CN110166458A - A kind of three-level code key encryption system - Google Patents

A kind of three-level code key encryption system Download PDF

Info

Publication number
CN110166458A
CN110166458A CN201910434496.6A CN201910434496A CN110166458A CN 110166458 A CN110166458 A CN 110166458A CN 201910434496 A CN201910434496 A CN 201910434496A CN 110166458 A CN110166458 A CN 110166458A
Authority
CN
China
Prior art keywords
code key
file
encryption
stored
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910434496.6A
Other languages
Chinese (zh)
Other versions
CN110166458B (en
Inventor
王怀尊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN201910434496.6A priority Critical patent/CN110166458B/en
Publication of CN110166458A publication Critical patent/CN110166458A/en
Application granted granted Critical
Publication of CN110166458B publication Critical patent/CN110166458B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of three-level code key encryption systems, the following steps are included: code key classification, file encryption, file decryption, code key management, the present invention is encrypted by three-level code key, prevent system development, maintenance, the links used from independently getting whole code keys, method by being classified code key, new Encryption Algorithm is not needed, it is ensured that encrypt the safety of file.

Description

A kind of three-level code key encryption system
Technical field
The present invention relates to code key encryption technology field, in particular to a kind of three-level code key encryption systems.
Background technique
After existing symmetrical code key encryption technology encrypts file, the safety of code key becomes a problem, once The database or file system for storing code key are broken, and all files have exposed risk.
Summary of the invention
In order to solve the above technical problems, technical solution provided by the invention are as follows: a kind of three-level code key encryption system, including with Lower step:
S1, three-level code key include solidifying be served only for the root code key of encryption system code key in program, can dynamically modify System code key and the file code key corresponding with file produced using random algorithm;
S2, file encryption: Encryption Algorithm uses symmetry encryption algorithm, uses 256 code keys, CBC mode, each file A file code key and an initial vector (IV) are configured, file code key is stored in data after encrypting by built-in system code key In library;
S3, file decryption: two elements of file code key and initial vector (IV) could decrypt file, file when being provided simultaneously with Code key stores in the database after being encrypted by system code key, and initial vector is stored in encryption file;It needs first to read when decryption It file code key and decrypts out, then cooperates initial vector decrypted file data;
S4, code key management: system code key, file code key and initial vector are stored in database and file server respectively On.
As an improvement, the file encryption process the following steps are included:
S2-1, the code key data (binary vector) that the length that encryption needs is generated using code key generating algorithm;
S2-2, the initial vector needed when file encryption operation is generated using random algorithm;
S2-3, file is encrypted using code key and initial vector;
S2-4, file being stored in file memory, initial vector and file ID are stored in the beginning location of encryption file, Unique character string that file ID is generated using serial number or other modes;
S2-5, use " system code key " encrypt code key data, and code key is saved in the database, and code key data are with file ID is major key.
As an improvement, the file decryption process the following steps are included:
S3-1, file ID is read from file, and obtain file code key ciphertext from database according to ID;
S3-2, system code key ciphertext is obtained, decrypt system code key and decrypts file code key using system code key;
File cipher text is decrypted in S3-3, the vector data read using file code key and from file.
As an improvement, the code key management process the following steps are included:
Root code key is solidificated in the program after compiling when S4-1, system development, or by way of additional unique file It provides;
S4-2, system code key are can be triggered by the interface function externally provided by system manager, and system background is certainly It is dynamic to generate, and using being saved in the database after the encryption of root code key, so that the temporary system generated in exploitation and test process is secret Key can be replaced when formal online;
S4-3, file code key and encryption vector generate when being each file encryption, and code key is encrypted be stored in database In (or other persistent storage modes), initial vector is stored in the specific format in encrypted file;
S4-4, the code key management process by S4-1~S4-3, root code key is generated by developer is present in application server, System code key is encrypted using root code key, file code key is stored in database server after encrypting using system code key, and encryption is initial Vector, ciphertext are stored in file server.
As an improvement, needing to decrypt file code key again when the system code key is changed every time and using new system secret It is stored after key encryption.
After using the above structure, the present invention has the advantage that the present invention is encrypted by three-level code key, make system development, The links safeguard, used cannot independently get whole code keys, and the method by being classified code key does not need new encryption and calculates Method, it is ensured that encrypt the safety of file.
Detailed description of the invention
Fig. 1 is a kind of structural schematic diagram of three-level code key encryption system three-level code key structure of the present invention.
Fig. 2 is a kind of structural schematic diagram of three-level code key encryption system file encryption process of the present invention.
Fig. 3 is a kind of structural schematic diagram of three-level code key encryption system file decryption process of the present invention.
Specific embodiment
In conjunction with attached drawing 1~3, a kind of three-level code key encryption system, comprising the following steps:
S1, three-level code key include solidifying be served only for the root code key of encryption system code key in program, can dynamically modify System code key and the file code key corresponding with file produced using random algorithm;The initialization of system code key and modification are being The online rear system manager that unites passes through interface and triggers systematic function, and random secret key is arranged in server end, not to client transmissions, behaviour Author can not touch code key content, and file code key is generated when encrypting file using safe random algorithm, and client can not connect Contact code key content.
S2, file encryption: Encryption Algorithm uses symmetry encryption algorithm, uses 256 code keys, CBC mode, each file A file code key and an initial vector (IV) are configured, file code key is stored in data after encrypting by built-in system code key In library;
S3, file decryption: two elements of file code key and initial vector (IV) could decrypt file, file when being provided simultaneously with Code key stores in the database after being encrypted by system code key, and initial vector is stored in encryption file;It needs first to read when decryption It file code key and decrypts out, then cooperates initial vector decrypted file data;
S4, code key management: system code key, file code key and initial vector are stored in database and file server respectively On.
As the present embodiment preferred embodiment, the file encryption process the following steps are included:
S2-1, the code key data (binary vector) that the length that encryption needs is generated using code key generating algorithm;
S2-2, the initial vector needed when file encryption operation is generated using random algorithm;
S2-3, file is encrypted using code key and initial vector;
S2-4, file being stored in file memory, initial vector and file ID are stored in the beginning location of encryption file, Unique character string that file ID is generated using serial number or other modes;
S2-5, use " system code key " encrypt code key data, and code key is saved in the database, and code key data are with file ID is major key.
As the present embodiment preferred embodiment, the file decryption process the following steps are included:
S3-1, file ID is read from file, and obtain file code key ciphertext from database according to ID;
S3-2, system code key ciphertext is obtained, decrypt system code key and decrypts file code key using system code key;
File cipher text is decrypted in S3-3, the vector data read using file code key and from file.
As the present embodiment preferred embodiment, the code key management process the following steps are included:
Root code key is solidificated in the program after compiling when S4-1, system development, or by way of additional unique file It provides;
S4-2, system code key are can be triggered by the interface function externally provided by system manager, and system background is certainly It is dynamic to generate, and using being saved in the database after the encryption of root code key, so that the temporary system generated in exploitation and test process is secret Key can be replaced when formal online;
S4-3, file code key and encryption vector generate when being each file encryption, and code key is encrypted be stored in database In (or other persistent storage modes), initial vector is stored in the specific format in encrypted file;
S4-4, the code key management process by S4-1~S4-3, root code key is generated by developer is present in application server, System code key is encrypted using root code key, file code key is stored in database server after encrypting using system code key, and encryption is initial Vector, ciphertext are stored in file server.As long as the separation of duties of exploitation and system O&M, system manager, it is ensured that whole The safety of a encryption file.Root code key, system code key must be grasped simultaneously, and file code key and encryption file could solve ciphertext Part greatly improves the safety of file.
As the present embodiment preferred embodiment, when the system code key is changed every time, need to decrypt file again Code key and using being stored after new system code key encryption.
Although the embodiments of the present invention has been shown and described above, it is to be understood that above-described embodiment is example Property, it is not considered as limiting the invention, those skilled in the art are not departing from the principle of the present invention and objective In the case where can make changes, modifications, alterations, and variations to the above described embodiments within the scope of the invention.

Claims (5)

1. a kind of three-level code key encryption system, which comprises the following steps:
S1, three-level code key include solidifying the root code key that encryption system code key is served only in program, the system that can dynamically modify Code key and the file code key corresponding with file produced using random algorithm;
S2, file encryption: Encryption Algorithm uses symmetry encryption algorithm, uses 256 code keys, CBC mode, each file configuration One file code key and an initial vector (IV), file code key are stored in database after encrypting by built-in system code key In;
S3, file decryption: two elements of file code key and initial vector (IV) could decrypt file, file code key when being provided simultaneously with It is stored in the database after being encrypted by system code key, initial vector is stored in encryption file;It needs first to read text when decryption Part code key is simultaneously decrypted, and initial vector decrypted file data is then cooperated;
S4, code key management: system code key, file code key and initial vector are stored on database and file server respectively.
2. a kind of three-level code key encryption system according to claim 1, it is characterised in that: the file encryption process includes Following steps:
S2-1, the code key data (binary vector) that the length that encryption needs is generated using code key generating algorithm;
S2-2, the initial vector needed when file encryption operation is generated using random algorithm;
S2-3, file is encrypted using code key and initial vector;
S2-4, file is stored in file memory, initial vector and file ID are stored in the beginning location of encryption file, file Unique character string that ID is generated using serial number or other modes;
S2-5, use " system code key " encrypt code key data, and code key is saved in the database, and code key data are with file ID Major key.
3. a kind of three-level code key encryption system according to claim 1, it is characterised in that: the file decryption process includes Following steps:
S3-1, file ID is read from file, and obtain file code key ciphertext from database according to ID;
S3-2, system code key ciphertext is obtained, decrypt system code key and decrypts file code key using system code key;
File cipher text is decrypted in S3-3, the vector data read using file code key and from file.
4. a kind of three-level code key encryption system according to claim 1, it is characterised in that: the code key management process includes Following steps:
Root code key is solidificated in the program after compiling when S4-1, system development, or is provided by way of additional unique file;
S4-2, system code key are can be triggered by the interface function externally provided by system manager, and system background is given birth to automatically At, and using being saved in the database after the encryption of root code key, so that the temporary system code key generated in exploitation and test process exists It can be replaced when formal online;
S4-3, file code key and encryption vector generate when being each file encryption, code key be encrypted to be stored in database (or its His persistent storage mode) in, initial vector is stored in the specific format in encrypted file;
S4-4, the code key management process by S4-1~S4-3, root code key is generated by developer is present in application server, system Code key is encrypted using root code key, file code key is stored in database server after encrypting using system code key, encryption initial vector, Ciphertext is stored in file server.
5. a kind of three-level code key encryption system according to claim 1, it is characterised in that: the system code key is changed every time When, it needs to decrypt file code key again and is stored after being encrypted using new system code key.
CN201910434496.6A 2019-05-23 2019-05-23 Three-level key encryption method Active CN110166458B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910434496.6A CN110166458B (en) 2019-05-23 2019-05-23 Three-level key encryption method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910434496.6A CN110166458B (en) 2019-05-23 2019-05-23 Three-level key encryption method

Publications (2)

Publication Number Publication Date
CN110166458A true CN110166458A (en) 2019-08-23
CN110166458B CN110166458B (en) 2022-08-02

Family

ID=67632413

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910434496.6A Active CN110166458B (en) 2019-05-23 2019-05-23 Three-level key encryption method

Country Status (1)

Country Link
CN (1) CN110166458B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113656814A (en) * 2021-07-30 2021-11-16 成都长城开发科技有限公司 Equipment key safety management method and system
CN114095302A (en) * 2021-11-23 2022-02-25 北京云迹科技有限公司 Encryption system based on CAN bus transmission
CN114826696A (en) * 2022-04-08 2022-07-29 中国电子科技集团公司第三十研究所 File content hierarchical sharing method, device, equipment and medium
CN115134111A (en) * 2022-05-11 2022-09-30 南京坤爵信息技术有限公司 Encryption algorithm method for mass data distributed storage

Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102014133A (en) * 2010-11-26 2011-04-13 清华大学 Method for implementing safe storage system in cloud storage environment
CN102685148A (en) * 2012-05-31 2012-09-19 清华大学 Method for realizing secure network backup system under cloud storage environment
CN104580487A (en) * 2015-01-20 2015-04-29 成都信升斯科技有限公司 Mass data storage system and processing method
CN104780175A (en) * 2015-04-24 2015-07-15 广东电网有限责任公司信息中心 Hierarchical classification access authorization management method based on roles
CN105072134A (en) * 2015-08-31 2015-11-18 成都卫士通信息产业股份有限公司 Cloud disk system file secure transmission method based on three-level key
CN105245328A (en) * 2015-09-09 2016-01-13 西安电子科技大学 User and file key generation and management method based on third party
CN105740725A (en) * 2016-01-29 2016-07-06 北京大学 File protection method and system
CN105812391A (en) * 2016-05-16 2016-07-27 广州鼎鼎信息科技有限公司 Safe cloud storage system
CN106330868A (en) * 2016-08-14 2017-01-11 北京数盾信息科技有限公司 Encrypted storage key management system and method of high-speed network
US9735962B1 (en) * 2015-09-30 2017-08-15 EMC IP Holding Company LLC Three layer key wrapping for securing encryption keys in a data storage system
CN206611427U (en) * 2017-03-28 2017-11-03 浙江神州量子网络科技有限公司 A kind of key storage management system based on trust computing device
CN206611428U (en) * 2017-03-28 2017-11-03 浙江神州量子网络科技有限公司 A kind of remote cipher key based on quantum communication network issues system
CN109040109A (en) * 2018-08-31 2018-12-18 国鼎网络空间安全技术有限公司 Data trade method and system based on key management mechanism
CN109635586A (en) * 2018-12-13 2019-04-16 苏州科达科技股份有限公司 Media file encryption key managing method, system, equipment and storage medium
CN109711175A (en) * 2018-12-11 2019-05-03 武汉达梦数据库有限公司 A kind of database encryption method and device

Patent Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102014133A (en) * 2010-11-26 2011-04-13 清华大学 Method for implementing safe storage system in cloud storage environment
CN102685148A (en) * 2012-05-31 2012-09-19 清华大学 Method for realizing secure network backup system under cloud storage environment
CN104580487A (en) * 2015-01-20 2015-04-29 成都信升斯科技有限公司 Mass data storage system and processing method
CN104780175A (en) * 2015-04-24 2015-07-15 广东电网有限责任公司信息中心 Hierarchical classification access authorization management method based on roles
CN105072134A (en) * 2015-08-31 2015-11-18 成都卫士通信息产业股份有限公司 Cloud disk system file secure transmission method based on three-level key
CN105245328A (en) * 2015-09-09 2016-01-13 西安电子科技大学 User and file key generation and management method based on third party
US9735962B1 (en) * 2015-09-30 2017-08-15 EMC IP Holding Company LLC Three layer key wrapping for securing encryption keys in a data storage system
CN105740725A (en) * 2016-01-29 2016-07-06 北京大学 File protection method and system
CN105812391A (en) * 2016-05-16 2016-07-27 广州鼎鼎信息科技有限公司 Safe cloud storage system
CN106330868A (en) * 2016-08-14 2017-01-11 北京数盾信息科技有限公司 Encrypted storage key management system and method of high-speed network
CN206611427U (en) * 2017-03-28 2017-11-03 浙江神州量子网络科技有限公司 A kind of key storage management system based on trust computing device
CN206611428U (en) * 2017-03-28 2017-11-03 浙江神州量子网络科技有限公司 A kind of remote cipher key based on quantum communication network issues system
CN109040109A (en) * 2018-08-31 2018-12-18 国鼎网络空间安全技术有限公司 Data trade method and system based on key management mechanism
CN109711175A (en) * 2018-12-11 2019-05-03 武汉达梦数据库有限公司 A kind of database encryption method and device
CN109635586A (en) * 2018-12-13 2019-04-16 苏州科达科技股份有限公司 Media file encryption key managing method, system, equipment and storage medium

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
EAGLEDIAO: ""网络安全系列 之 密钥安全管理"", 《原文链接为:HTTPS://WWW.CNBLOGS.COM/EAGLEDIAO/P/7798066.HTML 》 *
JZ: ""密钥安全性讨论 "", 《华为云+云社区 ,原文链接:HTTPS://BBS.HUAWEICLOUD.COM/FORUM/THREAD-5695-1-1.HTML 》 *
傅颖勋,罗圣美,舒继武.: ""一种云存储环境下的安全网盘系统"", 《软件学报》 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113656814A (en) * 2021-07-30 2021-11-16 成都长城开发科技有限公司 Equipment key safety management method and system
CN114095302A (en) * 2021-11-23 2022-02-25 北京云迹科技有限公司 Encryption system based on CAN bus transmission
CN114826696A (en) * 2022-04-08 2022-07-29 中国电子科技集团公司第三十研究所 File content hierarchical sharing method, device, equipment and medium
CN114826696B (en) * 2022-04-08 2023-05-09 中国电子科技集团公司第三十研究所 File content hierarchical sharing method, device, equipment and medium
CN115134111A (en) * 2022-05-11 2022-09-30 南京坤爵信息技术有限公司 Encryption algorithm method for mass data distributed storage
CN115134111B (en) * 2022-05-11 2024-09-06 南京坤爵信息技术有限公司 Encryption algorithm method for mass data distributed storage

Also Published As

Publication number Publication date
CN110166458B (en) 2022-08-02

Similar Documents

Publication Publication Date Title
CN110166458A (en) A kind of three-level code key encryption system
CN100561916C (en) A kind of method and system that upgrades authenticate key
CN102891876B (en) Distributed data encryption method and system under cloud computing environment
CN111222155A (en) Method and system for combining re-encryption and block link
CN108182367B (en) A kind of encrypted data chunk client De-weight method for supporting data to update
CN103546547B (en) A kind of cloud storage file encryption system
US20180309572A1 (en) Electronic security keys for data security based on quantum particle states
US10733317B2 (en) Searchable encryption processing system
US10432663B2 (en) Electronic security keys for data security based on quantum particle states that indicates type of access
CN102567688B (en) File confidentiality keeping system and file confidentiality keeping method on Android operating system
CN103119594A (en) Searchable encryption processing system
CN105100115A (en) Data storage method for privacy protection based on encryption password and data fractionation
CN107168998A (en) A kind of database transparent encryption method based on reservation form
CN109063498A (en) Digital asset storage method, device, restoration methods and device
CN105184181B (en) File encryption method, file decryption method and file encryption device
CN108400970A (en) Set of metadata of similar data message locking encryption De-weight method, cloud storage system in cloud environment
CN111737770A (en) Key management method and application
CN105554038A (en) Control method for data security during on-line system and off-line system data interaction
CN102833077A (en) Encryption and decryption methods of remote card-issuing data transmission of financial IC (Integrated Circuit) card and financial social security IC card
WO2008065351A1 (en) Self encryption
Veeraragavan et al. Enhanced encryption algorithm (EEA) for protecting users' credentials in public cloud
CN100531032C (en) Method for storing cipher key
CN108494552B (en) Cloud storage data deduplication method supporting efficient convergence key management
Tian et al. A trusted control model of cloud storage
CN114117499A (en) Authority management based trusted data exchange method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant