A kind of encryption storage method
Technical field
The present invention relates to encryption technology fields, more particularly, to a kind of encryption storage method.
Background technique
In recent years, with the rapid development of internet technology, the demand that people store data is higher and higher, major interconnection
Net company is all proposed the Dropbox product of oneself, such as Baidu's Dropbox, Kingsoft Dropbox etc., while data storage capacity increases,
Higher requirements are also raised to data storage safe practice by people, since the data of Dropbox are all to be hosted in internet operation
Quotient, once the data of operator are stolen, the loss of user is huge, so how to protect the private data of user becomes safely
More and more popular topic.
For these reasons, the present invention is intended to provide user can be effectively protected in a kind of encryption storage method, this method
The safety of private data is especially stored in the safety of the user data of server end, even if service end data generation is stolen,
Secure user data can be effectively protected.
Summary of the invention
Purpose to realize the present invention, is achieved using following technical scheme:
A kind of encryption storage method, including user's registration, user data upload and user data are read, in which: user's note
Volume includes user by user end to server transmission registration request, and server saves user information and simultaneously generates one for each user
To public private key pair, a file key is generated for each user file, and encrypt to user file using file key
And saved, file key is subjected to the encrypted file key of encryption generation with public key and saved, server will be private
Key is sent to client, and client carries out encryption to the file key using entry password and generates encrypted private key, and will
Encrypted private key is sent to server, and server saves the encrypted private key.
The encryption storage method, in which: user sends registration request to Dropbox server by client, transmission
It include user information in registration information, user information includes user name, entry password;After receiving registration information,
Server carries out duplicate checking to user name, if user name has existed in the server, issues user name to client and repeats
Prompt, and stop subsequent registration service, until the user name in the registration information that client is sent is not in server
In the presence of until.
The encryption storage method, in which: if user name is not present in the server, server saves user's letter
It ceases and is that each user automatically generates a pair of of public private key pair, while also generating file key for user file.
The encryption storage method, in which: server determines that generating public private key pair is when generating public private key pair first
It is no to generate successfully, if failed regeneration, it can regenerate, if it succeeds, file key is generated for user;Server is in life
When at file key, determines to generate whether file key generates success first, if failed regeneration, it is close to regenerate file
Key, until file key generates successfully.
The encryption storage method, in which: when user data upload includes user's upload user file, server is upper
The user file of biography generates a new file key, and for server when generating this document key, server-side is close using this document
Key encrypts upper transmitting file, generates user encryption file and is saved, server is using public key to the text of upper transmitting file
Part key is encrypted, and is generated encrypted file key and is saved.
The encryption storage method, in which: server determines this document key when generating new file key first
Whether creation is successful, if creation failure, prompts error message, and re-create, until creating successfully.
The encryption storage method, in which: when user encryption file in user's reading service device, user, which inputs, to be logged in
Password, server-side receive user's entry password, generate the decryption of encrypted private key with the entry password and obtain private key, service
Device is decrypted to obtain file key using file key encryption file of the private key to file, and server uses file key pair
The file decrypted is decrypted in the encryption file of file, and the file of decryption is sent to client.
A kind of encryption storage method, including user's registration, user data upload and user data are read, in which: user's note
Volume includes user by user end to server transmission registration request, and server saves user information and simultaneously generates one for each user
To public private key pair, a file key is generated for each user file, and encrypt to user file using file key
And saved, file key is subjected to the encrypted file key of encryption generation with public key and saved, server will be private
Key is sent to client, and client carries out encryption to the file key using encrypted ones and generates encrypted private key, and will
Encrypted private key is sent to server, and server saves the encrypted private key.
The encryption storage method, in which: user sends registration request to Dropbox server by client, transmission
It include user information in registration information, user information includes user name, entry password, encrypted ones;Registration is received to ask
After seeking information, server carries out duplicate checking to user name, if user name has existed in the server, issues and uses to client
The duplicate prompt of name in an account book, and stop subsequent registration service, until the user name in the registration information that client is sent not
Until server exists.
The encryption storage method, in which: if user name is not present in the server, server judgement encryption mouth
Whether order is identical as entry password, if the same stops subsequent registration service, and issue change encrypted ones to client
With the prompt information of entry password, until the encrypted ones received are different from entry password;If encrypted ones with step on
It is different to record password, then server saves user information and automatically generates a pair of of public private key pair for each user, while being also user
File generated file key.
The encryption storage method, in which: server determines that generating public private key pair is when generating public private key pair first
It is no to generate successfully, if failed regeneration, public private key pair is regenerated, if it succeeds, file key is generated for user;Service
Device determines whether generation file key generates success when generating file key first, if failed regeneration, can regenerate,
Until file key generates successfully.
The encryption storage method, in which: when user data upload includes transmitting file on user, server is to upload
One new file key of file generated, when generating this document key, server-side is uploaded server using this document key pair
File is encrypted, and is generated user encryption file and is simultaneously saved, server using public key to the file key of upper transmitting file into
Row encryption, generates encrypted file key and is saved.
The encryption storage method, in which: server determines this document key when generating new file key first
Whether creation is successful, if creation failure, prompts error message, and re-create new file key, until creating successfully.
The encryption storage method, in which: when user encryption file in user's reading service device, user inputs encryption
Password, server-side receive user encryption password, generate the decryption of encrypted private key with the encrypted ones and obtain private key, service
Device is decrypted to obtain file key using file key encryption file of the private key to file, and server uses file key pair
The file decrypted is decrypted in the encryption file of file, and the file of decryption is sent to client.
The encryption storage method, in which: server saves the user information in addition to encrypted ones.
Detailed description of the invention
Fig. 1 is present invention encryption storage method timing diagram;
Fig. 2 is user's registration step schematic diagram;
Fig. 3 is user data upload schematic diagram;
Fig. 4 is that user data reads schematic diagram.
Specific embodiment
Embodiment of the present invention is described in detail with reference to the accompanying drawing.
As shown in Figure 1, encryption storage method of the invention runs on encryption storage system, wherein encryption storage system includes
(Dropbox) server and client computer, server end and client are connected by communication network, and realization communicates with each other.
Encryption storage method of the invention is related to server end and client interactive operation, is illustrated in fig. 1 shown below.It is described to add
Close storage method includes: 1. user's registrations;2. user data upload;3. user data is read.It is specific as follows:
1. user's registration, user sends registration request, the registration information of transmission to Dropbox server by client
In include user name, entry password etc. user information, after receiving registration information, server can look into user name
Weight issues the duplicate prompt of user name to client, and stop subsequent note if user name has existed in the server
Volume service, until the user name in the registration information that client is sent not server there are until;If user name exists
It being not present in server, then server saves user information and automatically generates a pair of of public private key pair (Pub, Pek) for each user,
Symmetric key Fkn also is generated for each user file simultaneously, and user file is encrypted and is carried out using symmetric key Fkn
It saves, symmetric key Fkn is encrypted with public key Pub and generates encrypted symmetric key Fcn and saves, is serviced
The private key Pek of unsymmetrical key is sent to client by device, after client carries out encryption generation encryption to Pek using entry password
Private key C, and send server end for encrypted private key C, server saves the encrypted private key C, and user infuses at this time
Volume is completed.
As shown in Fig. 2, server can automatically generate a pair of of public private key pair for each user as described above in registration process
(Pub, Pek), server determine to generate whether public private key pair generates success first, such as when generating public private key pair (Pub, Pek)
Fruit failed regeneration can then regenerate, if it succeeds, the user information for user generates symmetric key Fkn, server is in life
When at symmetric key Fkn, determines to generate whether symmetric key Fkn generates success first, if failed regeneration, can regenerate
Fkn, until Fkn is generated successfully.
2. user data upload: as shown in figure 3, server is that file generated one of upload is new on user when transmitting file
Symmetric key Fkm, server when generating symmetric key Fkm, first determine generate symmetric key Fkm whether generate success,
If creation failure, prompts error message, and re-create, after the completion of symmetric key creation, server-side uses symmetric key Fkm
Upper transmitting file Fm is encrypted, user encryption file Fcm is generated and is saved, server is literary to uploading using public key Pub
The encryption key Fkm of part is encrypted, and is generated encrypted symmetric key Fkcm and is saved, finally, server end returns
Client file uploads success message, and file uploads successfully.
3. user data is read
As shown in figure 4, user inputs entry password when user reads the user encryption file Fm in (Dropbox) server,
Server-side receives user's entry password, generates encrypted private key C decryption with the entry password and obtains private key Pek, services
Device is decrypted to obtain symmetric key Fkm using symmetric key encryption file Fkcm of the Pek to file Fm, and server uses symmetrical
The file Fm decrypted is decrypted to the encryption file Fcm of file in key Fkm, and the Fm of decryption is sent to client.
Embodiments of the present invention 1 above, by this way can after server-side user data are stolen, due to
Can not user encryption data be decrypted and be avoided with the generation of privacy of user leakage problem.
Since general user is at application internet, in multiple websites, the user name of registration and entry password are often identical,
So if user reveals in the user name and entry password of other occasions, it is likely that lead to the use in above embodiment 1
There is the decrypted situation of data in family encryption data after being stolen, for this purpose, the present invention provides embodiment 2, embodiment 2
Encrypting storage method includes:
1. user's registration, user sends registration request, the registration information of transmission to Dropbox server by client
In include user name, entry password, encrypted ones etc. user information, the encrypted ones are different from entry password, receive
After registration information, server can carry out duplicate checking to user name, if user name has existed in the server, to client
End issues the duplicate prompt of user name, and stops subsequent registration service, until in the registration information that client is sent
User name is not until server exists;If user name is not present in the server, server judges encrypted ones and steps on
It whether identical records password, if the same stops subsequent registration service, and issue change encrypted ones to client and log in
The prompt information of password, until the encrypted ones received are different from entry password;If encrypted ones and entry password
Difference, server save user information and automatically generate a pair of of public private key pair (Pub, Pek) for each user, while being also each
User file generates symmetric key Fkn, and user file is encrypted and saved using symmetric key Fkn, will be right
Claim key Fkn to be encrypted with public key Pub to generate encrypted symmetric key Fcn and saved, server will be non-right
The private key Pek of key is claimed to be sent to client, client adds private key Pek using the encrypted ones different from entry password
Dense to be sent to server end at encrypted private key C, and by encrypted private key C, server saves the encrypted private key
C, user's registration is completed at this time.
As shown in Fig. 2, server can automatically generate a pair of of public private key pair for each user as described above in registration process
(Pub, Pek), server determine to generate whether public private key pair generates success first, such as when generating public private key pair (Pub, Pek)
Fruit failed regeneration can then regenerate, if it succeeds, the user information for user generates symmetric key Fkn, server is in life
When at symmetric key Fkn, determines to generate whether symmetric key Fkn generates success first, if failed regeneration, can regenerate
Fkn, until Fkn is generated successfully.
2. user data upload: as shown in figure 3, first passing through user name on user when transmitting file and entry password logging in clothes
Business device, then upload user file, server are the file generated one new symmetric key Fkm uploaded, and server is generating
When symmetric key Fkm, determine to generate whether symmetric key Fkm generates success first, if creation failure, prompts error message,
And re-create, after the completion of symmetric key creation, server-side encrypts upper transmitting file Fm using symmetric key Fkm, generates
User encryption file Fcm is simultaneously saved, and server is encrypted using encryption key Fkm of the public key Pub to upper transmitting file, raw
It at encrypted symmetric key Fkcm and is saved, finally, server end returns to client message, file is uploaded successfully.
3. user data is read
As shown in figure 4, first passing through user name and login when user reads the user encryption file Fm in (Dropbox) server
Password logon server, the request for reading user data is issued to server, and server prompts user inputs encrypted ones, user
Encrypted ones are inputted, and server-side receives user encryption password, encrypted private key C decryption is generated with the encrypted ones and obtained
Private key Pek, server are decrypted to obtain key Fkm using key encryption file Fkcm of the Pek to file Fm, and server uses
The file Fm decrypted is decrypted to the encryption file Fcm of file in Fkm, and the Fm of decryption is sent to client.
Further, in user's registration, server only saves the user information except encrypted ones, in this way
Thoroughly user's entry password and user encryption password can be separated, server end does not store encrypted ones, can be to greatest extent
Avoid file flow out caused by privacy of user leakage.
By embodiment 2, hacker can effectively be avoided to steal user password by way of hitting library and by the password
The generation of the case where decrypted user encryption data.