CN109344656B - Database data encryption/decryption method, device and equipment - Google Patents
Database data encryption/decryption method, device and equipment Download PDFInfo
- Publication number
- CN109344656B CN109344656B CN201811446034.8A CN201811446034A CN109344656B CN 109344656 B CN109344656 B CN 109344656B CN 201811446034 A CN201811446034 A CN 201811446034A CN 109344656 B CN109344656 B CN 109344656B
- Authority
- CN
- China
- Prior art keywords
- data
- key
- encryption
- database
- mode
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Abstract
The application discloses a data encryption method for a database, which comprises the following steps: and calling a handler processor corresponding to the data type of the first target data, and encrypting the first target data in a preset encryption mode through the handler processor. The application also discloses a data decryption method, which comprises the following steps: determining a data type of the second target data; and calling a handler processor corresponding to the data type, and decrypting the second target data according to a preset decryption mode through the handler processor. Therefore, in the scheme, the encryption and decryption of the data are realized through the handler processor for the data read from or written into the database, the encryption and decryption mode is simple and easy to use, developers can finish the encryption and decryption of the data without paying attention to the complex logic of the bottom layer, and meanwhile, the high safety of the data is guaranteed. The application also discloses a data encryption/decryption device and equipment of the database, and the technical effects can be achieved.
Description
Technical Field
The present application relates to the field of database encryption technologies, and in particular, to a method, an apparatus, and a device for encrypting/decrypting data of a database.
Background
With the rapid development of the internet in recent years, more and more information security problems are accompanied, and therefore, the problem of secure access to information resources is increasingly prominent. Encryption is one of the core problems of database security, and database encryption technology is an effective means for ensuring the security of sensitive information stored in a database. Although a plurality of encryption algorithms exist at present, the existing encryption algorithms all have the problem of difficult access, and a large amount of work is required to complete the encryption of data.
Therefore, how to simply and effectively encrypt and decrypt the data of the database is a problem to be solved by those skilled in the art.
Disclosure of Invention
The application aims to provide a database data encryption/decryption method, device and equipment so as to simply and effectively encrypt and decrypt data of a database.
In order to achieve the above object, the embodiments of the present application provide the following technical solutions:
a method of encrypting data of a database, comprising:
determining the data type of first target data to be written into a database;
calling a handler processor corresponding to the data type, and encrypting the first target data through the handler processor according to a preset encryption mode;
and writing the encrypted first target data into a database.
The calling a handler processor corresponding to the data type, and encrypting the first target data through the handler processor according to a predetermined encryption mode include:
and calling a handler processor corresponding to the data type, acquiring a key from an encryption key library through the handler processor according to a preset encryption mode, and encrypting the first target data.
Before determining the data type of the first target data to be written into the database, the method further includes:
judging whether the data encryption mode is a handler mode or not;
if yes, executing the step of determining the data type of the first target data to be written into the database;
if not, calling a tool class, obtaining a key from an encryption key library through the tool class, and encrypting the first target data.
Wherein, this scheme still includes:
receiving an adding instruction carrying a new key;
adding the new key to an encryption keystore to encrypt new data with the new key.
Wherein, this scheme still includes:
detecting whether an invalid key exists in the encryption key library or not by taking a preset time length as an interval; the invalid key is an expired key or a leaked key;
if yes, determining the data to be processed corresponding to the invalid key from the database;
and executing decryption operation on the data to be processed by using the invalid key, executing encryption operation on the decrypted data by using the valid key in the encryption key database, and then storing the data to the database again.
A method of decrypting data from a database, comprising:
reading second target data from the database;
determining a data type of the second target data;
and calling a handler processor corresponding to the data type, and decrypting the second target data through the handler processor according to a preset decryption mode.
A data encryption apparatus for a database, comprising:
the first determining module is used for determining the data type of first target data to be written into the database;
the encryption module is used for calling a handler processor corresponding to the data type and encrypting the first target data through the handler processor according to a preset encryption mode;
and the data writing module is used for writing the encrypted first target data into a database.
A data decryption apparatus for a database, comprising:
the data reading module is used for reading second target data from the database;
a second determining module, configured to determine a data type of the second target data;
and the decryption module is used for calling a handler processor corresponding to the data type and decrypting the second target data through the handler processor according to a preset decryption mode.
A data encryption device for a database, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the data encryption method for the database when executing the computer program.
A data decryption device for a database, comprising:
a memory for storing a computer program;
and a processor for implementing the steps of the data decryption method of the database when executing the computer program.
According to the scheme, the data encryption method for the database provided by the embodiment of the application comprises the following steps: determining the data type of first target data to be written into a database; calling a handler processor corresponding to the data type, and encrypting the first target data through the handler processor according to a preset encryption mode; and writing the encrypted first target data into a database. The embodiment of the present application further provides a data decryption method for a database, including: reading second target data from the database; determining a data type of the second target data; and calling a handler processor corresponding to the data type, and decrypting the second target data through the handler processor according to a preset decryption mode.
Therefore, in the scheme, the encryption and decryption of the data are realized through the handler processor for the data read from or written into the database, the encryption and decryption mode is simple and easy to use, developers can finish the encryption and decryption of the data without paying attention to the complex logic of the bottom layer, and meanwhile, the high safety of the data is guaranteed. The application also discloses a data encryption/decryption device and equipment of the database, and the technical effects can be achieved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic flowchart of a data encryption method for a database according to an embodiment of the present disclosure;
fig. 2 is a schematic flowchart of another data encryption method for a database according to an embodiment of the present disclosure;
fig. 3 is a schematic structural diagram of a data encryption apparatus for a database according to an embodiment of the present disclosure;
fig. 4 is a schematic flowchart of a data decryption method for a database according to an embodiment of the present application;
FIG. 5 is a schematic flowchart of another data decryption method for a database according to an embodiment of the present disclosure;
fig. 6 is a schematic structural diagram of a data decryption device for a database according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The embodiment of the application discloses a method, a device and equipment for encrypting/decrypting data of a database, so as to simply and effectively encrypt/decrypt the data of the database.
Referring to fig. 1, a data encryption method for a database provided in an embodiment of the present application includes:
s101, determining the data type of first target data to be written into a database;
specifically, the first target data in the scheme is data to be written into the DataBase, and is data to be written into the DataBase in a form of JDBC (Java DataBase Connectivity, Java DataBase connection) update or insertion, that is, as long as data is written into the DataBase and needs to be encrypted, the data may be called as the first target data; in order to determine the handler processor performing the encryption operation, it is necessary to determine the data type of the first target data, which may be an integer type, a double type, or the like, and is not particularly limited herein.
S102, calling a handler processor corresponding to the data type, and encrypting the first target data through the handler processor according to a preset encryption mode;
it should be noted that, after the data type of the first target data is determined, different handler processors may be called according to different data types, and the handler processors encrypt the first target data according to a preset encryption method. The preset Encryption method may be an Encryption algorithm such as an ordinary AES (Advanced Encryption Standard), or may be a tool type, and is not particularly limited herein.
The calling a handler processor corresponding to the data type, and encrypting the first target data through the handler processor according to a predetermined encryption mode include: and calling a handler processor corresponding to the data type, acquiring a key from an encryption key library through the handler processor according to a preset encryption mode, and encrypting the first target data.
In this embodiment, in order to ensure the security of the key and prevent the key from being stolen by others, all the keys are stored in the encryption key bank, and the keys stored in the encryption key bank are encrypted by a specific algorithm; when data is encrypted, the key needs to be acquired from the encryption key library, and then the encryption operation is performed on the first target data through the acquired key, so that the security of the data stored in the database is further improved.
S103, writing the encrypted first target data into a database.
It will be appreciated that after the first target data is encrypted by the handler processor, the encrypted data needs to be written to the database, for example: and updating and inserting the encrypted data into the database.
Therefore, the data is encrypted in the simple and easy-to-use mode, so that developers can encrypt the data without paying attention to the complex logic of the bottom layer, and meanwhile, the high safety of the data is guaranteed. In addition, the encryption mode in this embodiment also supports key rotation, and when the original key is expired or leaked, the key of the data can be converted into a new key without affecting the use of the encryption component.
Referring to fig. 2, an embodiment of the present application provides a data encryption method for a database, including:
s201, judging whether the data encryption mode is a handler mode; if yes, executing S202; if not, executing S204;
s202, determining the data type of first target data to be written into a database;
s203, calling a handler processor corresponding to the data type, encrypting the first target data through the handler processor according to a preset encryption mode, and executing S205;
s204, calling a tool class, acquiring a key from an encryption key library through the tool class, encrypting the first target data, and executing S205;
s205, writing the encrypted first target data into a database.
It should be noted that, in this embodiment, two encryption modes are proposed, one is a handler mode, and the other is a normal mode; therefore, before encrypting the first target data, it is necessary to determine which encryption mode the first target data is encrypted in. If it is determined in S201 that the data encryption method is the handler mode, S202 to S203 are executed to encrypt the data using the handler processor, and if it is determined that the data encryption method is not the handler mode, it is described as the normal mode, and at this time, S204 is executed to encrypt the data using the tool class. The determination of the encryption mode can be preset by a manager, and can also be automatically determined by the system according to the data size, the data type and other attribute information of the first target data, so that a user can flexibly select the encryption mode, and the user experience is improved.
Based on any of the above method embodiments, in this embodiment, the method further includes:
receiving an adding instruction carrying a new key;
the new key is added to the encryption keystore to encrypt new data with the new key.
In this embodiment, it is necessary to detect whether an expired key or a leaked key exists in the encryption key library at intervals of a predetermined time length; if so, adding a new key to the encryption keystore; therefore, if the adding instruction is received, the new key carried in the instruction needs to be added to the encryption key base, so that when new data is encrypted, the data needs to be encrypted through the key, and the data risk is further reduced.
It should be noted that all encryption modes in this scheme support key rotation, and when an original key in an encryption key library is expired or leaked, a key for encrypting data can be converted into a new key, that is, no matter new data is encrypted by a handler processor or new data is encrypted by calling a tool, the new key needs to be obtained from the database, so that the use of an encryption component is not affected, and the security of data encryption is improved.
Based on any of the above embodiments, in this embodiment, the method further includes:
detecting whether an invalid key exists in the encryption key library or not by taking a preset time length as an interval; the invalid key is an expired key or a leaked key;
if yes, determining the data to be processed corresponding to the invalid key from the database;
and executing decryption operation on the data to be processed by using the invalid key, executing encryption operation on the decrypted data by using the valid key in the encryption key database, and then storing the data to the database again.
It should be noted that, for data stored in the database, in order to avoid a security risk of data storage due to the problem that a key of the data is expired or leaked, in this embodiment, it is required to periodically detect whether an invalid key exists in the encryption key store, where the invalid key is the expired key or the leaked key in the present scheme; if the invalid key exists in the encryption key base, the data to be processed is determined from the database, the data is the data stored in the database and encrypted through the invalid key, and after the acquired data to be processed is decrypted through the invalid key, the decrypted data is encrypted by the valid key in the encryption key base again and stored in the database again.
The encryption operation and the decryption operation in this embodiment may be performed in any manner in the above embodiments, that is: the encryption operation can be executed through the handler processor after the decryption operation is executed on the data to be processed through the handler processor, or the encryption operation can be executed through the tool class after the decryption operation is executed on the data to be processed through the tool class; of course, the encryption operation and the decryption operation may be performed in other manners, and only the above two cases are described as examples.
It can be understood that the periodic detection is detection at intervals of a predetermined time length, and the predetermined time length can be adaptively adjusted according to actual conditions; the invalid key in the encryption key bank is an expired key or a leaked key, and correspondingly, the valid key is an unexpired and undisleaked key in the encryption key bank, so that compared with the invalid key, the data is encrypted by the valid key and then stored, and the safety of data storage can be improved; that is, by re-encrypting the data corresponding to the invalid key, the security of data storage can be improved, and even if the data is acquired by an attacker, since the encryption key of the data is a valid key, the data cannot be decrypted, thereby further improving the security of the data.
The following describes a data encryption device provided in an embodiment of the present application, and the data encryption device described below and the data encryption method described above may be referred to each other.
Referring to fig. 3, an embodiment of the present application provides a data encryption apparatus for a database, including:
a first determining module 110, configured to determine a data type of first target data to be written into a database;
the first encryption module 120 is configured to invoke a handler processor corresponding to the data type, and encrypt the first target data according to a predetermined encryption manner through the handler processor;
and a data writing module 130, configured to write the encrypted first target data into the database.
The first encryption module is specifically configured to: and calling a handler processor corresponding to the data type, acquiring a key from an encryption key library through the handler processor according to a preset encryption mode, and encrypting the first target data.
Wherein, this scheme still includes:
the adding instruction receiving module is used for receiving an adding instruction carrying a new key;
and the new key adding module is used for adding the new key to the encryption key base so as to encrypt the new data by using the new key.
Wherein, this scheme still includes:
the first judgment module is used for judging whether the data encryption mode is a handler mode;
the first determining module is used for determining the data type of the first target data to be written into the database when the data encryption mode is a handler mode;
and the second encryption module is used for calling a tool class when the data encryption mode is not a handler mode, acquiring a key from an encryption key library through the tool class and encrypting the first target data.
Wherein, this scheme still includes:
the detection module is used for detecting whether an invalid key exists in the encryption key database or not at intervals of preset time; the invalid key is an expired key or a leaked key;
the to-be-processed data determining module is used for determining to-be-processed data corresponding to an invalid key from the database when the invalid key exists in the encryption key database;
the data decryption module is used for executing decryption operation on the data to be processed by utilizing the invalid key;
the data encryption module is used for executing encryption operation on the decrypted data by using the effective key in the encryption key library;
and the data storage module is used for storing the encrypted data to the database again.
The embodiment of the present application further discloses a data encryption device for a database, including:
a memory for storing a computer program;
a processor for implementing the steps of the data encryption method as in the above-described method embodiments when executing said computer program.
The embodiment of the application also discloses a computer readable storage medium, wherein a computer program is stored on the computer readable storage medium, and when being executed by a processor, the computer program realizes the steps of the data encryption method in the above method embodiment.
Wherein the storage medium may include: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
Referring to fig. 4, a data decryption method for a database according to an embodiment of the present application; it should be noted that, the data decryption method in this embodiment and the data encryption method in the foregoing embodiment may refer to each other, and the same parts are not described herein again; the data decryption method specifically comprises the following steps:
s301, reading second target data from a database;
s302, determining the data type of the second target data;
and S303, calling a handler processor corresponding to the data type, and decrypting the second target data through the handler processor according to a preset decryption mode.
The scheme calls a handler processor corresponding to the data type, decrypts the second target data through the handler processor according to a preset decryption mode, and specifically includes: and calling a handler processor corresponding to the data type, acquiring a key from an encryption key library through the handler processor according to a preset decryption mode, and decrypting the first target data.
Specifically, the decryption method provided in this embodiment corresponds to the encryption method in the foregoing embodiment, so after reading the second target data from the database, the corresponding handler processor also needs to be called according to the data type of the second target data, the second target data is decrypted by the handler processor according to the predetermined decryption method, and in order to ensure the security of the key and not be stolen by other people, all keys are stored in the encryption keystore, and when decrypting the data, the key needs to be obtained from the encryption keystore first, and then the decryption operation is performed on the second target data through the obtained key. Therefore, the data is encrypted in the simple and easy-to-use mode, so that developers can encrypt the data without paying attention to the complex logic of the bottom layer, and meanwhile, the high safety of the data is guaranteed.
Referring to fig. 5, another data decryption method for a database provided in an embodiment of the present application includes:
s401, reading second target data from a database;
s402, judging whether the data decryption mode is a handler mode; if yes, executing S403; if not, executing S405;
s403, determining the data type of the second target data;
s404, calling a handler processor corresponding to the data type, and decrypting the second target data through the handler processor according to a preset decryption mode.
S405, calling a tool class, obtaining a key from an encryption key library through the tool class, and decrypting the second target data.
Similarly, similar to the encryption mode, in the embodiment, when decrypting data, two decryption modes exist, one is a handler mode, and the other is a normal mode; if it is determined in S402 that the data decryption method is the handler mode, S403-S404 are executed to decrypt the data using the handler processor, and if it is determined that the data decryption method is not the handler mode, it is described as the normal mode, and at this time, S405 is executed to decrypt the data using the tool class. The decryption mode can be determined according to a mode identifier carried in the second target data, wherein the mode identifier is a mode identifier added during data encryption and is used for representing an encryption mode used during data encryption, and therefore, during decryption, the decryption mode which is the same as the encryption mode can be selected; similarly, the decryption mode may be preset by a manager, or the system may automatically determine the decryption mode according to attribute information such as the data size and the data type of the second target data, so that the user may flexibly select the decryption mode, and the user experience may be improved.
In the following, the data decryption apparatus provided in the embodiments of the present application is introduced, and the data decryption apparatus described below and the data decryption method described above may be referred to each other.
Referring to fig. 6, an embodiment of the present application provides a database, including:
a data reading module 210, configured to read second target data from a database;
a second determining module 220, configured to determine a data type of the second target data;
the first decryption module 230 is configured to invoke a handler processor corresponding to the data type, and decrypt the second target data according to a predetermined decryption manner through the handler processor.
Wherein the first decryption module is specifically configured to: and calling a handler processor corresponding to the data type, acquiring a key from an encryption key library through the handler processor according to a preset decryption mode, and decrypting the second target data.
Wherein, the data decryption apparatus further comprises:
the second judgment module is used for judging whether the data decryption mode is a handler mode;
the second determining module is configured to determine the data type of the second target data when the data decryption mode is a handler mode;
and the second decryption module is used for calling a tool class when the data decryption mode is not the handler mode, acquiring a key from an encryption key library through the tool class and decrypting the second target data.
The embodiment of the present application further discloses a data decryption device for a database, including:
a memory for storing a computer program;
a processor for implementing the steps of the data decryption method as described in the above method embodiments when executing said computer program.
The embodiment of the application also discloses a computer readable storage medium, wherein a computer program is stored on the computer readable storage medium, and when being executed by a processor, the computer program realizes the steps of the data decryption method in the above method embodiment.
Wherein the storage medium may include: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
It can be seen that the data encryption/decryption method, device, equipment and computer readable storage medium for the database provided by the scheme can encrypt and decrypt data of different data types through the corresponding handler processors for reading, modifying, inserting and the like of Mybatis data, so that developers can complete encryption and decryption of the data without paying attention to the underlying complex logic, and meanwhile, high security of the data is guaranteed.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (7)
1. A method for encrypting data in a database, comprising:
judging whether the data encryption mode is a handler mode or not; the data encryption mode is preset by a manager, or the system automatically determines according to the data size and the data type of the first target data;
if not, calling a tool class, acquiring a key from an encryption key library through the tool class, and encrypting the first target data;
if so, determining the data type of the first target data to be written into the database;
calling a handler processor corresponding to the data type, acquiring a key from an encryption key library through the handler processor according to a preset encryption mode, and encrypting the first target data; wherein, the key stored in the encryption key base is encrypted by a specific algorithm;
writing the encrypted first target data into a database;
detecting whether an invalid key exists in the encryption key library or not by taking a preset time length as an interval; the invalid key is an expired key or a leaked key;
if yes, determining the data to be processed corresponding to the invalid key from the database;
and executing decryption operation on the data to be processed by using the invalid key, executing encryption operation on the decrypted data by using the valid key in the encryption key database, and then storing the data to the database again.
2. The data encryption method of claim 1, further comprising:
receiving an adding instruction carrying a new key;
adding the new key to an encryption keystore to encrypt new data with the new key.
3. A method for decrypting data in a database, comprising:
reading second target data from the database;
judging whether the data decryption mode is a handler mode or not; the data decryption mode is preset by a manager, or the system automatically determines according to the data size and the data type of the second target data;
if not, calling a tool class, acquiring a key from an encryption key library through the tool class, and decrypting the second target data;
if so, determining the data type of the second target data;
calling a handler processor corresponding to the data type, acquiring a key from an encryption key library through the handler processor according to a preset decryption mode, and decrypting the second target data; wherein, the key stored in the encryption key base is encrypted by a specific algorithm;
detecting whether an invalid key exists in the encryption key library or not by taking a preset time length as an interval; the invalid key is an expired key or a leaked key;
if yes, determining the data to be processed corresponding to the invalid key from the database;
and executing decryption operation on the data to be processed by using the invalid key, executing encryption operation on the decrypted data by using the valid key in the encryption key database, and then storing the data to the database again.
