CN109558707A - A kind of detection method and device, the mobile device of encryption function security level - Google Patents
A kind of detection method and device, the mobile device of encryption function security level Download PDFInfo
- Publication number
- CN109558707A CN109558707A CN201811368228.0A CN201811368228A CN109558707A CN 109558707 A CN109558707 A CN 109558707A CN 201811368228 A CN201811368228 A CN 201811368228A CN 109558707 A CN109558707 A CN 109558707A
- Authority
- CN
- China
- Prior art keywords
- encryption function
- file destination
- keyword
- installation package
- application installation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 26
- 238000009434 installation Methods 0.000 claims abstract description 65
- 230000006870 function Effects 0.000 claims description 166
- 238000000034 method Methods 0.000 claims description 49
- 238000004422 calculation algorithm Methods 0.000 claims description 33
- 238000004590 computer program Methods 0.000 claims description 11
- 230000006837 decompression Effects 0.000 claims description 11
- 238000012512 characterization method Methods 0.000 claims description 3
- 238000012545 processing Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 230000006854 communication Effects 0.000 description 4
- 238000006243 chemical reaction Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 230000005611 electricity Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000007689 inspection Methods 0.000 description 2
- 239000004973 liquid crystal related substance Substances 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 241000208340 Araliaceae Species 0.000 description 1
- 235000005035 Panax pseudoginseng ssp. pseudoginseng Nutrition 0.000 description 1
- 235000003140 Panax quinquefolius Nutrition 0.000 description 1
- 230000001133 acceleration Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000005314 correlation function Methods 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 235000008434 ginseng Nutrition 0.000 description 1
- 230000005484 gravity Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000001404 mediated effect Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 238000012163 sequencing technique Methods 0.000 description 1
- 230000005236 sound signal Effects 0.000 description 1
- 238000010897 surface acoustic wave method Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/125—Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Technology Law (AREA)
- Multimedia (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Telephone Function (AREA)
Abstract
To solve the problems, such as not detecting based on security level of the application installation package encrypted to encryption function in the prior art, the embodiment of the present invention provides a kind of detection method of encryption function security level: the file destination for saving encryption function information is obtained from application installation package;Judge whether contain the first keyword in file destination, wherein the first keyword is for indicating that application installation package is encrypted by encryption function;First keyword if it exists then obtains the key length of encryption function and the specified parameter of the encryption function from file destination;According to the matching result of the comparison result and specified parameter and preset characters string of key length and pre-set length threshold, the security level of encryption function is determined.
Description
Technical field
The present invention relates to security technology area more particularly to a kind of detection methods of encryption function security level, device, shifting
Dynamic equipment and storage medium.
Background technique
Application installation package, i.e. Android installation kit (Android Package, APK), are the collection that can voluntarily decompress file
It closes, the All Files including application software installation, by passing to application program installation kit in Android simulator or Android mobile phone
It can be mounted directly.
In order to guarantee application installation package safety, it will usually be encrypted using encryption function to application installation package.
However, being also not meant to being perfectly safe for encrypted file even if being encrypted to file.It traces it to its cause
One of, it may be possible to the security level of the encryption function used when encrypting to file is lower, can so as to cause the file of encryption
It can be easy to be decrypted.
Currently, how to be detected based on security level of the application installation package encrypted to encryption function, becomes and need
It solves the problems, such as.
Summary of the invention
The embodiment of the present invention provides a kind of detection method of encryption function security level, can not be based on solving the prior art
The problem of application installation package encrypted detects the security level of encryption function.
The embodiment of the present invention also provides detection device, mobile device and the storage medium of a kind of encryption function security level.
In order to solve the above-mentioned technical problem, the present invention is implemented as follows:
In a first aspect, a kind of detection method of encryption function security level is provided, this method comprises: from application installation package
The middle file destination obtained for saving encryption function information;Whether judge in the file destination containing the first keyword, institute
The first keyword is stated for indicating that the application installation package is encrypted by encryption function;First keyword if it exists, then from
The key length of the encryption function and the specified parameter of the encryption function are obtained in the file destination;According to described close
The matching result of the comparison result and the specified parameter and preset characters string of key length and pre-set length threshold, determines institute
State the security level of encryption function.
Second aspect, provides a kind of detection device of encryption function security level, which includes: the first acquisition mould
Block, for obtaining the file destination for saving encryption function information from application installation package;First judgment module, for judging
Whether first keyword is contained in the file destination, and first keyword is for indicating the application installation package by encryption
Function encrypting;Second obtains module, for first keyword if it exists, then the encryption is obtained from the file destination
The specified parameter of the key length of function and the encryption function;Determining module is used for according to the key length and presets
The matching result of the comparison result of length threshold and the specified parameter and preset characters string, determines the encryption function
Security level.
The third aspect provides a kind of mobile device, which includes: memory, processor and be stored in described
It is real when the computer program is executed by the processor on memory and the computer program that can run on the processor
Now the step of detection method of encryption function security level as described in relation to the first aspect.
Fourth aspect provides a kind of computer readable storage medium, stores meter on the computer readable storage medium
Calculation machine program realizes the inspection of encryption function security level as described in relation to the first aspect when the computer program is executed by processor
The step of survey method.
In embodiments of the present invention, based on the first keyword obtain the Encryption Algorithm key length and the encryption
The specified parameter of algorithm, and judge whether the key length be greater than the pre-set length threshold and the specified parameter
For the preset characters string, so detect Encryption Algorithm whether safety.Encryption function security level is carried out in through the invention
The method of detection, on the one hand, can solve the prior art can not safety based on the application installation package encrypted to encryption function
The problem of grade is detected;It on the other hand, can be with by the method user that this programme provides after being encrypted to installation kit
The security level for directly obtaining encryption function used in ciphering process, encrypts so as to more intuitively prompt the user with
The safe coefficient of the installation kit arrived, so that user can be according to determining encryption function security level, adaptively to encryption letter
Number is adjusted.
Detailed description of the invention
The drawings described herein are used to provide a further understanding of the present invention, constitutes a part of the invention, this hair
Bright illustrative embodiments and their description are used to explain the present invention, and are not constituted improper limitations of the present invention.In the accompanying drawings:
Fig. 1 is a kind of implementation process of the detection method for encryption function security level that one embodiment of the present of invention provides
Schematic diagram;
Fig. 2 is a kind of specific structure of the detection device for encryption function security level that one embodiment of the present of invention provides
Schematic diagram;
Fig. 3 is a kind of hardware structural diagram for mobile device that one embodiment of the present of invention provides.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are some of the embodiments of the present invention, instead of all the embodiments.Based on this hair
Embodiment in bright, every other implementation obtained by those of ordinary skill in the art without making creative efforts
Example, shall fall within the protection scope of the present invention.
It, can not be based on the application installation encrypted to solve the prior art in one or more embodiment provided by the invention
The problem of packet detects the security level of encryption function, the embodiment of the present invention provides a kind of inspection of encryption function security level
Survey method.The executing subject of the transmission method can be various types of detection devices, set alternatively, can be mounted to calculate
Standby upper application program applies (Application, APP).The detection device, for example, can be mobile phone, tablet computer,
The user terminals such as intelligent wearable device are also possible to server etc..
For ease of description, for the executing subject of the embodiment of the present invention in this way is the detection device of application program, it is right
This method is introduced.It will be understood by those skilled in the art that the embodiment of the present invention is by taking the detection device of the application program as an example
Method is introduced, is only a kind of exemplary illustration, the corresponding claims of this programme are not construed as limiting.
Figure of description 1 is referred to, is the detection method of the encryption function security level provided in an embodiment of the present invention
Idiographic flow schematic diagram, the process specifically comprise the following steps:
Specifically, the present invention is with RSA (Ron Rivest, Adi Shamir, the Leonard in asymmetry algorithm
Adleman algorithm, RSA) for the encrypted application installation package of encryption function, to the specific implementation flow in the present invention
It is described in detail.
It should be noted that method of the present invention not only can be to encryption letter used in rsa encryption method
Number security level is determined, and method of the present invention such as can be also used for Elgamal, Rabin, D-H (Diffie-
Hellman, D-H), used in the various encryption methods such as elliptic curve (Elliptic curve cryptography, ECC)
Encryption function security level be determined.
Step 11, the file destination for saving encryption function information is obtained from application installation package;
Wherein, the application installation package refers to Android installation kit (Android Package, APK), is passing through rsa encryption
In APK after function encrypting, the file destination typically refers to preserve the smali file of encryption function information.This smali
File is register language file used in a kind of JAVA virtual machine of Android system.
Specifically, the file destination obtained from application installation package for saving encryption function information may include following several
Sub-steps:
Sub-step 111 decompresses the application installation package, with the application installation package after being decompressed;
Wherein, without limitation, decompressing method such as can be and directly adopts the mode decompressed to the application installation package
The application installation package is decompressed with decompression software.
Sub-step 112 is based on preset characteristic information, acquisition and default characteristic information from the application installation package after decompression
The file destination to match;
Wherein, the preset characteristic information includes: application installation package catalogue of the file destination after the decompression
Under predetermined file path.
Specifically, it is based on preset characteristic information, is obtained and default characteristic information phase from the application installation package after decompression
Matched file destination includes following four steps again:
First, according to the application installation package file after decompression, obtain classes.dex file;
Second, decompiling is carried out to classes.dex file, obtains at least one file for extending entitled .smali;
It should be noted that when carrying out decompiling to classes.dex file, for example can be, but not limited to use
Apktool decompiling instrument carries out decompiling to classes.dex file.
For example, it is assumed that carrying out decompiling to classes.dex file using apktool decompiling instrument, then anti-compile is realized
The specific implementation code translated may include: java-jar apktool.jar d-fxxx.apk-o/data/output/xxx;Its
In, xxx.apk indicates the path APK, and/data/output/xxx indicates the path exported after decompiling.
If after apktool decompiling instrument decompiling, it is available at least one extend the file of entitled .smali,
Then show decompiling success;Otherwise, show that decompiling fails.For the feelings by apktool decompiling instrument decompiling failure
Baksmali decompiling code then can be used to the classes.dex text under the application installation package file directory after decompression in condition
Part re-starts decompiling, and the implementation of baksmali decompiling such as may is that
java-jar baksmali.jar-o/data/output/xxx xxx.dex;
Wherein, xxx.dex is the dex file path under application program installation kit catalogue;/ data/output/xxx is anti-
Compile output directory.In the present invention, above-mentioned two kinds of instruction modes that decompiling is carried out to classes.dex file are only this example
In common two ways, not in the present invention realize decompiling specific instruction mode cause to limit.
Third, by the entitled .smali File Mapping of each extension obtained by second step to memory, and to .smali text
Part is parsed, to obtain each function for determining file destination.
4th, be based on preset characteristic information, from each function in the smali file after the parsing, obtain with
The file destination that presupposed information matches.
Step 12, judge that first keyword is for indicating institute whether containing the first keyword in the file destination
Application installation package is stated to encrypt by encryption function;
Specifically, judge whether containing the first keyword in the file destination, for example can carry out by the following method
Determine: searching for first keyword in the file destination, if there is the content to match with first keyword,
Show in the file destination comprising first keyword;Otherwise, first keyword is not included in the file destination.
For example, it is assumed that being encrypted using rsa encryption function to application installation package, wherein the first key table is shown as
KeyPairGenerator characterizes the application installation package and encrypts by Encryption Algorithm;Then judge in the file destination whether
When containing the first keyword, it usually can be, but not limited to solve using following methods:
The first keyword KeyPairGenerator is searched in file destination, seeing in content that search obtains whether there is
The content to match with the first keyword KeyPairGenerator, and then judge whether there is the first keyword.It is closed with first
The content that key word KeyPairGenerator matches such as can be KeyPairGenerator.getInstance
(" RSA "), wherein " RSA " in bracket only indicates that using rsa encryption function encrypts application installation package, not right
The content to match in the present invention with the first keyword causes to limit.And so on, such as according to des encryption function to application
Installation kit encryption, the then content to match with the first keyword KeyPairGenerator obtained will be
" KeyPairGenerator.getInstance (" DES ") ", herein no longer goes to live in the household of one's in-laws on getting married one by one to the encryption situation of remaining encryption function
It states.
It is available with first in conclusion if searching for the first keyword KeyPairGenerator in file destination
The content KeyPairGenerator.getInstance (" RSA ") that keyword KeyPairGenerator matches, then it represents that
There are the first keyword KeyPairGenerator in the file destination.
Step 13, first keyword if it exists, then obtain the key of the encryption function from the file destination
The specified parameter of length and the encryption function;
According to the judging result of step 12, first keyword if it exists, then obtained from the file destination described in
The specified parameter of the key length of encryption function and the encryption function, wherein the key length of encryption function generally refers to
The bit length of modulus value is related to the safety grades upper limit an of encryption function;The specified parameter of encryption function, which refers to, to be stored in
New Technology File System subregion (abbreviation NTFS partition) characterizes the random filling algorithm of the encryption function
Character string can be used to further determine that encryption function security level.
In one or more embodiment provided by the invention, key length and encryption function to encryption function it is specified
The acquisition methods of parameter without limitation, can usually obtain the key length and encryption function of encryption function with the following method
Specified parameter:
Specifically, the example in step 12 is continued to use, it is assumed that encrypt using rsa encryption function to application installation package, then
The method for obtaining the key length of encryption function such as may is that
According to relative positional relationship in the file destination of the first keyword and the key length and described the
One keyword obtains the key length from the file destination;Or, according to the identification field of the key length, from mesh
The key length is obtained in mark file.
Wherein, the identification field of the key length refers to for obtaining key length and uniquely corresponding with key length
Special key words.In general, if inputting the first keyword and the keyword in file destination, then it represents that need to obtain encryption
The key length of algorithm.
For example, can be used according to the identification field of key length, when obtaining the key length from file destination with
Lower method:
The identification field of key length is searched in file destination, such as:
Ljava/security/KeyPairGenerator;->initialize(I)V;Wherein,
KeyPairGenerator indicates the first keyword;Initialize indicates the identification field of the key length of rsa encryption function;
(Ljava/#security/String;) be a kind of JNI field particular descriptor, characterize to the volume of function return value and parameter
Code, wherein L is type descriptor, followed by the character string of class.#
Under normal conditions, the identification field of above-mentioned key length is searched in file destination, it may appear that following two kinds of situations:
Situation one: KeyPairGenerator.initialize (1024);
Situation two: KeyPairGenerator.initialize (0x400);
Wherein, the numerical value in bracket is the key length for indicating encryption function;If there is situation for the moment, show in bracket
Numerical value is the decimal system, and the numerical value in bracket is consistent with the key length of encryption function at this time, can be directly with corresponding in bracket
The key length of numerical value expression encryption function;If there is situation two, show that the numerical value in bracket is hexadecimal, at this time bracket
In numerical value need to be the decimal system by the numerical value conversion in bracket, can just obtain the key of encryption function by corresponding conversion
Length.#
It specifically, is the decimal system by the numerical value conversion in above-mentioned bracket, to obtain encryption letter if there is above situation two
Several key lengths, such as 0x400=1024, so the key length of encryption function is 1024.
It should be noted that the form of expression that " two kinds of situations " described in this example simply means to key length is the decimal system
With two kinds of situations of non-decimal, not to the system form of expression of the numerical values recited of key length itself and key length itself
It is limited in any way, in practical application, makes a concrete analysis of as the case may be, for example, its key length is also possible to 2048,4096
Deng;Its system form of expression such as can also be octodenary, 20 quaternarys, two hexadecimals etc..#
It is identical, continue to use the example in step 12, it is assumed that encrypt using rsa encryption function to application installation package, then
The method for obtaining the specified parameter of encryption function such as may is that
According to first keyword and relative positional relationship of the specified parameter in the file destination, Yi Jisuo
The first keyword is stated, the specified parameter is obtained from the file destination;Or,
According to the characteristic information of the specified parameter, the specified parameter is obtained from the file destination.
For example, the keyword in the characteristic information of specified parameter is searched in file destination, such as:
Ljava/security/KeyPairGenerator;->getInstance(Ljava/#security/
String;);It can be obtained the specified parameter " Cipher.getInstanceRSA/ECB/ of encryption function
OAEPWithSHA256AndMGF1Padding".Wherein, KeyPairGenerator indicates the first keyword;getInstance
(Ljava/security/String;) indicate rsa encryption function specified parameter characteristic information;Specifically, (Ljava/
security/String;) be a kind of JNI field particular descriptor, characterize to the coding of function return value and parameter, wherein
L is type descriptor, followed by the character string of class.#
In addition it is also necessary to explanation, the present invention is to the key length of above-mentioned acquisition encryption function and encryption function
The concrete mode and sequencing of specified parameter are simultaneously not construed as limiting, using the sequence description of " first ... secondly ... " in this example
Method is merely to describe, if can choose to save the time while obtaining Encryption Algorithm
The specified parameter of key length and Encryption Algorithm;If can preferentially obtain Encryption Algorithm to keep result apparent, clear
Then key length obtains the specified parameter of Encryption Algorithm again;Or it can also preferentially obtain the specified parameter of Encryption Algorithm and obtain again
Take the key length of Encryption Algorithm.
Step 14, according to the comparison result and the specified parameter of the key length and pre-set length threshold and in advance
If the matching result of character string determines the security level of the encryption function.
Wherein, pre-set length threshold includes: the key length for having the encryption function of baseline security grade;Encryption function
Specified parameter includes: to characterize the character string of the random filling algorithm of the encryption function;Preset characters string, which includes: that characterization is described, to be added
The character string of random filling algorithm of the close function under different language environment.
In one embodiment, whether this programme can be greater than by judging the key length of the encryption function default
Whether the specified parameter of length threshold and the encryption function matches with preset characters string, to determine the safety of encryption function
Grade.
It is further to note that in the embodiment of the present application, the security level of encryption function can be according to the reality of user
Border needs flexibly to be configured, for example can be set: " safety " and " dangerous " two kinds of security levels, or can also be according to reality
Border needs to be arranged: " safety ", " general " and " dangerous " these three security levels, etc..And the division mode of security level
And the Rule of judgment of different safety class can also be divided according to the significance level of application installation package.Generally, it answers
It is higher with the significance level of installation kit, then it is more detailed and different safe to be directed to the security level that the application installation package is divided
The Rule of judgment of grade is also more harsh.
For example, with according to the comparison result of key length and pre-set length threshold and the specified parameter and predetermined word
The matching result of string is accorded with, for determining the encryption function security level, it is assumed that security level be set in order to: " safety ",
" general " and " dangerous " three grades, then can will: " key length is greater than pre-set length threshold and specified parameter and default
When character string matches " it is used as security level are as follows: the Rule of judgment of " safety ", by " key length is greater than pre-set length threshold, refers to
When determining parameter with preset characters string mismatch " or " specified parameter matches with preset characters string, and key length is less than default length
When spending threshold value " it is used as security level are as follows: the Rule of judgment of " general ", by " key length is less than pre-set length threshold and specified ginseng
When several mismatches with preset characters string " it is used as security level are as follows: the Rule of judgment of " dangerous ".
In one embodiment, the key length for the encryption function that can be got using direct comparison step 13 and pre-
If the method for the size of length threshold judges whether the key length of the encryption function is greater than pre-set length threshold.
For example, determining tentatively examine encryption function security level by the key length to encryption function
It surveys, for example, in practical application, when thering is open loophole to show the key length of rsa encryption function less than 512, the peace of encryption function
Congruent grade is lower, is easy by inversely cracking attack, therefore can be by 512 key as the encryption function of baseline security grade
Length, i.e. pre-set length threshold.If rsa encryption function encrypts application installation package, the key of the encryption function of selection
Length is 256, it is clear that the key length of encryption function is lower than pre-set length threshold 512 at this time, it is determined that encryption function safety
Grade is lower.When obtaining the lower result of the encryption function security level, this testing result can be fed back to rise
To the effect of warning, or the measure for lengthening the key length of encryption function can also be taken, so that the safety etc. of encryption function
Grade is improved.It should be noted that the specific counter-measure in present invention situation lower for encryption function security level
It is not limited in any way.
In addition, in the embodiment of the present application, specified parameter and preset characters string can be specifically judged using following methods
Whether match:
It is assumed that in the present invention random filling algorithm of the preset characters string, that is, encryption function under different language environment character
String are as follows: RSA/ECB/OAEPWithSHA256AndMGF1Padding;The example in step 13 is continued to use, since java applet is main
It is realized by Cipher.getInstance, gets specified parameter so setting as Cipher.getInstance RSA/ECB/
OAEPWithSHA256AndMGF1Padding, by comparing, it is clear that specified parameter and preset characters string content phase in bracket
Together, i.e. the specified parameter of encryption function and preset characters String matching.
It should be noted that must include the title of encryption function in the character string of random filling algorithm, after encryption function
Face can follow a feedback model and padding scheme.In this way, can be specified by the character of random filling algorithm different anti-
Feedback mode and padding scheme guarantee the integrality of encryption function in ciphering process, so, by judging encryption function in the present invention
In specified parameter whether matched with preset characters string, can while detecting encryption function security level, indirectly to encryption letter
Several integralities are detected.
Wherein, character string (the i.e. predetermined word of random filling algorithm of the present invention to encryption function under different language environment
Symbol string) it is not construed as limiting.For example, due to the random filling algorithm of RSA include NoPadding, ISO10126Padding,
OAEPPadding, PKCS1Padding, PKCS5Padding, SSL3Padding, OAEPPadding, PKCS1Padding etc.
It is a variety of, thus corresponding preset characters string can also there are many, for example, in addition to the above-mentioned preset characters string in present example,
The preset characters string can also be Cipher.getInstance (" RSA/ECB/PKCS1Padding "), either
Cipher.getInstance (" RSA ") etc..
Using method provided in an embodiment of the present invention, based on the first keyword obtain the key length of the Encryption Algorithm with
And the specified parameter of the Encryption Algorithm, and judge whether the key length is greater than the pre-set length threshold and the finger
Determine whether parameter is the preset characters string, and then whether detect Encryption Algorithm safe.Encryption function is pacified in through the invention
The method that congruent grade is detected, on the one hand, can solve the prior art can not be based on the application installation package encrypted to encryption
The problem of security level of function is detected;On the other hand, it can also be played when security level is lower than baseline security grade
Guide security level castering action or safe warning function.
To solve not examining based on security level of the application installation package encrypted to encryption function in the prior art
The problem of survey, the embodiment of the present invention provide a kind of detection device 20 of encryption function security level, the specific knot of the detection device
Structure schematic diagram is as shown in Fig. 2, include the first acquisition module 21, the acquisition module 23 of first judgment module 22, second and determining mould
Block 24.The function of each module is introduced in detail below:
First obtains module 21, for obtaining the file destination for saving encryption function information from application installation package;
First judgment module 22, it is whether crucial containing the first keyword, described first in the file destination for judging
Word is for indicating that the application installation package is encrypted by encryption function;
Second obtains module 23, for first keyword if it exists, then described add is obtained from the file destination
The specified parameter of the key length of close function and the encryption function;
Determining module 24, for according to the comparison result of the key length and pre-set length threshold and described specified
The matching result of parameter and preset characters string determines the security level of the encryption function.
Using scheme provided in an embodiment of the present invention, based on the first keyword obtain the key length of the Encryption Algorithm with
And the specified parameter of the Encryption Algorithm, and judge whether the key length is greater than the pre-set length threshold and the finger
Determine whether parameter is the preset characters string, and then whether detect Encryption Algorithm safe.In through the invention to encryption function into
The method of row detection, on the one hand, can solve the prior art can not peace based on the application installation package encrypted to encryption function
The problem of congruent grade is detected;It on the other hand, can by the method user that this programme provides after being encrypted to installation kit
To directly obtain the security level of encryption function used in ciphering process, so as to more intuitively prompt the user with encryption
The security level of obtained installation kit, so that user can be according to determining encryption function security level, adaptively to encryption
Function is adjusted.
Guidance security level castering action or safe police can also be played when security level is lower than baseline security grade
It is shown as using.
Preferably, the embodiment of the present invention also provides a kind of mobile device 300, including processor 310 as shown in Figure 3, deposits
Reservoir 309 is stored in the computer program that can be run on memory 309 and on the processor 310, the computer program quilt
When processor 310 executes, each process of the detection method of encryption function security level described in above-described embodiment is realized, and
Identical technical effect can be reached, to avoid repeating, which is not described herein again.
A kind of hardware structural diagram of Fig. 3 smart machine of each embodiment to realize the present invention, the smart machine 300
Including but not limited to: radio frequency unit 301, audio output unit 303, input unit 304, sensor 305, is shown network module 302
Show the components such as unit 306, user input unit 307, interface unit 308, memory 309, processor 310 and power supply 311.
It will be understood by those skilled in the art that mobile terminal structure shown in Fig. 3 does not constitute the restriction to mobile terminal, it is mobile whole
End may include perhaps combining certain components or different component layouts than illustrating more or fewer components.In the present invention
In embodiment, mobile terminal includes but is not limited to mobile phone, tablet computer, laptop, palm PC, car-mounted terminal, can wear
Wear equipment and pedometer etc..
Wherein, the memory is coupled in processor 310, for being obtained from application installation package for saving encryption letter
The file destination of number information;Judge that first keyword is for indicating whether containing the first keyword in the file destination
The application installation package is encrypted by encryption function;First keyword if it exists, then obtain institute from the file destination
State the key length of encryption function and the specified parameter of the encryption function;According to the key length and pre-set length threshold
Comparison result and the specified parameter and preset characters string matching result, determine the security level of the encryption function.
Memory 309, for storing the computer program that can be run on processor 310, the computer program is processed
When device 310 executes, the above-mentioned function that processor 310 is realized is realized.
It should be understood that the embodiment of the present invention in, radio frequency unit 301 can be used for receiving and sending messages or communication process in, signal
Send and receive, specifically, by from base station downlink data receive after, to processor 310 handle;In addition, by uplink
Data are sent to base station.In general, radio frequency unit 301 includes but is not limited to antenna, at least one amplifier, transceiver, coupling
Device, low-noise amplifier, duplexer etc..In addition, radio frequency unit 301 can also by wireless communication system and network and other set
Standby communication.
Mobile terminal provides wireless broadband internet by network module 302 for user and accesses, and such as user is helped to receive
It sends e-mails, browse webpage and access streaming video etc..
Audio output unit 303 can be received by radio frequency unit 301 or network module 302 or in memory 309
The audio data of storage is converted into audio signal and exports to be sound.Moreover, audio output unit 303 can also be provided and be moved
The relevant audio output of specific function that dynamic terminal 300 executes is (for example, call signal receives sound, message sink sound etc.
Deng).Audio output unit 303 includes loudspeaker, buzzer and receiver etc..
Input unit 304 is for receiving audio or video signal.Input unit 304 may include graphics processor
(Graphics Processing Unit, GPU) 3041 and microphone 3042, graphics processor 3041 is in video acquisition mode
Or the image data of the static images or video obtained in image capture mode by image capture apparatus (such as camera) carries out
Reason.Treated, and picture frame may be displayed on display unit 306.Through graphics processor 3041, treated that picture frame can be deposited
Storage is sent in memory 309 (or other storage mediums) or via radio frequency unit 301 or network module 302.Mike
3042 can receive sound, and can be audio data by such acoustic processing.Treated, and audio data can be in electricity
The format output that mobile communication base station can be sent to via radio frequency unit 301 is converted in the case where words call mode.
Mobile terminal 300 further includes at least one sensor 305, such as optical sensor, motion sensor and other biographies
Sensor.Specifically, optical sensor includes ambient light sensor and proximity sensor, wherein ambient light sensor can be according to environment
The light and shade of light adjusts the brightness of display panel 3061, and proximity sensor can close when mobile terminal 300 is moved in one's ear
Display panel 3061 and/or backlight.As a kind of motion sensor, accelerometer sensor can detect in all directions (general
For three axis) size of acceleration, it can detect that size and the direction of gravity when static, can be used to identify mobile terminal posture (ratio
Such as horizontal/vertical screen switching, dependent game, magnetometer pose calibrating), Vibration identification correlation function (such as pedometer, tap);It passes
Sensor 305 can also include fingerprint sensor, pressure sensor, iris sensor, molecule sensor, gyroscope, barometer, wet
Meter, thermometer, infrared sensor etc. are spent, details are not described herein.
Display unit 306 is for showing information input by user or being supplied to the information of user.Display unit 306 can wrap
Display panel 3061 is included, liquid crystal display (Liquid Crystal Display, LCD), Organic Light Emitting Diode can be used
Forms such as (Organic Light-Emitting Diode, OLED) configure display panel 3061.
User input unit 307 can be used for receiving the number or character information of input, and generate the use with mobile terminal
Family setting and the related key signals input of function control.Specifically, user input unit 307 include touch panel 3071 and
Other input equipments 3072.Touch panel 3071, also referred to as touch screen collect the touch operation of user on it or nearby
(for example user uses any suitable objects or attachment such as finger, stylus on touch panel 3071 or in touch panel 3071
Neighbouring operation).Touch panel 3071 may include both touch detecting apparatus and touch controller.Wherein, touch detection
Device detects the touch orientation of user, and detects touch operation bring signal, transmits a signal to touch controller;Touch control
Device processed receives touch information from touch detecting apparatus, and is converted into contact coordinate, then gives processor 310, receiving area
It manages the order that device 310 is sent and is executed.Furthermore, it is possible to more using resistance-type, condenser type, infrared ray and surface acoustic wave etc.
Seed type realizes touch panel 3071.In addition to touch panel 3071, user input unit 307 can also include other input equipments
3072.Specifically, other input equipments 3072 can include but is not limited to physical keyboard, function key (such as volume control button,
Switch key etc.), trace ball, mouse, operating stick, details are not described herein.
Further, touch panel 3071 can be covered on display panel 3061, when touch panel 3071 is detected at it
On or near touch operation after, send processor 310 to determine the type of touch event, be followed by subsequent processing device 310 according to touching
The type for touching event provides corresponding visual output on display panel 3061.Although in Fig. 3, touch panel 3071 and display
Panel 3061 is the function that outputs and inputs of realizing mobile terminal as two independent components, but in some embodiments
In, can be integrated by touch panel 3071 and display panel 3061 and realize the function that outputs and inputs of mobile terminal, it is specific this
Place is without limitation.
Interface unit 308 is the interface that external device (ED) is connect with mobile terminal 300.For example, external device (ED) may include having
Line or wireless head-band earphone port, external power supply (or battery charger) port, wired or wireless data port, storage card end
Mouth, port, the port audio input/output (I/O), video i/o port, earphone end for connecting the device with identification module
Mouthful etc..Interface unit 308 can be used for receiving the input (for example, data information, electric power etc.) from external device (ED) and
By one or more elements that the input received is transferred in mobile terminal 300 or can be used in 300 He of mobile terminal
Data are transmitted between external device (ED).
Memory 309 can be used for storing software program and various data.Memory 309 can mainly include storing program area
The storage data area and, wherein storing program area can (such as the sound of application program needed for storage program area, at least one function
Sound playing function, image player function etc.) etc.;Storage data area can store according to mobile phone use created data (such as
Audio data, phone directory etc.) etc..In addition, memory 309 may include high-speed random access memory, it can also include non-easy
The property lost memory, a for example, at least disk memory, flush memory device or other volatile solid-state parts.
Processor 310 is the control centre of mobile terminal, utilizes each of various interfaces and the entire mobile terminal of connection
A part by running or execute the software program and/or module that are stored in memory 309, and calls and is stored in storage
Data in device 309 execute the various functions and processing data of mobile terminal, to carry out integral monitoring to mobile terminal.Place
Managing device 310 may include one or more processing units;Preferably, processor 310 can integrate application processor and modulatedemodulate is mediated
Manage device, wherein the main processing operation system of application processor, user interface and application program etc., modem processor is main
Processing wireless communication.It is understood that above-mentioned modem processor can not also be integrated into processor 310.
Mobile terminal 300 can also include the power supply 311 (such as battery) powered to all parts, it is preferred that power supply 311
Can be logically contiguous by power-supply management system and processor 310, to realize management charging by power-supply management system, put
The functions such as electricity and power managed.
In addition, mobile terminal 300 includes some unshowned functional modules, details are not described herein.
Preferably, the embodiment of the present invention also provides a kind of computer readable storage medium, on computer readable storage medium
It is stored with computer program, which realizes the reality of any one method described in above-described embodiment when being executed by processor
Each process of example is applied, and identical technical effect can be reached, to avoid repeating, which is not described herein again.Wherein, the calculating
Machine readable storage medium storing program for executing, such as read-only memory (Read-Only Memory, abbreviation ROM), random access memory (Random
Access Memory, abbreviation RAM), magnetic or disk etc..
It should be noted that, in this document, the terms "include", "comprise" or its any other variant are intended to non-row
His property includes, so that the process, method, article or the device that include a series of elements not only include those elements, and
And further include other elements that are not explicitly listed, or further include for this process, method, article or device institute it is intrinsic
Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including being somebody's turn to do
There is also other identical elements in the process, method of element, article or device.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side
Method can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but in many cases
The former is more preferably embodiment.Based on this understanding, technical solution of the present invention substantially in other words does the prior art
The part contributed out can be embodied in the form of software products, which is stored in a storage medium
In (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that a terminal (can be mobile phone, computer, service
Device, air conditioner or network equipment etc.) execute method described in each embodiment of the present invention.
The embodiment of the present invention is described with above attached drawing, but the invention is not limited to above-mentioned specific
Embodiment, the above mentioned embodiment is only schematical, rather than restrictive, those skilled in the art
Under the inspiration of the present invention, without breaking away from the scope protected by the purposes and claims of the present invention, it can also make very much
Form belongs within protection of the invention.
Claims (12)
1. a kind of detection method of encryption function security level characterized by comprising
The file destination for saving encryption function information is obtained from application installation package;
Judge that first keyword is for indicating the application installation package whether containing the first keyword in the file destination
It is encrypted by encryption function;
First keyword if it exists then obtains the key length of the encryption function and described from the file destination
The specified parameter of encryption function;
According to of the comparison result and the specified parameter and preset characters string of the key length and pre-set length threshold
With as a result, determining the security level of the encryption function.
2. the method as described in claim 1, which is characterized in that the encryption function includes asymmetry encryption function, then,
The pre-set length threshold includes: the key length for having the encryption function of baseline security grade;
The specified parameter of the encryption function includes: to characterize the character string of the random filling algorithm of the encryption function;
The preset characters string includes: the character of random filling algorithm of the characterization encryption function under different language environment
String.
3. the method as described in claim 1, which is characterized in that obtain file destination from application installation package, specifically include:
The application installation package is decompressed, with the application installation package after being decompressed;
Based on preset characteristic information, the target to match with default characteristic information is obtained from the application installation package after the decompression
File;
Wherein, the preset characteristic information includes: the file destination under the application installation package catalogue after the decompression
Predetermined file path.
4. the method as described in claim 1, which is characterized in that obtain the key of the encryption function from the file destination
Length specifically includes:
According to relative positional relationship in the file destination of first keyword and the key length and described the
One keyword obtains the key length from the file destination;Or,
According to the identification field of the key length, the key length is obtained from file destination.
5. the method as described in claim 1, which is characterized in that obtain the specified of the Encryption Algorithm from the file destination
Parameter specifically includes:
According to relative positional relationship in the file destination of first keyword and the specified parameter and described the
One keyword obtains the specified parameter from the file destination;Or,
According to the characteristic information of the specified parameter, the specified parameter is obtained from the file destination.
6. a kind of detection device of encryption function security level characterized by comprising
First obtains module, for obtaining the file destination for saving encryption function information from application installation package;
First judgment module, for judging that first keyword is used for whether containing the first keyword in the file destination
Indicate that the application installation package is encrypted by encryption function;
Second obtains module, for first keyword if it exists, then the encryption function is obtained from the file destination
Key length and the encryption function specified parameter;
Determining module, for according to the comparison result of the key length and pre-set length threshold and the specified parameter with
The matching result of preset characters string determines the security level of the encryption function.
7. device as claimed in claim 6, which is characterized in that the encryption function includes asymmetry encryption function, then,
The pre-set length threshold includes: the key length for having the encryption function of baseline security grade;
The specified parameter of the encryption function includes: to characterize the character string of the random filling algorithm of the encryption function;
The preset characters string includes: the character of random filling algorithm of the characterization encryption function under different language environment
String.
8. device as claimed in claim 6, which is characterized in that obtain file destination from application installation package, specifically include:
Decompression units, for being decompressed to the application installation package, with the application installation package after being decompressed;
File destination acquiring unit obtains and pre- for being based on preset characteristic information from the application installation package after the decompression
If the file destination that characteristic information matches;
Wherein, the preset characteristic information includes: the file destination under the application installation package catalogue after the decompression
Predetermined file path.
9. device as claimed in claim 6, which is characterized in that obtain the key of the encryption function from the file destination
Length specifically includes:
Key length acquiring unit, for the phase according to first keyword with the key length in the file destination
To positional relationship and first keyword, the key length is obtained from the file destination;Or,
For the identification field according to the key length, the key length is obtained from file destination.
10. device as claimed in claim 6, which is characterized in that obtain the finger of the Encryption Algorithm from the file destination
Determine parameter, specifically include:
Specified parameter acquiring unit, for the phase according to first keyword with the specified parameter in the file destination
To positional relationship and first keyword, the specified parameter is obtained from the file destination;Or,
For the characteristic information according to the specified parameter, the specified parameter is obtained from the file destination.
11. a kind of mobile device characterized by comprising memory, processor and be stored on the memory and can be in institute
The computer program run on processor is stated, such as claim 1-5 is realized when the computer program is executed by the processor
The step of detection method of the encryption function security level.
12. a kind of computer readable storage medium, which is characterized in that store computer journey on the computer readable storage medium
Sequence, the computer program realize the detection of encryption function security level as claimed in claims 1-5 when being executed by processor
The step of method.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811368228.0A CN109558707B (en) | 2018-11-16 | 2018-11-16 | Method and device for detecting security level of encryption function and mobile device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811368228.0A CN109558707B (en) | 2018-11-16 | 2018-11-16 | Method and device for detecting security level of encryption function and mobile device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109558707A true CN109558707A (en) | 2019-04-02 |
| CN109558707B CN109558707B (en) | 2021-05-07 |
Family
ID=65866576
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811368228.0A Active CN109558707B (en) | 2018-11-16 | 2018-11-16 | Method and device for detecting security level of encryption function and mobile device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109558707B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110610090A (en) * | 2019-08-28 | 2019-12-24 | 北京小米移动软件有限公司 | Information processing method and device, and storage medium |
| CN113254975A (en) * | 2021-06-15 | 2021-08-13 | 湖南三湘银行股份有限公司 | Digital financial data sharing method |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20040094244A (en) * | 2003-05-02 | 2004-11-09 | 위즈정보기술주식회사 | System for controlling home networking system using messenger |
| CN101192919A (en) * | 2006-11-21 | 2008-06-04 | 中兴通讯股份有限公司 | Method for realizing user-defined security level |
| CN103516511A (en) * | 2013-09-11 | 2014-01-15 | 国家电网公司 | Method and device for detecting encryption algorithm and secret key |
| CN104036194A (en) * | 2014-05-16 | 2014-09-10 | 北京金山安全软件有限公司 | Vulnerability detection method and device for revealing private data in application program |
| CN105205396A (en) * | 2015-10-15 | 2015-12-30 | 上海交通大学 | Detecting system for Android malicious code based on deep learning and method thereof |
-
2018
- 2018-11-16 CN CN201811368228.0A patent/CN109558707B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20040094244A (en) * | 2003-05-02 | 2004-11-09 | 위즈정보기술주식회사 | System for controlling home networking system using messenger |
| CN101192919A (en) * | 2006-11-21 | 2008-06-04 | 中兴通讯股份有限公司 | Method for realizing user-defined security level |
| CN103516511A (en) * | 2013-09-11 | 2014-01-15 | 国家电网公司 | Method and device for detecting encryption algorithm and secret key |
| CN104036194A (en) * | 2014-05-16 | 2014-09-10 | 北京金山安全软件有限公司 | Vulnerability detection method and device for revealing private data in application program |
| CN105205396A (en) * | 2015-10-15 | 2015-12-30 | 上海交通大学 | Detecting system for Android malicious code based on deep learning and method thereof |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110610090A (en) * | 2019-08-28 | 2019-12-24 | 北京小米移动软件有限公司 | Information processing method and device, and storage medium |
| CN110610090B (en) * | 2019-08-28 | 2022-05-03 | 北京小米移动软件有限公司 | Information processing method and device, and storage medium |
| CN113254975A (en) * | 2021-06-15 | 2021-08-13 | 湖南三湘银行股份有限公司 | Digital financial data sharing method |
| CN113254975B (en) * | 2021-06-15 | 2021-09-28 | 湖南三湘银行股份有限公司 | Digital financial data sharing method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109558707B (en) | 2021-05-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105900466B (en) | Message processing method and device | |
| CN104424431B (en) | A kind of method and device resetting virtual machine user modification logging | |
| CN108809906B (en) | Data processing method, system and device | |
| CN109145552B (en) | Information encryption method and terminal equipment | |
| CN109558734A (en) | A kind of detection method and device, the mobile device of storehouse safety | |
| CN106649735B (en) | Method and device for recording log data | |
| CN108629171B (en) | Unread message processing method and terminal | |
| CN106709282B (en) | resource file decryption method and device | |
| CN111309205B (en) | Application sharing method, first electronic device and computer-readable storage medium | |
| CN109885257A (en) | A kind of disk file reading/writing method and device | |
| CN110457935A (en) | A kind of authority configuring method and terminal device | |
| CN109271779A (en) | A kind of installation packet inspection method, terminal device and server | |
| CN111597540B (en) | Login method of application program, electronic device and readable storage medium | |
| CN110035183A (en) | Information sharing method and terminal | |
| CN110069675A (en) | A kind of search method and mobile terminal | |
| CN106685948A (en) | Data processing method, terminal, communication device and data processing system | |
| CN109558707A (en) | A kind of detection method and device, the mobile device of encryption function security level | |
| CN108021379A (en) | A kind of upgrade method of application program, mobile terminal and server | |
| CN109639706B (en) | Request processing method, server, client, system, electronic device and computer readable storage medium | |
| CN109542511A (en) | A kind of detection method of application installation package, device and mobile device | |
| CN109067554A (en) | Endorsement method, device, mobile terminal and the storage medium of anti-injection attacks | |
| CN107995151A (en) | Login validation method, apparatus and system | |
| CN109745699A (en) | A kind of method and terminal device responding touch control operation | |
| CN109522719A (en) | Reinforcing detection method, device and the mobile terminal of application installation package | |
| CN108933670A (en) | A kind of digital signature method, device, mobile device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |