Disclosure of Invention
The embodiment of the invention provides a source code encryption method, a device and a system thereof, which are used for solving the defect that the confidentiality is not good enough when a source code file is uploaded to a compiling server in the prior art.
In a first aspect, an embodiment of the present invention provides a source code encryption method, including:
receiving a source code request sent by a compiling server, wherein the source code request at least comprises user information and project information, the user information and the project information are obtained through an integrated instruction sent to the compiling server by a client, and the integrated instruction at least comprises a dynamic password;
searching an encryption source code library corresponding to the user information and the project information, and acquiring all encryption source code files in the encryption source code library;
and sending the encrypted source code file to the compiling server so that the compiling server compiles the encrypted source code file according to a persistent key and the dynamic password, wherein the persistent key is obtained by a key management device according to a received key request and is contained in key information and sent to the compiling server, and the key request is sent to the key management device by the compiling server and at least comprises the dynamic password.
In a second aspect, an embodiment of the present invention provides a source code encryption method, including:
receiving a key request sent by a compiling server, wherein the key request at least comprises a dynamic password, the dynamic password is obtained through an integrated instruction sent to the compiling server by a client, and the integrated instruction at least also comprises user information and project information;
obtaining key information corresponding to the dynamic password, wherein the key information at least comprises the persistent key;
and sending the key information to the compiling server so that the compiling server compiles an encrypted source code file according to the persistent key and the dynamic password, wherein the encrypted source code file is acquired by the source code encrypting device according to a source code request and is sent to the compiling server, and the source code request is sent to the source code encrypting device by the compiling server and at least comprises the user information and the item information.
In a third aspect, an embodiment of the present invention provides a source code encryption method, including:
receiving an integration instruction sent by a client, wherein the integration instruction at least comprises user information, project information and a dynamic password;
sending a key request to a key management device and a source code request to a source code encryption device, wherein: the key request at least comprises the dynamic password, so that the key management device can obtain key information corresponding to the dynamic password, wherein the key information at least comprises the persistent key, and the source code request at least comprises the user information and the item information, so that the source code encryption device can obtain an encrypted source code file in an encrypted source code library, wherein the encrypted source code library corresponds to the user information and the item information;
receiving the key information sent by the key management device and the encrypted source code file sent by the source code encryption device;
and compiling the encrypted source code file according to the persistent key and the dynamic password.
Fourth aspect an embodiment of the present invention further provides a source code encryption apparatus, including:
the system comprises a first processor, a first memory, a first communication interface and a first bus; wherein the content of the first and second substances,
the first processor, the first memory and the first communication interface complete mutual communication through the first bus;
the first communication interface is used for information transmission between communication devices of the source code encryption device;
the first memory stores program instructions executable by the first processor, the processor invoking the program instructions to perform the method of:
receiving a source code request sent by a compiling server, wherein the source code request at least comprises user information and project information, the user information and the project information are obtained through an integrated instruction sent to the compiling server by a client, and the integrated instruction at least comprises a dynamic password;
searching an encryption source code library corresponding to the user information and the project information, and acquiring all encryption source code files in the encryption source code library;
and sending the encrypted source code file to the compiling server so that the compiling server compiles the encrypted source code file according to a persistent key and the dynamic password, wherein the persistent key is obtained by a key management device according to a received key request and is contained in key information and sent to the compiling server, and the key request is sent to the key management device by the compiling server and at least comprises the dynamic password.
Fifth aspect an embodiment of the present invention further provides a key management apparatus, including:
the second processor, the second memory, the second communication interface and the second bus; wherein the content of the first and second substances,
the second processor, the second memory and the second communication interface complete mutual communication through the second bus;
the second communication interface is used for information transmission between communication devices of the key management device;
the second memory stores program instructions executable by the second processor, the processor invoking the program instructions to perform the method of:
receiving a key request sent by a compiling server, wherein the key request at least comprises a dynamic password, the dynamic password is obtained through an integrated instruction sent to the compiling server by a client, and the integrated instruction at least also comprises user information and project information;
obtaining key information corresponding to the dynamic password, wherein the key information at least comprises the persistent key;
and sending the key information to the compiling server so that the compiling server compiles an encrypted source code file according to the persistent key and the dynamic password, wherein the encrypted source code file is acquired by the source code encrypting device according to a source code request and is sent to the compiling server, and the source code request is sent to the source code encrypting device by the compiling server and at least comprises the user information and the item information.
Sixth aspect an embodiment of the present invention further provides a compiling server, including:
a third processor, a third memory, a third communication interface, and a third bus; wherein the content of the first and second substances,
the third processor, the third memory and the third communication interface complete mutual communication through the third bus;
the third communication interface is used for information transmission between communication devices of the compiling server;
the third memory stores program instructions executable by the third processor, the processor invoking the program instructions to perform the method of:
receiving an integration instruction sent by a client, wherein the integration instruction at least comprises user information, project information and a dynamic password;
sending a key request to a key management device and a source code request to a source code encryption device, wherein: the key request at least comprises the dynamic password, so that the key management device can obtain key information corresponding to the dynamic password, wherein the key information at least comprises the persistent key, and the source code request at least comprises the user information and the item information, so that the source code encryption device can obtain an encrypted source code file in an encrypted source code library, wherein the encrypted source code library corresponds to the user information and the item information;
receiving the key information sent by the key management device and the encrypted source code file sent by the source code encryption device;
and compiling the encrypted source code file according to the persistent key and the dynamic password.
In a seventh aspect, an embodiment of the present invention further provides a source code encryption system, including the source code encryption apparatus described above, the key management server described above, and the compilation server described above, where the source code encryption apparatus, the key management apparatus, and the compilation server are connected in pairs.
In an eighth aspect, an embodiment of the present invention further provides a first computer program, which includes program code for performing the following operations:
receiving a source code request sent by a compiling server, wherein the source code request at least comprises user information and project information, the user information and the project information are obtained through an integrated instruction sent to the compiling server by a client, and the integrated instruction at least comprises a dynamic password;
searching an encryption source code library corresponding to the user information and the project information, and acquiring all encryption source code files in the encryption source code library;
and sending the encrypted source code file to the compiling server so that the compiling server compiles the encrypted source code file according to a persistent key and the dynamic password, wherein the persistent key is obtained by a key management device according to a received key request and is contained in key information and sent to the compiling server, and the key request is sent to the key management device by the compiling server and at least comprises the dynamic password.
In a ninth aspect, an embodiment of the present invention further provides a first storage medium, which is used for storing the first computer program described above.
In a tenth aspect, an embodiment of the present invention further provides a second computer program, which includes program code for performing the following operations:
receiving a key request sent by a compiling server, wherein the key request at least comprises a dynamic password, the dynamic password is obtained through an integrated instruction sent to the compiling server by a client, and the integrated instruction at least also comprises user information and project information;
obtaining key information corresponding to the dynamic password, wherein the key information at least comprises the persistent key;
and sending the key information to the compiling server so that the compiling server compiles an encrypted source code file according to the persistent key and the dynamic password, wherein the encrypted source code file is acquired by the source code encrypting device according to a source code request and is sent to the compiling server, and the source code request is sent to the source code encrypting device by the compiling server and at least comprises the user information and the item information.
In an eleventh aspect, the embodiment of the present invention further provides a second storage medium, which is used for storing the second computer program as described above.
In a twelfth aspect, an embodiment of the present invention further provides a third computer program, which includes program code for performing the following operations:
receiving an integration instruction sent by a client, wherein the integration instruction at least comprises user information, project information and a dynamic password;
sending a key request to a key management device and a source code request to a source code encryption device, wherein: the key request at least comprises the dynamic password, so that the key management device can obtain key information corresponding to the dynamic password, wherein the key information at least comprises the persistent key, and the source code request at least comprises the user information and the item information, so that the source code encryption device can obtain an encrypted source code file in an encrypted source code library, wherein the encrypted source code library corresponds to the user information and the item information;
receiving the key information sent by the key management device and the encrypted source code file sent by the source code encryption device;
and compiling the encrypted source code file according to the persistent key and the dynamic password.
In a thirteenth aspect, the embodiment of the present invention further provides a third storage medium for storing the third computer program as described above.
According to the source code encryption method, the device and the system provided by the embodiment of the invention, the client sends the integrated instruction containing the dynamic password, so that the compiling server compiles the source code file and the persistent key sent by the source code encryption device and the key management device to obtain the final result, thereby improving the security performance of the source code and increasing the security.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a schematic flow chart of a source code encryption method according to an embodiment of the present invention, and as shown in fig. 1, the method includes:
step S101, receiving a source code request sent by a compiling server, wherein the source code request at least comprises user information and project information, the user information and the project information are obtained through an integrated instruction sent to the compiling server by a client, and the integrated instruction at least comprises a dynamic password;
at present, when a client uses a large number of open source code version control systems such as SVN and Gitlab, the source code encryption method adopted in the embodiment of the present invention needs to modify these source code version control systems to meet the requirements, and the modified version control systems are named as source code encryption devices.
When source code needs to be compiled, the source code encryption device receives a source code request sent by a compiling server, wherein the source code request at least comprises user information and project information, the user information and the project information are obtained by the compiling server from a received integrated instruction, and the integrated instruction at least comprises the user information, the project information and a dynamic password.
Of course, the initiation of the compilation of the source code may be other means, for example, the compilation server automatically sends a source code request to the source code encryption device directly according to a preset condition, such as a preset time or frequency, without the initiation of the integration instruction by the client. Or a condition is preset on the source code encryption device side, for example, after the client initiates and completes an update command, the updated source code is directly sent to the compiling server for compiling. For convenience of description, in the following embodiments, only the integration instruction is initiated by the client, and the client may send the integration instruction to the compilation server at the client according to its own requirement. And then the compiling server sends the source code request to the source code encryption device according to the received integrated instruction.
Step S102, searching an encrypted source code library corresponding to the user information and the project information, and acquiring all encrypted source code files in the encrypted source code library;
after receiving the source code request, the source code encryption device analyzes the source code request to acquire the user information and the item information, and then searches an encrypted source code library corresponding to the user information and the item information in a source code storage space. And if the required encryption source code library is found, extracting all the encryption source code files in the encryption source code library. If the required encryption source code library is not found, the source code encryption device may not perform any operation, or may send a failure instruction to the compilation server or the client, so that the compilation server or the client may select to reinitiate the compilation operation or the like.
Step S103, sending the encrypted source code file to the compiling server, so that the compiling server compiles the encrypted source code file according to a persistent key and the dynamic password, where the persistent key is obtained by a key management device according to a received key request and is sent to the compiling server in key information, and the key request is sent to the key management device by the compiling server, where the key request at least includes the dynamic password.
After all the encrypted source code files are extracted, the source code encryption device sends all the encrypted source code files to the compiling server together, so that the compiling server can compile the encrypted source code files specifically, and a final result is obtained. Before the compiling server compiles the encrypted source code file, a persistent key needs to be acquired from a key management module. And then compiling the encrypted source code file according to the dynamic password and the persistent key. The compiling server sends a key request to the key management module in order to obtain the persistent key, wherein the key request at least comprises the dynamic password. The key management module finds a corresponding persistent key according to the received dynamic password and then sends key information to the compiling server, wherein the key information at least comprises the persistent key.
The embodiment of the invention can effectively improve the confidentiality of the source code and the safety in the compiling process by initiating the integrated instruction containing the dynamic password by the client, respectively acquiring the encrypted source code file and the persistent key from the source code encryption device and the key management device, and compiling the encrypted source code file.
