Encryption storage method
Technical Field
The invention relates to the technical field of encryption, in particular to an encryption storage method.
Background
In recent years, with the rapid development of internet technology, people have higher and higher requirements on data storage, and various large internet companies have introduced their own network disk products, such as a hundred-degree network disk, a Jinshan network disk, and the like.
For the above reasons, the present invention is directed to provide an encryption storage method, which can effectively protect the security of private data of a user, especially the security of user data stored in a server, and can also effectively protect the security of user data even if the server data is stolen.
Disclosure of Invention
In order to realize the purpose of the invention, the following technical scheme is adopted for realizing the purpose:
an encryption storage method comprises user registration, user data uploading and user data reading, wherein: the user registration comprises the steps that a user sends a registration request to a server through a client, the server stores user information and generates a pair of public and private keys for each user, a file key is generated for each user file, the user files are encrypted and stored by using the file keys, the file keys are encrypted by using public keys to generate encrypted file keys and are stored, the server sends the private keys to the client, the client encrypts the file keys by using login passwords to generate encrypted private keys and sends the encrypted private keys to the server, and the server stores the encrypted private keys.
The encryption storage method, wherein: a user sends a registration request to a network disk server through a client, wherein the sent registration request information comprises user information, and the user information comprises a user name and a login password; and after receiving the registration request information, the server checks the user name for duplication, if the user name already exists in the server, sends out prompt of user name duplication to the client, and suspends subsequent registration service until the user name in the registration request information sent by the client does not exist in the server.
The encryption storage method, wherein: if the user name does not exist in the server, the server stores the user information and automatically generates a pair of public and private keys for each user, and also generates a file key for the user file.
The encryption storage method, wherein: when a server generates a public and private key pair, firstly, judging whether the generation of the public and private key pair is successful or not, if the generation is failed, regenerating, and if the generation is successful, generating a file key for a user; when the server generates the file key, firstly, whether the file key is successfully generated is judged, and if the file key is unsuccessfully generated, the file key is regenerated until the file key is successfully generated.
The encryption storage method, wherein: the method comprises the steps that when a user uploads a user file, a server generates a new file key for the uploaded user file, when the server generates the file key, the server encrypts the uploaded file by using the file key to generate a user encrypted file and stores the user encrypted file, and the server encrypts the file key of the uploaded file by using a public key to generate an encrypted file key and stores the encrypted file key.
The encryption storage method, wherein: when the server generates a new file key, firstly, whether the file key is successfully created is judged, if the file key is unsuccessfully created, error information is prompted, and the file key is re-created until the file key is successfully created.
The encryption storage method, wherein: when a user reads a user encrypted file in the server, the user inputs a login password, the server receives the user login password, the encrypted private key is decrypted by using the login password to generate a private key, the server decrypts the file key encrypted file of the file by using the private key to obtain a file key, the server decrypts the encrypted file of the file by using the file key to obtain a decrypted file, and the decrypted file is sent to the client.
An encryption storage method comprises user registration, user data uploading and user data reading, wherein: the user registration comprises the steps that a user sends a registration request to a server through a client, the server stores user information and generates a pair of public and private keys for each user, a file key is generated for each user file, the user files are encrypted and stored by using the file keys, the file keys are encrypted by using public keys to generate encrypted file keys and are stored, the server sends private keys to the client, the client encrypts the file keys by using encryption passwords to generate encrypted private keys and sends the encrypted private keys to the server, and the server stores the encrypted private keys.
The encryption storage method, wherein: a user sends a registration request to a network disk server through a client, wherein the sent registration request information comprises user information, and the user information comprises a user name, a login password and an encryption password; and after receiving the registration request information, the server checks the user name for duplication, if the user name already exists in the server, sends out prompt of user name duplication to the client, and suspends subsequent registration service until the user name in the registration request information sent by the client does not exist in the server.
The encryption storage method, wherein: if the user name does not exist in the server, the server judges whether the encrypted password is the same as the login password, if so, the subsequent registration service is stopped, and prompt information for changing the encrypted password and the login password is sent to the client until the received encrypted password is different from the login password; if the encrypted password is different from the login password, the server saves the user information and automatically generates a pair of public and private keys for each user, and also generates a file key for the user file.
The encryption storage method, wherein: when a server generates a public and private key pair, firstly, judging whether the generation of the public and private key pair is successful, if the generation is failed, regenerating the public and private key pair, and if the generation is successful, generating a file key for a user; when the server generates the file key, whether the file key is successfully generated or not is judged firstly, and if the file key is unsuccessfully generated, the file key is regenerated until the file key is successfully generated.
The encryption storage method, wherein: when the user data uploading comprises the file uploading of the user, the server generates a new file key for the uploaded file, when the server generates the file key, the server encrypts the uploaded file by using the file key to generate a user encrypted file and stores the user encrypted file, and the server encrypts the file key of the uploaded file by using a public key to generate an encrypted file key and stores the encrypted file key.
The encryption storage method, wherein: when the server generates a new file key, firstly, whether the file key is successfully created is judged, if the file key is unsuccessfully created, error information is prompted, and the new file key is re-created until the file key is successfully created.
The encryption storage method, wherein: when a user reads a user encrypted file in the server, the user inputs an encrypted password, the server receives the user encrypted password, the encrypted private key is decrypted by the encrypted password to generate a private key, the server decrypts the file key encrypted file of the file by using the private key to obtain a file key, the server decrypts the encrypted file of the file by using the file key to obtain a decrypted file, and the decrypted file is sent to the client.
The encryption storage method, wherein: the server holds the user information except for the encrypted password.
Drawings
FIG. 1 is a timing diagram of an encryption storage method according to the present invention;
FIG. 2 is a schematic diagram of a user registration procedure;
FIG. 3 is a schematic diagram of user data upload;
FIG. 4 is a schematic diagram of user data reading.
Detailed Description
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
As shown in fig. 1, the encrypted storage method of the present invention operates in an encrypted storage system, where the encrypted storage system includes a (network disk) server and a client, and the server and the client are connected through a communication network to achieve mutual communication.
The encryption storage method of the invention relates to the interactive operation of a server side and a client side, and is shown in the following figure 1. The encryption storage method comprises the following steps: 1. registering a user; 2. uploading user data; 3. and (4) reading user data. The method comprises the following specific steps:
1. the method comprises the steps that a user registers, the user sends a registration request to a network disk server through a client, the sent registration request information comprises user information such as a user name and a login password, the server checks the user name again after receiving the registration request information, if the user name exists in the server, a prompt of user name repetition is sent to the client, and subsequent registration service is stopped until the user name in the registration request information sent by the client does not exist in the server; if the user name does not exist in the server, the server stores user information and automatically generates a pair of public and private key pairs (Pub, Pek) for each user, generates a symmetric key Fkn for each user file, encrypts and stores the user file by using the symmetric key Fkn, encrypts and protects the symmetric key Fkn by using a public key Pub to generate and store an encrypted symmetric key Fcn, sends a private key Pek of the asymmetric key to the client, encrypts and generates an encrypted private key C by using a login password at the client, sends the encrypted private key C to the server, and stores the encrypted private key C by the server, so that the user registration is completed.
As shown in fig. 2, in the registration process, as described above, the server automatically generates a pair of public and private keys (Pub, Pek) for each user, and when generating the pair of public and private keys (Pub, Pek), the server first determines whether generation of the pair of public and private keys is successful, and if the generation is unsuccessful, the pair of public and private keys is regenerated, and if the generation is successful, the server generates a symmetric key Fkn for user information of the user, and when generating the symmetric key Fkn, the server first determines whether generation of the symmetric key Fkn is successful, and if the generation is unsuccessful, the pair of public and private keys is regenerated until the generation of Fkn is successful.
2. Uploading user data: as shown in fig. 3, when a user uploads a file, the server generates a new symmetric key Fkm for the uploaded file, when the server generates a symmetric key Fkm, the server first determines whether the generation of the symmetric key Fkm is successful, if the creation is failed, error information is prompted, the creation is repeated, after the creation of the symmetric key is completed, the server encrypts the uploaded file Fm by using the symmetric key Fkm to generate and store a user encrypted file Fcm, the server encrypts the encrypted key Fkm of the uploaded file by using the public key Pub to generate and store an encrypted symmetric key Fkcm, and finally, the server returns a client file upload success message, and the file upload is successful.
3. User data reading
As shown in fig. 4, when a user reads a user encrypted file Fm in a (web disk) server, the user inputs a login password, the server receives the user login password, decrypts the encrypted private key C with the login password to generate a private key Pek, the server decrypts a symmetric key encrypted file Fkcm of the file Fm with Pek to obtain a symmetric key Fkm, and the server decrypts an encrypted file Fcm of the file with the symmetric key Fkm to obtain a decrypted file Fm and sends the decrypted Fm to a client.
The above is the embodiment 1 of the present invention, by which the problem of disclosure of user privacy can be avoided because the encrypted data of the user cannot be decrypted after the user data at the server is stolen.
Since the user names and login passwords registered in a plurality of websites are often the same when a general user applies to the internet, if the user name and login password of the user on other occasions are leaked, the situation that the data is decrypted may occur after the encrypted data of the user in the above embodiment 1 is stolen, and therefore, the invention provides an embodiment 2, and the encryption storage method of the embodiment 2 includes:
1. the method comprises the steps that a user registers, the user sends a registration request to a network disk server through a client, the sent registration request information comprises user information such as a user name, a login password and an encryption password, the encryption password is different from the login password, after the registration request information is received, the server checks the user name again, if the user name exists in the server, repeated prompt of the user name is sent to the client, and subsequent registration service is stopped until the user name in the registration request information sent by the client does not exist in the server; if the user name does not exist in the server, the server judges whether the encrypted password is the same as the login password, if so, the subsequent registration service is stopped, and prompt information for changing the encrypted password and the login password is sent to the client until the received encrypted password is different from the login password; if the encrypted password is different from the login password, the server stores user information and automatically generates a pair of public and private keys (Pub, Pek) for each user, simultaneously generates a symmetric key Fkn for each user file, encrypts and stores the user file by using the symmetric key Fkn, encrypts and protects the symmetric key Fkn by using a public key Pub to generate an encrypted symmetric key Fcn and stores the encrypted symmetric key Fcn, the server sends a private key Pek of the asymmetric key to the client, the client encrypts a private key Pek by using an encrypted password different from the login password to generate an encrypted private key C, and sends the encrypted private key C to the server, and the server stores the encrypted private key C, so that the user registration is completed.
As shown in fig. 2, in the registration process, as described above, the server automatically generates a pair of public and private keys (Pub, Pek) for each user, and when generating the pair of public and private keys (Pub, Pek), the server first determines whether generation of the pair of public and private keys is successful, and if the generation is unsuccessful, the pair of public and private keys is regenerated, and if the generation is successful, the server generates a symmetric key Fkn for user information of the user, and when generating the symmetric key Fkn, the server first determines whether generation of the symmetric key Fkn is successful, and if the generation is unsuccessful, the pair of public and private keys is regenerated until the generation of Fkn is successful.
2. Uploading user data: as shown in fig. 3, when a user uploads a file, the user logs in a server through a user name and a login password, then uploads the user file, the server generates a new symmetric key Fkm for the uploaded file, when the server generates a symmetric key Fkm, the server first determines whether the generation of the symmetric key Fkm is successful, if the generation is unsuccessful, error information is prompted and the file is created again, after the creation of the symmetric key is completed, the server encrypts the uploaded file Fm through the symmetric key Fkm to generate and store a user encrypted file Fcm, the server encrypts the encrypted key Fkm of the uploaded file through a public key Pub to generate and store an encrypted symmetric key Fkcm, and finally, the server returns a client message, and the file is uploaded successfully.
3. User data reading
As shown in fig. 4, when a user reads a user encrypted file Fm in a (web disk) server, the user logs in the server through a user name and a login password, a request for reading user data is sent to the server, the server prompts the user to input an encrypted password, the user inputs the encrypted password, the server receives the user encrypted password, the encrypted private key C is decrypted by the encrypted password to generate a private key Pek, the server decrypts a key encrypted file Fkcm of the file Fm by using Pek to obtain a key Fkm, and the server decrypts the encrypted file Fcm of the file by using Fkm to obtain a decrypted file Fm, and sends the decrypted Fm to a client.
Furthermore, in the user registration, the server only stores user information except the encrypted password, the user login password and the user encrypted password can be completely separated in the mode, the server side does not store the encrypted password, and the user privacy leakage caused by file outflow can be avoided to the maximum extent.
By the embodiment 2, the situation that a hacker steals the user password by means of hitting the library and decrypts the user encrypted data by the password can be effectively avoided.