CN110932851A - PKI-based multi-party cooperative operation key protection method - Google Patents

Abstract

The invention discloses a key protection method based on PKI (public key infrastructure) multi-party cooperative operation, which relates to the field of electronic authentication PKI (public key infrastructure) cryptographic technology integration innovation, combines various cryptographic technologies and combined authentication of various factors to ensure the safety of generation, calling and storage of a user private key, obtains a pseudo key by adding a user identity factor into a real key as a part of salt and converting the pseudo key after being confused with other data of a server, performs fragmentation processing on the pseudo key, and controls the storage of a part locally by a user, thereby realizing that the integrity and confidentiality of the real key of the user are not influenced by single key leakage through the mechanism.

Description

PKI-based multi-party cooperative operation key protection method

Technical Field

The invention relates to the field of electronic authentication PKI (public key infrastructure) cryptographic technology integration innovation, in particular to a key protection method based on PKI (public key infrastructure) multi-party cooperative operation.

Background

At present, an electronic authentication PKI (public key infrastructure) cryptographic technology mainly adopts a hardware medium intelligent cryptographic key USBKey (such as a bank U shield and an IC (integrated circuit) card) to generate, store and perform cryptographic operation on a terminal personal computer, and controls authentication access to a user through PIN (personal identification number) code protection of a hardware medium, but the hardware mainly depends on a PC (personal computer) application scene at present and is not beneficial to convenient use of intelligent terminal application scenes such as a mobile internet, an internet of things and the like. The traditional password protection mode of using a hardware medium USBKey as a password is not beneficial to convenient use in application scenes of intelligent terminals such as mobile internet, internet of things and the like, firstly, carrying USBKey equipment with a user is inconvenient and easy to lose, secondly, some intelligent terminals cannot be adapted, and the requirements on software and hardware environments of the intelligent terminals are high.

At present, in order to conveniently use a PKI digital authentication technology in an intelligent terminal application scene such as a mobile internet, an internet of things and the like, a soft key mode is mainly used during application integration, namely a file key is generated by an intelligent terminal and is stored and called locally, and the mode has great potential safety hazards. Each link of the method in the processes of key generation, storage, operation, transmission and the like is possibly intercepted by a malicious program, so that the key is leaked.

Disclosure of Invention

The invention aims to: the method combines a plurality of cryptographic technologies and combined authentication of a plurality of factors to ensure the safety of generation, calling and storage of a user private key, adds a user identity factor into a real key as a part of salt, transforms the salt into a pseudo key after being confused with other data of a server, performs fragmentation processing on the pseudo key, and controls the storage of a part of the data locally by a user.

The technical scheme adopted by the invention is as follows:

a key protection method based on PKI multi-party cooperative operation comprises a User, a Client, a Server and an external RA/CA/KMC Server,

user: the user participates in information input and operation determination;

client side: the key correlation operation of the client side is taken charge;

server side Server: the system is in charge of server-side key division and related operation, the key operation needs to be realized by adopting a hardware password component with high safety, and a certificate application request is sent to an external RA/CA/KMC server for applying for a digital certificate and an encryption key;

external RA/CA/KMC server: an external third party system service for applying for a digital certificate and an encryption key;

the key protection method based on the PKI multi-party cooperative operation mainly comprises the following steps:

s1 user certificate registration: after the User passes the real-name authentication, a server encryption machine randomly generates a signature key and a certificate request P10 for the User, salt adding and confusion processing is carried out on a real private key, A, B, C three sections of pseudo keys are divided, the User encrypts two sections of A, B stored in the encryption machine in a protected mode through an identity ID and a PIN code, and the server encrypts two sections of B, C stored in the encryption machine in an encrypted mode through a built-in key of the encryption machine; the certificate request P10 is used for applying for a certificate to an external RA/CA/KMC server, and the private key of the user encrypted certificate is stored after being encrypted by using a pseudo key B segment; the whole key generation, division, transmission and storage are correspondingly protected by adopting PKI technology and multiple factors of people and equipment.

S2 digital signature application: using the identity ID and the certificate PIN code as a unique certificate of a private key holder, decrypting a Client side to obtain two divided keys d _ A and d _ B, using one part of d _ B as a symmetric key, combining the other part of d _ A with a HASH value to be signed, symmetrically encrypting, and then sending to a server side to synthesize a pseudo key, desalting and signing a true key, wherein the true key signature value is symmetrically encrypted by using the symmetric key d _ B and then returned to the Client side, and the Client side decrypts by using the same symmetric key d _ B to obtain a true key signature value of the server side; the PKI technology and the multiple factors of people and equipment are adopted to correspondingly protect the whole processes of key fragment decryption, pseudo key synthesis, truth seeking, encryption and data transmission.

S3 data encryption application: the method comprises the steps that an encryptor encrypts data to be sent by using an encryption certificate public key of a receiver, a decryptor decrypts by using an Identity (ID) and a certificate PIN code as a unique certificate of a private key holder to obtain two divided signature keys d _ A and d _ B at a Client, one of the d _ B signature private keys is used as a symmetric key to decrypt an encryption certificate private key (encryption private key) encrypted and stored in a registration link, and then the decrypted private key is used for decrypting a received ciphertext. PKI technology and identity and PIN information of the entity are correspondingly protected in the processes of decryption of the key fragment and decryption of data.

By adopting the key protection method based on the PKI multi-party cooperative operation, the integrity and confidentiality of a real key of a user can be ensured after the key is leaked at any one of the Client side and the Server side, the safety of the generation, calling, storage and operation of a private key of the user is ensured, and the key protection safety level of the method can reach the high safety level of the traditional hardware medium intelligent cipher key USBKey (such as a bank U shield and an IC card).

Further, the step S1 registration of the user certificate mainly includes the following steps:

s101: a User initiates a certificate registration application, firstly, information such as a User real name, a real certificate, real person biological characteristics and the like is acquired through a Client for authentication, and the authentication enters a subsequent certificate registration link;

s102: the Client generates a temporary SM2 asymmetric key, the private key is marked as T _ Pri, and the public key is marked as T _ Pub;

s103: the Client side sends the real-name identity ID and the public key T _ Pub to the Server side Server;

s104: the Server distributes a Session symmetric key Session for the client, and the Session symmetric key Session is recorded as T _ Session;

s105: the Server side Server calls a key generation interface of the hardware password module to generate a formal SM2 asymmetric key pair for the client, the private key is recorded as d, and the public key is recorded as P;

s106: the Server side Server calls a PKCS10 generation interface of the hardware cryptographic module to generate a certificate request P10 for the client;

s107: the Server side Server calls an interface use certificate request P10 of an external RA/CA/KMC Server system to apply for a client 'signature certificate SignCert, an encryption certificate EncryptCert and an encryption key plaintext EncryptKey';

s108: the Server side Server carries out salting and data confusion processing on the client private key d to obtain a pseudo private key d ═ Mix (salt, d);

s109: the Server end Server sequentially divides d' into A, B, C three parts, which are respectively marked as d _ A, d _ B, d _ C;

s110: the Server side Server calls a symmetric encryption interface of the hardware cryptographic module, takes T _ Session as a symmetric key, symmetrically encrypts and outputs'd _ A + d _ B, SignCert, EncryptCert and EncryptKey ', and records as client ' SM4_ Enc (T _ Session, d _ A + d _ B, SignCert, EncryptCert and EncryptKey);

s111: the Server performs SM2 asymmetric encryption on the T _ Session by using T _ Pub, which is denoted as T _ Session ═ SM2_ Enc (T _ Pub, T _ Session);

s112: the Server side Server calls a symmetric encryption interface of the hardware cryptographic module, performs symmetric encryption output on'd _ B + d _ C and EncryptKey' by using a built-in device symmetric key, and records the symmetric encryption output as Server ═ SM4_ Enc (d _ B + d _ C and EncryptKey);

s113: the Server side Server stores the Server' in a database;

s114: the Server side Server returns the Client '+ T _ Session' to the Client side;

s115: the Client uses T _ Pri to perform SM2 asymmetric decryption on T _ Session ', so as to obtain a Session symmetric key T _ Session ═ SM2_ Dec (T _ Pri, T _ Session');

s116: the Client uses T _ Session to symmetrically decrypt the Client 'by SM4 to obtain d _ A + d _ B, SignCert, EncryptCert, EncryptKey is SM4_ Dec (T _ Session, Client');

s117: the Client uses d _ B to perform SM4 symmetric encryption on the encrypt key, so as to obtain the encrypt key ═ SM4_ Enc (d _ B, encrypt key);

s118: a user inputs a certificate PIN code, and the certificate PIN code is recorded as Cert _ PIN;

s119: the Client performs HASH operation on the real-name identity ID + Cert _ PIN to obtain Cert _ PIN ═ SM3 (identity ID + Cert _ PIN);

s120: the Client uses the Cert _ PIN ' to perform SM4 symmetric encryption on the d _ A + d _ B to obtain (d _ A + d _ B) ' (SM 4_ Enc (Cert _ PIN ', d _ A + d _ B);

s121: client stores (d _ A + d _ B) ', SignCert, EncryptCert, EncryptKey';

s122: and finishing the user registration.

Further, the step S2 of applying the digital signature mainly includes the following steps:

s201: the digital signature starts;

s202: client identity identification obtains identity ID;

s203: a user inputs a certificate PIN code, and the certificate PIN code is recorded as Cert _ PIN;

s204: the Client performs HASH operation on the real-name identity ID + Cert _ PIN to obtain Cert _ PIN ═ SM3 (identity ID + Cert _ PIN);

s205: the Client uses the Cert _ PIN 'to symmetrically decrypt the (d _ a + d _ B)' by using the SM4, so as to obtain d _ a + d _ B as SM4_ Dec (Cert _ PIN ', (d _ a + d _ B)');

s206: the Client performs HASH operation on the information P to be signed to obtain a HASH value H-SM 3 (P);

s207: the Client uses d _ B to symmetrically encrypt d _ a + H to obtain (d _ a + H)' (SM 4_ Enc (d _ B, d _ a + H);

s208: the Client side sends the identity ID (d _ A + H)' to the Server side Server;

s209: the Server side Server finds out the user certificate according to the real-name identity ID, calls an external RA/CA/KMC Server interface, and confirms the certificate state (if the certificate is invalid, the operation is terminated);

s210: the Server side Server finds out a corresponding Server' value during registration according to the real-name identity ID;

s211: the Server side Server calls a symmetric decryption interface of the hardware cryptographic module, uses an equipment built-in symmetric key to symmetrically decrypt and output the Server 'to obtain d _ B + d _ C, and the EncryptKey is SM4_ Dec (Server');

s212: the Server side Server uses d _ B to symmetrically decrypt (d _ a + H) 'to obtain d _ a + H ═ SM4_ Dec (d _ B, (d _ a + H)');

s213: the Server side Server synthesizes an obfuscated pseudo private key d' ═ d _ A + d _ B + d _ C;

s214: the Server side Server performs impurity removal (desalting) processing on the pseudo private key d 'to obtain a user true private key d ═ Unmix (salt, d');

s215: the Server side Server encrypts H by using a true private key d to generate a P1/P7 digital signature, which is recorded as P1(d, H)/P7(d, H, certificate);

s216: the Server side Server symmetrically encrypts SignData by using d _ B as a symmetric key to obtain SignData ═ SM4_ Enc (d _ B, SignData);

s217: the Server returns SignData' to the Client;

s218: the Client side decrypts the SignData 'symmetrically by using d _ B as a symmetric key to obtain a digital signature SignData which is SM4_ Dec (d _ B, SignData');

s219: the digital signature ends.

Further, the step S3 data encryption application mainly includes the following steps:

s301: the User-A encryption information is sent to a User-B, and data encryption is started;

s302: the Client-A uses an encryption certificate EncryptCert _ B of the User-B to perform digital Envelope packaging on data to be sent, and the data to be sent is marked as Envelope _ B (EncryptCert _ B, data);

s303: the Client-A sends the Envelope _ B to the Client-B;

s304: identifying the Client-B to obtain the ID of the User-B;

s305: a User-B User inputs a certificate PIN code and records the certificate PIN code as Cert _ PIN;

s306: client-B performs HASH operation on the real-name identity ID + Cert _ PIN to obtain Cert _ PIN ═ SM3 (identity ID + Cert _ PIN);

s307: client-B uses Cert _ PIN 'to perform SM4 symmetric decryption on (d _ a + d _ B)' to obtain d _ a + d _ B ═ SM4_ Dec (Cert _ PIN ', (d _ a + d _ B)');

s308: the client-B decrypts the EncryptKey 'by using d _ B, and obtains the EncryptKey as SM4_ Dec (d _ B, EncryptKey');

s309: the client-B decrypts the Envelope _ B by using the EncryptKey to obtain plaintext data which is Decrypt (EncryptKey, Envelope _ B);

s310: and ending the data decryption.

The following specific security problems exist in the existing soft key (file key) technology:

1. the key generation and operation of the conventional soft key of the client are unsafe, and the key generation and operation of the conventional soft key of the client are inconvenient if a hardware key is used;

2. the conventional soft key lacks an enhanced safety mechanism in key storage and transmission, so that the key is easy to leak;

3. the conventional soft key encryption adopts the same salting factor, so that global risk is easy to occur;

4. the key storage and transmission of the conventional soft key lack a security mechanism for key segmentation, so that the key is easy to leak;

5. the conventional key negotiation has multiple interactions of session key negotiation, and the efficiency is low;

6. the key server database is dragged to be stored, and then the risk of data leakage is caused;

the invention relates to a key protection method based on PKI multi-party cooperative operation, aiming at the problems, the scheme is adopted, and the key protection method has the main advantages that:

1. the generation and operation of the Client real secret key are realized by depending on a hardware password component (an encryption machine or an encryption card) of the Server, the generation and operation of the secret key are safer, and the use is convenient;

2. salt addition and confusion are adopted for the real secret key to generate a pseudo secret key, and both secret key storage and secret key transmission use the pseudo secret key to prevent the real secret key from being leaked;

3. the salt adding factor is associated with user identity information and a PIN code, each user is special, and the salt adding factor of each user is different, so that global risks in the salt removing operation are prevented;

4. the transmission and storage of the pseudo key adopt a key segmentation technology, the client and the server only keep partial segment cipher texts, the key segmentation and multiple encryption realize high security of key transmission and storage, and the single leakage does not influence the security of the whole key;

5. a certain sharing segment in the pseudo key is skillfully used to realize the sharing of the session key, so that the session key does not need to be negotiated, and the efficiency is high;

6. the segment key stored at the server side is decrypted by adopting a hardware password component (an encryption machine or an encryption card) and can be decrypted and called only inside the hardware password component (the encryption machine or the encryption card), so that the real key is ensured not to fall to the ground, even if the database is dragged to the database, and the key data cannot be untied without the hardware password component (the encryption machine or the encryption card), and the security is higher.

In summary, due to the adoption of the technical scheme, the invention has the beneficial effects that:

1. the invention relates to a PKI-based key protection method for multi-party cooperative operation.A Client terminal Client real key is generated and operated by depending on a hardware password component (an encryption machine or an encryption card) of a Server terminal, so that the key is more safe to generate and operate and convenient to use;

2. the invention relates to a PKI-based multi-party cooperative operation secret key protection method, which adopts salt addition and confusion to generate a pseudo secret key for a real secret key, and both secret key storage and secret key transmission use the pseudo secret key to prevent the real secret key from being leaked;

3. the invention relates to a PKI-based multi-party cooperative operation key protection method, wherein salt adding factors are associated with user identity information and PIN codes, each user is special, and the salt adding factors of each user are different, so that global risks in desalting operation are prevented;

4. the invention relates to a PKI-based multi-party cooperative operation secret key protection method, a secret key segmentation technology is adopted for transmitting and storing a pseudo secret key, only partial segment ciphertext is reserved for a client and a server, the secret key segmentation and multiple encryption realize high safety of secret key transmission and storage, and the safety of the whole secret key is not influenced by single leakage;

5. the invention relates to a PKI-based key protection method for multi-party cooperative operation, which skillfully utilizes a certain sharing segment in a pseudo key to realize session key sharing, so that the session key does not need to be negotiated and the efficiency is high;

6. the invention relates to a PKI-based key protection method for multi-party cooperative operation.A fragment key stored at a server end is decrypted by adopting a hardware password component (an encryption machine or an encryption card) and can be decrypted and called only inside the hardware password component (the encryption machine or the encryption card), so that a real key is ensured not to fall down, key data cannot be decrypted even if a database is dragged to the database and the hardware password component (the encryption machine or the encryption card) is absent, and the safety is higher.

Drawings

The invention will now be described, by way of example, with reference to the accompanying drawings, in which:

FIG. 1 is a functional block diagram of the present invention;

FIG. 2 is a flowchart of step S1 of the user certificate registration of the present invention;

FIG. 3 is a flow chart of the step S2 digital signature application of the present invention;

FIG. 4 is a flowchart of the present invention for the step S3 data encryption application;

Detailed Description

All of the features disclosed in this specification, or all of the steps in any method or process so disclosed, may be combined in any combination, except combinations of features and/or steps that are mutually exclusive.

It is noted that relational terms such as "first" and "second," and the like, may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.

The present invention will be described in detail with reference to fig. 1 to 4.

Example 1

A key protection method based on PKI multi-party cooperative operation, as shown in figure 1, comprises a User, a Client, a Server and an external RA/CA/KMC Server,

user: the user participates in information input and operation determination;

client side: the key correlation operation of the client side is taken charge;

server side Server: the system is in charge of server-side key division and related operation, the key operation needs to be realized by adopting a hardware password component with high safety, and a certificate application request is sent to an external RA/CA/KMC server for applying for a digital certificate and an encryption key;

external RA/CA/KMC server: an external third party system service for applying for a digital certificate and an encryption key;

the key protection method based on the PKI multi-party cooperative operation mainly comprises the following steps:

s1 user certificate registration: after the User passes the real-name authentication, a server encryption machine randomly generates a signature key and a certificate request P10 for the User, salt adding and confusion processing is carried out on a real private key, A, B, C three sections of pseudo keys are divided, the User encrypts two sections of A, B stored in the encryption machine in a protected mode through an identity ID and a PIN code, and the server encrypts two sections of B, C stored in the encryption machine in an encrypted mode through a built-in key of the encryption machine; the certificate request P10 is used for applying for a certificate to an external RA/CA/KMC server, and the private key of the user encrypted certificate is stored after being encrypted by using a pseudo key B segment; the whole key generation, division, transmission and storage are correspondingly protected by adopting PKI technology and multiple factors of people and equipment.

S2 digital signature application: using the identity ID and the certificate PIN code as a unique certificate of a private key holder, decrypting a Client side to obtain two divided keys d _ A and d _ B, using one part of d _ B as a symmetric key, combining the other part of d _ A with a HASH value to be signed, symmetrically encrypting, and then sending to a server side to synthesize a pseudo key, desalting and signing a true key, wherein the true key signature value is symmetrically encrypted by using the symmetric key d _ B and then returned to the Client side, and the Client side decrypts by using the same symmetric key d _ B to obtain a true key signature value of the server side; the PKI technology and the multiple factors of people and equipment are adopted to correspondingly protect the whole processes of key fragment decryption, pseudo key synthesis, truth seeking, encryption and data transmission.

S3 data encryption application: the method comprises the steps that an encryptor encrypts data to be sent by using an encryption certificate public key of a receiver, a decryptor decrypts by using an Identity (ID) and a certificate PIN code as a unique certificate of a private key holder to obtain two divided signature keys d _ A and d _ B at a Client, one of the d _ B signature private keys is used as a symmetric key to decrypt an encryption certificate private key (encryption private key) encrypted and stored in a registration link, and then the decrypted private key is used for decrypting a received ciphertext. PKI technology and identity and PIN information of the entity are correspondingly protected in the processes of decryption of the key fragment and decryption of data.

By adopting the key protection method based on the PKI multi-party cooperative operation, the integrity and confidentiality of a real key of a user can be ensured after the key is leaked at any one of the Client side and the Server side, the safety of the generation, calling, storage and operation of a private key of the user is ensured, and the key protection safety level of the method can reach the high safety level of the traditional hardware medium intelligent cipher key USBKey (such as a bank U shield and an IC card).

Example 2

This embodiment is a further description of embodiment 1, and as shown in fig. 2, the step S1 of registering the user certificate mainly includes the following steps:

s101: a User initiates a certificate registration application, firstly, information such as a User real name, a real certificate, real person biological characteristics and the like is acquired through a Client for authentication, and the authentication enters a subsequent certificate registration link;

s102: the Client generates a temporary SM2 asymmetric key, the private key is marked as T _ Pri, and the public key is marked as T _ Pub;

s103: the Client side sends the real-name identity ID and the public key T _ Pub to the Server side Server;

s104: the Server distributes a Session symmetric key Session for the client, and the Session symmetric key Session is recorded as T _ Session;

s105: the Server side Server calls a key generation interface of the hardware password module to generate a formal SM2 asymmetric key pair for the client, the private key is recorded as d, and the public key is recorded as P;

s106: the Server side Server calls a PKCS10 generation interface of the hardware cryptographic module to generate a certificate request P10 for the client;

s107: the Server side calls an interface use certificate request P10 of the CA system to apply for a client 'signature certificate SignCert, encryption certificate EncryptCert and encryption key plaintext EncryptKey';

s108: the Server side Server carries out salting and data confusion processing on the client private key d to obtain a pseudo private key d ═ Mix (salt, d);

s109: the Server end Server sequentially divides d' into A, B, C three parts, which are respectively marked as d _ A, d _ B, d _ C;

s110: the Server side Server calls a symmetric encryption interface of the hardware cryptographic module, takes T _ Session as a symmetric key, symmetrically encrypts and outputs'd _ A + d _ B, SignCert, EncryptCert and EncryptKey ', and records as client ' SM4_ Enc (T _ Session, d _ A + d _ B, SignCert, EncryptCert and EncryptKey);

s111: the Server performs SM2 asymmetric encryption on the T _ Session by using T _ Pub, which is denoted as T _ Session ═ SM2_ Enc (T _ Pub, T _ Session);

s112: the Server side Server calls a symmetric encryption interface of the hardware cryptographic module, performs symmetric encryption output on'd _ B + d _ C and EncryptKey' by using a built-in device symmetric key, and records the symmetric encryption output as Server ═ SM4_ Enc (d _ B + d _ C and EncryptKey);

s113: the Server side Server stores the Server' in a database;

s114: the Server side Server returns the Client '+ T _ Session' to the Client side;

s115: the Client uses T _ Pri to perform SM2 asymmetric decryption on T _ Session ', so as to obtain a Session symmetric key T _ Session ═ SM2_ Dec (T _ Pri, T _ Session');

s116: the Client uses T _ Session to symmetrically decrypt the Client 'by SM4 to obtain d _ A + d _ B, SignCert, EncryptCert, EncryptKey is SM4_ Dec (T _ Session, Client');

s117: the Client uses d _ B to perform SM4 symmetric encryption on the encrypt key, so as to obtain the encrypt key ═ SM4_ Enc (d _ B, encrypt key);

s118: a user inputs a certificate PIN code, and the certificate PIN code is recorded as Cert _ PIN;

s119: the Client performs HASH operation on the real-name identity ID + Cert _ PIN to obtain Cert _ PIN ═ SM3 (identity ID + Cert _ PIN);

s120: the Client uses the Cert _ PIN ' to perform SM4 symmetric encryption on the d _ A + d _ B to obtain (d _ A + d _ B) ' (SM 4_ Enc (Cert _ PIN ', d _ A + d _ B);

s121: client stores (d _ A + d _ B) ', SignCert, EncryptCert, EncryptKey';

s122: and finishing the user registration.

Example 3

This embodiment is a further description of embodiment 1, and as shown in fig. 3, the step S2 digital signature application mainly includes the following steps:

s201: the digital signature starts;

s202: client identity identification obtains identity ID;

s203: a user inputs a certificate PIN code, and the certificate PIN code is recorded as Cert _ PIN;

s204: the Client performs HASH operation on the real-name identity ID + Cert _ PIN to obtain Cert _ PIN ═ SM3 (identity ID + Cert _ PIN);

s205: the Client uses the Cert _ PIN 'to symmetrically decrypt the (d _ a + d _ B)' by using the SM4, so as to obtain d _ a + d _ B as SM4_ Dec (Cert _ PIN ', (d _ a + d _ B)');

s206: the Client performs HASH operation on the information P to be signed to obtain a HASH value H-SM 3 (P);

s207: the Client uses d _ B to symmetrically encrypt d _ a + H to obtain (d _ a + H)' (SM 4_ Enc (d _ B, d _ a + H);

s208: the Client side sends the identity ID (d _ A + H)' to the Server side Server;

s209: the Server side Server finds the user certificate according to the real-name identity ID, calls a CA interface, and confirms the certificate state (if the certificate is invalid, the operation is terminated);

s210: the Server side Server finds out a corresponding Server' value during registration according to the real-name identity ID;

s211: the Server side Server calls a symmetric decryption interface of the hardware cryptographic module, uses an equipment built-in symmetric key to symmetrically decrypt and output the Server 'to obtain d _ B + d _ C, and the EncryptKey is SM4_ Dec (Server');

s212: the Server side Server uses d _ B to symmetrically decrypt (d _ a + H) 'to obtain d _ a + H ═ SM4_ Dec (d _ B, (d _ a + H)');

s213: the Server side Server synthesizes an obfuscated pseudo private key d' ═ d _ A + d _ B + d _ C;

s214: the Server side Server performs impurity removal (desalting) processing on the pseudo private key d 'to obtain a user true private key d ═ Unmix (salt, d');

s215: the Server side Server encrypts H by using a true private key d to generate a P1/P7 digital signature, which is recorded as P1(d, H)/P7(d, H, certificate);

s216: the Server side Server symmetrically encrypts SignData by using d _ B as a symmetric key to obtain SignData ═ SM4_ Enc (d _ B, SignData);

s217: the Server returns SignData' to the Client;

s218: the Client side decrypts the SignData 'symmetrically by using d _ B as a symmetric key to obtain a digital signature SignData which is SM4_ Dec (d _ B, SignData');

s219: the digital signature ends.

Example 4

This embodiment is a further description of embodiment 1, and as shown in fig. 4, the data encryption application of step S3 mainly includes the following steps:

s301: the User-A encryption information is sent to a User-B, and data encryption is started;

s302: the Client-A uses an encryption certificate EncryptCert _ B of the User-B to perform digital Envelope packaging on data to be sent, and the data to be sent is marked as Envelope _ B (EncryptCert _ B, data);

s303: the Client-A sends the Envelope _ B to the Client-B;

s304: identifying the Client-B to obtain the ID of the User-B;

s305: a User-B User inputs a certificate PIN code and records the certificate PIN code as Cert _ PIN;

s306: client-B performs HASH operation on the real-name identity ID + Cert _ PIN to obtain Cert _ PIN ═ SM3 (identity ID + Cert _ PIN);

s307: client-B uses Cert _ PIN 'to perform SM4 symmetric decryption on (d _ a + d _ B)' to obtain d _ a + d _ B ═ SM4_ Dec (Cert _ PIN ', (d _ a + d _ B)');

s308: the client-B decrypts the EncryptKey 'by using d _ B, and obtains the EncryptKey as SM4_ Dec (d _ B, EncryptKey');

s309: the client-B decrypts the Envelope _ B by using the EncryptKey to obtain plaintext data which is Decrypt (EncryptKey, Envelope _ B);

s310: and ending the data decryption.

The above description is only a preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be made by those skilled in the art without inventive work within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope defined by the claims.

Claims (4)

1. A PKI-based key protection method for multi-party cooperative operation comprises a User, a Client, a Server and an external RA/CA/KMC Server, and is characterized in that:

user: the user participates in information input and operation determination;

client side: the key correlation operation of the client side is taken charge;

server side Server: the system is in charge of server-side key division and related operation, the key operation needs to be realized by adopting a hardware password component with high safety, and a certificate application request is sent to an external RA/CA/KMC server for applying for a digital certificate and an encryption key;

external RA/CA/KMC server: an external third party system service for applying for a digital certificate and an encryption key;

the key protection method based on the PKI multi-party cooperative operation mainly comprises the following steps:

s1 user certificate registration: after the User passes the real-name authentication, a server encryption machine randomly generates a signature key and a certificate request P10 for the User, salt adding and confusion processing is carried out on a real private key, A, B, C three sections of pseudo keys are divided, the User encrypts two sections of A, B stored in the encryption machine in a protected mode through an identity ID and a PIN code, and the server encrypts two sections of B, C stored in the encryption machine in an encrypted mode through a built-in key of the encryption machine; the certificate request P10 is used for applying for a certificate to an external RA/CA/KMC server, and the private key of the user encrypted certificate is stored after being encrypted by using a pseudo key B segment;

s2 digital signature application: using the identity ID and the certificate PIN code as a unique certificate of a private key holder, decrypting a Client side to obtain two divided keys d _ A and d _ B, using one part of d _ B as a symmetric key, combining the other part of d _ A with a HASH value to be signed, symmetrically encrypting, and then sending to a server side to synthesize a pseudo key, desalting and signing a true key, wherein the true key signature value is symmetrically encrypted by using the symmetric key d _ B and then returned to the Client side, and the Client side decrypts by using the same symmetric key d _ B to obtain a true key signature value of the server side;

s3 data encryption application: the method comprises the steps that an encryptor encrypts data to be sent by using an encryption certificate public key of a receiver, a decryptor decrypts by using an Identity (ID) and a certificate PIN code as a unique certificate of a private key holder to obtain two divided signature keys d _ A and d _ B at a Client, one of the d _ B signature private keys is used as a symmetric key to decrypt an encryption certificate private key (encryption private key) encrypted and stored in a registration link, and then the decrypted private key is used for decrypting a received ciphertext.

2. The key protection method for multi-party cooperative operation based on PKI as recited in claim 1, wherein: the step S1 registration of the user certificate mainly includes the following steps:

s101: a User initiates a certificate registration application, firstly, information such as a User real name, a real certificate, real person biological characteristics and the like is acquired through a Client for authentication, and the authentication enters a subsequent certificate registration link;

s102: the Client generates a temporary SM2 asymmetric key, the private key is marked as T _ Pri, and the public key is marked as T _ Pub;

s103: the Client side sends the real-name identity ID and the public key T _ Pub to the Server side Server;

s104: the Server distributes a Session symmetric key Session for the client, and the Session symmetric key Session is recorded as T _ Session;

s105: the Server side Server calls a key generation interface of the hardware password module to generate a formal SM2 asymmetric key pair for the client, the private key is recorded as d, and the public key is recorded as P;

s106: the Server side Server calls a PKCS10 generation interface of the hardware cryptographic module to generate a certificate request P10 for the client;

s107: the Server side Server calls an interface use certificate request P10 of an external RA/CA/KMC Server system to apply for a client 'signature certificate SignCert, an encryption certificate EncryptCert and an encryption key plaintext EncryptKey';

s108: the Server side Server carries out salting and data confusion processing on the client private key d to obtain a pseudo private key d ═ Mix (salt, d);

s109: the Server end Server sequentially divides d' into A, B, C three parts, which are respectively marked as d _ A, d _ B, d _ C;

s110: the Server side Server calls a symmetric encryption interface of the hardware cryptographic module, takes T _ Session as a symmetric key, symmetrically encrypts and outputs'd _ A + d _ B, SignCert, EncryptCert and EncryptKey ', and records as client ' SM4_ Enc (T _ Session, d _ A + d _ B, SignCert, EncryptCert and EncryptKey);

s111: the Server performs SM2 asymmetric encryption on the T _ Session by using T _ Pub, which is denoted as T _ Session ═ SM2_ Enc (T _ Pub, T _ Session);

s112: the Server side Server calls a symmetric encryption interface of the hardware cryptographic module, performs symmetric encryption output on'd _ B + d _ C and EncryptKey' by using a built-in device symmetric key, and records the symmetric encryption output as Server ═ SM4_ Enc (d _ B + d _ C and EncryptKey);

s113: the Server side Server stores the Server' in a database;

s114: the Server side Server returns the Client '+ T _ Session' to the Client side;

s115: the Client uses T _ Pri to perform SM2 asymmetric decryption on T _ Session ', so as to obtain a Session symmetric key T _ Session ═ SM2_ Dec (T _ Pri, T _ Session');

s116: the Client uses T _ Session to symmetrically decrypt the Client 'by SM4 to obtain d _ A + d _ B, SignCert, EncryptCert, EncryptKey is SM4_ Dec (T _ Session, Client');

s117: the Client uses d _ B to perform SM4 symmetric encryption on the encrypt key, so as to obtain the encrypt key ═ SM4_ Enc (d _ B, encrypt key);

s118: a user inputs a certificate PIN code, and the certificate PIN code is recorded as Cert _ PIN;

s119: the Client performs HASH operation on the real-name identity ID + Cert _ PIN to obtain Cert _ PIN ═ SM3 (identity ID + Cert _ PIN);

s120: the Client uses the Cert _ PIN ' to perform SM4 symmetric encryption on the d _ A + d _ B to obtain (d _ A + d _ B) ' (SM 4_ Enc (Cert _ PIN ', d _ A + d _ B);

s121: client stores (d _ A + d _ B) ', SignCert, EncryptCert, EncryptKey';

s122: and finishing the user registration.

3. The key protection method for multi-party cooperative operation based on PKI as recited in claim 1, wherein: the step S2 digital signature application mainly includes the following steps:

s201: the digital signature starts;

s202: client identity identification obtains identity ID;

s203: a user inputs a certificate PIN code, and the certificate PIN code is recorded as Cert _ PIN;

s204: the Client performs HASH operation on the real-name identity ID + Cert _ PIN to obtain Cert _ PIN ═ SM3 (identity ID + Cert _ PIN);

s205: the Client uses the Cert _ PIN 'to symmetrically decrypt the (d _ a + d _ B)' by using the SM4, so as to obtain d _ a + d _ B as SM4_ Dec (Cert _ PIN ', (d _ a + d _ B)');

s206: the Client performs HASH operation on the information P to be signed to obtain a HASH value H-SM 3 (P);

s207: the Client uses d _ B to symmetrically encrypt d _ a + H to obtain (d _ a + H)' (SM 4_ Enc (d _ B, d _ a + H);

s208: the Client side sends the identity ID (d _ A + H)' to the Server side Server;

s209: the Server side Server finds out the user certificate according to the real-name identity ID, calls an external RA/CA/KMC Server interface, and confirms the certificate state (if the certificate is invalid, the operation is terminated);

s210: the Server side Server finds out a corresponding Server' value during registration according to the real-name identity ID;

s211: the Server side Server calls a symmetric decryption interface of the hardware cryptographic module, uses an equipment built-in symmetric key to symmetrically decrypt and output the Server 'to obtain d _ B + d _ C, and the EncryptKey is SM4_ Dec (Server');

s212: the Server side Server uses d _ B to symmetrically decrypt (d _ a + H) 'to obtain d _ a + H ═ SM4_ Dec (d _ B, (d _ a + H)');

s213: the Server side Server synthesizes an obfuscated pseudo private key d' ═ d _ A + d _ B + d _ C;

s214: the Server side Server performs impurity removal (desalting) processing on the pseudo private key d 'to obtain a user true private key d ═ Unmix (salt, d');

s215: the Server side Server encrypts H by using a true private key d to generate a P1/P7 digital signature, which is recorded as P1(d, H)/P7(d, H, certificate);

s216: the Server side Server symmetrically encrypts SignData by using d _ B as a symmetric key to obtain SignData ═ SM4_ Enc (d _ B, SignData);

s217: the Server returns SignData' to the Client;

s218: the Client side decrypts the SignData 'symmetrically by using d _ B as a symmetric key to obtain a digital signature SignData which is SM4_ Dec (d _ B, SignData');

s219: the digital signature ends.

4. The key protection method for multi-party cooperative operation based on PKI as recited in claim 1, wherein: the step S3 data encryption application mainly includes the following steps:

s301: the User-A encryption information is sent to a User-B, and data encryption is started;

s302: the Client-A uses an encryption certificate EncryptCert _ B of the User-B to perform digital Envelope packaging on data to be sent, and the data to be sent is marked as Envelope _ B (EncryptCert _ B, data);

s303: the Client-A sends the Envelope _ B to the Client-B;

s304: identifying the Client-B to obtain the ID of the User-B;

s305: a User-B User inputs a certificate PIN code and records the certificate PIN code as Cert _ PIN;

s306: client-B performs HASH operation on the real-name identity ID + Cert _ PIN to obtain Cert _ PIN ═ SM3 (identity ID + Cert _ PIN);

s307: client-B uses Cert _ PIN 'to perform SM4 symmetric decryption on (d _ a + d _ B)' to obtain d _ a + d _ B ═ SM4_ Dec (Cert _ PIN ', (d _ a + d _ B)');

s308: the client-B decrypts the EncryptKey 'by using d _ B, and obtains the EncryptKey as SM4_ Dec (d _ B, EncryptKey');

s309: the client-B decrypts the Envelope _ B by using the EncryptKey to obtain plaintext data which is Decrypt (EncryptKey, Envelope _ B);

s310: and ending the data decryption.

Images