Fig. 2 is a schematic flow chart of another source code encryption method according to an embodiment of the present invention, and as shown in fig. 2, the method further includes:
step S111, receiving an update instruction sent by the client, wherein the update instruction at least comprises the user information, the project information, an update file and the dynamic password;
in order to obtain different or better compiling results, a client may continuously improve source codes or add new source codes according to own needs, and whenever the client wants to update, a required update file is uploaded at the client and an update instruction is sent to the source code encryption device, where the update instruction includes at least the user information, the project information, the update file and the dynamic password.
Step S112, finding the source code library and the encrypted source code library corresponding to the user information and the item information, and updating a source code file corresponding to the update file in the source code library according to the update file;
after receiving the update instruction, the source code encryption device analyzes the update instruction, and extracts required information, such as the user information, the project information, the update file, and the dynamic password, from the update instruction.
And then searching a source code library and an encrypted source code library corresponding to the user information and the item information in a source code storage space, if a required source code library and an encrypted source code library are found, further searching whether a source code file corresponding to the updated file exists in the source code library, wherein the searching can be performed according to information such as name, address and the like included in the updated file, for example, if the file name of the updated file is a123 and under a folder B1, and if a folder B1 exists in the source code library and a source code file with the file name of a123 exists under the folder, replacing the source code file in the source code library with the updated file. If the source code file corresponding to the updated file is not found, the updated file is indicated to be a newly added file, and the updated file can be directly copied to the source code library.
If the required source code library and the encrypted source code library are not found at the beginning, the source code encryption device can disregard the updating instruction and does not perform any operation, and can also send a failure instruction to the client to allow the client to perform the next operation according to the failure instruction.
Step S113, sending the key request to the key management apparatus, so that the key management apparatus obtains the key information corresponding to the dynamic password;
and the source code encryption device sends a key request to the key management device when receiving the updating instruction, wherein the key request at least comprises the dynamic password. Therefore, the key management device can find the corresponding persistent key according to the dynamic password and send the persistent key to the source code encryption device in the form of key information.
The step S112 and the step S113 are not in sequence, and may be determined according to actual situations in practical applications. The embodiment is described only with step S112 being preceded and step S113 being followed as an implementation manner.
Step S114, encrypting the source code file updated in the source code library according to the dynamic password and the persistent key and updating the encrypted source code file corresponding to the updated source code file in the encrypted source code library;
and after receiving the persistent key, the source code encryption device extracts a source code file which is updated or newly added in the source code library according to the update file, encrypts the source code file according to the persistent key and the dynamic password, and uses the encrypted updated encrypted source code file to update the encrypted source code library. Namely searching an encrypted source code file corresponding to an updated source code file in the encrypted source code library, if the encrypted source code file is found, replacing the encrypted source code file by using the updated encrypted source code file, and if the encrypted source code file is not found, copying the updated encrypted source code file into the encrypted source code library. Finally, the source code encryption device can compare all the source code files in the source code library with all the encrypted source code files in the encrypted source code library one by one to determine whether the number of the files is the same and one-to-one, and if the files are determined to be correct, the updating is completed. If an error occurs, the error information needs to be reported back to the client, so that the client performs the next operation according to the received error information, for example, re-initiating the update instruction, or cancelling the previous update instruction.
Step S101, receiving a source code request sent by a compiling server, wherein the source code request at least comprises user information and project information, the user information and the project information are obtained through an integrated instruction sent to the compiling server by a client, and the integrated instruction at least comprises a dynamic password;
step S102, searching an encrypted source code library corresponding to the user information and the project information, and acquiring all encrypted source code files in the encrypted source code library;
step S103, sending the encrypted source code file to the compiling server, so that the compiling server compiles the encrypted source code file according to a persistent key and the dynamic password, where the persistent key is obtained by a key management device according to a received key request and is sent to the compiling server in key information, and the key request is sent to the key management device by the compiling server, where the key request at least includes the dynamic password.
Step S101, step S102 and step S103 are the same as the above embodiments, and are not described again here. There is no necessary precedence and one-to-one correspondence between the compiling process step S101, step S102, step S103, the updating process step S111, step S112, step S113, and step S114, and in practical applications, the embodiment is described only in an implementation manner in which the updating process is performed first and the compiling process is performed later, as the case may be.
In the embodiment of the invention, the source code library in the source code encryption device and the source code file and the encrypted source code file in the encrypted source code library are updated by sending the update instruction to the source code encryption device by the client, so that the confidentiality of the source code is improved.
Based on the foregoing embodiment, further, the encrypting the source code file updated in the source code repository according to the dynamic password and the persistent key and updating the encrypted source code file corresponding to the source code file in the encrypted source code repository specifically includes:
decrypting the persistent key according to the dynamic password to obtain a non-persistent key, and storing the non-persistent key in a cache;
encrypting the source code file updated in the source code library according to the non-persistent key and updating an encrypted source code file corresponding to the updated source code file in the encrypted source code library;
and deleting the non-persistent key in the cache after the encryption source code library is updated.
In the updating process of the above embodiment, the process that the source code encryption device encrypts the updated source code file in the source code library after receiving the persistent key specifically includes: firstly, the persistent key is decrypted according to the dynamic password obtained from the updating instruction, so that a non-persistent key is obtained, and the non-persistent key is stored in a cache of the source code encryption device.
And then, according to the non-persistent key, carrying out encryption operation on the updated source code file extracted from the source code library to obtain the updated encrypted source code file. The encrypted source code library is then updated with the updated encrypted source code file.
After the source code encryption device confirms that the updating is completed, the non-persistent key stored in the cache needs to be deleted and destroyed.
The embodiment of the invention can ensure that the non-persistent key is not stolen by decrypting the persistent key into the non-persistent key, encrypting the source code file by using the non-persistent key and finally destroying the non-persistent key, thereby improving the confidentiality of the source code.
Fig. 3 is a schematic flow chart of another source code encryption method according to an embodiment of the present invention, and as shown in fig. 3, the method further includes:
step S121, receiving a new establishment instruction sent by a client, wherein the new establishment instruction at least comprises the user information and the project information;
when a client needs to create a new project to fulfill the own requirement, a new creation instruction is sent to the source code encryption device through the client, wherein the new creation instruction at least includes the user information and the project information.
Step S122, establishing the source code library and the encrypted source code library corresponding to the user information and the project information;
after receiving the new command, the source code encryption device will analyze the new command to obtain the required information, such as the user information and the project information. And then, establishing the source code library and the encrypted source code library corresponding to the user information and the project information in a source code storage space. For the sake of safety, the source code encryption apparatus may also search, before being newly created, in the source code storage space, whether a source code library and an encrypted source code library corresponding to the user information and the project information already exist, and if so, may send a new creation failure instruction to the client, and notify the reason of the new creation failure, so that the client can perform a next operation through an instruction of the client, for example, delete the already existing source code library and encrypted source code library, or directly perform source code update in the already existing source code library and encrypted source code library. For convenience of description, the following embodiments take the case where there is no new creation failure as an example.
Step S123, sending a database new creation request to the key management apparatus, where the database new creation request at least includes the user information and the item information, so that the key management apparatus randomly creates the dynamic password, the non-persistent key, and the password database corresponding to the user information and the item information, encrypts the non-persistent key according to the dynamic password to obtain the persistent key, sets a preset default period as a key period, then stores the dynamic password, the persistent key, the user information, the item information, and the key period in the password database, sets and resets a period timer, and sends the dynamic password to the client.
After the source code library and the encrypted source code library are created, the source code encryption device sends a database creation request to the key management device, wherein the database creation request at least comprises the user information and the project information.
After receiving the database new creation request, the key management device creates a new cryptographic database corresponding to the user information and the project information in a key storage space, and creates a dynamic password and a non-persistent key corresponding to the user information and the project information at random, wherein the dynamic password may be a combination of a plurality of numbers or english letters, and the non-persistent key may also be a plurality of numbers, such as an AES key. Of course, for the sake of safety, the key management apparatus may check whether there is a required cryptographic database before creating a new cryptographic database, and this case is not taken as an example in the following embodiments for convenience of description. The non-persistent key is then encrypted according to the dynamic password to generate a persistent key. And storing the dynamic password, the persistent key, the user information and the project information into the password database, and storing a key period of the password database at the same time, wherein for the newly-built password database, the key period is a preset default key period, such as one week, two weeks or one month. In addition, a period timer corresponding to the password database needs to be established, and the period timer is reset to start timing. The key management device further needs to send the dynamic password to the client.
Step S111, receiving an update instruction sent by the client, wherein the update instruction at least comprises the user information, the project information, an update file and the dynamic password;
step S112, finding the source code library and the encrypted source code library corresponding to the user information and the item information, and updating a source code file corresponding to the update file in the source code library according to the update file;
step S113, sending the key request to the key management apparatus, so that the key management apparatus obtains the key information corresponding to the dynamic password;
step S114, encrypting the source code file updated in the source code library according to the dynamic password and the persistent key, and updating the encrypted source code file corresponding to the updated source code file in the encrypted source code library.
Step S101, receiving a source code request sent by a compiling server, wherein the source code request at least comprises user information and project information, the user information and the project information are obtained through an integrated instruction sent to the compiling server by a client, and the integrated instruction at least comprises a dynamic password;
step S102, searching an encrypted source code library corresponding to the user information and the project information, and acquiring all encrypted source code files in the encrypted source code library;
step S103, sending the encrypted source code file to the compiling server, so that the compiling server compiles the encrypted source code file according to a persistent key and the dynamic password, where the persistent key is obtained by a key management device according to a received key request and is sent to the compiling server in key information, and the key request is sent to the key management device by the compiling server, where the key request at least includes the dynamic password.
Step S111, step S112, step S113, step S114, step S101, step S102, and step S103 are the same as the above embodiments, and are not described herein again.
In the embodiment of the invention, a client sends a new establishment instruction to the source code encryption device through the client, so that the source code encryption device establishes a new source code library and an encrypted source code library, the key management device establishes a new password database, and randomly established dynamic passwords are sent to the client, so that the client can master encrypted key information, and the confidentiality of the source code is improved.
Fig. 4 is a schematic flow chart of another source code encryption method according to an embodiment of the present invention, and as shown in fig. 4, the method includes:
step S201, receiving a key request sent by a compiling server, wherein the key request at least comprises a dynamic password, the dynamic password is obtained through an integrated instruction sent to the compiling server by a client, and the integrated instruction at least also comprises user information and project information;
in the process of compiling the source code, the key management device receives a key request sent by the compiling server, wherein the key request at least comprises a dynamic password. The dynamic password is acquired by the compiling server through analysis of an integration instruction sent by the client, and the integration instruction at least comprises user information, project information and the dynamic password.
Step S202, obtaining key information corresponding to the dynamic password, wherein the key information at least comprises the persistent key;
after receiving the key request, the key management device parses the key request to obtain the required information, such as the dynamic password. And then searching whether a password database corresponding to the dynamic password exists in a key storage space according to the dynamic password. If the needed cipher database is found, the information in the cipher database, such as the persistent key, is extracted and packaged to generate key information. User information and project information in the password database can be added into the key information, so that when the compiling server or the source code encryption device receives the key information, information needing further processing can be compared through the user information and the project information to ensure that no error exists, and errors caused by mistakenly inputting dynamic passwords of other clients are prevented. Of course, for convenience of description, the following embodiments only exemplify that the key information only includes a persistent key. If the needed password database is not found, no operation can be performed, and a failure instruction can be sent to the compiling server or the client, so that the compiling server or the client can perform further operation according to the failure instruction, for example, resending a key request, or other operation.
Step S203, sending the key information to the compiling server, so that the compiling server compiles an encrypted source code file according to the persistent key and the dynamic password, where the encrypted source code file is obtained by the source code encrypting apparatus according to a source code request and sent to the compiling server, and the source code request is sent to the source code encrypting apparatus by the compiling server, where the source code request at least includes the user information and the item information.
And after the key management device finds the key information corresponding to the dynamic password, sending the key information to the compiling server, so that the compiling server can compile the encrypted source code file sent by the source code encryption device according to the persistent key and the dynamic password. And the encrypted source code file is obtained by searching the source code encryption device from a source code storage space according to a source code request sent by the compiling server, wherein the source code request at least comprises the user information and the project information.
In the embodiment of the invention, the client sends the integration instruction containing the dynamic password to the compiling server, so that the compiling server obtains the encrypted source code file and the persistent key from the source code encryption device and the key management device respectively, and then compiles the encrypted source code file to obtain a result, thereby improving the confidentiality of the source code in the compiling process and increasing the safety.
Fig. 5 is a schematic flow chart of another source code encryption method according to an embodiment of the present invention, and as shown in fig. 5, the method further includes:
step S211, receiving a password resetting instruction sent by the client, where the password resetting instruction at least includes the user information and the item information;
as can be seen from the foregoing embodiments, the client needs to include the dynamic password in the above instruction when sending the integration instruction and the update instruction, and the dynamic password is originally sent to the client by the key management device that generates the dynamic password and is saved by the client. When the client forgets the dynamic password or considers that the dynamic password is in danger of being leaked, a new dynamic password can be required, and a password resetting instruction is sent to the key management device through the client, wherein the password resetting instruction at least comprises the user information and the item information.
Step S212, the key management apparatus searches for a password database corresponding to the user information and the project information, generates a new dynamic password and a new non-persistent key at the same time, encrypts the new non-persistent key with the new dynamic password to generate a new persistent key, updates the dynamic password and the persistent key in the password database with the new dynamic password and the new persistent key, and resets a cycle timer corresponding to the password database;
and after receiving the password resetting instruction, the key management device analyzes the password resetting instruction and then searches whether a password database corresponding to the user information and the item information exists in a key storage space. Before this, it is necessary to verify the validity of the password resetting instruction, that is, the validity of the identity of the client, in order to prevent the non-client from initiating the password resetting instruction through the client. There are many ways to verify the validity, for example, by checking the identity information of the client, or according to the preset question-answering information, etc., which are not described in detail herein. If the verification result is legal, searching the needed password database, otherwise, not only performing any processing, but also replying a failure instruction.
If the needed password database is found, a new dynamic password and a new non-persistent key are randomly generated, the new non-persistent key is encrypted according to the new dynamic password to generate a new persistent key, then the dynamic password and the persistent key in the password database are replaced by the new dynamic password and the new persistent key, and meanwhile, a period timer corresponding to the password database is reset.
Step S213, sending the new dynamic password to the client, and sending an encryption request to the source code encryption apparatus, where the encryption request at least includes the user information, the item information, the new dynamic password, and the new persistent key, so that the source code encryption apparatus encrypts all source code files in the source code library according to the new persistent key and the new dynamic password to update all encrypted source code files in the encrypted source code library, where the source code library and the encrypted source code library both correspond to the user information and the item information.
The key management device also needs to send the new dynamic password to the client to inform the client. Meanwhile, the key management device sends an encryption request to the source code encryption device, wherein the encryption request at least comprises the user information, the item information, the new dynamic password and the new persistent key. After receiving the encryption request, the source code encryption device finds a source code library and an encrypted source code library corresponding to the user information and the project information in a source code storage space, encrypts all source code files in the source code library according to the dynamic password and the persistent key to obtain a new encrypted source code file, and covers all encrypted source code files in the encrypted source code library with the new encrypted source code file.
Step S201, receiving a key request sent by a compiling server, wherein the key request at least comprises a dynamic password, the dynamic password is obtained through an integrated instruction sent to the compiling server by a client, and the integrated instruction at least also comprises user information and project information;
step S202, obtaining key information corresponding to the dynamic password, wherein the key information at least comprises the persistent key;
step S203, sending the key information to the compiling server, so that the compiling server compiles an encrypted source code file according to the persistent key and the dynamic password, where the encrypted source code file is obtained by the source code encrypting apparatus according to a source code request and sent to the compiling server, and the source code request is sent to the source code encrypting apparatus by the compiling server, where the source code request at least includes the user information and the item information.
Step S201, step S202 and step S203 are the same as the above embodiments, and are not described herein again.
The embodiment of the invention sends the password resetting request through the client, so that the key management device regenerates the new dynamic password and the new non-persistent key and sends the new dynamic password and the new non-persistent key to the client, and simultaneously re-encrypts the source code file in the source code encryption device, thereby improving the confidentiality of the source code and increasing the safety.
Based on the foregoing embodiment, further, the receiving a password resetting instruction sent by the client, where the password resetting instruction at least includes the user information and the item information, specifically includes:
receiving a period resetting instruction sent by the client, wherein the period resetting instruction at least comprises the user information, the item information and a new key period;
correspondingly, the new dynamic password and the new persistent key are used to update the dynamic password and the persistent key in the password database, and the period timer corresponding to the password database is reset, specifically:
and replacing the dynamic password, the persistent key and the key cycle in the password database with the new dynamic password, the new persistent key and the new key cycle, and resetting a cycle timer corresponding to the password database.
As can be seen from the foregoing embodiment, the password database includes a key cycle, and when the password database is newly created, a value of the key cycle is a preset default key cycle. The key cycle is to update the dynamic password and the non-persistent key once after every key cycle, so that the security performance of the dynamic password and the non-persistent key is ensured. Of course, the client may also send a period resetting instruction to the key management device according to its own needs, for example, it is not desirable to change the dynamic password frequently or it is desirable to increase the frequency of updating the dynamic password, where the period resetting instruction includes at least the user information, the item information and a new key period.
And after receiving the periodic resetting instruction, the key management device analyzes the periodic resetting instruction and then searches whether a password database corresponding to the user information and the item information exists in a key storage space. Before this, it is necessary to verify the validity of the cycle reset instruction in order to prevent the non-client from initiating the cycle reset instruction through the client. And if the verification result is legal, searching the needed password database.
If the needed password database is found, a new dynamic password and a new non-persistent key are randomly generated, the new non-persistent key is encrypted according to the new dynamic password to generate a new persistent key, then the dynamic password, the persistent key and the key period in the password database are replaced by the new dynamic password, the new persistent key and the new key period, and meanwhile, a period timer corresponding to the password database is reset.
The key management device also needs to send the new dynamic password to the client to inform the client. And the key management device sends the encryption request to the source code encryption device. After receiving the encryption request, the source code encryption device finds a source code library and an encrypted source code library corresponding to the user information and the project information in a source code storage space, encrypts all source code files in the source code library according to the dynamic password and the persistent key to obtain a new encrypted source code file, and covers all encrypted source code files in the encrypted source code library with the new encrypted source code file.
According to the embodiment of the invention, the client sends the period resetting instruction to the key management device, so that the key period can be set according to the actual requirements of the client, and a new dynamic password and a new non-persistent key are generated, thereby improving the confidentiality of the source code and increasing the safety.
Based on the above embodiment, further, the method further includes:
if the value counted by the periodic timer is judged to reach or exceed the key period, a new dynamic password and a new non-persistent key are automatically generated, then the new non-persistent key is encrypted according to the new dynamic password to obtain a new persistent key, the new dynamic password and the new persistent key are used for replacing the dynamic password and the persistent key in the password database, and the periodic timer is reset;
and sending the new dynamic password to the client and sending the encryption request to the source code encryption device.
It can be seen from the above embodiments that there is a period timer corresponding to the password database, which times the usage time of the current dynamic password and the non-persistent key. When the value of the period timer reaches or exceeds the key period in the password database, the dynamic password and the non-persistent key need to be updated by default. The key management device randomly generates a new dynamic password and a new non-persistent key again, and then encrypts the new non-persistent key according to the new dynamic password to obtain a new persistent key. Using the new dynamic password and the new persistent key to replace the dynamic password and the persistent key in the password database while resetting the periodic timer.
Then, the key management device needs to send a new dynamic password to the client, and send the encryption request to the source code encryption device. And after receiving the encryption request, the source code encryption device encrypts all source code files in the source code library according to the dynamic password and the persistent key to obtain a new encrypted source code file, and covers all encrypted source code files in the encrypted source code library with the new encrypted source code file.
In the embodiment of the invention, the key management device resets the dynamic password and the non-persistent key after the dynamic password and the non-persistent key are used for the key period, sends a new dynamic password to the client, and simultaneously sends the encryption request to the source code encryption device to update the encrypted source code library, so that the confidentiality of the source code is improved, and the security is increased.
Fig. 6 is a schematic flow chart of another source code encryption method according to an embodiment of the present invention, as shown in fig. 6, the method includes:
step S301, receiving an integration instruction sent by a client, wherein the integration instruction at least comprises user information, project information and a dynamic password;
when the source code needs to be compiled, the compiling server receives an integration instruction sent by the client, wherein the integration instruction at least comprises user information, project information and a dynamic password.
Step S302, sending a key request to the key management device, and sending a source code request to the source code encryption device, wherein: the key request at least comprises the dynamic password, so that the key management device can obtain key information corresponding to the dynamic password, wherein the key information at least comprises the persistent key, and the source code request at least comprises the user information and the item information, so that the source code encryption device can obtain an encrypted source code file in an encrypted source code library, wherein the encrypted source code library corresponds to the user information and the item information;
and after receiving the integration instruction, the compiling server obtains the user information, the project information and the dynamic password through analyzing the integration instruction. And then sending a key request to the key management device, wherein the key request at least comprises the dynamic password, and sending a source code request to the source code encryption device, wherein the source code request at least comprises the user information and the item information. The key management device acquires key information corresponding to the dynamic password according to the received key request and sends the key information back to the compiling server, wherein the key information at least comprises the persistent key. And meanwhile, the source code encryption device can acquire an encrypted source code library corresponding to the user information and the project information according to the received source code request, and then send all encrypted source code files in the encrypted source code library to the compiling server.
Step S303, receiving the key information sent by the key management apparatus and the encrypted source code file sent by the source code encryption apparatus;
the compiling server analyzes the received key information sent by the key management device to obtain the persistent key, and receives the encrypted source code file sent by the source code encryption device.
And step S304, compiling the encrypted source code file according to the persistent key and the dynamic password.
The compiling server compiles the encrypted source code file according to the persistent key and the dynamic password so as to obtain a final result.
In the embodiment of the invention, the client sends the integration instruction containing the dynamic password to the compiling server, so that the compiling server compiles the persistent key and the encrypted source code file obtained from the key management device and the source code encryption device to obtain the compiling result, thereby improving the confidentiality of the source code and increasing the safety.
Based on the foregoing embodiment, further, the compiling the encrypted source code according to the persistent key and the dynamic password specifically includes:
decrypting the persistent key according to the dynamic password to obtain a non-persistent key and storing the non-persistent key in a cache;
decrypting the encrypted source code according to the non-persistent key to obtain a source code;
compiling the source code;
the non-persistent key is deleted after the compilation is complete.
And after the compiling server receives the persistent secret key and the encrypted source code file, the persistent secret key is decrypted according to the dynamic password to obtain a non-persistent secret key, and the non-persistent secret key is stored in a cache. The encrypted source code file is then decrypted based on the non-persistent key to obtain a source code file. Compiling the source code file to obtain a final compiling result, for example, the source code file is written by Java, firstly, the encrypted source code file is loaded into a memory as an input stream, then, the encrypted source code file is decrypted by a non-persistent key in the memory and is stored as Java fileobject as an input parameter of a JDK default compiling method, and then, a result, namely, a class file is finally generated through normal lexical analysis, syntactic analysis and semantic analysis of the JDK, so that the JVM can directly execute the class file. And deleting the non-persistent key stored in the cache after the compiling is completed.
When the compiling server of the embodiment of the invention compiles the encrypted source code file, the dynamic password is firstly used for decrypting the persistent secret key, then the decrypted non-persistent secret key is used for decrypting the encrypted source code file, and finally the source code file is compiled, so that the confidentiality of the source code can be well improved, and the safety is improved.
Fig. 7 is a schematic structural diagram of a source encryption device according to an embodiment of the present invention, and as shown in fig. 7, the source encryption device includes: a processor (processor)611, a memory (memory)612, and a bus 613;
wherein, the processor 611 and the memory 612 communicate with each other via the bus 613;
the processor 611 is configured to call the program instructions in the memory 612 to perform the methods provided by the above-mentioned method embodiments, for example, including: receiving a source code request sent by a compiling server, wherein the source code request at least comprises user information and project information, the user information and the project information are obtained through an integrated instruction sent to the compiling server by a client, and the integrated instruction at least comprises a dynamic password; searching an encryption source code library corresponding to the user information and the project information, and acquiring all encryption source code files in the encryption source code library; and sending the encrypted source code file to the compiling server so that the compiling server compiles the encrypted source code file according to a persistent key and the dynamic password, wherein the persistent key is obtained by a key management device according to a received key request and is contained in key information and sent to the compiling server, and the key request is sent to the key management device by the compiling server and at least comprises the dynamic password.
Fig. 8 is a schematic structural diagram of a key management device according to an embodiment of the present invention, and as shown in fig. 8, the key management device includes: a processor (processor)621, a memory (memory)622, and a bus 623;
wherein, the processor 621 and the memory 622 complete communication with each other through the bus 623;
the processor 621 is configured to call the program instructions in the memory 622 to perform the methods provided by the above-mentioned method embodiments, including: receiving a key request sent by a compiling server, wherein the key request at least comprises a dynamic password, the dynamic password is obtained through an integrated instruction sent to the compiling server by a client, and the integrated instruction at least also comprises user information and project information; obtaining key information corresponding to the dynamic password, wherein the key information at least comprises the persistent key; and sending the key information to the compiling server so that the compiling server compiles an encrypted source code file according to the persistent key and the dynamic password, wherein the encrypted source code file is acquired by the source code encrypting device according to a source code request and is sent to the compiling server, and the source code request is sent to the source code encrypting device by the compiling server and at least comprises the user information and the item information.
Fig. 9 is a schematic structural diagram of a compiling server according to an embodiment of the present invention, and as shown in fig. 9, the compiling server includes: a processor (processor)631, a memory (memory)632, and a bus 633;
wherein, the processor 631 and the memory 632 complete communication with each other through the bus 633;
the processor 631 is configured to call the program instructions in the memory 632 to execute the methods provided by the above-mentioned method embodiments, including: receiving an integration instruction sent by a client, wherein the integration instruction at least comprises user information, project information and a dynamic password; sending a key request to a key management device and a source code request to a source code encryption device, wherein: the key request at least comprises the dynamic password, so that the key management device can obtain key information corresponding to the dynamic password, wherein the key information at least comprises the persistent key, and the source code request at least comprises the user information and the item information, so that the source code encryption device can obtain an encrypted source code file in an encrypted source code library, wherein the encrypted source code library corresponds to the user information and the item information; receiving the key information sent by the key management device and the encrypted source code file sent by the source code encryption device; and compiling the encrypted source code file according to the persistent key and the dynamic password.
Fig. 10 is a schematic structural diagram of a source code encryption system according to an embodiment of the present invention, and as shown in fig. 10, the system includes a source code encryption device 11, a key management device 12, and a compiling server 13, where the source code encryption device 11, the key management device 12, and the compiling server 13 are connected in pairs, where,
the compiling server 13 is configured to receive an integration instruction sent by a client, send a source code request to the source code encrypting apparatus according to the integration instruction, and send a key request to the key management apparatus at the same time, where the integration instruction at least includes user information, item information, and a dynamic password, the source code request at least includes the user information and the item information, and the key request at least includes the dynamic password.
The source code encryption device 11 is configured to obtain an encrypted source code file corresponding to the user information and the project information according to the received source code request, and send the encrypted source code file back to the compiling server.
The key management device 12 is configured to obtain the persistent key corresponding to the dynamic password according to the received key request, and send the persistent key to the compilation server.
The compiling server 13 is further configured to compile the encrypted source code file according to the received dynamic password and the persistent key to obtain a final result.
The source code encryption device can be a self-built server, and can also realize the encryption management of the source code by modifying the original Gitlab server by taking the compiling language as Java and the using scene as the continuous integration example. The key management device is a device for ensuring the security of the key, and the device can be combined with the source code device to form an encryption server, or can exist alone to form a key management server alone. The compiling server can directly compile the encrypted source code to generate a Class file by modifying the original continuous integration device through JDK.
The apparatus and the system provided in the embodiments of the present invention are configured to execute the method, and the functions of the apparatus and the system are specifically referred to the method embodiments, and the detailed method flow is not described herein again.
In the embodiment of the invention, the client sends the integrated instruction containing the dynamic password, so that the compiling server compiles the source code file and the persistent key sent by the source code encrypting device and the key management device to obtain the final result, thereby improving the confidentiality of the source code and increasing the safety.
Further, embodiments of the present invention disclose a first computer program product comprising a first computer program stored on a non-transitory computer readable first storage medium, the first computer program comprising program instructions which, when executed by a computer, enable the computer to perform the method provided by the above-mentioned method embodiments, for example, comprising: receiving a source code request sent by a compiling server, wherein the source code request at least comprises user information and project information, the user information and the project information are obtained through an integrated instruction sent to the compiling server by a client, and the integrated instruction at least comprises a dynamic password; searching an encryption source code library corresponding to the user information and the project information, and acquiring all encryption source code files in the encryption source code library; and sending the encrypted source code file to the compiling server so that the compiling server compiles the encrypted source code file according to a persistent key and the dynamic password, wherein the persistent key is obtained by a key management device according to a received key request and is contained in key information and sent to the compiling server, and the key request is sent to the key management device by the compiling server and at least comprises the dynamic password.
Further, embodiments of the present invention provide a non-transitory computer-readable first storage medium storing computer instructions that cause the computer to perform the methods provided by the above method embodiments, for example, including: receiving a source code request sent by a compiling server, wherein the source code request at least comprises user information and project information, the user information and the project information are obtained through an integrated instruction sent to the compiling server by a client, and the integrated instruction at least comprises a dynamic password; searching an encryption source code library corresponding to the user information and the project information, and acquiring all encryption source code files in the encryption source code library; and sending the encrypted source code file to the compiling server so that the compiling server compiles the encrypted source code file according to a persistent key and the dynamic password, wherein the persistent key is obtained by a key management device according to a received key request and is contained in key information and sent to the compiling server, and the key request is sent to the key management device by the compiling server and at least comprises the dynamic password.
Further, embodiments of the present invention disclose a second computer program product comprising a second computer program stored on a non-transitory computer readable second storage medium, the second computer program comprising program instructions, which when executed by a computer, the computer is capable of performing the method provided by the above-mentioned method embodiments, for example, comprising: receiving a key request sent by a compiling server, wherein the key request at least comprises a dynamic password, the dynamic password is obtained through an integrated instruction sent to the compiling server by a client, and the integrated instruction at least also comprises user information and project information; obtaining key information corresponding to the dynamic password, wherein the key information at least comprises the persistent key; and sending the key information to the compiling server so that the compiling server compiles an encrypted source code file according to the persistent key and the dynamic password, wherein the encrypted source code file is acquired by the source code encrypting device according to a source code request and is sent to the compiling server, and the source code request is sent to the source code encrypting device by the compiling server and at least comprises the user information and the item information.
Further, embodiments of the present invention provide a non-transitory computer-readable second storage medium storing computer instructions that cause the computer to perform the methods provided by the above method embodiments, for example, including: receiving a key request sent by a compiling server, wherein the key request at least comprises a dynamic password, the dynamic password is obtained through an integrated instruction sent to the compiling server by a client, and the integrated instruction at least also comprises user information and project information; obtaining key information corresponding to the dynamic password, wherein the key information at least comprises the persistent key; and sending the key information to the compiling server so that the compiling server compiles an encrypted source code file according to the persistent key and the dynamic password, wherein the encrypted source code file is acquired by the source code encrypting device according to a source code request and is sent to the compiling server, and the source code request is sent to the source code encrypting device by the compiling server and at least comprises the user information and the item information.
Further, embodiments of the present invention disclose a third computer program product comprising a third computer program stored on a non-transitory computer-readable third storage medium, the computer program comprising program instructions, which when executed by a computer, the computer is capable of performing the method provided by the above-mentioned method embodiments, for example, comprising: receiving an integration instruction sent by a client, wherein the integration instruction at least comprises user information, project information and a dynamic password; sending a key request to a key management device and a source code request to a source code encryption device, wherein: the key request at least comprises the dynamic password, so that the key management device can obtain key information corresponding to the dynamic password, wherein the key information at least comprises the persistent key, and the source code request at least comprises the user information and the item information, so that the source code encryption device can obtain an encrypted source code file in an encrypted source code library, wherein the encrypted source code library corresponds to the user information and the item information; receiving the key information sent by the key management device and the encrypted source code file sent by the source code encryption device; and compiling the encrypted source code file according to the persistent key and the dynamic password.
Further, embodiments of the present invention provide a non-transitory computer-readable third storage medium storing computer instructions that cause the computer to perform the methods provided by the above method embodiments, for example, including: receiving an integration instruction sent by a client, wherein the integration instruction at least comprises user information, project information and a dynamic password; sending a key request to a key management device and a source code request to a source code encryption device, wherein: the key request at least comprises the dynamic password, so that the key management device can obtain key information corresponding to the dynamic password, wherein the key information at least comprises the persistent key, and the source code request at least comprises the user information and the item information, so that the source code encryption device can obtain an encrypted source code file in an encrypted source code library, wherein the encrypted source code library corresponds to the user information and the item information; receiving the key information sent by the key management device and the encrypted source code file sent by the source code encryption device; and compiling the encrypted source code file according to the persistent key and the dynamic password.
Those of ordinary skill in the art will understand that: all or part of the steps for implementing the method embodiments may be implemented by hardware related to program instructions, and the program may be stored in a computer readable storage medium, and when executed, the program performs the steps including the method embodiments; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
The embodiments of the apparatuses and systems described above are merely illustrative, where the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.