4. A data encryption apparatus for a database, comprising:
the first determining module is used for determining the data type of first target data to be written into the database;
the encryption module is used for calling a handler processor corresponding to the data type, acquiring a key from an encryption key library through the handler processor according to a preset encryption mode, and encrypting the first target data; wherein, the key stored in the encryption key base is encrypted by a specific algorithm;
the data writing module is used for writing the encrypted first target data into a database;
wherein the data encryption device is further configured to: detecting whether an invalid key exists in the encryption key library or not by taking a preset time length as an interval; the invalid key is an expired key or a leaked key; if yes, determining the data to be processed corresponding to the invalid key from the database; performing decryption operation on the data to be processed by using the invalid key, performing encryption operation on the decrypted data by using the valid key in the encryption key database, and then storing the data to the database again;
the data encryption apparatus further includes:
the first judgment module is used for judging whether the data encryption mode is a handler mode; the data encryption mode is preset by a manager, or the system automatically determines according to the data size and the data type of the first target data;
the first determining module is used for determining the data type of the first target data to be written into the database when the data encryption mode is a handler mode;
and the second encryption module is used for calling a tool class when the data encryption mode is not a handler mode, acquiring a key from an encryption key library through the tool class and encrypting the first target data.
5. A data decryption apparatus for a database, comprising:
the data reading module is used for reading second target data from the database;
a second determining module, configured to determine a data type of the second target data;
the decryption module is used for calling a handler processor corresponding to the data type, acquiring a key from an encryption key library through the handler processor according to a preset decryption mode, and decrypting the second target data; wherein, the key stored in the encryption key base is encrypted by a specific algorithm;
wherein the data decryption device is further configured to: detecting whether an invalid key exists in the encryption key library or not by taking a preset time length as an interval; the invalid key is an expired key or a leaked key; if yes, determining the data to be processed corresponding to the invalid key from the database; performing decryption operation on the data to be processed by using the invalid key, performing encryption operation on the decrypted data by using the valid key in the encryption key database, and then storing the data to the database again;
wherein the data decryption apparatus further comprises:
the second judgment module is used for judging whether the data decryption mode is a handler mode; the data decryption mode is preset by a manager, or the system automatically determines according to the data size and the data type of the second target data;
the second determining module is configured to determine the data type of the second target data when the data decryption mode is a handler mode;
and the second decryption module is used for calling a tool class when the data decryption mode is not the handler mode, acquiring a key from an encryption key library through the tool class and decrypting the second target data.
6. A data encryption apparatus for a database, comprising:
a memory for storing a computer program;
processor for implementing the steps of the data encryption method of the database according to claim 1 or 2 when executing said computer program.
7. A data decryption apparatus for a database, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the data decryption method of the database according to claim 3 when executing said computer program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811446034.8A CN109344656B (en) | 2018-11-29 | 2018-11-29 | Database data encryption/decryption method, device and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811446034.8A CN109344656B (en) | 2018-11-29 | 2018-11-29 | Database data encryption/decryption method, device and equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109344656A CN109344656A (en) | 2019-02-15 |
| CN109344656B true CN109344656B (en) | 2021-10-22 |
Family
ID=65318745
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811446034.8A Active CN109344656B (en) | 2018-11-29 | 2018-11-29 | Database data encryption/decryption method, device and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109344656B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111079188B (en) * | 2019-12-27 | 2022-04-15 | 苏州海管家物流科技有限公司 | mybatis field encryption and decryption device and encryption and decryption system |
| CN113722743A (en) * | 2021-09-14 | 2021-11-30 | 刘晓冰 | File encryption and decryption method and related equipment and system |
| AU2021427872A1 (en) * | 2021-11-05 | 2023-05-25 | Futu Network Technology (shenzhen) Co., Ltd. | Method and apparatus for data processing in equity incentive system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103036884A (en) * | 2012-12-14 | 2013-04-10 | 中国科学院上海微系统与信息技术研究所 | Data protection method and system based on homomorphic encryption |
| CN105022966A (en) * | 2015-07-21 | 2015-11-04 | 郭俊雄 | Database data encryption and decryption method and system |
| CN207083085U (en) * | 2017-08-04 | 2018-03-09 | 重庆万里高科技有限公司 | A kind of multi-standard data radio station system |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101119193A (en) * | 2006-08-02 | 2008-02-06 | 成都若谷科技开发有限公司 | Digital player with copyright protection and its complement software |
| CN101594229B (en) * | 2009-06-30 | 2011-06-22 | 华南理工大学 | System and method for connecting credible network based on combined public key |
| US8627083B2 (en) * | 2010-10-06 | 2014-01-07 | Motorala Mobility LLC | Online secure device provisioning with online device binding using whitelists |
| US9948637B2 (en) * | 2015-10-08 | 2018-04-17 | American Express Travel Related Services Company, Inc. | System and method for data security on big data sets |
| CN105843609A (en) * | 2016-03-18 | 2016-08-10 | 浪潮软件集团有限公司 | MVC frame based on Spring and MyBatis |
| CN107995147B (en) * | 2016-10-27 | 2021-05-14 | 中国电信股份有限公司 | Metadata encryption and decryption method and system based on distributed file system |
| CN107454590A (en) * | 2017-07-26 | 2017-12-08 | 上海斐讯数据通信技术有限公司 | A kind of data ciphering method, decryption method and wireless router |
| CN108600416A (en) * | 2018-07-06 | 2018-09-28 | 杭州涂鸦信息技术有限公司 | A kind of method that internet of things equipment MAC Address dynamically distributes |
-
2018
- 2018-11-29 CN CN201811446034.8A patent/CN109344656B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103036884A (en) * | 2012-12-14 | 2013-04-10 | 中国科学院上海微系统与信息技术研究所 | Data protection method and system based on homomorphic encryption |
| CN105022966A (en) * | 2015-07-21 | 2015-11-04 | 郭俊雄 | Database data encryption and decryption method and system |
| CN207083085U (en) * | 2017-08-04 | 2018-03-09 | 重庆万里高科技有限公司 | A kind of multi-standard data radio station system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109344656A (en) | 2019-02-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20220006617A1 (en) | Method and apparatus for data storage and verification | |
| RU2295834C2 (en) | Initialization, maintenance, renewal and restoration of protected mode of operation of integrated system, using device for controlling access to data | |
| CN102171704B (en) | External encryption and recovery management with hardware encrypted storage devices | |
| KR100692348B1 (en) | Sleep protection | |
| US8516271B2 (en) | Securing non-volatile memory regions | |
| CN107078904B (en) | Hybrid cryptographic key derivation | |
| CN109344656B (en) | Database data encryption/decryption method, device and equipment | |
| EP2528004A1 (en) | Secure removable media and method for managing the same | |
| EP3667535A1 (en) | Storage data encryption and decryption device and method | |
| JP2005018725A5 (en) | ||
| US20120137372A1 (en) | Apparatus and method for protecting confidential information of mobile terminal | |
| JP2007133608A (en) | Information processing apparatus, software installation method and optical disk | |
| CN113221171A (en) | Encrypted file reading and writing method and device, electronic equipment and storage medium | |
| WO2019120293A1 (en) | Off-chip memory address scrambling apparatus and method for system on chip | |
| Bossi et al. | What users should know about full disk encryption based on LUKS | |
| US11934539B2 (en) | Method and apparatus for storing and processing application program information | |
| CN110955904B (en) | Data encryption method, data decryption method, processor and computer equipment | |
| KR101405915B1 (en) | Method for writing data by encryption and reading the data thereof | |
| JP4836504B2 (en) | IC chip, board, information processing apparatus and computer program | |
| CN112287415B (en) | USB storage device access control method, system, medium, device and application | |
| CN110909318B (en) | Operating system anti-theft method and device for user equipment and terminal | |
| CN113591107A (en) | System and method for realizing file redirection encryption and decryption | |
| CN107688729B (en) | Application program protection system and method based on trusted host | |
| CN102087683A (en) | Password management and verification method suitable for trusted platform module (TPM) | |
| GB2544356B (en) | Mobile device and monitoring method adaptable to mobile device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |