CN110855433A - Data encryption method and device based on encryption algorithm and computer equipment - Google Patents
Data encryption method and device based on encryption algorithm and computer equipment Download PDFInfo
- Publication number
- CN110855433A CN110855433A CN201911083987.7A CN201911083987A CN110855433A CN 110855433 A CN110855433 A CN 110855433A CN 201911083987 A CN201911083987 A CN 201911083987A CN 110855433 A CN110855433 A CN 110855433A
- Authority
- CN
- China
- Prior art keywords
- key
- file
- encryption
- rsa
- aes
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a data encryption method, a data encryption device and computer equipment based on an encryption algorithm, wherein the method comprises the following steps: encrypting the file by using an AES encryption algorithm through a key of the AES to obtain a file ciphertext; encrypting the key of the AES through the public key of the RSA to obtain a key ciphertext; storing a public key and a private key of RSA into a KeyStore file of a management tool of a Java data certificate, wherein the KeyStore file generates a KeyStore password; storing the file ciphertext, the key ciphertext and the KeyStore password into an SO dynamic library; code obfuscation is performed on Java program code used by the encryption process through a prosguard code obfuscation tool. The invention has the beneficial effects that: the RSA private key is stored by using the KeyStore key, so that the RSA private key is safer and cannot be cracked violently. The KeyStore password and the encrypted ciphertext of the RSA are stored dynamically by the SO, SO that the KeyStore password and the encrypted ciphertext of the RSA are more difficult to analyze and acquire. And code obfuscation is carried out by using a ProGuard tool, so that the implementation process of the code cannot be effectively decompiled.
Description
Technical Field
The present invention relates to an encryption method, an encryption device, and a computer device, and more particularly, to a data encryption method, a data encryption device, and a computer device based on an encryption algorithm.
Background
AES encryption is a symmetric encryption method commonly used in the industry, and may be used to encrypt sensitive information; and important and secret data are encrypted and transmitted to prevent data from being stolen and information from being leaked. Although AES encryption and decryption is very efficient in encryption, it is not secure, and once its key is revealed, the data can be decrypted.
The common solution in the industry is to encrypt the AES key with RAS asymmetric encryption, which is not problematic for remote data transmission. However, if RAS encryption is used to encrypt sensitive data into a database, the problem arises that the RSA private key is also exposed because it is easily accessible in the local environment.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: the data encryption method, the data encryption device and the computer equipment based on the encryption algorithm aim at improving the cracking difficulty of encrypted data.
In order to solve the technical problems, the invention adopts the technical scheme that: a data encryption method based on an encryption algorithm comprises the following steps,
encrypting the file by using an AES encryption algorithm through a key of the AES to obtain a file ciphertext;
encrypting the key of the AES through the public key of the RSA to obtain a key ciphertext;
storing a public key and a private key of RSA into a KeyStore file of a management tool of a Java data certificate, wherein the KeyStore file generates a KeyStore password;
storing the file ciphertext, the key ciphertext and the KeyStore password into an SO dynamic library;
code obfuscation is performed on Java program code used by the encryption process through a prosguard code obfuscation tool.
Further, the key of the AES is encrypted through a public key of RSA, and the length of the adopted public key is 2048-bit.
Further, the code obfuscating the Java program code used by the encryption process by using a prosguard code obfuscating tool specifically includes:
detecting and removing useless classes, fields, methods and characteristics in Java program code;
optimizing byte codes and removing useless instructions;
renaming classes, fields and methods using short and nonsense names;
and (4) performing pre-check on the processed code on the Java platform to ensure that the loaded class file is executable.
The invention also provides a data encryption device based on an encryption algorithm, which comprises,
the AES encryption module is used for encrypting the file by using an AES encryption algorithm through a key of AES to obtain a file ciphertext;
the RSA encryption module is used for encrypting the key of the AES through the public key of the RSA to obtain a key ciphertext;
the key store storage module is used for storing a public key and a private key of RSA into a key store file of a management tool of a Java data certificate, and the key store file generates a key store password;
the dynamic library storage module is used for storing the file ciphertext, the key ciphertext and the KeyStore password into the SO dynamic library;
and the program code obfuscating module is used for performing code obfuscation on the Java program codes used by the encryption process through a ProGuard code obfuscating tool.
Further, the RSA encryption module is used for encrypting the key of the AES through the public key of the RSA, and the length of the adopted public key is 2048-bit.
Further, the program code obfuscation module specifically includes:
a compression unit for detecting and removing useless classes, fields, methods and properties in the Java program code;
the optimization unit is used for optimizing the byte codes and removing useless instructions;
an obfuscation unit to rename classes, fields and methods using short and nonsense names;
and the previewing unit is used for previewing the processed code on the Java platform and ensuring that the loaded class file is executable.
The invention also provides a computer device, which comprises a memory and a processor, wherein the memory stores a computer program, and the processor executes the computer program to realize the data encryption method based on the encryption algorithm.
The present invention also provides a storage medium storing a computer program which, when executed by a processor, can implement the encryption algorithm-based data encryption method as described above.
The invention has the beneficial effects that: the invention uses RSA to encrypt the AES key after using AES to encrypt the file, thereby achieving the effect of protecting the AES key. The RSA private key is stored by using the KeyStore key, so that the RSA private key is safer and cannot be cracked violently. The KeyStore password and the encrypted ciphertext of the RSA are stored dynamically by the SO, SO that the KeyStore password and the encrypted ciphertext of the RSA are more difficult to analyze and acquire. And code obfuscation is carried out by using a ProGuard tool, so that the implementation process of the code cannot be effectively decompiled.
Drawings
The following detailed description of the invention refers to the accompanying drawings.
FIG. 1 is a flow chart of a data encryption method based on an encryption algorithm according to an embodiment of the present invention;
FIG. 2 is a flowchart of program code obfuscation according to an embodiment of the present invention;
FIG. 3 is a block diagram of a data encryption device based on an encryption algorithm according to an embodiment of the present invention;
FIG. 4 is a block diagram of a program code obfuscation module according to an embodiment of the present invention;
FIG. 5 is a schematic block diagram of a computer device in accordance with one embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It will be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in the specification of the present invention and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be further understood that the term "and/or" as used in this specification and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items.
As shown in fig. 1, one embodiment of the present invention is: a data encryption method based on an encryption algorithm comprises the following steps,
s10, encrypting the file by using an AES encryption algorithm through the key of the AES to obtain a file ciphertext;
in this step, the AES symmetric encryption/decryption algorithm used, Advanced Encryption Standard (AES) in cryptography, also called Rijndael encryption method, is a block encryption Standard adopted by the federal government in the united states. The AES encryption algorithm uses a block cipher system, each packet data has a length of 128 bits and 16 bytes, the key length can be 128 bits and 16 bytes, 192 bits or 256 bits, there are four encryption modes in total, we usually use a CBC mode that needs an initial vector IV, which is also 128 bits and 16 bytes. The key used in the encryption process and the decryption process is the same.
S20, encrypting the key of the AES through the public key of the RSA to obtain a key ciphertext; the length of the public key used is 2048-bit.
In this step, after the AES is used for encryption, the AES key is encrypted using RSA, thereby achieving the effect of protecting the AES key. RSA encryption, which is an asymmetric encryption. Is the process of encryption and decryption by a pair of keys, which are respectively called a public key and a private key. The public key is used for encryption and the private key is used for decryption. Although the current 512-bit and 1024-bit keys can be decomposed based on a large number of factors, the keys are decomposed with a large amount of machine and time, so that in the case of 2048-bit keys, the time for decomposition is exponentially increased without knowing the private key, and the keys cannot be decomposed for the current us.
S30, storing a public key and a private key of RSA into a KeyStore file of a management tool of the Java data certificate, wherein the KeyStore file generates a KeyStore password;
in the step, the KeyStore key is used for storing the RSA private key, so that the RSA private key is safer and cannot be cracked violently. Keytool is a management tool for Java data certificates, which stores keys (keys) and certificates (certifies) in a file called a keystore.
In a keystore, two kinds of data are contained:
1. key entity (Key entity) -a Key (secret Key) or a private Key and a public pairing Key (asymmetric encryption is adopted);
2. trusted certificate entities (trusted certificate entries), which contain only public keys;
the keystore is protected by a password that was created at the time the keystore was created, and you must provide this password each time you attempt to access or modify the keystore. When you store the public and private keys in the keystore, the security is naturally improved.
S40, storing the file ciphertext, the key ciphertext and the KeyStore password into an SO dynamic library;
in this step, the key store password and the cipher text encrypted by the RSA are stored dynamically by the SO, which makes it more difficult to analyze and obtain the key store password and the cipher text encrypted by the RSA. The KeyStore password and the ciphertext are subjected to basic code compiling through a C + + language, and are compiled and compiled into an SO file by using a GCC tool, SO that the KeyStore password and the ciphertext cannot be directly seen in the whole process; JAVA code requires an API exposed by calling C + +, to use the KeyStore password and ciphertext.
The Dynamic Library is also called a Dynamic Link Library (DLL), which is not an executable file, and is an abbreviated form of Dynamic Link Library. Dynamic linking provides a way for a process to call functions that do not belong to its executable code. The executable code for the functions is located in a DLL that contains one or more functions that have been compiled, linked and stored separately from the process in which they are used. DLLs also facilitate sharing of data and resources. Multiple applications can simultaneously access the contents of a single DLL copy in memory. A DLL is a library that contains code and data that can be used by multiple programs simultaneously. The dynamic library under Windows is a dll suffix, and under linux is a SO suffix, generally, the dynamic library is written by C + + language, and a GCC tool is compiled to produce an SO file. The reason why the SO dynamic library is used for storing the secret key is that the difficulty of decompiling the file is increased; the file may exist outside the java project, placed anywhere on the linux system.
And S50, carrying out code obfuscation on the Java program code used by the encryption process through a ProGuard code obfuscation tool.
In this step, a ProGuard tool is used for code obfuscation, so that the implementation process of the code cannot be effectively decompiled. Code Obfuscation (Obfuscation) is the act of transforming the code of a computer program into a functionally equivalent, but difficult to read and understand, form.
Code obfuscation may be used for program source code or for intermediate code into which a program is compiled. A program that performs code obfuscation is referred to as a code obfuscator. There are currently many functionally diverse code obfuscators. The process of using the AES encryption and decryption algorithm, the RSA encryption and decryption algorithm and the process of obtaining the KeyStore password and the ciphertext realized by the JAVA language is subjected to code confusion through a ProGuard tool, so that the whole process cannot be seen. Under the condition that a whole set of tools is not obtained, the key cannot be obtained, and the encrypted ciphertext after AES cannot be decrypted. The main work is as follows:
1. the names of various elements in the code, such as variables, functions, classes, are rewritten to meaningless names. Such as overwriting as a single letter, or a short nonsense letter combination, or even a symbol such as "__," so that the reader cannot guess what he is going to use by name.
2. Rewriting part of the logic in the code turns it into a functionally equivalent, but more difficult to understand, form. Such as adapting for loops to while loops, adapting loops to recursion, pruning intermediate variables, and so forth.
3. The format of the code is disturbed. Such as deleting spaces, squeezing lines of code into a line, or breaking a line of code into lines, etc.
4. And adding a flower instruction, and making the disassembler go wrong through a specially constructed instruction so as to interfere with the performance of the decompilation work.
As shown in fig. 2, in an embodiment, the code obfuscating the Java program code used by the encryption process by using a prosguard code obfuscation tool specifically includes the following steps:
s51, detecting and removing useless classes, fields, methods and characteristics in the Java program code;
s52, optimizing byte codes and removing useless instructions;
s53, renaming the classes, the fields and the methods by using short and meaningless names; short and meaningless names such as a, b, c, d, etc.
And S54, previewing the processed code on the Java platform to ensure that the loaded class file is executable.
As shown in fig. 3, the present invention also provides a data encryption apparatus based on an encryption algorithm, including,
the AES encryption module 10 is configured to encrypt the file by using an AES encryption algorithm through a key of the AES to obtain a file ciphertext;
the RSA encryption module 20 is configured to encrypt a key of the AES with a public key of the RSA to obtain a key ciphertext;
the KeyStore storage module 30 is configured to store a public key and a private key of the RSA into a KeyStore file of a management tool of the Java data certificate, where the KeyStore file generates a KeyStore password;
the dynamic library storage module 40 is used for storing the file ciphertext, the key ciphertext and the KeyStore password into the SO dynamic library;
and a program code obfuscation module 50 for performing code obfuscation on the Java program code used by the encryption process through a prosguard code obfuscation tool.
Preferably, the RSA encryption module 20 is configured to encrypt the key of the AES by using a public key of the RSA, where the length of the public key is 2048-bit.
As shown in fig. 4, in an embodiment, the program code obfuscation module 50 specifically includes:
a compression unit 51 for detecting and removing useless classes, fields, methods and properties in the Java program code;
an optimization unit 52, configured to optimize the bytecode and remove useless instructions;
an obfuscation unit 53 for renaming classes, fields and methods using short and meaningless names;
and a preview unit 54, configured to preview the processed code on the Java platform, to ensure that the loaded class file is executable.
It should be noted that, as can be clearly understood by those skilled in the art, the specific implementation process of the data encryption device and each unit based on the encryption algorithm may refer to the corresponding description in the foregoing method embodiment, and for convenience and conciseness of description, no further description is provided herein.
The data encryption apparatus based on the encryption algorithm may be implemented in the form of a computer program that can be run on a computer device as shown in fig. 5.
Referring to fig. 5, fig. 5 is a schematic block diagram of a computer device according to an embodiment of the present application. The computer device 500 may be a terminal or a server, where the terminal may be an electronic device with a communication function, such as a smart phone, a tablet computer, a notebook computer, a desktop computer, a personal digital assistant, and a wearable device. The server may be an independent server or a server cluster composed of a plurality of servers.
Referring to fig. 5, the computer device 500 includes a processor 502, memory, and a network interface 505 connected by a system bus 501, where the memory may include a non-volatile storage medium 503 and an internal memory 504.
The non-volatile storage medium 503 may store an operating system 5031 and a computer program 5032. The computer programs 5032 comprise program instructions that, when executed, cause the processor 502 to perform a data encryption method based on an encryption algorithm.
The processor 502 is used to provide computing and control capabilities to support the operation of the overall computer device 500.
The internal memory 504 provides an environment for the operation of the computer program 5032 in the non-volatile storage medium 503, and when the computer program 5032 is executed by the processor 502, the processor 502 may be enabled to perform a data encryption method based on an encryption algorithm.
The network interface 505 is used for network communication with other devices. Those skilled in the art will appreciate that the configuration shown in fig. 5 is a block diagram of only a portion of the configuration associated with the present application and does not constitute a limitation of the computer device 500 to which the present application may be applied, and that a particular computer device 500 may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
Wherein the processor 502 is configured to run the computer program 5032 stored in the memory to implement the following steps:
s10, encrypting the file by using an AES encryption algorithm through the key of the AES to obtain a file ciphertext;
s20, encrypting the key of the AES through the public key of the RSA to obtain a key ciphertext;
s30, storing a public key and a private key of RSA into a KeyStore file of a management tool of the Java data certificate, wherein the KeyStore file generates a KeyStore password;
s40, storing the file ciphertext, the key ciphertext and the KeyStore password into an SO dynamic library;
and S50, carrying out code obfuscation on the Java program code used by the encryption process through a ProGuard code obfuscation tool.
In an embodiment, when the processor 502 implements the step S50, the following steps are specifically implemented:
s51, detecting and removing useless classes, fields, methods and characteristics in the Java program code;
s52, optimizing byte codes and removing useless instructions;
s53, renaming the classes, the fields and the methods by using short and meaningless names;
and S54, previewing the processed code on the Java platform to ensure that the loaded class file is executable.
It should be understood that, in the embodiment of the present Application, the Processor 502 may be a Central Processing Unit (CPU), and the Processor 502 may also be other general-purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field-Programmable Gate arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components, and the like. Wherein a general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
It will be understood by those skilled in the art that all or part of the flow of the method implementing the above embodiments may be implemented by a computer program instructing associated hardware. The computer program includes program instructions, and the computer program may be stored in a storage medium, which is a computer-readable storage medium. The program instructions are executed by at least one processor in the computer system to implement the flow steps of the embodiments of the method described above.
Accordingly, the present invention also provides a storage medium. The storage medium may be a computer-readable storage medium. The storage medium stores a computer program, wherein the computer program comprises program instructions. The program instructions, when executed by the processor, cause the processor to perform the steps of:
s10, encrypting the file by using an AES encryption algorithm through the key of the AES to obtain a file ciphertext;
s20, encrypting the key of the AES through the public key of the RSA to obtain a key ciphertext;
s30, storing a public key and a private key of RSA into a KeyStore file of a management tool of the Java data certificate, wherein the KeyStore file generates a KeyStore password;
s40, storing the file ciphertext, the key ciphertext and the KeyStore password into an SO dynamic library;
and S50, carrying out code obfuscation on the Java program code used by the encryption process through a ProGuard code obfuscation tool.
In an embodiment, when the processor executes the program instructions to implement the step S50, the following steps are specifically implemented:
s51, detecting and removing useless classes, fields, methods and characteristics in the Java program code;
s52, optimizing byte codes and removing useless instructions;
s53, renaming the classes, the fields and the methods by using short and meaningless names;
and S54, previewing the processed code on the Java platform to ensure that the loaded class file is executable.
The storage medium may be a usb disk, a removable hard disk, a Read-Only Memory (ROM), a magnetic disk, or an optical disk, which can store various computer readable storage media.
Those of ordinary skill in the art will appreciate that the elements and algorithm steps of the examples described in connection with the embodiments disclosed herein may be embodied in electronic hardware, computer software, or combinations of both, and that the components and steps of the examples have been described in a functional general in the foregoing description for the purpose of illustrating clearly the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative. For example, the division of each unit is only one logic function division, and there may be another division manner in actual implementation. For example, various elements or components may be combined or may be integrated into another system, or some features may be omitted, or not implemented.
The steps in the method of the embodiment of the invention can be sequentially adjusted, combined and deleted according to actual needs. The units in the device of the embodiment of the invention can be merged, divided and deleted according to actual needs. In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a storage medium. Based on such understanding, the technical solution of the present invention essentially or partially contributes to the prior art, or all or part of the technical solution can be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a terminal, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention.
While the invention has been described with reference to specific embodiments, the invention is not limited thereto, and various equivalent modifications and substitutions can be easily made by those skilled in the art within the technical scope of the invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (8)
1. A data encryption method based on encryption algorithm is characterized in that: comprises the following steps of (a) carrying out,
encrypting the file by using an AES encryption algorithm through a key of the AES to obtain a file ciphertext;
encrypting the key of the AES through the public key of the RSA to obtain a key ciphertext;
storing a public key and a private key of RSA into a KeyStore file of a management tool of a Java data certificate, wherein the KeyStore file generates a KeyStore password;
storing the file ciphertext, the key ciphertext and the KeyStore password into an SO dynamic library;
code obfuscation is performed on Java program code used by the encryption process through a prosguard code obfuscation tool.
2. A data encryption method based on an encryption algorithm according to claim 1, characterized in that: the key of the AES is encrypted through a public key of RSA, and the length of the adopted public key is 2048-bit.
3. A data encryption method based on an encryption algorithm according to claim 1, characterized in that: the code obfuscating is performed on Java program codes used in the encryption process through a prosguard code obfuscation tool, and specifically includes:
detecting and removing useless classes, fields, methods and characteristics in Java program code;
optimizing byte codes and removing useless instructions;
renaming classes, fields and methods using short and nonsense names;
and (4) performing pre-check on the processed code on the Java platform to ensure that the loaded class file is executable.
4. A data encryption device based on encryption algorithm is characterized in that: comprises the steps of (a) preparing a mixture of a plurality of raw materials,
the AES encryption module is used for encrypting the file by using an AES encryption algorithm through a key of AES to obtain a file ciphertext;
the RSA encryption module is used for encrypting the key of the AES through the public key of the RSA to obtain a key ciphertext;
the key store storage module is used for storing a public key and a private key of RSA into a key store file of a management tool of a Java data certificate, and the key store file generates a key store password;
the dynamic library storage module is used for storing the file ciphertext, the key ciphertext and the KeyStore password into the SO dynamic library;
and the program code obfuscating module is used for performing code obfuscation on the Java program codes used by the encryption process through a ProGuard code obfuscating tool.
5. An encryption algorithm based data encryption apparatus according to claim 4, wherein: the RSA encryption module is used for encrypting the key of the AES through the public key of the RSA, and the length of the adopted public key is 2048-bit.
6. An encryption algorithm based data encryption apparatus according to claim 4, wherein: the program code obfuscation module specifically includes:
a compression unit for detecting and removing useless classes, fields, methods and properties in the Java program code;
the optimization unit is used for optimizing the byte codes and removing useless instructions;
an obfuscation unit to rename classes, fields and methods using short and nonsense names;
and the previewing unit is used for previewing the processed code on the Java platform and ensuring that the loaded class file is executable.
7. A computer device, characterized by: the computer device comprises a memory having stored thereon a computer program and a processor implementing the encryption algorithm based data encryption method according to any one of claims 1 to 3 when executing the computer program.
8. A storage medium, characterized by: the storage medium stores a computer program which, when executed by a processor, implements the encryption algorithm-based data encryption method of any one of claims 1 to 3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911083987.7A CN110855433B (en) | 2019-11-07 | 2019-11-07 | Data encryption method and device based on encryption algorithm and computer equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911083987.7A CN110855433B (en) | 2019-11-07 | 2019-11-07 | Data encryption method and device based on encryption algorithm and computer equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110855433A true CN110855433A (en) | 2020-02-28 |
| CN110855433B CN110855433B (en) | 2023-06-16 |
Family
ID=69599705
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911083987.7A Active CN110855433B (en) | 2019-11-07 | 2019-11-07 | Data encryption method and device based on encryption algorithm and computer equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110855433B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111866864A (en) * | 2020-07-17 | 2020-10-30 | 上海市共进通信技术有限公司 | Method, device and storage medium for realizing encrypted storage and safe use management of cloud platform certificate based on wireless AP |
| CN111967023A (en) * | 2020-07-03 | 2020-11-20 | 浙江数链科技有限公司 | Data encryption and decryption method, device, system and readable storage medium |
| CN112597453A (en) * | 2020-12-04 | 2021-04-02 | 光大科技有限公司 | Program code encryption and decryption method and device |
| CN113656765A (en) * | 2021-08-17 | 2021-11-16 | 平安国际智慧城市科技股份有限公司 | Java program safety processing method and device, computer equipment and storage medium |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7263722B1 (en) * | 1999-05-12 | 2007-08-28 | Fraunhofer Crcg, Inc. | Obfuscation of executable code |
| US20080229115A1 (en) * | 2007-03-16 | 2008-09-18 | Microsoft Corporation | Provision of functionality via obfuscated software |
| US20140195804A1 (en) * | 2012-10-12 | 2014-07-10 | Safelylocked, Llc | Techniques for secure data exchange |
| CN104268444A (en) * | 2014-08-25 | 2015-01-07 | 浪潮电子信息产业股份有限公司 | Cloud OS Java source code protection method |
| CN108683491A (en) * | 2018-03-19 | 2018-10-19 | 中山大学 | A kind of information concealing method based on encryption and spatial term |
| CN108712412A (en) * | 2018-05-15 | 2018-10-26 | 北京五八信息技术有限公司 | A kind of encryption and decryption method of database, device, storage medium and terminal |
| CN109495255A (en) * | 2018-12-11 | 2019-03-19 | 中新金桥数字科技(北京)有限公司 | Digital cryptographic key protection method and its system based on android system |
| CN110069905A (en) * | 2019-04-26 | 2019-07-30 | 深圳智慧园区信息技术有限公司 | A kind of device and method of Springboot program encryption and decryption |
| CN110289946A (en) * | 2019-07-12 | 2019-09-27 | 深圳市元征科技股份有限公司 | A kind of generation method and block chain node device of block chain wallet localization file |
-
2019
- 2019-11-07 CN CN201911083987.7A patent/CN110855433B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7263722B1 (en) * | 1999-05-12 | 2007-08-28 | Fraunhofer Crcg, Inc. | Obfuscation of executable code |
| US20080229115A1 (en) * | 2007-03-16 | 2008-09-18 | Microsoft Corporation | Provision of functionality via obfuscated software |
| US20140195804A1 (en) * | 2012-10-12 | 2014-07-10 | Safelylocked, Llc | Techniques for secure data exchange |
| CN104268444A (en) * | 2014-08-25 | 2015-01-07 | 浪潮电子信息产业股份有限公司 | Cloud OS Java source code protection method |
| CN108683491A (en) * | 2018-03-19 | 2018-10-19 | 中山大学 | A kind of information concealing method based on encryption and spatial term |
| CN108712412A (en) * | 2018-05-15 | 2018-10-26 | 北京五八信息技术有限公司 | A kind of encryption and decryption method of database, device, storage medium and terminal |
| CN109495255A (en) * | 2018-12-11 | 2019-03-19 | 中新金桥数字科技(北京)有限公司 | Digital cryptographic key protection method and its system based on android system |
| CN110069905A (en) * | 2019-04-26 | 2019-07-30 | 深圳智慧园区信息技术有限公司 | A kind of device and method of Springboot program encryption and decryption |
| CN110289946A (en) * | 2019-07-12 | 2019-09-27 | 深圳市元征科技股份有限公司 | A kind of generation method and block chain node device of block chain wallet localization file |
Non-Patent Citations (5)
| Title |
|---|
| ANDROID_MR_夏: ""android用proGuard代码混淆"", 《CSDN》 * |
| ANDROID_MR_夏: ""android用proGuard代码混淆"", 《CSDN》, 19 January 2018 (2018-01-19), pages 1 - 6 * |
| 星辰旋风: ""ProGuard简介"", 《CSDN》 * |
| 星辰旋风: ""ProGuard简介"", 《CSDN》, 19 November 2018 (2018-11-19), pages 1 - 8 * |
| 林汉玲等: "一种基于混合密码算法的Java类文件保护技术", 《桂林理工大学学报》, vol. 35, no. 01, 15 February 2015 (2015-02-15), pages 202 - 206 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111967023A (en) * | 2020-07-03 | 2020-11-20 | 浙江数链科技有限公司 | Data encryption and decryption method, device, system and readable storage medium |
| CN111866864A (en) * | 2020-07-17 | 2020-10-30 | 上海市共进通信技术有限公司 | Method, device and storage medium for realizing encrypted storage and safe use management of cloud platform certificate based on wireless AP |
| CN111866864B (en) * | 2020-07-17 | 2022-11-11 | 上海市共进通信技术有限公司 | Method, device and storage medium for realizing encrypted storage and safe use management of cloud platform certificate based on wireless AP |
| CN112597453A (en) * | 2020-12-04 | 2021-04-02 | 光大科技有限公司 | Program code encryption and decryption method and device |
| CN113656765A (en) * | 2021-08-17 | 2021-11-16 | 平安国际智慧城市科技股份有限公司 | Java program safety processing method and device, computer equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110855433B (en) | 2023-06-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110855433B (en) | Data encryption method and device based on encryption algorithm and computer equipment | |
| CN107506659B (en) | Data protection system and method of general database based on SGX | |
| US6785816B1 (en) | System and method for secured configuration data for programmable logic devices | |
| US8681975B2 (en) | Encryption method and apparatus using composition of ciphers | |
| US8036379B2 (en) | Cryptographic processing | |
| US10452564B2 (en) | Format preserving encryption of object code | |
| US20230325516A1 (en) | Method for file encryption, terminal, electronic device and computer-readable storage medium | |
| US11063743B2 (en) | Method of RSA signature of decryption protected using assymetric multiplicative splitting | |
| EP2922235B1 (en) | Security module for secure function execution on untrusted platform | |
| CN108134673B (en) | Method and device for generating white box library file | |
| WO2021129470A1 (en) | Polynomial-based system and method for fully homomorphic encryption of binary data | |
| CN109510702B (en) | Key storage and use method based on computer feature codes | |
| CN112865957A (en) | Data encryption transmission method and device, computer target equipment and storage medium | |
| CN100367144C (en) | Architecture for encrypted application progam installation | |
| CN114124364A (en) | Key security processing method, device, equipment and computer readable storage medium | |
| WO2022133165A1 (en) | Privacy-enhanced computation via sequestered encryption | |
| CN112199730A (en) | Method and device for processing application data on terminal and electronic equipment | |
| CN109784072B (en) | Security file management method and system | |
| CN103605927A (en) | Encryption and decryption method based on embedded Linux system | |
| US20210143978A1 (en) | Method to secure a software code performing accesses to look-up tables | |
| CN111831978A (en) | Method and device for protecting configuration file | |
| US11232219B1 (en) | Protection of electronic designs | |
| JP6631989B2 (en) | Encryption device, control method, and program | |
| WO2020173662A1 (en) | Method secured against side-channel attacks with a new masking scheme protecting linear operations of a cryptographic algorithm | |
| CN108920967B (en) | Data processing method, device, terminal and computer storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |