CN110611681A - Encryption method and device and storage medium - Google Patents
Encryption method and device and storage medium Download PDFInfo
- Publication number
- CN110611681A CN110611681A CN201910916871.0A CN201910916871A CN110611681A CN 110611681 A CN110611681 A CN 110611681A CN 201910916871 A CN201910916871 A CN 201910916871A CN 110611681 A CN110611681 A CN 110611681A
- Authority
- CN
- China
- Prior art keywords
- server
- preset
- key
- encryption device
- target key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Abstract
The embodiment of the invention discloses an encryption method, an encryption device and a storage medium, wherein the encryption method comprises the steps of determining a target key from a plurality of preset keys when a key certificate sent by a server is received, wherein the preset keys are keys obtained by the encryption device in advance; and encrypting the communication data by using the target key, wherein the communication data is the data when the encryption device and the server communicate after the encryption device and the server establish a secure connection.
Description
Technical Field
The present invention relates to the field of network communication technologies, and in particular, to an encryption method and apparatus, and a storage medium.
Background
HTTPS (Hypertext Transfer Protocol Security) provides a Security Layer above HTTP, and the adopted protocols of the Security Layer are SSL (Secure Socket Layer) and TLS (Transport Layer Security). SSL and TLS encrypt the network connection at the transport layer.
In the prior art, before a browser interacts with a server through an encryption device, the encryption device needs to establish a connection relationship with both a client and the server, optionally, the encryption device may be https proxy equipment, that is, https proxy equipment needs to establish a connection relationship with both the client and the server, so that the https proxy equipment may be the server for the client; the https proxy device may be a client to a server, and the https proxy device performs https requests to the server instead of the client. When the connection relationship between the agent device and a server is established, the agent device generates a string of random numbers as a random symmetric key to successfully establish the connection relationship between the agent device and the server.
When the proxy device establishes a connection relationship with a plurality of servers at the same time, the proxy device needs to generate a plurality of strings of random numbers as a plurality of random keys at the same time, and the proxy device consumes a large amount of computing resources in the proxy device in the process of generating the random numbers.
Disclosure of Invention
In order to solve the foregoing technical problems, embodiments of the present invention are directed to providing an encryption method and apparatus, and a storage medium, which can save computing resources of an encryption apparatus.
The technical scheme of the invention is realized as follows:
the embodiment of the application provides an encryption method, which comprises the following steps:
when a key certificate sent by a server is received, determining a target key from a plurality of preset keys, wherein the preset keys are keys obtained by an encryption device in advance; specific channel
And encrypting communication data by using the target key, wherein the communication data is data when the encryption device and the server communicate after the encryption device establishes a secure connection with the server.
In the foregoing solution, before the determining the target key from the plurality of preset keys, the method further includes:
generating a plurality of random numbers when a random number generation operation is triggered;
dividing the plurality of random numbers according to a preset data length to obtain a plurality of random number sequences;
determining the plurality of random number sequences as the plurality of preset keys.
In the foregoing solution, before the determining the target key from the plurality of preset keys, the method further includes:
acquiring a plurality of data sequences in a preset file and/or a preset device, wherein the preset device is a device except the encryption device;
determining the plurality of data sequences as the plurality of preset keys.
In the above scheme, after determining the target key from the plurality of preset keys and before encrypting the communication data by using the target key, the method further includes:
encrypting the target key by using a public key carried by the key certificate, and sending the encrypted target key to the server so that the server can obtain the target key from the encrypted target key by using a private key, and encrypting preset safety connection verification information by using the target key, wherein the private key is a key matched with the public key;
when the encrypted preset safe connection verification information sent by the server is received, decrypting the encrypted preset safe connection verification information by using the target secret key to obtain a first verification code of the preset safe connection verification information;
when the first check code is matched with a second check code, establishing a secure connection between the encryption device and the server, wherein the second check code is a check code carried in the preset secure connection check information received from the server;
correspondingly, the encrypting the communication data by using the target key comprises the following steps:
and when the encryption device establishes a secure connection with the server, encrypting communication data by using the target key.
In the foregoing solution, before the determining the target key from the plurality of preset keys, the method further includes:
and sending a security transmission request carrying a password suite to the server so that the server can determine the public key and the private key based on the password suite, and sending the key certificate determined according to the public key to the encryption device.
The embodiment of the application provides an encryption device, the device includes:
the device comprises a determining unit, a processing unit and a processing unit, wherein the determining unit is used for determining a target key from a plurality of preset keys when receiving a key certificate sent by a server, and the preset keys are keys acquired by an encryption device in advance;
and the encryption unit is used for encrypting communication data by using the target key, wherein the communication data is data when the encryption device and the server communicate after the encryption device establishes a secure connection with the server.
In the above scheme, the apparatus further comprises a generating unit;
the generation unit is used for generating a plurality of random numbers when the random number generation operation is triggered;
the determining unit is further configured to divide the plurality of random numbers according to a preset data length to obtain a plurality of random number sequences; determining the plurality of random number sequences as the plurality of preset keys.
In the above scheme, the apparatus further comprises an obtaining unit;
the acquiring unit is further configured to acquire a plurality of data sequences in a preset file and/or a preset device, where the preset device is a device other than the encryption device;
the determining unit is further configured to determine the plurality of data sequences as the plurality of preset keys.
In the above scheme, the apparatus further comprises a decryption unit and an establishment unit;
the encryption unit is further configured to encrypt the target key by using a public key carried by the key certificate, and send the encrypted target key to the server, so that the server obtains the target key from the encrypted target key by using a private key, and encrypts preset secure connection verification information by using the target key, where the private key is a key matched with the public key;
the decryption unit is further configured to decrypt the encrypted preset secure connection check information by using the target key when receiving the encrypted preset secure connection check information sent by the server, so as to obtain a first check code of the preset secure connection check information;
the establishing unit is further configured to establish a secure connection between the encryption device and the server when the first check code matches a second check code, where the second check code is a check code carried in the preset secure connection check information received from the server;
accordingly, the method can be used for solving the problems that,
the encryption unit is further configured to encrypt communication data with the target key when the encryption device establishes a secure connection with the server.
In the above scheme, the apparatus further comprises a sending unit;
the sending unit is further configured to send a secure transmission request carrying a password suite to the server, so that the server determines the public key and the private key based on the password suite, and sends the key certificate determined according to the public key to the encryption device.
The embodiment of the application provides a storage medium, on which a computer program is stored, which is applied to an encryption device, and when the computer program is executed by a processor, the computer program realizes the method according to any one of the above items.
The embodiment of the invention provides an encryption method, an encryption device and a storage medium, wherein the encryption method comprises the following steps: when a key certificate sent by a server is received, determining a target key from a plurality of preset keys, wherein the preset keys are keys obtained by an encryption device in advance; and encrypting the communication data by using the target key, wherein the communication data is the data when the encryption device and the server communicate after the encryption device and the server establish a secure connection. By adopting the method implementation scheme, the plurality of preset keys are arranged in the encryption device, when the communication data needs to be encrypted, the encryption device can directly determine the target key from the plurality of preset keys, the communication data is encrypted by using the target key, the encryption device does not need to respectively generate the plurality of target keys by using a plurality of sets of encryption algorithms, the consumption of computing resources in the encryption device is reduced, and the computing resources of the encryption device are saved.
Drawings
Fig. 1 is a flowchart of an exemplary encryption method provided in an embodiment of the present application;
fig. 2 is a schematic diagram of a connection between an exemplary client and a server through an encryption device according to an embodiment of the present application;
fig. 3 is a first flowchart of an encryption method according to an embodiment of the present application;
fig. 4 is a flowchart of an encryption method according to an embodiment of the present application;
fig. 5 is a flowchart of an exemplary encryption method provided in an embodiment of the present application;
fig. 6 is a schematic structural diagram of an encryption apparatus according to an embodiment of the present application.
Detailed Description
The technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention.
At present, a specific implementation of https request (secure transmission request) between a client and a server is shown in fig. 1.
The client sends a security transmission request carrying the password suite to a server; the server determines a public key and a private key based on the cipher suite and determines a key certificate according to the public key; the server sends the secret key certificate carrying the public key to the client; when the client receives the key certificate sent by the server, the client judges whether the key certificate is legal or not; when the client judges that the key certificate is illegal, the client displays an illegal warning; when the client judges that the key certificate is legal, the client generates a target key; the client encrypts a target key by using a public key carried by the key certificate; the client sends the encrypted target key to the server; the server obtains a target key from the encrypted target key by using a private key; the server encrypts the preset safe connection verification information by using the target secret key; the server sends the encrypted preset safe connection verification information to the client; the client decrypts the encrypted preset safe connection verification information by using the target secret key to obtain a first verification code of the preset safe connection verification information; when the first check code is matched with a second check code carried by preset safety connection check information, the client establishes safety connection between the servers; when the client and the server establish a secure connection, the client encrypts communication data by using the target key.
Specifically, when an https request is made between a client and a server, an encryption device needs to be added between the server and the client, the client communicates with the server through the encryption device, and the server communicates with the client through the encryption device, as shown in fig. 2, a process of making the https request between the client and the server may specifically be: the client and the encryption device carry out https requests, and the encryption device and the server carry out https requests. Specifically, when the client communicates with the server through the encryption device, the encryption device can be considered as the client by the server; when the server communicates with the client through the encryption device, the encryption device can be considered as the server by the client.
In view of the problems in the above-mentioned technologies, the present application proposes an encryption method, and the specific encryption method is as shown in the first embodiment and the second embodiment.
Example one
An embodiment of the present application provides an encryption method, and fig. 3 is a first flowchart of the encryption method provided in the embodiment of the present application, and as shown in fig. 3, the encryption method may include:
s101, when a key certificate sent by a server is received, determining a target key from a plurality of preset keys, wherein the preset keys are keys acquired by an encryption device in advance.
The encryption method provided by the embodiment of the application is suitable for the condition that when the client side executes the https request between the encryption device and the server, the communication data between the encryption device and the server are encrypted.
In the embodiment of the present application, the encryption device includes a plurality of preset keys, and when the encryption device receives the key certificate sent by the server, the encryption device determines the target key from the plurality of preset keys.
It should be noted that the encryption device may determine the target key from the plurality of preset keys in a random obtaining manner, and the encryption device may also determine the target key from the plurality of preset keys in other manners, and specifically, the manner of determining the target key from the plurality of preset keys may be determined according to actual situations, which is not limited in this embodiment of the present application.
The plurality of preset keys are keys that are acquired by the encryption device in advance.
In this embodiment, the encryption device includes a password pool, and the encryption device may store a plurality of preset keys in the password pool, and when the encryption device needs to obtain a target key, the encryption device may obtain the target key from the password pool. The encryption device can also store a plurality of preset keys in a database, and when the encryption device needs to acquire the target key, the encryption device can determine the target key from the database. The specific storage locations of the preset keys may be determined according to actual situations, which is not limited in this embodiment of the present application.
In the embodiment of the present application, before the encryption device determines the target key from the plurality of preset keys, the encryption method of the present application further includes a process of determining the plurality of preset keys, and there are two specific ways of determining the target key:
the first method is as follows:
in the embodiment of the present application, when the encryption device triggers the random number generation operation, the encryption device generates a plurality of random numbers.
It should be noted that, when the encryption apparatus is started, the encryption apparatus triggers a random number generation operation to generate a plurality of random numbers; or when the encryption device receives the random number generation instruction, the encryption device triggers a random number generation operation to generate a plurality of random numbers, which can be determined according to actual conditions, and this embodiment of the present application does not limit this.
In the embodiment of the application, the encryption device divides a plurality of random numbers according to a preset data length to obtain a plurality of random number sequences.
In this embodiment, when the encryption device triggers a random number generation operation to generate a plurality of random numbers, the encryption device divides the plurality of random numbers according to a preset length to obtain a plurality of random number sequences.
It should be noted that the preset data length may be a length of a random number sequence preset by the encryption device, and the random number sequence may be a sequence composed of random numbers of a preset length.
In the embodiment of the present application, the encryption apparatus determines a plurality of random number sequences as a plurality of preset keys.
In this embodiment, when the encryption device divides the plurality of random numbers according to the preset length to obtain a plurality of random number sequences, the encryption device uses the plurality of random number sequences as a plurality of preset keys, thereby determining the plurality of preset keys.
The second method comprises the following steps:
in this embodiment, the encryption device obtains a plurality of data sequences in a preset file and/or a preset device, where the preset device is a device other than the encryption device.
In the embodiment of the application, when the encryption device is started, the encryption device acquires a plurality of data sequences in a preset file and/or a preset device; or when the encryption device receives an acquisition instruction of a data sequence, the encryption device acquires a plurality of data sequences in a preset file and/or a preset device, which may be determined specifically according to an actual situation, and this is not limited in this embodiment of the present application.
Note that the default device is a device other than the encryption device.
For example, the preset file may be a file received by the encryption device, or a file generated by the encryption device; the preset device may be a device connected to the encryption device, and the specific preset file and the preset device may be determined according to an actual situation, which is not limited in the embodiment of the present application.
In the embodiment of the application, the encryption device determines a plurality of data sequences as a plurality of preset keys.
In this embodiment, when the encryption device obtains a plurality of data sequences in a preset file and/or a preset device, the encryption device may use the plurality of data sequences as a plurality of preset keys, thereby determining that the plurality of preset keys are provided.
S102, encrypting communication data by using the target secret key, wherein the communication data is data when the encryption device and the server are communicated after the encryption device and the server establish safe connection.
In this embodiment, after the encryption device determines the target key from the preset keys, the encryption device may encrypt the communication data by using the target key, and communicate with the server by using the communication data encrypted by the target key.
The communication data is data when the encryption device and the server communicate with each other after the encryption device and the server establish a secure connection.
It can be understood that, by setting a plurality of preset keys in the encryption device, when communication data needs to be encrypted, the encryption device can directly determine a target key from the preset keys, and encrypt the communication data by using the target key, without using a plurality of sets of encryption algorithms to respectively generate a plurality of target keys by the encryption device, thereby reducing the consumption of computing resources in the encryption device and saving the computing resources of the encryption device.
Example two
An embodiment of the present application further provides an encryption method, in which after step S101 and before step S102, a process of establishing a secure connection between an encryption device and a server is provided, and specific implementation steps are shown in fig. 4, and include:
s201, encrypting the target secret key by using the public key carried by the secret key certificate, and sending the encrypted target secret key to the server so that the server can obtain the target secret key from the encrypted target secret key by using the private key, and encrypting the preset safety connection verification information by using the target secret key, wherein the private key is a secret key matched with the public key.
In this embodiment of the application, when the encryption device determines the target key from the plurality of preset keys, the encryption device may use the target key as the content of the handshake information, encrypt the target key by using the public key carried in the key certificate, and send the encrypted target key to the server, so that the server decrypts the encrypted target key by using the private key to obtain the target key.
In the embodiment of the application, after the server obtains the target key, the server can encrypt the preset secure connection verification information by using the target key.
It should be noted that the preset secure connection verification information may be handshake information sent by the server to the encryption device, for example, the content of the handshake information may be partial key information in the target key and a hash value corresponding to the partial key information, the content of the handshake information may also be other information and a hash value corresponding to the other information, and the specific content of the handshake information may be determined according to an actual situation, which is not limited in this embodiment of the present application.
In this embodiment of the present application, before the encryption device determines the target key from the plurality of preset keys, the process of determining the public key and the private key by the encryption device includes:
in the embodiment of the application, the encryption device sends the secure transmission request carrying the password suite to the server, so that the server determines a public key and a private key based on the password suite, and sends a key certificate determined according to the public key to the encryption device.
In the embodiment of the application, after the encryption device sends the security transmission request carrying the password suite to the server, the server matches the password suite in the server with the password suite carried in the security transmission request, when the password suite in the server is not matched with the password suite carried in the security transmission request, the server is disconnected from the encryption device, when the password suite in the server is matched with the password suite carried in the security transmission request, the password suite shared by the server and the encryption device is determined from the password suite in the server and the password suite carried in the security transmission request, a target password suite is determined from the shared password suite, and the server determines the public key and the private key by using the target password suite.
Note that the secure transfer request can be a secure hypertext transfer request, such as https:// www.domain.com/. The specific secure transmission request may be determined according to actual conditions, which is not limited in the embodiment of the present application.
It should be noted that the target password suite includes an encryption algorithm and a hash algorithm, that is, the server determines the public key and the private key by using the encryption algorithm and the hash algorithm.
It should be noted that, after the server determines the public key, the server adds the public key to the certificate, and simultaneously adds information such as the issuing authority, the website, the expiration date, and the like of the certificate to the certificate, so as to obtain the key certificate.
S202, when the encrypted preset safe connection verification information sent by the server is received, the encrypted preset safe connection verification information is decrypted by using the target secret key, and a first verification code of the preset safe connection verification information is obtained.
In the embodiment of the application, after the server encrypts the preset secure connection check information by using the target key, the server sends the encrypted preset secure connection check information to the encryption device, and when the encryption device receives the encrypted preset secure connection check information sent by the server, the encryption device decrypts the encrypted preset secure connection check information by using the target key to obtain the preset secure connection check information, and calculates the first check code of the preset secure connection check information, thereby obtaining the first check code of the preset secure connection check information.
It should be noted that the first check code may be a hash value of the preset secure connection check information, that is, when the encryption device obtains the preset secure connection check information, the encryption device calculates the hash value of the preset secure connection check information to obtain the first check code.
And S203, when the first check code is matched with the second check code, establishing the safe connection between the encryption device and the server, wherein the second check code is a check code carried in the preset safe connection check information received from the server.
In this embodiment, when the encryption device obtains the first check code of the preset security connection check information, the encryption device matches the first check code with the second check code, and when the first check code matches the second check code, the encryption device establishes a security connection with the server.
It should be noted that the second check code is a check code carried in the preset secure connection check information received from the server.
It should be noted that, when the first check code is the hash value calculated by the encryption device, the second check code is not the hash value of the preset secure connection check information received from the server.
In the embodiment of the present application, when the encryption device establishes a secure connection with the server, the encryption device encrypts the communication data using the target key.
For example, the secure connection between the encryption device and the server may be an SSL connection, and after the SSL connection is established between the encryption device and the server, the encryption device may encrypt communication data between the encryption device and the server by using the target key.
Fig. 5 is a flowchart of an exemplary encryption method according to an embodiment of the present invention, as shown in fig. 5:
s301, the encryption device sends a security transmission request carrying the password suite to a server.
In this embodiment, when a secure connection is established between the encryption device and the server, the encryption device sends a secure transmission request carrying a cipher suite to the server.
S302, the server determines a public key and a private key based on the cipher suite, and determines a key certificate according to the public key.
In the embodiment of the application, when a server receives a security transmission request which is sent by an encryption device and carries a password suite, the server matches the password suite in the security transmission request with the password suite in the server, when the password suite in the server does not match with the password suite carried in the security transmission request, the server disconnects the connection with the encryption device, when the password suite in the server matches with the password suite carried in the security transmission request, a password suite which is shared by the server and the encryption device is determined from the password suite in the server and the password suite carried in the security transmission request, a target password suite is determined from the shared password suite, and the server determines a public key and a private key by using the target password suite.
S303, the server sends the key certificate carrying the public key to the encryption apparatus.
In the embodiment of the application, when the server determines the public key, the server adds the public key to the certificate, and simultaneously adds information such as an issuing authority, a website, an expiration date and the like of the certificate to obtain a key certificate, and sends the key certificate carrying the public key to the encryption device.
S304, when the encryption device receives the key certificate sent by the server, the target key is determined from the preset keys.
In the embodiment of the present application, when the encryption apparatus receives the key certificate transmitted by the server, the encryption apparatus determines the target key from the plurality of preset keys.
S305, the encryption device encrypts the target secret key by using the public key carried by the secret key certificate.
In this embodiment of the application, when the encryption device determines the target key from the plurality of preset keys, the encryption device may use the target key as the content of the handshake information, and encrypt the target key by using the public key carried in the key certificate.
S306, the encryption device sends the encrypted target key to the server.
In this embodiment, when the encryption device encrypts the target key using the public key, the encryption device obtains the encrypted target key, and the encryption device sends the encrypted target key to the server.
S307, the server obtains the target key from the encrypted target key by using the private key.
In the embodiment of the application, when the server receives the encrypted target key, the server decrypts the encrypted target key by using the private key to obtain the target key.
S308, the server encrypts the preset safe connection verification information by using the target secret key.
In the embodiment of the application, when the server obtains the target key, the server encrypts the preset secure connection verification information by using the target key.
S309, the server sends the encrypted preset safe connection verification information to the encryption device.
In the embodiment of the application, when the server encrypts the preset secure connection check information by using the target key, the server obtains the encrypted preset secure connection check information, and the server sends the encrypted preset secure connection check information to the encryption device.
S310, the encryption device decrypts the encrypted preset safe connection verification information by using the target secret key to obtain a first verification code of the preset safe connection verification information.
In this embodiment of the application, when the encryption device obtains the encrypted preset secure connection check information, the encryption device decrypts the encrypted preset secure connection check information by using the target key to obtain the preset secure connection check information, and obtains the first check code according to the preset secure connection check information.
S311, when the first check code is matched with a second check code carried by the preset safety connection check information, the encryption device establishes safety connection between the servers.
In this embodiment of the application, when the encryption device obtains the first check code of the preset secure connection check information, the encryption device matches the first check code with the second check code carried by the preset secure connection check information for matching, and when the first check code matches the second check code carried by the preset secure connection check information, the encryption device establishes the secure connection between the servers.
And S312, when the encryption device and the server establish the safe connection, the encryption device encrypts the communication data by using the target key.
In the embodiment of the present application, when the encryption device establishes a secure connection with the server, the encryption device encrypts the communication data using the target key. The communication data is data when the encryption device and the server communicate with each other after the encryption device and the server establish a secure connection.
It can be understood that, in the present application, by establishing a secure connection between the encryption device and the server, the encryption device and the server can perform data communication under the secure connection, thereby improving the security when the encryption device and the server perform data communication.
EXAMPLE III
Based on the same inventive concept of the first embodiment to the second embodiment, the embodiment of the present application provides an encryption apparatus 1 corresponding to an encryption method; fig. 6 is a schematic structural diagram of a composition of an encryption apparatus according to an embodiment of the present application, where the encryption apparatus 1 may include:
a determining unit 11, configured to determine, when receiving a key certificate sent by a server, a target key from a plurality of preset keys, where the plurality of preset keys are keys that are acquired in advance by an encryption device;
and an encrypting unit 12, configured to encrypt, by using the target key, communication data, where the communication data is data during communication between the encrypting apparatus and the server after the encrypting apparatus establishes a secure connection with the server.
In some embodiments of the present application, the apparatus further comprises a generating unit 13;
the generation unit 13 is configured to generate a plurality of random numbers when a random number generation operation is triggered;
the determining unit 11 is further configured to divide the plurality of random numbers according to a preset data length to obtain a plurality of random number sequences; determining the plurality of random number sequences as the plurality of preset keys.
In some embodiments of the present application, the apparatus further comprises an acquisition unit 14;
the obtaining unit 14 is further configured to obtain a plurality of data sequences in a preset file and/or a preset device, where the preset device is a device other than the encryption device;
the determining unit 11 is further configured to determine the plurality of data sequences as the plurality of preset keys.
In some embodiments of the present application, the apparatus further comprises a decryption unit 15 and a setup unit 16;
the encryption unit 12 is further configured to encrypt the target key by using a public key carried by the key certificate, and send the encrypted target key to the server, so that the server obtains the target key from the encrypted target key by using a private key, and encrypts preset secure connection verification information by using the target key, where the private key is a key matched with the public key;
the decryption unit 15 is further configured to decrypt the encrypted preset secure connection check information by using the target key when receiving the encrypted preset secure connection check information sent by the server, so as to obtain a first check code of the preset secure connection check information;
the establishing unit 16 is further configured to establish a secure connection between the encryption apparatus and the server when the first check code matches a second check code, where the second check code is a check code carried in the preset secure connection check information received from the server;
accordingly, the method can be used for solving the problems that,
the encryption unit 12 is further configured to encrypt communication data with the target key when the encryption device establishes a secure connection with the server.
In some embodiments of the present application, the apparatus further comprises a transmitting unit 17;
the sending unit 17 is further configured to send a secure transmission request carrying a password suite to the server, so that the server determines the public key and the private key based on the password suite, and sends the key certificate determined according to the public key to the encryption device.
It can be understood that, by setting a plurality of preset keys in the encryption device, when communication data needs to be encrypted, the encryption device can directly determine a target key from the preset keys, and encrypt the communication data by using the target key, without using a plurality of sets of encryption algorithms to respectively generate a plurality of target keys by the encryption device, thereby reducing the consumption of computing resources in the encryption device and saving the computing resources of the encryption device.
The embodiment of the present application provides a storage medium on which a computer program is stored, and the program implements the encryption method according to the first embodiment to the second embodiment when executed by a processor.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of a hardware embodiment, a software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the scope of the present invention.
Claims (11)
1. A method of encryption, the method comprising:
when a key certificate sent by a server is received, determining a target key from a plurality of preset keys, wherein the preset keys are keys obtained by an encryption device in advance;
and encrypting communication data by using the target key, wherein the communication data is data when the encryption device and the server communicate after the encryption device establishes a secure connection with the server.
2. The method of claim 1, wherein before determining the target key from the plurality of predetermined keys, the method further comprises:
generating a plurality of random numbers when a random number generation operation is triggered;
dividing the plurality of random numbers according to a preset data length to obtain a plurality of random number sequences;
determining the plurality of random number sequences as the plurality of preset keys.
3. The method of claim 1, wherein before determining the target key from the plurality of predetermined keys, the method further comprises:
acquiring a plurality of data sequences in a preset file and/or a preset device, wherein the preset device is a device except the encryption device;
determining the plurality of data sequences as the plurality of preset keys.
4. The method of claim 1, wherein after determining the target key from the plurality of preset keys and before encrypting the communication data by using the target key, the method further comprises:
encrypting the target key by using a public key carried by the key certificate, and sending the encrypted target key to the server so that the server can obtain the target key from the encrypted target key by using a private key, and encrypting preset safety connection verification information by using the target key, wherein the private key is a key matched with the public key;
when the encrypted preset safe connection verification information sent by the server is received, decrypting the encrypted preset safe connection verification information by using the target secret key to obtain a first verification code of the preset safe connection verification information;
when the first check code is matched with a second check code, establishing a secure connection between the encryption device and the server, wherein the second check code is a check code carried in the preset secure connection check information received from the server;
correspondingly, the encrypting the communication data by using the target key comprises the following steps:
and when the encryption device establishes a secure connection with the server, encrypting communication data by using the target key.
5. The method of claim 4, wherein before determining the target key from the plurality of predetermined keys, the method further comprises:
and sending a security transmission request carrying a password suite to the server so that the server can determine the public key and the private key based on the password suite, and sending the key certificate determined according to the public key to the encryption device.
6. An encryption apparatus, characterized in that the apparatus comprises:
the device comprises a determining unit, a processing unit and a processing unit, wherein the determining unit is used for determining a target key from a plurality of preset keys when receiving a key certificate sent by a server, and the preset keys are keys acquired by an encryption device in advance;
and the encryption unit is used for encrypting communication data by using the target key, wherein the communication data is data when the encryption device and the server communicate after the encryption device establishes a secure connection with the server.
7. The apparatus of claim 6, further comprising a generating unit;
the generation unit is used for generating a plurality of random numbers when the random number generation operation is triggered;
the determining unit is further configured to divide the plurality of random numbers according to a preset data length to obtain a plurality of random number sequences; determining the plurality of random number sequences as the plurality of preset keys.
8. The apparatus of claim 6, further comprising an acquisition unit;
the acquiring unit is further configured to acquire a plurality of data sequences in a preset file and/or a preset device, where the preset device is a device other than the encryption device;
the determining unit is further configured to determine the plurality of data sequences as the plurality of preset keys.
9. The apparatus according to claim 6, wherein the apparatus further comprises a decryption unit and a creation unit;
the encryption unit is further configured to encrypt the target key by using a public key carried by the key certificate, and send the encrypted target key to the server, so that the server obtains the target key from the encrypted target key by using a private key, and encrypts preset secure connection verification information by using the target key, where the private key is a key matched with the public key;
the decryption unit is further configured to decrypt the encrypted preset secure connection check information by using the target key when receiving the encrypted preset secure connection check information sent by the server, so as to obtain a first check code of the preset secure connection check information;
the establishing unit is further configured to establish a secure connection between the encryption device and the server when the first check code matches a second check code, where the second check code is a check code carried in the preset secure connection check information received from the server;
accordingly, the method can be used for solving the problems that,
the encryption unit is further configured to encrypt communication data with the target key when the encryption device establishes a secure connection with the server.
10. The apparatus of claim 9, wherein the apparatus further comprises a transmitting unit;
the sending unit is further configured to send a secure transmission request carrying a password suite to the server, so that the server determines the public key and the private key based on the password suite, and sends the key certificate determined according to the public key to the encryption device.
11. A storage medium on which a computer program is stored for use in an encryption apparatus, wherein the computer program, when executed by a processor, implements the method of any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910916871.0A CN110611681A (en) | 2019-09-26 | 2019-09-26 | Encryption method and device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910916871.0A CN110611681A (en) | 2019-09-26 | 2019-09-26 | Encryption method and device and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110611681A true CN110611681A (en) | 2019-12-24 |
Family
ID=68893498
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910916871.0A Pending CN110611681A (en) | 2019-09-26 | 2019-09-26 | Encryption method and device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110611681A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112491884A (en) * | 2020-11-27 | 2021-03-12 | 中孚安全技术有限公司 | Visualized data display method, system and encryption equipment based on state cryptographic algorithm |
| CN113645252A (en) * | 2021-08-26 | 2021-11-12 | 深圳市天天来玩科技有限公司 | Encryption transmission method, network equipment and storage medium |
| CN114710359A (en) * | 2022-04-15 | 2022-07-05 | 辽宁工控科技有限公司 | Industrial network dynamic key management method and industrial network encryption communication method |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170118029A1 (en) * | 2015-10-26 | 2017-04-27 | Online Solutions Oy | Method and a system for verifying the authenticity of a certificate in a web browser using the ssl/tls protocol in an encrypted internet connection to an https website |
| CN106650482A (en) * | 2015-11-04 | 2017-05-10 | 阿里巴巴集团控股有限公司 | Electronic file encryption method and device, electronic file decryption method and device and electronic file encryption and decryption system |
| CN109818736A (en) * | 2018-12-24 | 2019-05-28 | 顺丰科技有限公司 | SSL decrypts device, decryption system, decryption method |
-
2019
- 2019-09-26 CN CN201910916871.0A patent/CN110611681A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170118029A1 (en) * | 2015-10-26 | 2017-04-27 | Online Solutions Oy | Method and a system for verifying the authenticity of a certificate in a web browser using the ssl/tls protocol in an encrypted internet connection to an https website |
| CN106650482A (en) * | 2015-11-04 | 2017-05-10 | 阿里巴巴集团控股有限公司 | Electronic file encryption method and device, electronic file decryption method and device and electronic file encryption and decryption system |
| CN109818736A (en) * | 2018-12-24 | 2019-05-28 | 顺丰科技有限公司 | SSL decrypts device, decryption system, decryption method |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112491884A (en) * | 2020-11-27 | 2021-03-12 | 中孚安全技术有限公司 | Visualized data display method, system and encryption equipment based on state cryptographic algorithm |
| CN113645252A (en) * | 2021-08-26 | 2021-11-12 | 深圳市天天来玩科技有限公司 | Encryption transmission method, network equipment and storage medium |
| CN114710359A (en) * | 2022-04-15 | 2022-07-05 | 辽宁工控科技有限公司 | Industrial network dynamic key management method and industrial network encryption communication method |
| CN114710359B (en) * | 2022-04-15 | 2024-02-06 | 沈阳邦粹科技有限公司 | Industrial network dynamic key management method and industrial network encryption communication method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109347835B (en) | Information transmission method, client, server, and computer-readable storage medium | |
| EP3318043B1 (en) | Mutual authentication of confidential communication | |
| CN106487749B (en) | Key generation method and device | |
| CN110166242B (en) | Message transmission method and device | |
| EP1775879A2 (en) | Method and Apparatus for Securely Transmitting and Receiving Data in Peer-to-Peer Manner | |
| CN108111497B (en) | Mutual authentication method and device for camera and server | |
| CN107005577B (en) | Fingerprint data processing method and processing device | |
| CN103036880A (en) | Network information transmission method, transmission equipment and transmission system | |
| CN105959648B (en) | A kind of encryption method, device and video monitoring system | |
| WO2013117087A1 (en) | Method and system for downloading file | |
| CN110611681A (en) | Encryption method and device and storage medium | |
| CN111526007B (en) | Random number generation method and system | |
| CN109005184A (en) | File encrypting method and device, storage medium, terminal | |
| CN104092551B (en) | Safe secret key transmission method based on RSA algorithm | |
| CN115499250B (en) | Data encryption method and device | |
| CN113301036A (en) | Communication encryption method and device, equipment and storage medium | |
| CN114338239B (en) | Method and system for data encryption transmission | |
| CN110839240A (en) | Method and device for establishing connection | |
| CN110611679A (en) | Data transmission method, device, equipment and system | |
| CN113922974B (en) | Information processing method and system, front end, server side and storage medium | |
| CN110768928B (en) | Communication method and communication device, computer equipment and readable storage medium | |
| US20090285389A1 (en) | Electronic certification system and confidential communication system | |
| CN106972928B (en) | Bastion machine private key management method, device and system | |
| CN113572604B (en) | Method, device and system for sending secret key and electronic equipment | |
| KR101793528B1 (en) | Certificateless public key encryption system and receiving terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191224 |
|
| RJ01 | Rejection of invention patent application after publication |