CN109635577A - A kind of method of the data file of offline decryption oracle tde encryption - Google Patents

A kind of method of the data file of offline decryption oracle tde encryption Download PDF

Info

Publication number
CN109635577A
CN109635577A CN201811463859.0A CN201811463859A CN109635577A CN 109635577 A CN109635577 A CN 109635577A CN 201811463859 A CN201811463859 A CN 201811463859A CN 109635577 A CN109635577 A CN 109635577A
Authority
CN
China
Prior art keywords
file
encryption
tde
data file
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811463859.0A
Other languages
Chinese (zh)
Inventor
杨海峰
王迪静
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING ANHUA JINHE TECHNOLOGY CO LTD
Original Assignee
BEIJING ANHUA JINHE TECHNOLOGY CO LTD
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING ANHUA JINHE TECHNOLOGY CO LTD filed Critical BEIJING ANHUA JINHE TECHNOLOGY CO LTD
Priority to CN201811463859.0A priority Critical patent/CN109635577A/en
Publication of CN109635577A publication Critical patent/CN109635577A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to a kind of methods of the data file of offline decryption oracle tde encryption, are technically characterized by comprising the steps as follows: and decrypt master key using key file in wallet file and wallet password;The decruption key of encryption file is solved using master key;Utilize decryption key decryption data file.The password that the present invention passes through key file and opening wallet under wallet, original cryptograph files can be reverted in plain text, the perfect entire function of oracle tde system, the data of comprehensive guarantee user are not lost, it ensure that user can still restore data in this scenario, allow user not have trouble and worry in using oracle tde function course.

Description

A kind of method of the data file of offline decryption oracle tde encryption
Technical field
The invention belongs to data encryption technology field, especially a kind of data file of offline decryption oracle tde encryption Method.
Background technique
Transparent data encryption (tde) technology is the technology that oracle is used for data file encryption, it is protected by encrypting The sensitive data being stored in operating system file.This technology can not be stolen with the sensitive data of effective protection user, but It is, if there is delay machine in database, and when conventional database recovery mode can not also restart database, these ciphertext numbers It also will be unable to read according to file user, this will lead to user encryption data and thoroughly loses.
Summary of the invention
It is an object of the invention to overcome the deficiencies in the prior art, propose a kind of number of offline decryption oracle tde encryption According to the method for file, solving ciphertext data file user under abnormal conditions can not read and user encryption data is caused thoroughly to be lost The problem of.
The present invention solves its technical problem and adopts the following technical solutions to achieve:
A kind of method of the data file of offline decryption oracle tde encryption, comprising the following steps:
Step 1 decrypts master key using key file in wallet file and wallet password;
Step 2, the decruption key that encryption file is solved using master key;
Step 3 utilizes decryption key decryption data file.
The specific method of the step 3 includes following treatment process:
(1) the block size of file is read from data file;
(2) whether decision block encrypts, and if it is cryptographic block, then enters (3), otherwise direct copy block;
(3) encryption algorithm type is read from data file;
(4) verification and correction judgement reject the block if incorrect;
(5) blocks of files is decrypted.
(3) encryption algorithm type includes four kinds to the step.
(5) the step in blocks of files decrypting process, carries out plaintext byte to skip processing.
The advantages and positive effects of the present invention are:
The present invention has increased offline ciphertext data file function newly on the basis of oracle tde original function, passes through The password of key file and opening wallet under wallet, can revert to original cryptograph files in plain text, perfect The data of the entire function of oracle tde system, comprehensive guarantee user are not lost, and ensure that user remains unchanged in this scenario Data can be restored, user is allowed not have trouble and worry in using oracle tde function course.
Detailed description of the invention
Fig. 1 is process flow diagram of the invention.
Specific embodiment
The embodiment of the present invention is further described below in conjunction with attached drawing.
A kind of method of the data file of offline decryption oracle tde encryption, comprising the following steps:
Step 1 decrypts master key using key file in wallet file and wallet password.
It is encrypted since Oracle tde master key is deposited in wallet, and using PKCS12, it therefore, can be direct Master key can be solved using wallet password.
Step 2, the decruption key that encryption file is solved using the master key that step 1 generates.
It is stored hereof since the key of data file uses certain Encryption Algorithm, utilize master key energy Decrypt file key.
Step 3 utilizes decryption key decryption data file.Specific method is as shown in Figure 1, include following treatment process:
(1) the block size of file is read from data file.
Since different block size encryptions are supported in tde encryption, the block that this step need to read file from data file is big It is small, judge to encrypt block size, and be decrypted by block.
(2) whether decision block encrypts, and if it is cryptographic block, then enters step (3), otherwise direct copy block.
Due in file not every piece all be encryption, Plaintext block be not required to it is to be processed, therefore it may only be necessary to block Encryption judged.
(3) encryption algorithm type is read from data file, judge encryption algorithm type.
In this step, algorithm types can also be read from file, and oracle database supports four kinds of Encryption Algorithm.
(4) verification and correction judgement for bad block, are then rejected if incorrect.
Due to that can have verification in each piece and judge the correctness of block, verification and it is incongruent be bad block, Even if bad block ciphertext data is also mistake, so decryption needs to reject bad block.
(5) blocks of files is decrypted.
Judge directly decrypted according to algorithm after good various flag bits.Since there is also partial words in cryptographic block Section is plaintext, and therefore, plaintext byte carries out skipping processing.
It is emphasized that embodiment of the present invention be it is illustrative, without being restrictive, therefore packet of the present invention Include and be not limited to embodiment described in specific embodiment, it is all by those skilled in the art according to the technique and scheme of the present invention The other embodiments obtained, also belong to the scope of protection of the invention.

Claims (4)

1. a kind of method of the data file of offline decryption oracle tde encryption, it is characterised in that the following steps are included:
Step 1 decrypts master key using key file in wallet file and wallet password;
Step 2, the decruption key that encryption file is solved using master key;
Step 3 utilizes decryption key decryption data file.
2. a kind of method of the data file of offline decryption oracle tde encryption according to claim 1, feature exist In: the specific method of the step 3 includes following treatment process:
(1) the block size of file is read from data file;
(2) whether decision block encrypts, and if it is cryptographic block, then enters (3), otherwise direct copy block;
(3) encryption algorithm type is read from data file;
(4) verification and correction judgement reject the block if incorrect;
(5) blocks of files is decrypted.
3. a kind of method of the data file of offline decryption oracle tde encryption according to claim 2, feature exist In: (3) encryption algorithm type includes four kinds to the step.
4. a kind of method of the data file of offline decryption oracle tde encryption according to claim 2, feature exist (5) in blocks of files decrypting process, plaintext byte is carried out to skip processing in: the step.
CN201811463859.0A 2018-12-03 2018-12-03 A kind of method of the data file of offline decryption oracle tde encryption Pending CN109635577A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811463859.0A CN109635577A (en) 2018-12-03 2018-12-03 A kind of method of the data file of offline decryption oracle tde encryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811463859.0A CN109635577A (en) 2018-12-03 2018-12-03 A kind of method of the data file of offline decryption oracle tde encryption

Publications (1)

Publication Number Publication Date
CN109635577A true CN109635577A (en) 2019-04-16

Family

ID=66070458

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811463859.0A Pending CN109635577A (en) 2018-12-03 2018-12-03 A kind of method of the data file of offline decryption oracle tde encryption

Country Status (1)

Country Link
CN (1) CN109635577A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112507358A (en) * 2020-12-11 2021-03-16 国电南瑞科技股份有限公司 Scene-demand-based lightweight encryption algorithm selection method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1324028A (en) * 2000-05-11 2001-11-28 松下电器产业株式会社 Document managing device
CN105160272A (en) * 2015-08-28 2015-12-16 国家电网公司 Autonomous controllable database based security encryption method and system
CN105245328A (en) * 2015-09-09 2016-01-13 西安电子科技大学 User and file key generation and management method based on third party

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1324028A (en) * 2000-05-11 2001-11-28 松下电器产业株式会社 Document managing device
CN105160272A (en) * 2015-08-28 2015-12-16 国家电网公司 Autonomous controllable database based security encryption method and system
CN105245328A (en) * 2015-09-09 2016-01-13 西安电子科技大学 User and file key generation and management method based on third party

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112507358A (en) * 2020-12-11 2021-03-16 国电南瑞科技股份有限公司 Scene-demand-based lightweight encryption algorithm selection method
CN112507358B (en) * 2020-12-11 2022-09-02 国电南瑞科技股份有限公司 Scene-demand-based lightweight encryption algorithm selection method

Similar Documents

Publication Publication Date Title
US8767959B2 (en) Block encryption
CN104573528B (en) A kind of anti-copy Soc starting method and chip
JP2020535693A (en) Storage data encryption / decryption device and method
CN104205117A (en) Device file encryption and decryption method and device
CN108881960B (en) Intelligent camera safety control and data confidentiality method based on identification password
TW202121868A (en) Data encryption and decryption method and device, storage medium and encrypted file
CN110166458B (en) Three-level key encryption method
CN111625791B (en) Key management method and system based on software cryptographic module
CN102236756A (en) File encryption method based on TCM (trusted cryptography module) and USBkey
CN111404953A (en) Message encryption method, message decryption method, related devices and related systems
CN113890731B (en) Key management method, device, electronic equipment and storage medium
CN103198264A (en) Method and device for recovering encrypted file system data
CN104660590A (en) Cloud storage scheme for file encryption security
US20220284112A1 (en) System and method for securely transferring data
CN111884814B (en) Method and system for preventing intelligent terminal from being counterfeited
CN102811124B (en) Based on the system Authentication method of two card trigram technology
CN112417521B (en) Information security system based on FPGA+processor architecture and working method thereof
CN109857421A (en) The encryption upgrade method and system of embedded device
CN113722741A (en) Data encryption method and device and data decryption method and device
CN109635577A (en) A kind of method of the data file of offline decryption oracle tde encryption
CN108256346A (en) Guard method, encipherment protection device and the embedded system device of critical data
CN1607511B (en) Data protection method and system
CN103377327A (en) PHP program protection method and system
CN113691373B (en) Anti-quantum key escrow system and method based on alliance block chain
CN105227312A (en) Intelligent code key password authentification extracting method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20190416