CN110855433B - Data encryption method and device based on encryption algorithm and computer equipment - Google Patents
Data encryption method and device based on encryption algorithm and computer equipment Download PDFInfo
- Publication number
- CN110855433B CN110855433B CN201911083987.7A CN201911083987A CN110855433B CN 110855433 B CN110855433 B CN 110855433B CN 201911083987 A CN201911083987 A CN 201911083987A CN 110855433 B CN110855433 B CN 110855433B
- Authority
- CN
- China
- Prior art keywords
- key
- file
- ciphertext
- encryption
- code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a data encryption method, a device and computer equipment based on an encryption algorithm, wherein the method comprises the following steps: encrypting the file by using an AES encryption algorithm through an AES key to obtain a file ciphertext; encrypting the key of AES through the public key of RSA to obtain a key ciphertext; storing a public key and a private key of RSA into a KeyStore file of a management tool of a Java data certificate, wherein the KeyStore file generates a KeyStore password; storing the file ciphertext, the key ciphertext and the KeyStore password into an SO dynamic library; the Java program code used in the encryption process is code obfuscated by a ProGuard code obfuscating tool. The invention has the beneficial effects that: the RSA private key is stored by using the Key store key, so that the RSA private key is safer and cannot be cracked violently. And the SO dynamic inventory Key store password and the encrypted ciphertext of RSA are used, SO that the Key store password and the encrypted ciphertext of RSA are more difficult to analyze and acquire. Code confusion is performed by using a ProGuard tool, so that the realization process of the code cannot be effectively decompiled.
Description
Technical Field
The present invention relates to an encryption method, apparatus, and computer device, and more particularly, to a data encryption method, apparatus, and computer device based on an encryption algorithm.
Background
AES encryption is a symmetric encryption method commonly used in the industry, and may be used to encrypt sensitive information; and (3) carrying out encryption transmission on important and secret data so as to prevent the data from being stolen and the information from being revealed. Although the encryption efficiency of AES encryption and decryption is very high, it is not secure, and once his key is compromised, the data can be decrypted.
The scheme commonly used in the industry is to encrypt the AES key with RAS asymmetric encryption, which is not problematic for remote data transmission. However, if RAS encryption is used to encrypt sensitive data into the database, the RSA private key is also exposed, since it is easily accessible in the local environment.
Disclosure of Invention
The technical problems to be solved by the invention are as follows: a data encryption method, device and computer equipment based on an encryption algorithm are provided, and aim to improve the difficulty of encrypting data.
In order to solve the technical problems, the invention adopts the following technical scheme: a data encryption method based on encryption algorithm comprises the following steps,
encrypting the file by using an AES encryption algorithm through an AES key to obtain a file ciphertext;
encrypting the key of AES through the public key of RSA to obtain a key ciphertext;
storing a public key and a private key of RSA into a KeyStore file of a management tool of a Java data certificate, wherein the KeyStore file generates a KeyStore password;
storing the file ciphertext, the key ciphertext and the KeyStore password into an SO dynamic library;
the Java program code used in the encryption process is code obfuscated by a ProGuard code obfuscating tool.
Further, the encryption of the key of AES is performed by the public key of RSA, and the length of the public key is 2048-bits.
Further, the code obfuscating the Java program code used in the encryption process by a ProGuard code obfuscating tool specifically includes:
detecting and removing useless classes, fields, methods and characteristics in Java program codes;
optimizing the byte code and removing useless instructions;
renaming classes, fields, and methods using short and meaningless names;
and pre-checking the processed code on a Java platform to ensure that the loaded class file is executable.
The invention also provides a data encryption device based on the encryption algorithm, which comprises,
the AES encryption module is used for encrypting the file through an AES key by using an AES encryption algorithm to obtain a file ciphertext;
the RSA encryption module is used for encrypting the key of the AES through the public key of the RSA to obtain a key ciphertext;
the key store storage module is used for storing the public key and the private key of RSA into a key store file of a management tool of a Java data certificate, and the key store file generates a key store password;
the dynamic storage module is used for storing the file ciphertext, the key ciphertext and the KeyStore password into the SO dynamic library;
and the program code confusion module is used for carrying out code confusion on Java program codes used in the encryption process through a ProGuard code confusion tool.
Further, the RSA encryption module is configured to encrypt the AES key with a public key of RSA, where the length of the public key is 2048-bits.
Further, the program code confusion module specifically includes:
a compression unit for detecting and removing useless classes, fields, methods and characteristics in the Java program code;
the optimizing unit is used for optimizing the byte codes and removing useless instructions;
a confusion unit for renaming classes, fields and methods using short and meaningless names;
and the pre-checking unit is used for pre-checking the processed codes on the Java platform and ensuring that the loaded class file is executable.
The invention also provides a computer device, which comprises a memory and a processor, wherein the memory stores a computer program, and the processor realizes the data encryption method based on the encryption algorithm when executing the computer program.
The present invention also provides a storage medium storing a computer program which, when executed by a processor, implements a data encryption method based on an encryption algorithm as described above.
The invention has the beneficial effects that: according to the invention, after the AES is used for encrypting the file, the RSA is used for encrypting the AES key, so that the effect of protecting the AES key is achieved. The RSA private key is stored by using the Key store key, so that the RSA private key is safer and cannot be cracked violently. And the SO dynamic inventory Key store password and the encrypted ciphertext of RSA are used, SO that the Key store password and the encrypted ciphertext of RSA are more difficult to analyze and acquire. Code confusion is performed by using a ProGuard tool, so that the realization process of the code cannot be effectively decompiled.
Drawings
The specific structure of the present invention will be described in detail with reference to the accompanying drawings.
FIG. 1 is a flowchart of a data encryption method based on an encryption algorithm according to an embodiment of the present invention;
FIG. 2 is a program code obfuscation flow chart of an embodiment of the invention;
FIG. 3 is a block diagram of a data encryption device based on an encryption algorithm according to an embodiment of the present invention;
FIG. 4 is a block diagram of program code obfuscation module elements according to an embodiment of the invention;
fig. 5 is a schematic block diagram of a computer device in accordance with an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It should be understood that the terms "comprises" and "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be further understood that the term "and/or" as used in the present specification and the appended claims refers to any and all possible combinations of one or more of the associated listed items, and includes such combinations.
As shown in fig. 1, one embodiment of the present invention is as follows: a data encryption method based on encryption algorithm comprises the following steps,
s10, encrypting the file by using an AES encryption algorithm through an AES key to obtain a file ciphertext;
in this step, the AES symmetric encryption/decryption algorithm used, the advanced encryption standard in cryptography (Advanced Encryption Standard, AES), also known as Rijndael encryption, is a block encryption standard adopted by the federal government in the united states. The AES encryption algorithm uses a block cipher system, each block data has a length of 128 bits and 16 bytes, the key length can be 128 bits and 16 bytes, 192 bits or 256 bits, and there are four encryption modes, and we generally use CBC mode that requires an initial vector IV, and the length of the initial vector is also 128 bits and 16 bytes. The same key is used in the encryption process and the decryption process.
S20, encrypting the key of the AES through the public key of RSA to obtain a key ciphertext; the length of the public key used is 2048-bits.
In the step, after AES is used for encryption, an RSA (rivest Shamir Adleman) encryption key is used, so that the effect of protecting the AES key is achieved. RSA encryption, RSA encryption is an asymmetric encryption. Is a process of encrypting and decrypting by a pair of keys, which are respectively called a public key and a private key. The public key is used for encryption and the private key is used for decryption. While current 512-bit and 1024-bit keys can be factored based on large numbers, this is broken down with a lot of machinery and time, so in the case of 2048-bit keys, without knowledge of the private key, the time to break down grows exponentially, which can be said to be impossible for current us.
S30, storing the public key and the private key of RSA into a KeyStore file of a management tool of a Java data certificate, wherein the KeyStore file generates a KeyStore password;
in the step, an RSA private key is stored by using a Key store key, so that the RSA private key is safer and cannot be cracked violently. Keytool is a management tool for Java data certificates, and it stores keys and certificates (certificates) in a file called a keystore.
In the keystore, two types of data are contained:
1. a Key entity (Key entity) -a Key (secret Key) is either a private Key and a paired public Key (with asymmetric encryption);
2. a trusted certificate entity (trusted certificate entries) containing only public keys;
the keystore is protected by a password that is created at the time the keystore is created, which you must provide each time you attempt to access or modify the keystore. The security is naturally improved when you have public and private keys inside the key.
S40, storing the file ciphertext, the key ciphertext and the KeyStore password into an SO dynamic library;
in the step, the SO dynamic stock KeyStore password and the encrypted ciphertext of RSA are used, SO that the KeyStore password and the encrypted ciphertext of RSA are more difficult to analyze and acquire. Compiling the KeyStore password and the ciphertext through a code on the basis of C++ language, and compiling the KeyStore password and the ciphertext into an SO file by using a GCC tool, SO that the KeyStore password and the ciphertext cannot be directly seen in the whole process is ensured; JAVA code requires an API exposed by calling c++ if KeyStore passwords and ciphertext are to be used.
Dynamic libraries are also known as dynamic link libraries, in acronyms of Dynamic Link Library, DLLs are a library that contains code and data that can be used by multiple programs simultaneously, DLLs are not executable files. Dynamic linking provides a way for a process to call a function that does not belong to its executable code. The executable code of the functions is located in a DLL that contains one or more functions that have been compiled, linked, and stored separately from the process in which they are used. DLLs also help to share data and resources. Multiple applications can access the contents of a single DLL copy in memory at the same time. A DLL is a library that contains code and data that can be used by multiple programs simultaneously. The dynamic library under Windows is the dll suffix, and the dynamic library under linux is the SO suffix, which is generally written in C++ language, and the GCC tool is used for compiling and producing the SO file. The reason why we use the SO dynamic library to store the key is that the difficulty of decompiling the file is increased; the file can exist outside the java item and be placed at any position of the linux system.
S50, code confusion is carried out on Java program codes used in the encryption process through a ProGuard code confusion tool.
In this step, the ProGuard tool is used to obfuscate the code, so that the code implementation process cannot be efficiently decompiled. Code Obfuscation (Obfuscation) is the act of transforming the code of a computer program into a functionally equivalent, but difficult to read and understand form.
Code obfuscation may be used for program source code, or intermediate code compiled from the program. A program that performs code obfuscation is called a code obfuscator. There are currently a number of functionally diverse code obfuscators. The whole process of AES encryption and decryption algorithm, RSA encryption and decryption algorithm and the process of obtaining Key store password and ciphertext realized by using JAVA language is invisible through code confusion by Proguard tools. Without our tool set, the key is not available and the AES encrypted ciphertext is not decrypted. The main work of the device is as follows:
1. the names of various elements in the code, such as variables, functions, classes, are rewritten to meaningless names. Such as by rewriting a single letter, or a brief nonsensical letter combination, or even a symbol such as "__" so that the reader cannot guess the purpose based on the name.
2. Some of the logic in the code is rewritten to a functionally equivalent, but more unintelligible form. Such as writing for loops to while loops, writing loops to recursion, reducing intermediate variables, and so forth.
3. The format of the code is disturbed. Such as deleting a space, squeezing a row of codes into a row, or breaking a row of codes into multiple rows, etc.
4. The instruction is added, so that the disassembler is made to be wrong through the instruction with special structure, and further the execution of the decompilation work is interfered.
As shown in fig. 2, in a specific embodiment, the code obfuscating of the Java program code used in the encryption process by the ProGuard code obfuscating tool specifically includes the following steps:
s51, detecting and removing useless classes, fields, methods and characteristics in Java program codes;
s52, optimizing the byte code and removing useless instructions;
s53, renaming classes, fields and methods by using short and nonsensical names; short and meaningless names such as a, b, c, d, etc.
S54, pre-checking the processed codes on a Java platform to ensure that the loaded class file is executable.
As shown in fig. 3, the present invention also provides a data encryption device based on an encryption algorithm, including,
the AES encryption module 10 is configured to encrypt a file by using an AES encryption algorithm and a key of AES to obtain a file ciphertext;
an RSA encryption module 20, configured to encrypt a key of AES with a public key of RSA to obtain a key ciphertext;
a KeyStore storage module 30, configured to store a public key and a private key of RSA in a KeyStore file of a management tool of a Java data certificate, where the KeyStore file generates a KeyStore password;
the dynamic storage module 40 is configured to store the file ciphertext, the key ciphertext, and the KeyStore password in the SO dynamic library;
program code obfuscation module 50 is used to obfuscate Java program code used in the encryption process by a ProGuard code obfuscation tool.
Preferably, the RSA encryption module 20 is configured to encrypt the AES key with a public key of RSA, where the public key has a length of 2048-bits.
As shown in fig. 4, in a specific embodiment, the program code obfuscation module 50 specifically includes:
a compression unit 51 for detecting and removing unnecessary classes, fields, methods, and characteristics in the Java program code;
an optimizing unit 52, configured to optimize the bytecode and remove unnecessary instructions;
a confusion unit 53 for renaming classes, fields and methods using short and meaningless names;
and the pre-checking unit 54 is used for pre-checking the processed code on the Java platform, so as to ensure that the loaded class file is executable.
It should be noted that, as those skilled in the art can clearly understand, the specific implementation process of the data encryption device and the units based on the encryption algorithm may refer to the corresponding descriptions in the foregoing method embodiments, and for convenience and brevity of description, the description is omitted here.
The above described encryption algorithm based data encryption apparatus may be implemented in the form of a computer program which is executable on a computer device as shown in fig. 5.
Referring to fig. 5, fig. 5 is a schematic block diagram of a computer device according to an embodiment of the present application. The computer device 500 may be a terminal or a server, where the terminal may be an electronic device with a communication function, such as a smart phone, a tablet computer, a notebook computer, a desktop computer, a personal digital assistant, and a wearable device. The server may be an independent server or a server cluster formed by a plurality of servers.
With reference to FIG. 5, the computer device 500 includes a processor 502, memory, and a network interface 505 connected by a system bus 501, where the memory may include a non-volatile storage medium 503 and an internal memory 504.
The non-volatile storage medium 503 may store an operating system 5031 and a computer program 5032. The computer program 5032 includes program instructions that, when executed, cause the processor 502 to perform a data encryption method based on an encryption algorithm.
The processor 502 is used to provide computing and control capabilities to support the operation of the overall computer device 500.
The internal memory 504 provides an environment for the execution of a computer program 5032 in the non-volatile storage medium 503, which computer program 5032, when executed by the processor 502, causes the processor 502 to perform a data encryption method based on an encryption algorithm.
The network interface 505 is used for network communication with other devices. Those skilled in the art will appreciate that the architecture shown in fig. 5 is merely a block diagram of a portion of the architecture in connection with the present application and is not intended to limit the computer device 500 to which the present application is applied, and that a particular computer device 500 may include more or fewer components than shown, or may combine certain components, or have a different arrangement of components.
Wherein the processor 502 is configured to execute a computer program 5032 stored in a memory to implement the steps of:
s10, encrypting the file by using an AES encryption algorithm through an AES key to obtain a file ciphertext;
s20, encrypting the key of the AES through the public key of RSA to obtain a key ciphertext;
s30, storing the public key and the private key of RSA into a KeyStore file of a management tool of a Java data certificate, wherein the KeyStore file generates a KeyStore password;
s40, storing the file ciphertext, the key ciphertext and the KeyStore password into an SO dynamic library;
s50, code confusion is carried out on Java program codes used in the encryption process through a ProGuard code confusion tool.
In one embodiment, when implementing the step S50, the processor 502 specifically implements the following steps:
s51, detecting and removing useless classes, fields, methods and characteristics in Java program codes;
s52, optimizing the byte code and removing useless instructions;
s53, renaming classes, fields and methods by using short and nonsensical names;
s54, pre-checking the processed codes on a Java platform to ensure that the loaded class file is executable.
It should be appreciated that in embodiments of the present application, the processor 502 may be a central processing unit (Central Processing Unit, CPU), the processor 502 may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSPs), application specific integrated circuits (Application Specific Integrated Circuit, ASICs), off-the-shelf programmable gate arrays (Field-Programmable Gate Array, FPGAs) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. Wherein the general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
Those skilled in the art will appreciate that all or part of the flow in a method embodying the above described embodiments may be accomplished by computer programs instructing the relevant hardware. The computer program comprises program instructions, and the computer program can be stored in a storage medium, which is a computer readable storage medium. The program instructions are executed by at least one processor in the computer system to implement the flow steps of the embodiments of the method described above.
Accordingly, the present invention also provides a storage medium. The storage medium may be a computer readable storage medium. The storage medium stores a computer program, wherein the computer program includes program instructions. The program instructions, when executed by the processor, cause the processor to perform the steps of:
s10, encrypting the file by using an AES encryption algorithm through an AES key to obtain a file ciphertext;
s20, encrypting the key of the AES through the public key of RSA to obtain a key ciphertext;
s30, storing the public key and the private key of RSA into a KeyStore file of a management tool of a Java data certificate, wherein the KeyStore file generates a KeyStore password;
s40, storing the file ciphertext, the key ciphertext and the KeyStore password into an SO dynamic library;
s50, code confusion is carried out on Java program codes used in the encryption process through a ProGuard code confusion tool.
In one embodiment, when the processor executes the program instructions to implement the step S50, the following steps are specifically implemented:
s51, detecting and removing useless classes, fields, methods and characteristics in Java program codes;
s52, optimizing the byte code and removing useless instructions;
s53, renaming classes, fields and methods by using short and nonsensical names;
s54, pre-checking the processed codes on a Java platform to ensure that the loaded class file is executable.
The storage medium may be a U-disk, a removable hard disk, a Read-Only Memory (ROM), a magnetic disk, or an optical disk, or other various computer-readable storage media that can store program codes.
Those of ordinary skill in the art will appreciate that the elements and algorithm steps described in connection with the embodiments disclosed herein may be embodied in electronic hardware, in computer software, or in a combination of the two, and that the elements and steps of the examples have been generally described in terms of function in the foregoing description to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the several embodiments provided by the present invention, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the device embodiments described above are merely illustrative. For example, the division of each unit is only one logic function division, and there may be another division manner in actual implementation. For example, multiple units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed.
The steps in the method of the embodiment of the invention can be sequentially adjusted, combined and deleted according to actual needs. The units in the device of the embodiment of the invention can be combined, divided and deleted according to actual needs. In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The integrated unit may be stored in a storage medium if implemented in the form of a software functional unit and sold or used as a stand-alone product. Based on such understanding, the technical solution of the present invention is essentially or a part contributing to the prior art, or all or part of the technical solution may be embodied in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a terminal, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention.
While the invention has been described with reference to certain preferred embodiments, it will be understood by those skilled in the art that various changes and substitutions of equivalents may be made and equivalents will be apparent to those skilled in the art without departing from the scope of the invention. Therefore, the protection scope of the invention is subject to the protection scope of the claims.
Claims (4)
1. A data encryption method based on encryption algorithm is characterized in that: comprises the steps of,
encrypting the file by using an AES encryption algorithm through an AES key to obtain a file ciphertext;
encrypting the key of AES through the public key of RSA to obtain a key ciphertext; the length of the public key is 2048-bit;
storing a public key and a private key of RSA into a KeyStore file of a management tool of a Java data certificate, wherein the KeyStore file generates a KeyStore password;
storing the file ciphertext, the key ciphertext and the KeyStore password into an SO dynamic library;
code confusion is carried out on Java program codes used in the encryption process through a ProGuard code confusion tool;
the code confusion of Java program codes used in the file ciphertext encryption process, the key ciphertext encryption process and the KeyStore file encryption process is carried out by a Proguard code confusion tool, and the method specifically comprises the following steps:
detecting and removing useless classes, fields, methods and characteristics in Java program codes;
optimizing the byte code and removing useless instructions;
renaming classes, fields, and methods using short and meaningless names;
and pre-checking the processed code on a Java platform to ensure that the loaded class file is executable.
2. A data encryption device based on an encryption algorithm, characterized in that: comprising the steps of (a) a step of,
the AES encryption module is used for encrypting the file through an AES key by using an AES encryption algorithm to obtain a file ciphertext;
the RSA encryption module is used for encrypting the key of the AES through the public key of the RSA to obtain a key ciphertext; the length of the public key is 2048-bit;
the key store storage module is used for storing the public key and the private key of RSA into a key store file of a management tool of a Java data certificate, and the key store file generates a key store password;
the dynamic storage module is used for storing the file ciphertext, the key ciphertext and the KeyStore password into the SO dynamic library;
the program code confusion module is used for carrying out code confusion on Java program codes used in the file ciphertext encryption process, the key ciphertext encryption process and the key store file encryption process through a ProGuard code confusion tool;
the program code confusion module specifically comprises:
a compression unit for detecting and removing useless classes, fields, methods and characteristics in the Java program code;
the optimizing unit is used for optimizing the byte codes and removing useless instructions;
a confusion unit for renaming classes, fields and methods using short and meaningless names;
and the pre-checking unit is used for pre-checking the processed codes on the Java platform and ensuring that the loaded class file is executable.
3. A computer device, characterized by: the computer device comprises a memory and a processor, wherein the memory stores a computer program, and the processor executes the computer program to realize the data encryption method based on the encryption algorithm as claimed in claim 1.
4. A computer-readable storage medium, characterized by: the computer readable storage medium stores a computer program which, when executed by a processor, implements the encryption algorithm-based data encryption method according to claim 1.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911083987.7A CN110855433B (en) | 2019-11-07 | 2019-11-07 | Data encryption method and device based on encryption algorithm and computer equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911083987.7A CN110855433B (en) | 2019-11-07 | 2019-11-07 | Data encryption method and device based on encryption algorithm and computer equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110855433A CN110855433A (en) | 2020-02-28 |
| CN110855433B true CN110855433B (en) | 2023-06-16 |
Family
ID=69599705
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911083987.7A Active CN110855433B (en) | 2019-11-07 | 2019-11-07 | Data encryption method and device based on encryption algorithm and computer equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110855433B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111967023A (en) * | 2020-07-03 | 2020-11-20 | 浙江数链科技有限公司 | Data encryption and decryption method, device, system and readable storage medium |
| CN111866864B (en) * | 2020-07-17 | 2022-11-11 | 上海市共进通信技术有限公司 | Method, device and storage medium for realizing encrypted storage and safe use management of cloud platform certificate based on wireless AP |
| CN112597453A (en) * | 2020-12-04 | 2021-04-02 | 光大科技有限公司 | Program code encryption and decryption method and device |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110289946A (en) * | 2019-07-12 | 2019-09-27 | 深圳市元征科技股份有限公司 | A kind of generation method and block chain node device of block chain wallet localization file |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7263722B1 (en) * | 1999-05-12 | 2007-08-28 | Fraunhofer Crcg, Inc. | Obfuscation of executable code |
| US20080229115A1 (en) * | 2007-03-16 | 2008-09-18 | Microsoft Corporation | Provision of functionality via obfuscated software |
| US20140195804A1 (en) * | 2012-10-12 | 2014-07-10 | Safelylocked, Llc | Techniques for secure data exchange |
| CN104268444A (en) * | 2014-08-25 | 2015-01-07 | 浪潮电子信息产业股份有限公司 | Cloud OS Java source code protection method |
| CN108683491B (en) * | 2018-03-19 | 2021-02-05 | 中山大学 | Information hiding method based on encryption and natural language generation |
| CN108712412B (en) * | 2018-05-15 | 2022-02-22 | 北京五八信息技术有限公司 | Database encryption and decryption methods and devices, storage medium and terminal |
| CN109495255A (en) * | 2018-12-11 | 2019-03-19 | 中新金桥数字科技(北京)有限公司 | Digital cryptographic key protection method and its system based on android system |
| CN110069905B (en) * | 2019-04-26 | 2021-03-23 | 深圳智慧园区信息技术有限公司 | Device and method for encrypting and decrypting Springboot program |
-
2019
- 2019-11-07 CN CN201911083987.7A patent/CN110855433B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110289946A (en) * | 2019-07-12 | 2019-09-27 | 深圳市元征科技股份有限公司 | A kind of generation method and block chain node device of block chain wallet localization file |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110855433A (en) | 2020-02-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8681975B2 (en) | Encryption method and apparatus using composition of ciphers | |
| CN110855433B (en) | Data encryption method and device based on encryption algorithm and computer equipment | |
| US7930537B2 (en) | Architecture for encrypted application installation | |
| US11256478B2 (en) | Method for securing a cryptographic process with SBOX against high-order side-channel attacks | |
| US10452564B2 (en) | Format preserving encryption of object code | |
| EP2922235B1 (en) | Security module for secure function execution on untrusted platform | |
| CN108134673B (en) | Method and device for generating white box library file | |
| EP3844647B1 (en) | System and method for providing protected data storage in data memory | |
| US20140108818A1 (en) | Method of encrypting and decrypting session state information | |
| EP3739489B1 (en) | Devices and methods of managing data | |
| EP1593015B1 (en) | Architecture for encrypted application installation | |
| US20210143978A1 (en) | Method to secure a software code performing accesses to look-up tables | |
| CN103605927A (en) | Encryption and decryption method based on embedded Linux system | |
| US11232219B1 (en) | Protection of electronic designs | |
| WO2021165962A1 (en) | System and method for generation of a disposable software module for cryptographic material protection | |
| EP3931999A1 (en) | Method secured against side-channel attacks with a new masking scheme protecting linear operations of a cryptographic algorithm | |
| CN107688729B (en) | Application program protection system and method based on trusted host | |
| CN114520740B (en) | Encryption method, device, equipment and storage medium | |
| CN112906034B (en) | Key storage method, device, storage medium and electronic equipment | |
| US20240184900A1 (en) | System and method for providing protected data storage in data memory | |
| JP7215245B2 (en) | Information processing device, information processing method and program | |
| US20230275745A1 (en) | Device, method and program for secure communication between white boxes | |
| Padhiyar et al. | An Improved Symmetric Key Encryption Method Using Randomized Matrix Generation | |
| CN113868655A (en) | Trojan searching and killing method and device, electronic equipment and computer readable storage medium | |
| CN116401713A (en) | Decryption method and device for open format document |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |