized in that, described device includes: memory, processor and is stored on the memory and can run on the processor Signature and encipheror, the signature and encipheror realize browser file as described above when being executed by the processor Unified signature and/or the step of encryption method.
In addition, to achieve the above object, the present invention also provides a kind of computer readable storage mediums, which is characterized in that institute It states and is stored with signature and encipheror on computer readable storage medium, the signature and encipheror are real when being executed by processor Now the step of unified signature and/or encryption method of browser file as described above.
The unified signature and/or encryption method of a kind of browser file that the embodiment of the present invention proposes, device, browser and Computer readable storage medium, when detecting browser file to be released, by the browser Document encapsulation at multipurpose Then the package file of the Internet mail extension format obtains publishing side private key and number by the certificate management module of publishing side Certificate and/or subscription end digital certificate are finally demonstrate,proved according to the private key of the publishing side and digital certificate and/or subscription end number Book is signed and/or is encrypted to the package file by public key cryptography standards.In this way, realizing through unified kind of signature And/or encryption method is signed and/or is encrypted to browser file to be released, thus realize to browser file into The unified signature of row and encryption, promote the purpose of the safety and reliability of information.
Detailed description of the invention
Fig. 1 is the terminal structure schematic diagram for the hardware running environment that the embodiment of the present invention is related to;
Fig. 2 is the unified signature of browser file of the present invention and/or the flow diagram of encryption method first embodiment;
Fig. 3 is the flow diagram for the refinement flow diagram that publishing side signs to browser file in the present invention;
Fig. 4 is the flow diagram that subscription end handles signature file in the present invention;
Fig. 5 is the flow diagram that publishing side encrypts the browser file signed in the present invention;
Fig. 6 is the flow diagram that publishing side encrypts the browser file unsigned in the present invention;
Fig. 7 is the flow diagram of subscription end processing encryption file in the present invention.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Specific embodiment
It should be appreciated that described herein, specific examples are only used to explain the present invention, is not intended to limit the present invention.
The primary solutions of the embodiment of the present invention are:
When detecting browser file to be released, the browser Document encapsulation is expanded at multipurpose internet mail Open up the package file of format;
Publishing side private key and digital certificate and/or subscription end digital certificate are obtained by the certificate management module of publishing side;
According to the private key of the publishing side and digital certificate and/or subscription end digital certificate, pass through public key cryptography standards pair The package file is signed and/or is encrypted.
The unified signature and/or encryption method for a kind of browser file that the embodiment of the present invention proposes, by MIME and PKCS realizes unified signature and the encryption of browser file, thus information security and reliable when solving browser release information The low technical problem of property.
As shown in Figure 1, Fig. 1 is the terminal structure schematic diagram for the hardware running environment that the embodiment of the present invention is related to.
The terminal of that embodiment of the invention can be PC machine and/or intelligent mobile terminal etc..
As shown in Figure 1, the terminal may include: processor 1001, such as CPU, and communication bus 1002, display 1003, Network interface 1004, memory 1005.Wherein, communication bus 1002 is for realizing the connection communication between these components.Storage Device 1005 can be high speed RAM memory, be also possible to stable memory (non-volatile memory), such as disk Memory.Memory 1005 optionally can also be the storage device independently of aforementioned processor 1001.
Terminal as shown in Figure 1 can run the browser, when the browser is run on the terminal, Ke Yishi The now unified signature and/or encryption method of browser file as described above.The browser both can be used as subscription end, can also Using as publishing side.
It will be understood by those skilled in the art that the restriction of the not structure paired terminal of terminal structure shown in Fig. 1, can wrap It includes than illustrating more or fewer components, perhaps combines certain components or different component layouts.
As shown in Figure 1, as may include operating system, net in a kind of memory 1005 of computer readable storage medium Network communication module, Subscriber Interface Module SIM and signature and encipheror.
In terminal shown in Fig. 1, network interface 1004 is mainly used for connecting background server, carries out with background server Data communication;User interface 1003 is mainly used for connecting client (user terminal), carries out data communication with client, and then realize Pass through the purpose of client output data;And processor 1001 can be used for calling the signature stored in memory 1005 and encryption Program, and execute following operation:
When detecting browser file to be released, by the browser Document encapsulation at the encapsulation text of preset format Part;
Obtain publishing side private key and digital certificate and/or subscription end digital certificate;
According to the private key of the publishing side and digital certificate and/or the digital certificate of subscription end, by preset algorithm to institute Package file is stated to be signed and/or encrypted.
Further, processor 1001 can call the signature and encipheror stored in memory 1005, also execute with Lower operation:
The package file is encoded to the encoded file of preset structure;
It is inputted the encoded file, the private key of publishing side and digital certificate as the signature of the preset algorithm, it is raw At signed data;
It is stabbed by third party's time-stamping service acquisition time;
The timestamp is added to the signed data, generates signature file.
Further, processor 1001 can call the signature and encipheror stored in memory 1005, also execute with Lower operation:
When receiving the signature file, the signing messages of the signature file is obtained;
When the signing messages is not tampered with, pass through the preset algorithm parsing signature file;
The signing messages of signature file and the browser text to be released are obtained and exported according to parsing result The original text of part, wherein the signing messages includes authentication rank, signature at least one of time and signing certificate.
Further, processor 1001 can call the signature and encipheror stored in memory 1005, also execute with Lower operation:
Random key is generated, and passes through the random key encapsulation signature file;
The random key is encapsulated by the digital certificate of the subscription end;
The signature file that will be encapsulated by the random key, and the institute of the digital certificate encapsulation by the subscription end It states random key and is encoded into encryption file.
Further, processor 1001 can call the signature and encipheror stored in memory 1005, also execute with Lower operation:
The package file is encoded to the encoded file of the preset structure;
Random key is generated, and the encoded file is encapsulated by random key;
The random key is encapsulated by the digital certificate of the subscription end;
The coding file that will be encapsulated by the random key, and by described in the encapsulation of the digital certificate of the subscription end Random key is encoded into encryption file.
Further, processor 1001 can call the signature and encipheror stored in memory 1005, also execute with Lower operation:
When receiving the encryption file, the digital certificate of the subscription end is obtained, wherein the subscription end number is demonstrate,proved School bag includes the private key of subscription end;
The encryption file is parsed according to the key of the subscription end private, obtains the random key;
The browser file to be released is parsed according to the random key.
Referring to Fig. 2, the unified signature and/or encryption method first embodiment of browser file of the present invention, the browser The unification of file is signed and/or encryption method includes:
Step 100, when detecting browser file to be released, by the browser Document encapsulation at preset format Package file;
In the present embodiment, it when browser receives the instruction of file publishing, is determined according to described instruction to be released File, i.e., browser file to be released.It then is MIME (Multipurpose by the browser Document encapsulation Internet Mail Extensions, multipurpose internet mail extension) format.
Specifically, the initial purpose of MIME is the multimedia number in order to add non-document file when sending Email According to e-mail client software can be handled according to its type.MIME support active file type include: .gif, .pdf .ppt .doc .js .zip .mp3 and .wav etc., therefore various types of files can be encapsulated by using MIME. Wherein MIME TYPE (type) defines the type of Content-Type abundant (content type) for specified file, and Supplement type can constantly be extended.In conjunction with Content-Disposition (capacity configuration) specified file treatment mechanism, Content-Disposition is fixed to use attachment (attachment), and uses the original of the specified encapsulation of filename parameter File (file i.e. to be processed) filename (such as: sample.txt), Content-Transfer-Encoding (compile by content transmission Code) specified file transmission coding mode, (such as: base64), the MIME formatted file after encapsulation can be various applied fields Scape provides the method for file type and document analysis, it is hereby achieved that original file.
For example, the file structure of MIME file is as follows:
MIME:
Content-Type:application/text
Content-Disposition:attachment;Filename=sample.txt
Content-Transfer-Encoding:base64
MIAGCSqGSIb3DQEHAqCAMIACA......
Step S200, publishing side private key and digital certificate and/or subscription end digital certificate are obtained;
In the present embodiment, the browser includes certificate library manager, and the browser is executing the certificate pipe When managing program, local certificate can manually be imported by user with realizing, or the number of network storage is obtained by internet The purpose of certificate.The local certificate manually imported and the digital certificate obtained by interconnection constitute the browser Certificate repository.Publishing side private key and digital certificate can be obtained from the certificate repository.
The digital certificate of the subscriber can be obtained by certificate repository, wherein the data in the certificate repository may include The data in the network credentials library (or cloud certificate repository) in cloud server are stored in, also may include that browser has been downloaded, simultaneously Data in the local certificate repository of caching, i.e. browser can be supported simultaneously by clear when executing the certificate management programme It lookes at the built-in certificate library of operating system where device or the certificate repository in External memory equipment obtains digital certificate and/or key.Its In, the digital certificate of the subscriber is for encrypting.
Step S300, according to the private key of the publishing side and digital certificate and/or the digital certificate of subscription end, by pre- Imputation method is signed and/or is encrypted to the package file.
In the present embodiment, the MIME formatted file that will first encapsulate passes through DER (Distinguished Encoding Rules can distinguish coding rule) it is encoded to PKCS (Public-Key Cryptography Standards, public key encryption mark Quasi- agreement) 7.ContentInfo structure encoded file.Wherein, the coding Document encapsulation is described to be released clear Look at the data content (document content information of browser file i.e. to be released) of device file.
For example, the structure of ContentInfo may is that
ContentInfo::=SEQUENCE
ContentType ContentType,
content[0]EXPLICIT ANY DEFINED BY contentType OPTIONAL}
Then, the digital certificate and private key of publishing side, the digital certificate of subscription end are obtained by browser.It then can root Signature operation is carried out to the encoded file according to the digital certificate and private key of the publishing side, generates signature file;It can also be with Cryptographic operation is carried out to the encoded file according to the digital certificate of the subscription end, generates encryption file;It can also basis The digital certificate of the subscription end carries out cryptographic operation to the signature file, generates encrypted signature file.
Specifically, the specific steps for carrying out signature operation to the encoded file may is that
Using the encoded file, the digital certificate of publishing side and certificate and private key as the input quantity of digital signature, generate The signature file of public key cryptography standards signed data type;
It is stabbed by third party's time-stamping service acquisition time;
The timestamp is added to the signature file, generates signature file.
In addition, the specific steps for carrying out cryptographic operation to the encoded file may is that
Random key is generated, and the coding file is encapsulated by random key;
The random key is encapsulated by the digital certificate of the subscription end;
The coding file that will be encapsulated by the random key, and encapsulated by the digital certificate of the subscription end random Key coding is at encryption file.
In addition, the step of carrying out cryptographic operation to the signature file can be:
Random key is generated, and passes through the random key encapsulation signature file;
The random key is encapsulated by the digital certificate of the subscription end;
The signature file that will be encapsulated by the random key, and by the digital certificate of the subscription end encapsulate with Secret key is encoded into encryption file.
In the present embodiment, a kind of realize on a web browser is provided based on MIME and PKCS7 technology to carry out various files Unified addition digital signature and the method encrypted, can not accomplish copyright protection when solving file publishing on internet and prevent Only the problem of information leakage.It is signed by browser tune user key and digital certificate to clear text file to be released, uses number It can prevent content from illegally being distorted and being encroached right in the file distribution to browser that word certificate signature is crossed, pass through browser number Certificate carries out encryption publication to file, and only legitimate user could call user key to decrypt in encrypted by browser Hold file.
Further, referring to Fig. 3, the unified signature and/or encryption method second embodiment of browser file of the present invention, base In above-mentioned first embodiment, the step S300 includes:
Step S301, the package file is encoded to the encoded file of preset structure;
Step S302, using the encoded file, the private key of publishing side and digital certificate as the label of the preset algorithm Name input, generates signed data;
Step S303, it is stabbed by third party's time-stamping service acquisition time;
Step S304, the timestamp is added to the signed data, generates signature file.
Specifically, the MIME formatted file that will first encapsulate, by DER (Distinguished Encoding Rules, Can distinguish coding rule) it is encoded to PKCS (Public-Key Cryptography Standards, public key cryptography standards agreement) The encoded file of 7.ContentInfo structure.Wherein, the coding Document encapsulation is the browser file to be released Data content (document content information of browser file i.e. to be released).
For example, the structure of ContentInfo may is that
ContentInfo::=SEQUENCE
ContentType ContentType,
content[0]EXPLICIT ANY DEFINED BY contentType OPTIONAL}
Then, using the encoded file and the digital certificate of the publishing side as the input of PKCS digital signature program Amount generates PKCS7.SignedData categorical data.Wherein, signature process be based on ContentInfo.content and SignedData.authenticated attributes calculates abstract messageDigest according to signature rule, then uses PrivateKey (passing through the private key of the CA publishing side obtained) calculates EncryptedDigest.And ContentInfo With certificate Certificate, and EncryptedDigest and digest algorithm that calculating is got DigestAlgorithmIdentifiers and other SignedData member's structures are assembled into SignedData signature jointly Data.
Further, abstract hash is calculated to the EncryptedDigest, and according to RFC3161 timestamp standard, from One timestamp of third party's trusted timestamp service acquisition.Wherein the timestamp be able to demonstrate that signature there are the times.Then Time stamp data is attached in the SignedData, the signed data of having time stamp is constructed.
Further, by the band timestamp SignedData (i.e. with the signed data of timestamp) according to PKCS7 standard, The PKCS7.ContentInfo of a signature is encoded to DER.Wherein SignedData is ContentInfo.content, and ContentInfo.contentType uses signedData type (oid 1.2.840.113549.1.7.2).
This signature ContentInfo is encoded with DER finally and saves as disk file, the use of .p7m is suffix name guarantor It deposits.The suffix is that .p7m file is exactly a signature file.
In the present embodiment, the purpose signed to browser file to be released is realized by PKCS7 technology, this When sample is made in file distribution to browser, it can prevent content from illegally being distorted.
Further, referring to Fig. 4, the unified signature and/or encryption method 3rd embodiment of browser file of the present invention, base After above-mentioned second embodiment, the step S300, further includes:
Step S400, when receiving the signature file, the signing messages of the signature file is obtained;
Step S500, when the signing messages is not tampered with, pass through the preset algorithm parsing signature file;
Step S600, the signing messages of signature file and described to be released is obtained and exported according to parsing result Browser file original text, wherein the signing messages include authentication rank, signature the time and signing certificate in extremely It is one few.
In the present embodiment, clear when user clicks file link by browser, or adds local file to browser Device of looking at first judges the file link or whether local file is P7M file, the P7M file chain issued on WEB when the user clicks It connects or user is when being locally dragged in or inputting a P7M file into browser.First determine whether it is signature file.Institute State file be signature file when, first obtain its secret value EncryptedDigest, based on PM7 document text it is (i.e. described to be released Browser file) the signing messages such as coding file ContentInfo, publishing side digital certificate and timestamp, and according to institute It states signing messages and verifies whether the signature file is tampered.When the signature file is not tampered with, parsed by PKCS The package file, and the browser file to be released is parsed by MIME.
Specifically, p7m DER code parsing, structure PKCS7.ContentInfo.It parses ContentInfo.contentType determines current file for signature file if it is signedData type.
When determining the file for signature file, SignedData.contentInfo, signing certificate are parsed The abstract secret value of Certificate, signature attribute authenticated attributes and signature EncryptedDigest, and it is defined as parsing gained encryptedDigest.
Further, encryptedDigest is calculated according to endorsement method, is defined as calculating gained EncryptedDigest, and obtained by encryptedDigest obtained by the parsing and the calculating Whether encryptedDigest consistent, if unanimously, verify signature timestamp validity and verifying digital certificate whether by It revokes, otherwise, it is determined that the signature file has been tampered.Wherein when verification time stamp validity, it can be determined that when parsing gained Between stamp with calculate obtained by timestamp it is whether consistent, when consistent, the timestamp is effective, otherwise in vain.Have in the timestamp Effect and the digital certificate are to determine that signature file is to be tampered when being revoked.
When the signature file is not tampered with, the certificate information of publishing side and the plaintext of the signature file are parsed Information, and export the certificate information and the signature file.The parsing of certificate information can pass through The parsing of X509.Certificate format.
In addition, specific step is as follows for the parsing of the cleartext information of the signature file:
Step 1: the content OCTECT parsed in verifying signature in SignedData.contentInfo STRING is decoded as MIME file;
Step 2: the Content-Type of the mark file type in MIME is parsed, in conjunction with Content- Attachment attachment and the filename parameter and Content-Transfer-Encoding of Disposition mark refer to The coding for determining file transmission parses original file (cleartext information of the i.e. described signature file), using filename into Row name saves (filename, that is, browser file to be released).In the present embodiment, it is detected in browser When file, first judge whether the file is signature file, the file be signature file when, judge the file whether by It distorts, when the signature file is not tampered with, parses the browser file to be released, file label can be passed through in this way Name determines the ownership person of the file.
Finally, when browser resolves go out the cleartext information of signature file, the browser rendering text of having signed Then the cleartext information and signing messages of part pass through display device the output cleartext information of signature file and the institute of terminal State signing messages, in this way, allow user get information about current file copyright owner information.
It should be noted that the signing messages includes in authentication rank, signature time, timestamp and signing certificate At least one.It may include the corresponding icon of the signing messages, the A.L.S. in the display interface of the signature file Ceasing corresponding icon may include stamped signature icon, and to indicate whether current file has signed data, level of identity icon is used To indicate that the different identity certification level of current file, identity describe icon, to show the name and certificate issuance of signer Person's title, timestamp icon, for showing the time source etc. of the signature time.Wherein, the timestamp icon is for sentencing Whether signature time of breaking is reliable, wherein the timestamp is third party's evidence, such as can be true according to RF3161 standard It is fixed.
In the present embodiment, when receiving signature file, first the signature file is verified, then in the label Name file is to parse when being tampered and export the signing certificate of signature file and original text in plain text, so that subscriber The signing messages that present displayed content can be learned by output data improves the reliability of current output content.
Further, referring to Fig. 5, the unified signature and/or encryption method fourth embodiment of browser file of the present invention, base After above-mentioned first to 3rd embodiment, the step S304, further includes:
Step S305, random key is generated, and passes through the random key encapsulation signature file;
Step S306, the random key is encapsulated by the digital certificate of the subscription end;
Step S307, the signature file that will be encapsulated by the random key, and demonstrate,proved by the number of the subscription end The random key of book encapsulation is encoded into encryption file.
In the present embodiment, according to the digital certificate of subscription end, signature file is encrypted.The number card of subscription end School bag contains public key and private key.Wherein public key can disclose, for encrypting file to specified encryption people, but private key only subscriber Oneself uniquely possesses, for the file of encryption to be decrypted.
Specifically, since the signature file is PKCS7.ContentInfo data structure, so to signature file When being encrypted, a random key key is first generated by system, then (is ordered when there are multiple using the public key certificate of subscription end When readding end, multiple and different public key certificate is used), RecipientInfos is encapsulated as to random secret key key encryption.
Further, using random key key to the file to be processed for including in signature file ContentInfo.content is encapsulated as the data of PKCS7.EncryptedContentInfo data type, this Encryp TedContentInfo.contentType uses the ContentInfo.contentType of file to be processed, finally, again by institute It states RecipientInfos and EncryptedContentInfo and is encoded to PKCS7.EnvelopedData data structure, generate Encrypt file.
In the present embodiment, random key is encapsulated using subscription end public key, reuses random key package file content letter Breath, ultimately produces encryption file, so that the safety is improved for file transmission.
Further, referring to Fig. 6, the unified signature and/or the 5th embodiment of encryption method of browser file of the present invention, base In above-mentioned first to fourth embodiment, the step S300 includes:
Step 308, the encoded file that the package file is encoded to the preset structure;
Step 309 generates random key, and encapsulates the encoded file by random key;
Step 310 encapsulates the random key by the digital certificate of the subscription end;
Step 311, the coding file that will be encapsulated by the random key, and sealed by the digital certificate of the subscription end The random key of dress is encoded into encryption file.
In the present embodiment, the package file is first encoded to the encoded file of PKCS content information structure, then By the numeric word certificate of subscription end, signature file is encrypted.The digital certificate of subscription end includes public key and private key.Its Middle public key can be disclosed to specified encryption people to encrypt file, but only recipient oneself uniquely possesses private key, for encryption File be decrypted.
Specifically, a random key key is first generated by system, it is then (more when existing using the public key certificate of subscription end When a subscription end, multiple and different public key certificate is used), RecipientInfos is encapsulated as to random secret key key encryption.
Further, using random key key to the file to be processed for including in encoded file ContentInfo.content is encapsulated as the data of PKCS7.EncryptedContentInfo data type, the Encryp TedContentInfo.contentType uses the ContentInfo.contentType of file to be processed, finally, again by institute It states RecipientInfos and EncryptedContentInfo and is encoded to PKCS7.EnvelopedData data structure, generate Encrypt file.
In the present embodiment, random key is encapsulated using subscription end public key, believed using random key package file content Breath, ultimately produces encryption file, so that the safety is improved for file transmission.
Further, referring to Fig. 7, the unified signature and/or encryption method sixth embodiment of browser file of the present invention, base After the above-mentioned first to the 5th embodiment, the step S300, further includes:
Step 700, when receiving the encryption file, the digital certificate of the subscription end is obtained, wherein the subscription End digital certificate includes the private key of subscription end;
Step 800 parses the encryption file according to the key of the subscription end private, obtains the random key;
Step 900 parses the browser file to be released according to the random key.
In the present embodiment, when receiving file, first judge whether the file is encryption file, is encryption in file When file, the private key of subscription end is obtained by the certificate management module, and parse in encryption file by the private key Random key.Further, original document (browser file i.e. to be released) is parsed further according to the random key.
Specifically, when sewing the file for .p7m upon receipt, by file described in DER code parsing, when what is parsed When ContentInfo.contentType is envelopedData type (oid 1.2.840.113549.1.7.2), determine The file is encryption file.
Obtain subscription end private key, and by the private key of the subscription end decrypted from RecipientInfos described in Machine code key key.Further, EnvelopedContentInfo.encryptConte is decrypted by the random secret key key Nt, the result decrypted are exactly encrypted ContentInfo.content.
According to the EnvelopedContentInfo.contentType that decrypts of decrypted result judgement whether be SignedData (oid 1.2.840.113549.1.7.2), if it is, obtain is a signed data for decryption, if EnvelopedContentInfo.contentType is data type (oid 1.2.840.113549.1.7.1), then parses The file to be processed out.
In addition, being shown in the display interface of the file when the file is encryption file and encrypting icon, described in expression File is encryption file.
In the present embodiment, when receiving file, first judge whether the file is encryption file, is encryption in file When file, the private key of subscription end is obtained, and the random key in encryption file is parsed by the private key.Further, then Original document is parsed according to the random key, in this way, the purpose of parsing encryption file is realized, to improve information biography Defeated safety.
In addition, the embodiment of the present invention also proposes a kind of browser, which is characterized in that the browser includes: signature and adds Close program, the signature and encipheror realize the unified signature of browser file as described above when being executed by the processor And/or the step of encryption method.
In addition, the embodiment of the present invention also proposes that a kind of unification of browser file is signed and/or encryption device, feature exist In the unified signature and/or encryption device of the browser file include: browser, memory, processor and be stored in described On memory and the signature and encipheror that can run on the processor, the signature and encipheror are by the processor The step of unified signature and/or encryption method of browser file as described above are realized when execution.
In addition, the embodiment of the present invention also proposes a kind of computer readable storage medium, which is characterized in that the computer can It reads to be stored with signature and encipheror on storage medium, the signature and encipheror are realized when being executed by processor as above real The step of applying the unified signature and/or encryption method of browser file described in example.
It should be noted that, in this document, the terms "include", "comprise" or its any other variant are intended to non-row His property includes, so that the process, method, article or the system that include a series of elements not only include those elements, and And further include other elements that are not explicitly listed, or further include for this process, method, article or system institute it is intrinsic Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including being somebody's turn to do There is also other identical elements in the process, method of element, article or system.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side Method can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but in many cases The former is more preferably embodiment.Based on this understanding, technical solution of the present invention substantially in other words does the prior art The part contributed out can be embodied in the form of software products, which is stored in one as described above In computer readable storage medium (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that a terminal device (can To be mobile phone, computer, server or the network equipment etc.) execute method described in each embodiment of the present invention.
The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills Art field, is included within the scope of the present invention.

Claims (10)

1. the unified signature and/or encryption method of a kind of browser file, which is characterized in that the unified label of the browser file Name and/or encryption method the following steps are included:
When detecting browser file to be released, by the browser Document encapsulation at the package file of preset format;
The private key and digital certificate and/or subscription end digital certificate of acquisition publishing side;
According to the private key of the publishing side and digital certificate and/or the digital certificate of subscription end, by preset algorithm to the envelope Dress file is signed and/or is encrypted.
2. the unified signature and/or encryption method of browser file as described in claim 1, which is characterized in that the basis The private key and digital certificate of the publishing side and/or the digital certificate of subscription end, by preset algorithm to the package file into Row signs and/or includes: the step of encryption
The package file is encoded to the encoded file of preset structure;
It is inputted the encoded file, the private key of publishing side and digital certificate as the signature of the preset algorithm, generates label Name data;
It is stabbed by third party's time-stamping service acquisition time;
The timestamp is added to the signed data, generates signature file.
3. the unified signature and/or encryption method of browser file as claimed in claim 2, which is characterized in that described default Format includes multipurpose internet extension MIME format;The preset structure includes public key cryptography standards content information structure;Institute Stating preset algorithm includes public key cryptography standards PKCS.
4. the unified signature and/or encryption method of browser file as claimed in claim 2, which is characterized in that the basis The private key and digital certificate and/or subscription end digital certificate of the publishing side, are signed and/or are added to the package file After close step, further includes:
When receiving the signature file, the signing messages of the signature file is obtained;
When the signing messages is not tampered with, pass through the preset algorithm parsing signature file;
The signing messages of signature file and the browser file to be released are obtained and exported according to parsing result Original text, wherein the signing messages includes authentication rank, signature at least one of time and signing certificate.
5. the unified signature and/or encryption method of browser file as claimed in claim 2, which is characterized in that described by institute After the step of stating timestamp and be added to the signed data, generating signature file, further includes:
Random key is generated, and passes through the random key encapsulation signature file;
The random key is encapsulated by the digital certificate of the subscription end;
The signature file that will be encapsulated by the random key, and by described in the encapsulation of the digital certificate of the subscription end with Secret key is encoded into encryption file.
6. the unified signature and/or encryption method of browser file as described in claim 1, which is characterized in that the basis The private key and digital certificate and/or subscription end digital certificate of the publishing side, by public key cryptography standards to the package file It is signed and/or includes: the step of encryption
The package file is encoded to the encoded file of the preset structure;
Random key is generated, and the encoded file is encapsulated by random key;
The random key is encapsulated by the digital certificate of the subscription end;
The coding file that will be encapsulated by the random key, and encapsulated by the digital certificate of the subscription end described random Key coding is at encryption file.
7. the unified signature and/or encryption method of the browser file as described in claim 5-6, which is characterized in that described According to the private key and digital certificate and/or subscription end digital certificate of the publishing side, by public key cryptography standards to the encapsulation text After the step of part is signed and/or is encrypted, further includes:
When receiving the encryption file, the digital certificate of the subscription end is obtained, wherein the subscription end digital certificate packet Include the private key of subscription end;
The encryption file is parsed according to the key of the subscription end private, obtains the random key;
The browser file to be released is parsed according to the random key.
8. a kind of browser, which is characterized in that the browser includes: memory, processor and is stored on the memory And the signature and encipheror that can be run on the processor, when the signature and encipheror are executed by the processor The step of realizing the unified signature and/or encryption method of the browser file as described in any one of claims 1 to 7.
9. the unified signature and/or encryption device of a kind of browser file, which is characterized in that the unified label of the browser file Name and/or encryption device include browser as claimed in claim 8.
10. a kind of computer readable storage medium, which is characterized in that be stored on the computer readable storage medium signature and Encipheror, the signature and encipheror realize the browsing as described in any one of claims 1 to 7 when being executed by processor The step of unified signature and/or encryption method of device file.
CN201811016964.XA 2018-08-31 2018-08-31 The signature and/or encryption method of browser file, device, browser and medium Pending CN109150516A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201811016964.XA CN109150516A (en) 2018-08-31 2018-08-31 The signature and/or encryption method of browser file, device, browser and medium
PCT/CN2018/104856 WO2020042217A1 (en) 2018-08-31 2018-09-10 Method and apparatus for signing and/or encrypting browser file, browser, and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811016964.XA CN109150516A (en) 2018-08-31 2018-08-31 The signature and/or encryption method of browser file, device, browser and medium

Publications (1)

Publication Number Publication Date
CN109150516A true CN109150516A (en) 2019-01-04

Family

ID=64826223

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811016964.XA Pending CN109150516A (en) 2018-08-31 2018-08-31 The signature and/or encryption method of browser file, device, browser and medium

Country Status (2)

Country Link
CN (1) CN109150516A (en)
WO (1) WO2020042217A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113541973A (en) * 2021-09-17 2021-10-22 杭州天谷信息科技有限公司 Electronic signature packaging method

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101026674A (en) * 2006-02-15 2007-08-29 佳能株式会社 Communication apparatus and communication control method of the apparatus
CN101742508A (en) * 2009-12-21 2010-06-16 中兴通讯股份有限公司 System and method for transmitting files between WAPI terminal and application server
CN102164037A (en) * 2011-03-31 2011-08-24 北京飞天诚信科技有限公司 Digital signing system and method
CN103124981A (en) * 2010-07-08 2013-05-29 情报通信产业振兴院 Electronic document distribution system and electronic document distribution method
CN103580868A (en) * 2013-08-29 2014-02-12 国家电网公司 Secure transmission method of electronic official document secure transmission system
CN105282143A (en) * 2015-09-09 2016-01-27 民航局空管局技术中心 Message access control method, device and system
CN106452793A (en) * 2016-11-21 2017-02-22 航天信息股份有限公司 Method and system of electronic signature
CN107346399A (en) * 2017-06-14 2017-11-14 山东同智伟业软件股份有限公司 Electronic signature method and system

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106330462A (en) * 2016-09-05 2017-01-11 广东省电子商务认证有限公司 PDF signature method and system capable of supporting multiple algorithms
CN106789963B (en) * 2016-12-02 2020-12-22 北京梆梆安全科技有限公司 Asymmetric white-box password encryption method, device and equipment
CN108173860A (en) * 2017-12-29 2018-06-15 深圳市泛海三江科技发展有限公司 A kind of MQTT connection methods, system, terminal and the server of low side constrained devices

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101026674A (en) * 2006-02-15 2007-08-29 佳能株式会社 Communication apparatus and communication control method of the apparatus
CN101742508A (en) * 2009-12-21 2010-06-16 中兴通讯股份有限公司 System and method for transmitting files between WAPI terminal and application server
CN103124981A (en) * 2010-07-08 2013-05-29 情报通信产业振兴院 Electronic document distribution system and electronic document distribution method
CN102164037A (en) * 2011-03-31 2011-08-24 北京飞天诚信科技有限公司 Digital signing system and method
CN103580868A (en) * 2013-08-29 2014-02-12 国家电网公司 Secure transmission method of electronic official document secure transmission system
CN105282143A (en) * 2015-09-09 2016-01-27 民航局空管局技术中心 Message access control method, device and system
CN106452793A (en) * 2016-11-21 2017-02-22 航天信息股份有限公司 Method and system of electronic signature
CN107346399A (en) * 2017-06-14 2017-11-14 山东同智伟业软件股份有限公司 Electronic signature method and system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113541973A (en) * 2021-09-17 2021-10-22 杭州天谷信息科技有限公司 Electronic signature packaging method
CN113541973B (en) * 2021-09-17 2021-12-21 杭州天谷信息科技有限公司 Electronic signature packaging method

Also Published As

Publication number Publication date
WO2020042217A1 (en) 2020-03-05

Similar Documents

Publication Publication Date Title
Zhang et al. Deco: Liberating web data using decentralized oracles for tls
CN1522516B (en) Secure header information for multi-content e-mail
US8799981B2 (en) Privacy protection system
US20020184485A1 (en) Method for electronic communication providing self-encrypting and self-verification capabilities
US20020044662A1 (en) Service message management system and method
US20040003248A1 (en) Protection of web pages using digital signatures
CN111241533A (en) Block chain-based password management method and device and computer-readable storage medium
CN102024107A (en) Application software control platform, developer terminal as well as application software distribution system and method
US20040078577A1 (en) Method and apparatus for providing xml document encryption
WO2007106280A1 (en) Generation of electronic signatures
US20100199099A1 (en) User friendly Authentication and Login Method Using Multiple X509 Digital Certificates
Gruschka et al. Server-side streaming processing of ws-security
Jøsang et al. Security in mobile communications: challenges and opportunities
AU2004240278A1 (en) Method and apparatus for creating and validating an encrypted digital receipt for third-party electronic commerce transactions
CN109150516A (en) The signature and/or encryption method of browser file, device, browser and medium
CN113014394A (en) Electronic data evidence storing method and system based on alliance chain
Gerić et al. XML digital signature and its role in information system security
CN108989055A (en) The signature and encryption method, device and storage medium of compatible files in different types
CN115022042A (en) Compliance code verification method for protecting data privacy and computer readable medium
Komathy et al. Security for XML messaging services—a component-based approach
Taft et al. The application/pdf media type
CN106156625A (en) The method of a kind of plug-in unit signature and electronic equipment
Rane et al. Application-level and database security for e-commerce application
Chaudhary et al. A security solution for the transmission of confidential data and efficient file authentication based on DES, AES, DSS and RSA
CN110490003B (en) User trusted data generation method, user trusted data acquisition method, device and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20190711

Address after: 518000 Nanhai Avenue, Nanshan District, Shenzhen City, Guangdong Province, No. 1057 Science and Technology Building Phase II Building 502

Applicant after: WOTRUS CA Ltd.

Address before: 518067 Shenzhen Nanshan District, Guangdong Province, China Merchants Street Science and Technology Building Phase II A Block 502

Applicant before: MIXIN TECHNOLOGY (SHENZHEN) Co.,Ltd.

TA01 Transfer of patent application right
RJ01 Rejection of invention patent application after publication

Application publication date: 20190104

RJ01 Rejection of invention patent application after publication