CN109284585B - Script encryption method, script decryption operation method and related device - Google Patents
Script encryption method, script decryption operation method and related device Download PDFInfo
- Publication number
- CN109284585B CN109284585B CN201810941501.8A CN201810941501A CN109284585B CN 109284585 B CN109284585 B CN 109284585B CN 201810941501 A CN201810941501 A CN 201810941501A CN 109284585 B CN109284585 B CN 109284585B
- Authority
- CN
- China
- Prior art keywords
- script
- encrypted
- file
- encryption
- key information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000013515 script Methods 0.000 title claims abstract description 636
- 238000000034 method Methods 0.000 title claims abstract description 118
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 49
- 239000012634 fragment Substances 0.000 claims description 74
- 150000003839 salts Chemical class 0.000 claims description 37
- 238000012545 processing Methods 0.000 claims description 33
- 238000004458 analytical method Methods 0.000 claims description 31
- 230000008569 process Effects 0.000 claims description 30
- 238000012544 monitoring process Methods 0.000 claims description 9
- 238000012790 confirmation Methods 0.000 claims description 4
- 230000006870 function Effects 0.000 description 19
- 238000010586 diagram Methods 0.000 description 15
- 238000004590 computer program Methods 0.000 description 11
- 238000009795 derivation Methods 0.000 description 10
- 238000012986 modification Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 5
- 238000003860 storage Methods 0.000 description 5
- 238000012795 verification Methods 0.000 description 4
- 238000011161 development Methods 0.000 description 3
- 238000005336 cracking Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- OTZZZISTDGMMMX-UHFFFAOYSA-N 2-(3,5-dimethylpyrazol-1-yl)-n,n-bis[2-(3,5-dimethylpyrazol-1-yl)ethyl]ethanamine Chemical compound N1=C(C)C=C(C)N1CCN(CCN1C(=CC(C)=N1)C)CCN1C(C)=CC(C)=N1 OTZZZISTDGMMMX-UHFFFAOYSA-N 0.000 description 1
- 101100217298 Mus musculus Aspm gene Proteins 0.000 description 1
- 241001441724 Tetraodontidae Species 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 239000013078 crystal Substances 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
Abstract
The invention discloses a script encryption method, a script decryption operation method and a related device. The script encryption method comprises the following steps: acquiring a script to be encrypted; encrypting the script to be encrypted by using the key information generated by the selected key generation algorithm; and embedding an operation authority control code in the encrypted script to obtain an encrypted script file, wherein the operation authority control code is used for indicating whether the encrypted script is allowed to be decrypted or not. On one hand, since the untrusted user cannot know the key generation algorithm selected by the user, the untrusted user cannot know the key information for encrypting the script to be encrypted, and further cannot crack the encrypted script, the security of the encrypted script can be improved; in addition, because the operation authority control code is embedded in the encrypted script, the script is protected doubly, and the safety of the encrypted script file is further improved.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a script encryption method, a script decryption operation method and a related device.
Background
As the Linux system is widely applied to development and operation of various enterprises, the mainstream scripting language shell thereof is also used in development and operation of various tools, system configuration and automatic operation and maintenance scripts. In the existing development, configuration or operation and maintenance, the source codes of the shell scripts are visible, but the shell scripts converge the labor results and intelligent crystals of enterprises and individuals, and once the shell scripts are stolen or illegally operated, the loss is brought to the enterprises and the individuals.
Therefore, how to improve the security of the script is one of the technical problems to be solved urgently.
Disclosure of Invention
The embodiment of the invention provides a script encryption method, a script decryption operation method and a related device, which are used for improving the safety of a script.
In a first aspect, an embodiment of the present invention provides a script encryption method, including:
acquiring a script to be encrypted;
encrypting the script to be encrypted by using the key information generated by the selected key generation algorithm; and are
And embedding an operation authority control code in the encrypted script to obtain an encrypted script file, wherein the operation authority control code is used for indicating whether the encrypted script is allowed to be decrypted or not.
By executing the method, on one hand, the key information is generated according to the key generation algorithm selected by the user, and then the script to be encrypted is encrypted by using the generated key information, and since the untrusted user cannot know the key generation algorithm selected by the user, the key information for encrypting the script to be encrypted cannot be known, and further the encrypted script cannot be cracked, the security of the encrypted script can be improved; on the other hand, because the operation authority control code is embedded in the encrypted script, the script is protected doubly, and the security of the encrypted script file is further improved.
In a second aspect, an embodiment of the present invention provides a script decryption operation method, including:
running an executable file, wherein the executable file is obtained by performing compiling processing on an encrypted script file obtained according to the script encryption method;
determining to allow to decrypt the encrypted script in the encrypted script file according to the operation authority control code, and calling a script decryption analysis engine to decrypt the encrypted script; and are
And executing the decrypted script.
By implementing the script decryption operation method, after the executable file is operated, only when the encrypted script in the encrypted script file is determined to be allowed to be decrypted according to the operation authority control code, the script decryption engine can be called to execute the operation of decrypting the encrypted script in the encrypted script file, otherwise, the script decryption operation program is quitted, so that the situation that an untrusted user cannot find a self-defined path for analyzing the script is ensured.
In a third aspect, an embodiment of the present invention provides a script encryption apparatus, including:
the acquisition unit is used for acquiring the script to be encrypted;
the encryption processing unit is used for encrypting the script to be encrypted by using the key information generated by the selected key generation algorithm;
and the embedding unit is used for embedding an operation authority control code in the encrypted script to obtain an encrypted script file, wherein the operation authority control code is used for indicating whether the encrypted script is allowed to be decrypted or not.
In a fourth aspect, an embodiment of the present invention provides a script decryption running apparatus, including:
the running unit is used for running an executable file, and the executable file is obtained by compiling an encrypted script file obtained by the script encryption method provided by the invention;
the decryption unit is used for calling a script decryption analysis engine to decrypt the encrypted script if the encrypted script in the encrypted script file is determined to be allowed to be decrypted according to the operation authority control code;
and the running unit is used for running the decrypted script.
In a fifth aspect, an embodiment of the present invention provides a computing apparatus, including a memory, a processor, and a computer program stored on the memory and executable on the processor; the processor, when executing the program, implements the script encryption method according to any one of the claims provided herein, or implements the script decryption operation method according to any one of the claims provided herein.
In a sixth aspect, an embodiment of the present invention provides a computer-readable storage medium, on which a computer program is stored, which when executed by a processor implements the steps in the script encryption method according to any one of the provided application, or implements the steps in the script decryption execution method according to any one of the provided application.
According to the script encryption method provided by the invention, after the script to be encrypted is obtained, the script to be encrypted is encrypted by the key information generated by the selected key generation algorithm, and since the untrusted user does not know the key generation algorithm selected by the user in the script to be encrypted, the key information cannot be obtained, and further the encrypted script cannot be cracked, so that the security of the encrypted script can be improved; and then encrypting the script to be encrypted by using the key information, and embedding an operation authority control code in the encrypted script to obtain the processed script.
In addition, by implementing the script decryption operation method provided by the invention, after the executable file obtained based on the script encryption method provided by the invention is operated, only when the script encrypted in the encrypted script file is determined to be allowed to be decrypted according to the operation authority control code, the operation of decrypting the encrypted script in the encrypted script file by the script decryption analysis engine can be called, and the decrypted script is operated; otherwise, the script decryption running program is quitted, so that the untrusted user can not find the self-defined path of the analysis script, and the safety of the script is ensured.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the invention and not to limit the invention. In the drawings:
FIG. 1 is a schematic structural diagram of a computing apparatus implementing a script encryption method according to an embodiment of the present invention;
FIG. 2 is a schematic flowchart of an implementation of a script encryption method according to an embodiment of the present invention;
fig. 3 is one of the flow diagrams illustrating that the script to be encrypted is encrypted by using the key information generated by the selected key generation algorithm according to the embodiment of the present invention;
fig. 4 is a second schematic flowchart of a process of encrypting the script to be encrypted by using the key information generated by the selected key generation algorithm according to the embodiment of the present invention;
FIG. 5 is a flowchart illustrating a script decryption operation method according to an embodiment of the present invention;
FIG. 6 is a flowchart illustrating a process for determining permission to decrypt an encrypted script in an encrypted script file according to an embodiment of the present invention;
FIG. 7 is a second flowchart illustrating a process of determining permission to decrypt an encrypted script in an encrypted script file according to an embodiment of the present invention;
FIG. 8 is a third flowchart illustrating a process of determining permission to decrypt an encrypted script in an encrypted script file according to an embodiment of the present invention;
FIG. 9 is a second flowchart illustrating a script decryption operation method according to an embodiment of the present invention;
FIG. 10 is a schematic structural diagram of a script encrypting apparatus according to an embodiment of the present invention;
fig. 11 is a schematic structural diagram of a script decryption running apparatus according to an embodiment of the present invention.
Detailed Description
The embodiment of the invention provides a script encryption method, a script decryption operation method and a related device, which are used for improving the safety of a script.
To facilitate understanding of the invention, the present invention relates to technical terms in which:
1. script: a computer program that can accomplish one or more specific tasks. The script in the invention can be but is not limited to a shell script.
2. The terminal device is a device capable of installing various applications and displaying an object provided in the installed application, and the electronic device may be mobile or fixed. For example, a mobile phone, a tablet computer, various wearable devices, a vehicle-mounted device, a Personal Digital Assistant (PDA), a point of sale (POS), or other electronic devices capable of implementing the above functions may be used.
The preferred embodiments of the present invention will be described below with reference to the accompanying drawings of the specification, it being understood that the preferred embodiments described herein are merely for illustrating and explaining the present invention, and are not intended to limit the present invention, and that the embodiments and features of the embodiments in the present invention may be combined with each other without conflict.
Aiming at the problem of low security of the script in the prior art, the embodiment of the present invention provides a computing device for solving the above problem, and the computing device is used to implement the script encryption method provided by the present invention or execute the script decryption operation method provided by the present invention. The computing device may take the form of a general purpose computing device. A computing device 10 according to the present invention is described below with reference to fig. 1. The computing device 10 shown in FIG. 1 is only one example and should not be taken to limit the scope of use and functionality of embodiments of the present invention.
As shown in fig. 1, components of computing device 10 may include, but are not limited to: at least one processor 11, at least one memory 12, and a computer program stored on the memory 12 and executable on the processor 11, a bus 13 connecting different system components (including the memory 12 and the processor 11), the processor 11 implementing the script encryption method provided by the present invention or implementing the script decryption operation method provided by the present invention when executing the above programs.
Referring to fig. 2, a schematic flow chart of an implementation of the script encryption method provided by the present invention is shown. In the following description, the method is applied to the computing device shown in fig. 1 as an example. The computing device is provided with a script encryption engine, and the script encryption engine executes the script encryption method provided by the invention, and the implementation flow of the method is as follows:
and S11, acquiring the script to be encrypted.
In an embodiment, after acquiring the script written by each developer, the script encryption engine may execute a subsequent encryption process, so that the security of the encrypted script may be ensured. Specifically, a file name for storing the script to be encrypted may be obtained, so that the script to be encrypted may be obtained according to the file name.
And S12, encrypting the script to be encrypted by using the key information generated by the selected key generation algorithm.
In an embodiment, the script encryption engine generates key information according to a key generation algorithm selected by a user, and then encrypts the script to be encrypted by using the generated key information, because an untrusted user cannot know the key generation algorithm selected by the user, the untrusted user cannot know the key information used for encrypting the script to be encrypted, so that the untrusted user can crack the script which is difficult to encrypt. Therefore, the encryption method provided by the invention can improve the cracking difficulty of the encrypted script.
Specifically, the script encryption engine may generate the key information according to the user requirement when generating the key information by using the code in the script to be encrypted, and encrypt the script to be encrypted by using the generated key information according to the user requirement.
In one embodiment, the computing device may encrypt the script to be encrypted by using the key information generated by the selected key generation algorithm according to the method shown in fig. 3, including the following steps:
and S21, dividing the script to be encrypted into a plurality of script fragments.
In specific implementation, the script encryption engine may divide the script to be encrypted into a plurality of script segments according to the byte length of the script to be encrypted. For example, a code with a preset length is intercepted from the initial position of the script to be encrypted to obtain a first script segment, and then a code with a preset length is intercepted from the rest script to be encrypted to obtain a second script segment, and so on. For example, if the length of the byte of the script to be encrypted is 1024 bytes and the preset length is 256 bytes, the script to be encrypted can be divided into 4 script segments.
And executing the steps S22 and S23 to obtain the encrypted script fragments corresponding to the script fragments for each script fragment obtained by dividing.
And S22, generating key information for encrypting the script fragment by using the script fragment and the key information based on the last script fragment.
The key information of the first script fragment is generated based on the generated random number and/or the first script fragment, for example, the key information of the first script fragment is generated by using a key derivation function based on the generated random number and/or the first script fragment.
And S23, encrypting the script fragment by using the key information for encrypting the script fragment.
In steps S22 and S23, first, a random number is randomly generated, then the random number is input to a key derivation function to obtain key information of a first script fragment, and then the first script fragment is encrypted by using the key information to obtain a first encrypted script fragment; of course, the random number and the first script fragment may also be input into a key derivation function to obtain key information of the first script fragment, and then the first script fragment is encrypted by using the key information to obtain a first encrypted script fragment.
And for the Nth script fragment, if N is more than or equal to 2, inputting the key information based on the (N-1) th script fragment and the Nth script fragment into a key derivation function to obtain the key information of the Nth script fragment, and then encrypting the Nth script fragment by using the key information of the Nth script fragment to obtain the Nth encrypted script fragment. Whereby individual encrypted script fragments can be obtained.
The description is given by taking 1024 bytes of scripts to be encrypted and 256 bytes of preset length as an example, assuming that 4 script fragments are divided into a first script fragment corresponding to 0-255 bytes, a second script fragment corresponding to 256-511 bytes, a third script fragment corresponding to 512-767 bytes and a fourth script fragment corresponding to 768-1023 bytes, firstly inputting a random number into a key derivation function to obtain first key information m0, or inputting the random number and 0-255 bytes into the key derivation function to obtain first key information m0, and then encrypting the first script fragment corresponding to 0-255 bytes by using m0 generated by any one of the methods; then inputting the m0 and 256-511 bytes into a key derivation function to obtain second key information m1, namely key information corresponding to a second script fragment, and then encrypting the second script fragment by using m 1; inputting m1 and 512-767 bytes into a key derivation function to obtain second key information m2, namely key information corresponding to the third script fragment, and then encrypting the third script fragment by using m 2; finally, m2 bytes and 768-1023 bytes are input into a key derivation function to obtain third key information m3, namely key information corresponding to a fourth script fragment, and then the fourth script fragment is encrypted by using m3, so that four encrypted script fragments are obtained.
S24, an encrypted script is obtained based on each encrypted script fragment.
Based on the respective encrypted script fragments obtained in step S23, the encrypted scripts are obtained by being combined in order.
The encrypted script is obtained by the method shown in steps S21 to S24, the key information for encrypting the script fragment is generated by using the script fragment and the key information based on the previous script fragment, then the script fragment is encrypted by using the generated key information, and all scripts are encrypted, so that the encryption is stronger, and since the untrusted user does not know the codes in the script to be encrypted, the key information cannot be obtained, and further the encrypted script cannot be decrypted, so that the security of the encrypted script can be improved.
In one embodiment, the script encryption engine may perform step S12 according to the method shown in fig. 4, that is, encrypting the script to be encrypted by using the key information generated by the selected key generation algorithm may include the following steps:
and S31, executing iterative processing of iterative times on the password set by the user and the salt value salt randomly generated, and generating key information for encrypting the script to be encrypted.
In this step, the user can set an encryption password and an encryption algorithm, and then the script encryption engine encrypts the script to be encrypted according to the password and the encryption algorithm set by the user. And executing iterative processing of iteration times on the password set by the user and the randomly generated salt value salt by adopting a key generation algorithm to obtain key information for encrypting the script to be encrypted.
Preferably, the key generation algorithm may include, but is not limited to, a password-based key derivation function 2 (pbkdf 2), a Secure Hash Algorithm (SHA) function, which may be, but is not limited to, SHA1, SHA256, SHA384, SHA512, and the like.
Taking an example that the key generation algorithm is a pbkdf2 algorithm to generate a key, performing iteration processing on a password set by a user and a randomly generated salt for iteration times by using a pbkdf2 algorithm, and finally generating key information for encrypting a script to be encrypted. The number of iterations in the present invention may be determined according to practical situations, and may be, for example, 10000 to 20000.
S32, the key information is used for carrying out encryption processing on the script to be encrypted to obtain an encrypted script.
Specifically, the to-be-encrypted script may be encrypted by using key information through a symmetric encryption algorithm, which may include, but is not limited to: advanced Encryption Standard (aes), cast5, International Data Encryption Algorithm (IDEA), TDEA, blowfish, and the like. For example, the to-be-encrypted script may be encrypted by the above-mentioned encryption algorithm in a packet symmetric encryption manner.
And S13, embedding the operation authority control code in the encrypted script to obtain an encrypted script file.
Specifically, the execution authority control code is used to indicate whether to allow decryption of the encrypted script.
By embedding the operation authority control code in the encrypted script, whether the equipment executing the encrypted script file is allowed to decrypt the encrypted script can be determined based on the control code verification, and the encrypted script is allowed to be decrypted only if the verification is passed, so that the double protection effect on the script is achieved, and the safety of the encrypted script file is further improved.
Preferably, the operation authority control code includes at least one of: code for monitoring whether the encrypted script is traced back, code for indicating whether it is within a valid period, a canned code, and a license authentication logic code.
Specifically, a code for monitoring whether the encrypted script is traced is embedded in the encrypted script to detect whether the encrypted script is traced, if the encrypted script is traced, the operation process of tracing and debugging the script by an illegal method is represented by the untrusted user, and the process of decrypting the encrypted script cannot be executed, so that the untrusted user can be prevented from obtaining an intermediate value generated by the operation of the script. Specifically, the script encryption engine embeds a logic program for script running in an encrypted script, and can write the logic program by using a C language, wherein the logic program is used for realizing a function of prohibiting tracing back in running and other flow logic programs required by authentication.
Preferably, the encrypted script is also subjected to shell processing.
In order to further improve the safety of the script, the script encryption engine can also set an environment variable, the environment variable is used for designing a logic language to shell the script, or the encrypted script embedded with a code for detecting whether the encrypted script is traced back is subjected to shell processing, namely secondary automatic call operation is performed, so that the double protection effect is achieved on the encrypted script, the difficulty of disassembling is increased, and the safety of the script is improved.
Preferably, a code for indicating whether the encrypted script is within the valid period may be further embedded in the encrypted script, so that it may be determined whether the encrypted script is within the valid period when the device is detected to run the encrypted script file based on the set valid period, and if not, the process of executing the decrypted encrypted script may be exited. The security of the encrypted script can thereby also be guaranteed.
Preferably, a license authentication logic code may be further embedded in the encrypted script, so that a device running the encrypted script file may be limited, and only when the license authentication logic code successfully authenticates the device, the device may be permitted to execute a decryption process of the encrypted script, thereby also ensuring security of the encrypted script.
Preferably, the encrypted script file may include encrypted time information and/or encrypted hardware information of a hardware device that is allowed to run the encrypted script file, wherein the time information is used to indicate the validity period of the encrypted script file.
In this step, the script encryption engine may further set an expiration time for running the script to be encrypted, that is, encrypted time information in the present invention, where the time information may be an expiration time for running the script to be encrypted, and for example, the expiration time may be 3/26/10/2018. In order to ensure the security of the time information, the time information may be encrypted by using an encryption algorithm to obtain encrypted time information.
In addition, in order to further improve the security of the script to be encrypted, the script encryption engine may add hardware information of a hardware device that is allowed to run the script to be encrypted in the encryption script file. When the script is encrypted, only the native machine is allowed to run through parameter setting, so that the hardware equipment information of the native machine is added into an encryption script file when the script is encrypted, and then whether the hardware equipment is authorized to run or not is judged through decrypting the hardware information before running.
If the parameter of the hardware information is not set, the link of hardware information encryption is skipped during encryption, so that any hardware equipment can run, and potential safety hazards exist.
In order to prevent the hardware information from being stolen, the hardware information may be encrypted by using an encryption algorithm, and then the encrypted hardware information of the hardware device that allows the script to be encrypted to run is added to the encryption script file.
It should be noted that there may be more than one hardware device allowed to run the script to be encrypted, so that the authority management and control may be implemented by adding license to the hardware device allowed to run without adding hardware information in the encryption script file.
Preferably, the encryption script file further comprises at least one of: random number, iteration number, salt value salt, key information generated based on a password set by a user and an encryption algorithm.
After obtaining the encrypted script file, the script encryption engine may store the encrypted time information, the encrypted hardware information of the hardware device that allows the script to be encrypted to run, the encrypted script, the random number encryption algorithm, and the like in an array, and embed the array in the encrypted script file. And storing the information such as the number of bytes occupied by the encrypted time information and/or the encrypted hardware information and the offset of the information in the array into the encrypted script file. Thus, the script decryption parsing engine can read the iteration number and the salt value salt from the array to verify the key, and the detailed description is described later.
It should be noted that, because the encryption processing is performed on the script, the hardware device running the encryption script file and the hardware device performing the encryption operation on the script to be encrypted are generally not the same, and in order to ensure that the encryption script file can be successfully run, a code for decrypting the encryption script file needs to be configured on the hardware device running the encryption script file, so that decryption codes may need to be configured on each hardware device, and the deployment is inconvenient. In order to solve the problem, the invention embeds codes for decrypting the script to be encrypted and codes for analyzing the script to be encrypted in the encryption script file. Specifically, the code for decrypting the encrypted script and the code for parsing the encrypted script may be integrated into a script decryption parsing engine, and then the script decryption parsing engine is embedded into the encrypted script file, so that the encrypted script is decrypted by the script decryption parsing engine before the encrypted script is run.
Optionally, the code for parsing the script to be encrypted may be embedded in the encrypted script file together with the code for decrypting the encrypted script.
However, in practical applications, if the script decryption parsing engine is embedded in the encrypted script file, once the encrypted script file is stolen, since the codes related to decryption and parsing are embedded in the encrypted script file, there may be a situation that the decrypted codes are cracked, which may cause the encrypted script file to be cracked, thereby causing a security problem in the encrypted script file. In addition, when a plurality of encrypted script files are allowed on one hardware device, the decryption and analysis operations can be completed only by deploying one script decryption analysis engine, and compared with the method of embedding the script decryption analysis engine in the encrypted script files, the method is safe and has smaller workload.
After the above process is executed to obtain the encrypted script file, the method further includes: and compiling the encrypted script file to obtain an executable file.
In this step, since the hardware device can generally recognize the machine language, i.e., the binary language, and the encrypted script file is compiled in the assembly language, the encrypted script file needs to be compiled to obtain the executable file that can be recognized by the hardware device, so that the encryption processing process of the script to be encrypted is completed.
By executing the encryption processes of the steps S11-S13, on one hand, key information is generated according to a key generation algorithm selected by a user, and then the script to be encrypted is encrypted by using the generated key information, since an untrusted user cannot know the key generation algorithm selected by the user, the key information used for encrypting the script to be encrypted cannot be known, and further the encrypted script cannot be decrypted, so that the security of the encrypted script can be improved; on the other hand, because the operation authority control code is embedded in the encrypted script and is used for indicating whether the encrypted script is allowed to be decrypted or not, the script can be subjected to double protection by setting the detection mechanism, and the safety of the encrypted script file is further improved.
In addition, after the script encryption method provided by the present invention executes an encryption operation on a script to be encrypted, in order to further improve the security of an encrypted script file, when an encrypted script file (executable file) that executes a compiling process is run, the present invention provides a script decryption running method, which can be applied to each hardware device having a running environment in which the executable file is run, where a device of the hardware device may refer to a schematic structural diagram of a computing device shown in fig. 1, the hardware device may be a computer or other device, and a hardware device is a computer, and a script decryption analysis engine is installed in the computer device for explanation, and the computer can run the executable file according to a flow shown in fig. 5, including the following steps:
and S41, running the executable file.
In this step, the computer executes the operation of running the executable file after obtaining the executable file obtained in steps S11 to S13, and since the executable file is obtained by performing the compiling process on the encrypted script file, when running the executable file, if the shell program is embedded in the encrypted script file, the shell program in the executable file is run first, and then the operation of decrypting and parsing the encrypted script file is executed by using the calling method after the execution of the shell program is completed. And if the calling is determined to be unsuccessful, the subsequent operation is not executed, and the script decryption operation process is quitted.
S42, determining whether to allow the computer to decrypt the encrypted script in the encrypted script file according to the operation authority control code; if yes, go to step S43; otherwise, step S45 is executed.
Whether a computer running an executable file has the authority to decrypt the encrypted script can be determined by the operation authority control code embedded in the encrypted script file, if so, a decryption process can be executed, and if not, the process of decrypting the encrypted script cannot be executed, so that the safety of the encrypted script can be protected.
The operation authority control code comprises code for monitoring whether the encrypted script is traced; step S42 may be performed by determining whether the encrypted script is not traced back:
judging whether a confirmation message of successful attachment of the derived sub-process is received;
specifically, if the encrypted script is determined to be received, it is determined that the encrypted script is not traced back; if not, it is determined that the encrypted script is traced back.
The tracing in the invention means that in the program execution process, a tracing tool such as strace, ptrace, GDB and the like can trace the running process of the program, trace the calling of the program and the generated intermediate value of the running process of the program, and when an encrypted script is run, the program is traced, which means that the system calling during the running of the program can be known, and some path information can be output at the same time. For example, after the encryption script completes the verification of the operation authority, if the verification is passed, the script decryption analysis engine is called to perform decryption and analysis, and if the program is traced, the path position of the script decryption analysis engine is exposed, so that the script has potential safety hazards. Therefore, by adding the trace-back prohibition function, the flow of decrypting the encrypted script cannot be executed when the trace-back is detected, and thus the path of the script decryption analysis engine can be prevented from leaking.
In this step, in order to prevent an untrusted user from stealing the script and tracing back the call path of the script, when the script starts running, once the script is monitored to be traced back, which indicates that a computer running an executable file does not have the authority to decrypt the encrypted script file, the script running is immediately and automatically ended. Specifically, an operation code for operating the encrypted script is added to the encrypted script file, the script derives a sub-process based on the operation code to obtain a derived sub-process, the derived sub-process sends an attachment request to the script, if the derived sub-process determines that the attachment is successful, the derived sub-process indicates that the script is not attached by other sub-processes, the script can be determined not to be traced back, an acknowledgement message of the successful attachment is sent to the script, and the script can execute the subsequent flow after receiving the acknowledgement message. If the derivative sub-process determines that the attachment of the script is not successfully completed, the derivative sub-process indicates that the script is attached by other sub-processes, that is, the script is traced, the derivative sub-process returns a message that the attachment is not successfully completed to the script, so that the script finishes the current operation after receiving the message, quits the script running program, and does not execute the subsequent steps.
By forbidding the script tracing function of the user, the untrusted user cannot find out the path of the self-defined script decryption analysis engine, and the encrypted script cannot be run and used even if the encrypted script is stolen, so that the security of the encrypted script is improved to a certain extent.
In one embodiment, the encryption script file contains encrypted time information; and determining permission to decrypt the encrypted script in the encrypted script file according to the flow shown in fig. 6 may be further performed, including the steps of:
and S51, decrypting the time information from the encrypted script file.
In this step, since the encrypted script file includes the number of bytes occupied by the encrypted time information and the position in the encrypted script file, after the shell program is run by the script, the encrypted time information is extracted from the encrypted script according to the position and the number of bytes occupied by the encrypted time information in the encrypted file, and then the encrypted time information is decrypted to analyze the time information.
And S52, determining that the time information is in the valid period.
Taking the analyzed time information as the cutoff time 2018, 3, 26, 10 as an example, the method determines whether the current system time is earlier than the cutoff time after the time information is analyzed, and if the current system time is 2018, 3, 26, 9, the current time is earlier than the cutoff time, and further determines that the time information is within the valid period, the operation of decrypting the encrypted script can be executed. Otherwise, determining that the time information is not in the valid period, the operation of decrypting the encrypted script cannot be executed, and exiting the script running program. After the untrusted user takes the encrypted script file, the untrusted user can decrypt the encrypted script file by some means, and after the untrusted user successfully decrypts the encrypted script file, the untrusted user can also execute the operation of decrypting the script due to the fact that time information is not set in the encrypted script file, so that the encrypted script has potential safety hazards. The time information is set in the encrypted script file, so that even if an untrusted user acquires the encrypted script file, a certain time is consumed for cracking the file, the information is possibly later than the deadline after being cracked, and even if the file is cracked, the script operation program exits because the information is later than the deadline, so that the safety of the encrypted script can be ensured to a certain extent.
In order to prevent the situation from occurring, the invention provides a solution in another embodiment, namely: the encryption script file further comprises hardware information of hardware equipment allowing the encryption script file; and determining permission to decrypt the encrypted script in the encrypted script file may also be performed according to the flow shown in fig. 7, including the steps of:
and S61, reading the hardware information of the hardware equipment currently running the encrypted script file.
Specifically, since the encrypted script file includes the hardware information of the hardware device that is allowed to run the to-be-encrypted script and the location of the hardware device in the encrypted script file, the encrypted hardware information in the encrypted script file can be obtained based on the script, the hardware information is decrypted by using a decryption algorithm, and the hardware information of the hardware device that is currently running the encrypted script file can be automatically read from the local during running of the script.
And S62, determining that the read hardware information is consistent with the hardware information contained in the encrypted script file.
In this step, when the script determines that the decrypted hardware information is consistent with the hardware information read from the local, the subsequent operation of decrypting the encrypted script can be executed. And when the judgment result shows that the hardware equipment for running the script is not the authorized equipment, executing the operation of decrypting the encrypted script, and exiting the script decryption running program.
Therefore, some untrusted users can be prevented from running the encrypted script file by using the hardware equipment of the untrusted users, and the safety of the script in the running process is ensured.
When the encrypted script file does not include hardware information, in order to prevent the script from being utilized on the hardware device of an illegal user, the invention provides a solution in an implementation mode, which specifically comprises the following steps: the operation authority control code comprises license authentication logic code; then the determination of permission to decrypt the encrypted script in the encrypted script file may be made according to the flow shown in fig. 8, including the following steps:
and S71, reading the hardware information of the hardware equipment currently running the encrypted script file.
In this step, the hardware information of the hardware device running the encrypted script file is read locally, and when the hardware device is a computer, the hardware information of the computer is read.
And S72, generating license files according to the read hardware information.
Specifically, the script may generate a license file according to the read hardware information according to a preset algorithm.
S73, acquiring license file of the hardware equipment currently running the encrypted script file from a local or web server.
Specifically, while step S72 is executed, it may also be performed to locally search whether a license file is stored in the hardware device, and if the license file is locally stored, the license file is directly obtained locally, and a decryption key is generated according to a preset rule, so as to decrypt the license file.
If the license file is not stored locally, sending an http request for acquiring the license to a web page server, wherein the request needs to carry identification information of hardware equipment; and after receiving the http request, the webpage server decrypts the content of the request body, verifies whether the content of the request body is trusted and valid, and downloads the license if the content of the request body is valid.
Specifically, the web server may check whether the identification information of the hardware device carried in the request body is trusted and valid, and if it is determined that the identification information is stored in the identification information list of the trusted hardware device, it is determined that the hardware device is trusted, or may also carry information such as the MAC address of the hardware device in the http request, and then the web server may further determine whether the MAC address is the MAC address of the trusted hardware device, and may, of course, perform a combined check on the carried information, for example, when the identification information and the MAC address of the hardware device are carried in the http request, on one hand, it may be determined whether the identification information is valid according to the above method, and on the other hand, when the identification information and the MAC address are determined to be valid, it may be determined whether a set of correspondence relationship, that is carried in the http request, is included in the correspondence relationship between the identification information and the MAC, and if so, determining that the hardware device is authentic.
S74, determining that the generated license file is consistent with the acquired license file and determining that the license is in the valid period.
In this step, after the script acquires the license file based on step S73, the license file may be decrypted by using the decryption key, and then it is determined whether the generated license file based on step S72 is consistent with the decrypted license file, and if so, and it is determined that the license file is within the valid period, it is determined that the hardware device currently running the encrypted script file is authentic, and the operation of decrypting the encrypted script file may be performed.
If it is determined that the generated license file and the decrypted license file generated in step S72 do not match, the hardware device is determined to be untrusted, and the script immediately exits the script decryption execution program, i.e., does not perform operations such as decrypting the encrypted script file.
And S43, calling the script decryption analysis engine to decrypt the encrypted script.
In this step, after it is determined that the decryption operation can be performed based on the steps described in fig. 6 to 8, the script decryption parsing engine is called to decrypt the encrypted script in the encrypted script file. Specifically, if the encrypted script file contains a script decryption analysis engine, the script decryption analysis engine is directly called, and the script decryption analysis engine executes decryption operation; when the script decryption analysis engine is not contained in the encrypted script file, if the computer is determined to allow the decryption operation to be executed, the decryption analysis engine is required to be installed in the computer, and the installed script decryption analysis engine is called to execute the decryption operation.
Specifically, the script decryption parsing engine may read decryption related information from an array of the encrypted script file according to an offset of information included in the predefined array, and if a random number is read, it indicates that the encrypted script is obtained by encrypting according to the flow shown in fig. 3, and then the encrypted script is decrypted by using the random number and a corresponding decryption algorithm; if the iteration number, the salt value salt, and the key information and the encryption algorithm generated based on the password set by the user are read, that is, the encryption script file includes the password set by the user, the iteration number, the salt value salt, and the key information generated based on the password set by the user, before the script decryption analysis engine is called to decrypt the encrypted script, the process shown in fig. 9 is further included, which includes the following steps:
and S81, executing iterative processing of iterative times according to the password and the salt value salt input by the user to obtain key information.
And S82, determining that the key information is consistent with the key information generated based on the password set by the user.
In steps S81 and S82, the script decryption parsing engine prompts the user to input a password through an interface that presents the input password to the user, performs iterative processing of the iteration number using the password input by the user and the salt after receiving the password input by the user to obtain key information, determines that the decryption process can be performed if it is determined that the obtained key information is consistent with key information that is included in the encrypted script file and is generated based on the password set by the user, and performs further security protection on the encrypted script by performing the process shown in fig. 9, thereby improving the security of the encrypted script.
After executing the flow shown in fig. 9, the script decryption parsing engine may determine a decryption algorithm by an encryption algorithm in the script encryption file, and then encrypt the encrypted script using the decryption algorithm. If the encrypted script is encrypted by using the aes algorithm, the script decryption analysis engine may decrypt the encrypted script by using a decryption algorithm corresponding to the aes algorithm according to the key information. So far, the decryption operation of the encrypted script can be realized.
And S44, executing the decrypted script and ending the process.
Specifically, after the script decryption analysis engine decrypts the encrypted script, the script content can be run.
S45, the operation of decrypting the encrypted script in the encrypted script file is not performed, and the process ends.
By implementing the script decryption operation method provided by the invention, after the executable file is operated, only the script decryption analysis engine is called to decrypt the encrypted script in the encrypted script file according to the operation authority control code, otherwise, the script decryption operation program is quitted, so that the untrusted user can not find the path of the self-defined analysis script.
Based on the same inventive concept, the embodiment of the present invention further provides a script encryption apparatus, and as the principle of the apparatus for solving the problem is similar to that of the script encryption method, the implementation of the apparatus may refer to the implementation of the method, and repeated details are not described again.
As shown in fig. 10, a schematic structural diagram of a script encryption apparatus provided in an embodiment of the present invention includes:
an acquisition unit 91 that acquires a script to be encrypted;
an encryption processing unit 92, configured to encrypt the script to be encrypted using key information generated by the selected key generation algorithm; and are
An embedding unit 93, configured to embed a run right control code in the encrypted script, so as to obtain an encrypted script file, where the run right control code is used to indicate whether decryption of the encrypted script is allowed.
Preferably, the encryption processing unit 92 is configured to divide the script to be encrypted into several script segments; and for each script fragment, executing the following processes: generating key information for encrypting the script fragment using the script fragment and key information based on a previous script fragment; encrypting the script fragment by using the key information for encrypting the script fragment; obtaining an encrypted script based on each encrypted script fragment; wherein the key information of the first script fragment is generated based on the generated random number and/or the first script fragment.
Preferably, the encryption processing unit 92 is further configured to perform iterative processing on a password set by a user and a salt generated randomly for the number of iterations, and generate key information for encrypting the script to be encrypted; and encrypting the script to be encrypted by using the key information to obtain an encrypted script.
Preferably, the encryption script file includes encrypted time information indicating a valid period of the encryption script file, and/or encrypted hardware information of a hardware device that is allowed to run the encryption script file.
Preferably, the encryption script file further comprises at least one of: random number, iteration number, salt value salt, key information generated based on a password set by a user and an encryption algorithm.
Preferably, the operation authority control code includes at least one of: code for monitoring whether the encrypted script is traced back, code for indicating whether the encrypted script is within a valid period, a canned code, and a license authentication logic code.
For convenience of description, the above parts are separately described as modules (or units) according to functional division. Of course, the functionality of the various modules (or units) may be implemented in the same or in multiple pieces of software or hardware in practicing the invention.
Based on the same inventive concept, the embodiment of the present invention further provides a script decryption operation device, and because the principle of the device for solving the problem is similar to the script decryption operation method, the implementation of the device can refer to the implementation of the method, and repeated parts are not described again.
As shown in fig. 11, a schematic structural diagram of a script decryption running apparatus provided in an embodiment of the present invention includes:
a first running unit 101, configured to run an executable file, where the executable file is obtained by performing compilation processing on an encrypted script file obtained by providing a script encryption method according to the present invention;
a decryption unit 102, configured to determine, according to the operation permission control code, that decryption of the encrypted script in the encrypted script file is allowed, and then invoke a script decryption parsing engine to decrypt the encrypted script; and are
And a second execution unit 103 for executing the decrypted script.
Preferably, the operation authority control code includes code for monitoring whether the encrypted script is traced; and
the decryption unit 102 is specifically configured to receive a confirmation message that the attachment of the derived sub-process is successful.
Preferably, the encryption script file contains encrypted time information; and
the decryption unit 102 is specifically configured to decrypt the time information from the encrypted script file; determining that the time information is within a validity period.
Optionally, the encrypted script file further includes hardware information of a hardware device that allows the encrypted script file; and
the decryption unit 102 is specifically configured to read hardware information of a hardware device currently running the encrypted script file; and determining that the read hardware information is consistent with the hardware information contained in the encrypted script file.
Preferably, the operation authority control code comprises license authentication logic code; and
the decryption unit 102 is specifically configured to read hardware information of a hardware device currently running the encrypted script file; generating a license file according to the read hardware information; acquiring a license file of the hardware equipment currently running the encryption script file from a local or webpage server; and determining that the generated license file is consistent with the acquired license file and that the license is within the valid period.
Preferably, if the encrypted script file includes a password set by the user, the number of iterations, a salt value salt, and key information generated based on the password set by the user; the apparatus further comprises:
a processing unit, configured to execute iterative processing of iteration times according to a password and a salt value salt input by a user before the decryption unit 102 invokes a script decryption analysis engine to decrypt the encrypted script, so as to obtain key information; and determining that the key information is consistent with key information generated based on a password set by a user.
For convenience of description, the above parts are separately described as modules (or units) according to functional division. Of course, the functionality of the various modules (or units) may be implemented in the same or in multiple pieces of software or hardware in practicing the invention.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (20)
1. A script encryption method, comprising:
acquiring a script to be encrypted;
encrypting the script to be encrypted by using the key information generated by the selected key generation algorithm to obtain an encrypted script;
storing an operation authority control code in an array, and embedding the array into the encrypted script to obtain an encrypted script file, wherein the operation authority control code is used for indicating whether the encrypted script is allowed to be decrypted or not;
and compiling the encrypted script file to obtain an executable file, so that the script decryption analysis engine can automatically run and decrypt the script encrypted by the encrypted script file.
2. The method according to claim 1, wherein encrypting the script to be encrypted using the key information generated by the selected key generation algorithm specifically comprises:
dividing the script to be encrypted into a plurality of script segments; and are
For each script fragment, the following process is performed:
generating key information for encrypting the script fragment using the script fragment and key information based on a previous script fragment; and are
Encrypting the script fragment using the key information for encrypting the script fragment;
obtaining an encrypted script based on each encrypted script fragment;
wherein the key information of the first script fragment is generated based on the generated random number and/or the first script fragment.
3. The method according to claim 1, wherein encrypting the script to be encrypted using the key information generated by the selected key generation algorithm specifically comprises:
performing iterative processing of iteration times on a password set by a user and a salt value salt randomly generated to generate key information for encrypting the script to be encrypted; and are
And encrypting the script to be encrypted by using the key information to obtain an encrypted script.
4. A method according to any one of claims 1 to 3, wherein the encrypted script file comprises encrypted time information indicating the validity period of the encrypted script file, and/or encrypted hardware information of a hardware device that is allowed to run the encrypted script file.
5. The method of claim 4, wherein the encrypted script file further comprises at least one of: random number, iteration number, salt value salt, key information generated based on a password set by a user and an encryption algorithm.
6. The method of claim 1, wherein the run permission control code comprises at least one of: code for monitoring whether the encrypted script is traced back, code for indicating whether the encrypted script is within a valid period, a canned code, and a license authentication logic code.
7. A script decryption execution method, comprising:
running an executable file, wherein the executable file is obtained by compiling the encrypted script file obtained by the method of any one of claims 1 to 6;
reading the operation authority control code from the array of the encrypted script file, determining to allow decryption of the encrypted script in the encrypted script file according to the operation authority control code, and calling a script decryption analysis engine to decrypt the encrypted script; and are
And executing the decrypted script.
8. The method of claim 7, wherein the run permission control code comprises code for monitoring whether the encrypted script is traced; and determining to allow to decrypt the encrypted script in the encrypted script file according to the operation authority control code, specifically comprising:
and receiving a confirmation message of successful attachment of the derived sub-process.
9. The method according to claim 7 or 8, wherein the encrypted script file contains encrypted time information, and the execution authority control code includes code for indicating whether the encrypted script is within a valid period; and determining to allow to decrypt the encrypted script in the encrypted script file according to the operation authority control code, specifically comprising:
decrypting time information from the encrypted script file;
determining that the time information is within a validity period.
10. The method of claim 9, wherein the encryption script file further comprises hardware information of a hardware device that allows the encryption script file; and determining to allow to decrypt the encrypted script in the encrypted script file according to the operation authority control code, specifically comprising:
reading hardware information of the hardware equipment currently running the encryption script file; and are
And determining that the read hardware information is consistent with the hardware information contained in the encrypted script file.
11. The method of claim 9, wherein the run-rights control code comprises license authentication logic code; and determining to allow to decrypt the encrypted script in the encrypted script file according to the operation authority control code, specifically comprising:
reading hardware information of the hardware equipment currently running the encryption script file; and are
Generating a license file according to the read hardware information; and
acquiring a license file of the hardware equipment currently running the encryption script file from a local or webpage server;
and determining that the generated license file is consistent with the acquired license file and that the license is within the valid period.
12. The method of claim 9, wherein if the encryption script file includes a password set by a user, the number of iterations, a salt value salt, and key information generated based on the password set by the user; before invoking the script decryption parsing engine to decrypt the encrypted script, the method further includes:
performing iterative processing of iteration times according to the password and the salt value salt input by the user to obtain key information; and are
Determining that the key information is consistent with key information generated based on a password set by a user.
13. A script encryption apparatus, comprising:
the acquisition unit is used for acquiring the script to be encrypted;
the encryption processing unit is used for encrypting the script to be encrypted by using the key information generated by the selected key generation algorithm to obtain an encrypted script;
the embedded unit is used for storing the operation authority control code in an array and embedding the array into the encrypted script to obtain an encrypted script file, wherein the operation authority control code is used for indicating whether the encrypted script is allowed to be decrypted or not;
the obtaining unit is further configured to perform compiling processing on the encrypted script file to obtain an executable file, so that the script decryption analysis engine can automatically run and decrypt the script encrypted by the encrypted script file.
14. The apparatus of claim 13,
the encryption processing unit is used for dividing the script to be encrypted into a plurality of script segments; and for each script fragment, executing the following processes: generating key information for encrypting the script fragment using the script fragment and key information based on a previous script fragment; encrypting the script fragment by using the key information for encrypting the script fragment; obtaining an encrypted script based on each encrypted script fragment; wherein the key information of the first script fragment is generated based on the generated random number and/or the first script fragment.
15. The apparatus of claim 13,
the encryption processing unit is further configured to perform iterative processing on a password set by a user and a salt value salt randomly generated for iteration times to generate key information for encrypting the script to be encrypted; and encrypting the script to be encrypted by using the key information to obtain an encrypted script.
16. The apparatus of claim 13, wherein the run authority control code comprises at least one of: code for monitoring whether the encrypted script is traced back, code for indicating whether the encrypted script is within a valid period, a canned code, and a license authentication logic code.
17. A script decryption execution apparatus, comprising:
the first running unit is used for running an executable file, and the executable file is obtained by performing compiling processing on an encrypted script file;
the decryption unit is used for reading the operation authority control code from the array of the encrypted script file, determining to allow decryption of the encrypted script in the encrypted script file according to the operation authority control code, and calling a script decryption analysis engine to decrypt the encrypted script;
and the second running unit is used for running the decrypted script.
18. The apparatus of claim 17, wherein the run authority control code comprises code for monitoring whether the encrypted script is traced; and
the decryption unit is further configured to receive a confirmation message that the attachment of the derived sub-process is successful; or
The encryption script file contains encrypted time information; and
the decryption unit is also used for decrypting time information from the encrypted script file; determining that the time information is within a validity period; or
The encryption script file further comprises hardware information of hardware equipment allowing the encryption script file; and
the decryption unit is also used for reading the hardware information of the hardware equipment which runs the encryption script file currently; and determining that the read hardware information is consistent with the hardware information contained in the encrypted script file.
19. The apparatus of claim 18, wherein the operating entitlement control code comprises license authentication logic code; and
the decryption unit is also used for reading the hardware information of the hardware equipment which runs the encryption script file currently; generating a license file according to the read hardware information; acquiring a license file of the hardware equipment currently running the encryption script file from a local or webpage server; and determining that the generated license file is consistent with the acquired license file and that the license is within the valid period.
20. The apparatus of claim 18, wherein if the encryption script file includes a password set by a user, the number of iterations, a salt value salt, and key information generated based on the password set by the user; the apparatus further comprises:
the processing unit is used for executing iterative processing of iterative times according to a password and a salt value salt input by a user to obtain key information before the decryption unit calls the script decryption analysis engine to decrypt the encrypted script; and determining that the key information is consistent with key information generated based on a password set by a user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810941501.8A CN109284585B (en) | 2018-08-17 | 2018-08-17 | Script encryption method, script decryption operation method and related device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810941501.8A CN109284585B (en) | 2018-08-17 | 2018-08-17 | Script encryption method, script decryption operation method and related device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109284585A CN109284585A (en) | 2019-01-29 |
| CN109284585B true CN109284585B (en) | 2020-12-22 |
Family
ID=65183148
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810941501.8A Active CN109284585B (en) | 2018-08-17 | 2018-08-17 | Script encryption method, script decryption operation method and related device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109284585B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109976948B (en) * | 2019-03-18 | 2021-04-30 | 北京思源理想控股集团有限公司 | Private information backup method and recovery method and system |
| CN110519064A (en) * | 2019-09-23 | 2019-11-29 | 北京信安世纪科技股份有限公司 | A kind of ciphertext script generates, executes method and device |
| CN110647760A (en) * | 2019-09-23 | 2020-01-03 | 北京信安世纪科技股份有限公司 | Script encryption and execution method and device |
| CN111079132A (en) * | 2019-12-27 | 2020-04-28 | 深圳市元征科技股份有限公司 | User authority management method, device and related equipment |
| CN112231753B (en) * | 2020-10-21 | 2023-09-19 | 中国银行股份有限公司 | Encryption protection method and device for sensitive information in Shell script |
| CN115659292B (en) * | 2022-12-28 | 2023-05-02 | 北京大学 | Encryption method and device for script codes |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101166096A (en) * | 2002-04-17 | 2008-04-23 | 微软公司 | Saving and retrieving data based on public key encryption |
| CN103220143A (en) * | 2011-11-17 | 2013-07-24 | 索尼公司 | Information processing apparatus, information storage apparatus, information processing system, and information processing method and program |
| CN106788976A (en) * | 2016-12-28 | 2017-05-31 | 广东工业大学 | A kind of AES encryption and decryption circuit simulation analysis method and device |
-
2018
- 2018-08-17 CN CN201810941501.8A patent/CN109284585B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101166096A (en) * | 2002-04-17 | 2008-04-23 | 微软公司 | Saving and retrieving data based on public key encryption |
| CN103220143A (en) * | 2011-11-17 | 2013-07-24 | 索尼公司 | Information processing apparatus, information storage apparatus, information processing system, and information processing method and program |
| CN106788976A (en) * | 2016-12-28 | 2017-05-31 | 广东工业大学 | A kind of AES encryption and decryption circuit simulation analysis method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109284585A (en) | 2019-01-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109284585B (en) | Script encryption method, script decryption operation method and related device | |
| CN108322461B (en) | Method, system, device, equipment and medium for automatically logging in application program | |
| EP3038004A1 (en) | Method for providing security for common intermediate language-based program | |
| KR100792287B1 (en) | Method for security and the security apparatus thereof | |
| JP6227772B2 (en) | Method and apparatus for protecting a dynamic library | |
| EP3316160A1 (en) | Authentication method and apparatus for reinforced software | |
| JP2019505887A (en) | Mobile device with reliable execution environment | |
| US8959659B2 (en) | Software authorization system and method | |
| EP3270318B1 (en) | Dynamic security module terminal device and method for operating same | |
| CN107870793B (en) | Method and device for loading SO file in application program | |
| CN101957903A (en) | Method and device for protecting class files | |
| CN104680039A (en) | Data protection method and device of application installation package | |
| CN111177693B (en) | Method, device, equipment and medium for verifying terminal root certificate | |
| CN111859415A (en) | Neural network model encryption system and method | |
| CN114244522A (en) | Information protection method and device, electronic equipment and computer readable storage medium | |
| EP2873023B1 (en) | Technique for determining a malign or non-malign behavior of an executable file | |
| CN115964681A (en) | Generation method of certificate file of target application program | |
| CN110674525A (en) | Electronic equipment and file processing method thereof | |
| CN111639353B (en) | Data management method and device, embedded equipment and storage medium | |
| CN111522555B (en) | apk file reinforcement method, decryption method and related devices | |
| CN108259490B (en) | Client verification method and device | |
| KR101286767B1 (en) | Verification method for application program using dynamic hashing | |
| CN112597449B (en) | Software encryption method, device, equipment and storage medium | |
| CN112968889B (en) | Host right management method, terminal, device and computer readable storage medium | |
| EP3123384A1 (en) | Protecting an item of software |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |