CN111125725A - Encryption and decryption method, equipment and medium for mirror image verification - Google Patents
Encryption and decryption method, equipment and medium for mirror image verification Download PDFInfo
- Publication number
- CN111125725A CN111125725A CN201911153516.9A CN201911153516A CN111125725A CN 111125725 A CN111125725 A CN 111125725A CN 201911153516 A CN201911153516 A CN 201911153516A CN 111125725 A CN111125725 A CN 111125725A
- Authority
- CN
- China
- Prior art keywords
- mirror image
- file
- image
- signature
- verification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 76
- 238000012795 verification Methods 0.000 title claims abstract description 51
- 238000005192 partition Methods 0.000 claims abstract description 16
- 238000004806 packaging method and process Methods 0.000 claims abstract description 5
- 238000000638 solvent extraction Methods 0.000 claims abstract description 5
- 238000004590 computer program Methods 0.000 claims description 9
- 230000006835 compression Effects 0.000 claims description 8
- 238000007906 compression Methods 0.000 claims description 8
- 230000004044 response Effects 0.000 claims description 5
- 230000008569 process Effects 0.000 description 15
- 230000006870 function Effects 0.000 description 12
- 238000010586 diagram Methods 0.000 description 6
- 230000000694 effects Effects 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 4
- 238000013461 design Methods 0.000 description 3
- 230000001360 synchronised effect Effects 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 239000000835 fiber Substances 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000033228 biological regulation Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000001066 destructive effect Effects 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 230000017525 heat dissipation Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
Abstract
The invention discloses an encryption method for mirror image verification, which comprises the following steps: partitioning the mirror image file, and reserving a first space in the first partition; writing the mirror image content into a mirror image file according to the partition, and writing the mirror image identification code into a first space to generate a mirror image head self-signature; generating a corresponding description file based on the mirror image file; encrypting the description file by using a preset private key to generate a signature file corresponding to the description file; and compressing and packaging the mirror image file, the description file and the signature file, and asymmetrically encrypting the compressed package through a private key. The invention also discloses a decryption method for the mirror image verification, computer equipment and a readable storage medium. The encryption and decryption method, equipment and medium for verifying the mirror image, provided by the invention, have the advantages that the mirror image identification code is written in the mirror image partition, the condition that any file can pretend to be an upgraded mirror image file after the information such as an encryption private key and the like is leaked is avoided, and the safety of the mirror image file is greatly enhanced.
Description
Technical Field
The present invention relates to the field of image security, and more particularly, to an encryption and decryption method, device and readable medium for image verification.
Background
With the development of the ecosystem of the white box switch, hardware, a network operating system, control, management, data plane protocol software and the like are gradually matured, the white box switch is developed greatly, more and more customers are put into the research and development and the use of the white box switch, particularly in the internet industry, with the refined development of services, the requirement on the customization of the network is more and more, and the white box switch which is independently controllable becomes more and more important.
The white box switch monitors board-level information through a BMC (BaseBoard Management Controller), and realizes intelligent forwarding of the switch through services such as heat dissipation strategy regulation and control, sensor monitoring and sonic customized design of service level; boot, self-test and initialization program, hardware interrupt processing and program service request are performed through a Basic Input Output System (BIOS). The functions of controlling the power-on sequence, managing the power supply and the like are realized through a Complex Programmable Logic Device (CPLD). Different clients have different requirements on the functions of different modules, so that the white box switch is required to provide an image updating function, the mirror contents of the BIOS, the BMC and the CPLD chip can be updated on line, and the software system can be updated in time.
In the process of updating the mirror image, the problem of mirror image security exists; after the white box switch is shipped, chips such as the BMC, the BIOS and the CPLD are integrated on the mainboard, the chips cannot be taken out and upgraded by using a burner, the stability and the safety of the mirror image can be ensured when the mirror image needs to be upgraded, and any mirror image file cannot be upgraded without checking. At present, in the mirror image upgrading encryption verification method of the white box switch, most of the mirror image upgrading encryption verification methods only adopt an RSA asymmetric encryption mode, absolute privatization of private key files is completely relied on, once the private key files are leaked, the encryption mode is invalid, any file is encrypted by adopting the leaked private key, upgrading action can be carried out through verification, the effect is very serious, and a large amount of manpower and financial loss can be caused.
Disclosure of Invention
In view of this, an object of the embodiments of the present invention is to provide an encryption and decryption method, device, and medium for image verification, which ensure an image function type by reserving the first 128 bytes of content of an image file and adding an image identification field; by generating the mirror image description file, the mirror image content is ensured not to be tampered; the digital signature of the mirror image file and the description file ensures that the description information content is not tampered; and the content integrity in the mirror image transmission process is ensured by an RAS asymmetric encryption method.
Based on the above object, an aspect of the embodiments of the present invention provides an encryption method for image verification, including the following steps: partitioning the mirror image file, and reserving a first space in the first partition; writing the mirror image content into the mirror image file according to the partition, and writing the mirror image identification code into the first space to generate a mirror image head self-signature; generating a corresponding description file based on the mirror image file; encrypting the description file by using a preset private key to generate a signature file corresponding to the description file; and compressing and packaging the image file, the description file and the signature file, and asymmetrically encrypting the compressed package through the private key.
In some embodiments, further comprising: and detecting the self-signature of the mirror image head so as to identify the mirror image category and update the mirror image of the chip corresponding to the category.
In some embodiments, further comprising: and converting the version information to encrypt, and writing the encrypted version information into the mirror image identification code.
In some embodiments, generating the corresponding description file based on the image file comprises: and generating a description file corresponding to the image file based on the image category and the version information.
On the other hand, the embodiment of the invention also provides a decryption method for image verification, which comprises the following steps: decrypting the image compression packet by using a public key corresponding to a private key, decompressing the image compression packet, and finding an image file, a description file and a signature file in a decompressed file; verifying the signature file by using the public key; responding to the successful verification of the public key to the signature file, reading the description file to acquire version information of a mirror image, and performing information verification on the mirror image based on the version information; and in response to the information verification of the mirror image being successful, reading the mirror image identification code of the first space in the mirror image file, and verifying the mirror image identification code.
In some embodiments, the verifying the mirrored identification code comprises: and reading the type information of the mirror image identification code, and checking whether the type information is correct.
In some embodiments, further comprising: and responding to the correctness of the type information, and calling a corresponding interface based on the type information to perform online upgrade on the chip.
In some embodiments, further comprising: and converting the version information in the mirror image identification code to read the version information.
In another aspect of the embodiments of the present invention, there is also provided a computer device, including: at least one processor; and a memory storing computer instructions executable on the processor, the instructions when executed by the processor implementing the steps of the method as above.
In a further aspect of the embodiments of the present invention, a computer-readable storage medium is also provided, in which a computer program for implementing the above method steps is stored when the computer program is executed by a processor.
The invention has the following beneficial technical effects: adding a mirror image identification field by reserving the first 128 bytes of content of the mirror image file to ensure the type of a mirror image function; by generating the mirror image description file, the mirror image content is ensured not to be tampered; the digital signature of the mirror image file and the description file ensures that the description information content is not tampered; and the content integrity in the mirror image transmission process is ensured by an RAS asymmetric encryption method.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other embodiments can be obtained by using the drawings without creative efforts.
FIG. 1 is a schematic diagram of an embodiment of an encryption method for image verification according to the present invention;
FIG. 2 is a flowchart of an embodiment of an encryption method for image verification according to the present invention;
FIG. 3 is a diagram illustrating an embodiment of a decryption method for image verification according to the present invention;
FIG. 4 is a flowchart of an embodiment of a decryption method for image verification provided by the present invention;
fig. 5 is a schematic hardware structure diagram of an embodiment of the encryption and decryption method for image verification according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the following embodiments of the present invention are described in further detail with reference to the accompanying drawings.
It should be noted that all expressions using "first" and "second" in the embodiments of the present invention are used for distinguishing two entities with the same name but different names or different parameters, and it should be noted that "first" and "second" are merely for convenience of description and should not be construed as limitations of the embodiments of the present invention, and they are not described in any more detail in the following embodiments.
In view of the above object, a first aspect of the embodiments of the present invention provides an embodiment of an encryption method for image verification. Fig. 1 is a schematic diagram illustrating an embodiment of an encryption method for image verification provided by the present invention. As shown in fig. 1, the embodiment of the present invention includes the following steps:
s1, partitioning the mirror image file, and reserving a first space in the first partition;
s2, writing the mirror image content into the mirror image file according to the partition, and writing the mirror image identification code into the first space to generate a mirror image head self-signature;
s3, generating a corresponding description file based on the mirror image file;
s4, encrypting the description file by using a preset private key to generate a signature file corresponding to the description file; and
and S5, compressing and packaging the mirror image file, the description file and the signature file, and asymmetrically encrypting the compressed package through a private key.
And partitioning the mirror image file, and reserving a first space in the first partition. A block of space of a certain size, for example 128 bytes, may be reserved in the initial file partition.
And writing the mirror image content into the mirror image file according to the partition, and writing the mirror image identification code into the first space to generate a mirror image header self-signature. The process of generating the upgrade image is to write the image contents into the file according to a certain sequence and write different contents into different file partitions. The image self-signature is realized by writing the image identification code into the space when the executable program is written into the image file by the compiling code so as to identify the type of the image file. For example, the BMC image would write the beginning 128-bit ID of bmcxxx. The step mainly prevents the condition that information such as a private key, an encryption password and the like is leaked. If the key is lost, the subsequent encryption process of the image can be broken, but the head identification code of the image is unique and cannot be simulated by a common file. Namely, after an attacker masters a subsequent encryption key, a destructive image file is encrypted, and logical verification of self-signature of the image head still cannot be passed.
In some embodiments, further comprising: and converting the version information to encrypt, and writing the encrypted version information into the mirror image identification code. The version information can be converted through a preset conversion mode, and then the converted version information is written into the mirror image identification code, so that even if a private key is leaked, the version information cannot be directly obtained, and the safety of the mirror image is further enhanced.
In some embodiments, further comprising: and detecting the self-signature of the mirror image head so as to identify the mirror image category and update the mirror image of the chip corresponding to the category. The last step before the start of the image upgrading is to detect the self-signature of the image head, identify the image type and update the corresponding chip image.
And generating a corresponding description file based on the image file. After the identification code is added to the header of the image file, the description information of the image file needs to be generated, wherein the description information includes the MD5 value, the version number, the version release time, the version association information, and the like of the image file. The part of information is manually generated by a publisher after the mirror image is generated, belongs to the accessory file of the mirror image file, does not participate in the mirror image upgrade, and only ensures that the relevant information of the mirror image file is not tampered. In some embodiments, generating the corresponding description file based on the image file comprises: and generating a description file corresponding to the image file based on the image category and the version information.
And encrypting the description file by using a preset private key to generate a signature file corresponding to the description file. And signing the generated image description file by using a private key through an SHA256 algorithm to generate a corresponding signature file. The main purpose of the step is to prevent the mirror image description file from being modified and ensure the accuracy of the file. The related information of the image type in the description file directly affects the chip type of the white box switch upgrading, and once the information is modified, the image upgrading can also be failed.
And compressing and packaging the mirror image file, the description file and the signature file, and asymmetrically encrypting the compressed package through a private key. The image file, the image description file and the signature file of the image description file are compressed and packaged, and asymmetric encryption is performed through a private key, so that the integrity and the accuracy in the image uploading process are ensured.
Fig. 2 is a flowchart illustrating an embodiment of an encryption method for image verification according to the present invention. As shown in FIG. 2, beginning at block 101 and proceeding to block 102, a mirroring file is partitioned and a first space is reserved in a first partition; then, proceeding to block 103, writing the mirror image content into the mirror image file according to the partition, and writing the mirror image identification code into the first space to generate a mirror image header self-signature; continuing to block 104, generating a corresponding description file based on the image file; proceeding to block 105, encrypting the description file by using a preset private key to generate a signature file corresponding to the description file; proceeding to block 106, the image file, the description file and the signature file are compressed and packaged, the compressed package is asymmetrically encrypted by a private key, and proceeding to block 107 is ended.
It should be particularly noted that, the steps in the embodiments of the encryption method for image verification described above may be mutually intersected, replaced, added, or deleted, and therefore, these encryption methods for image verification that are reasonably transformed by permutation and combination shall also belong to the scope of the present invention, and shall not limit the scope of the present invention to the embodiments.
In view of the above object, a second aspect of the embodiments of the present invention provides an embodiment of a decryption method for image verification. Fig. 3 is a schematic diagram illustrating an embodiment of the decryption method for image verification provided by the present invention. As shown in fig. 3, the embodiment of the present invention includes the following steps:
sa, decrypting the image compression packet by using a public key corresponding to the private key, decompressing the image compression packet, and finding an image file, a description file and a signature file in a decompressed file;
sb, verifying the signature file by using a public key;
sc, responding to the successful verification of the public key to the signature file, reading the description file to obtain the version information of the mirror image, and performing information verification on the mirror image based on the version information; and
and Sd, in response to successful verification of the information of the mirror image, reading the mirror image identification code of the first space in the mirror image file, and verifying the mirror image identification code.
The decryption process is the reverse of the encryption process.
And decrypting the image compression packet by using a public key corresponding to the private key, decompressing the image compression packet, and finding an image file, a description file and a signature file in the decompressed file. And decrypting the uploaded mirror image compressed packet by using the public key, decompressing the compressed packet after decryption is successful, and finding out the mirror image file, the description file of the mirror image and the signature file of the description file in a decompressed folder.
And verifying the signature file by using the public key, reading the description file to acquire the version information of the mirror image in response to the successful verification of the public key on the signature file, and performing information verification on the mirror image based on the version information. And verifying the signature file of the description file by using the public key, reading the mirror image description file after the verification is passed, acquiring mirror image type information, MD5 information and the like, and performing information verification on the mirror image.
And in response to the successful verification of the information of the mirror image, reading the mirror image identification code of the first space in the mirror image file, and verifying the mirror image identification code. And after the description information is checked, finally reading the identification code in the mirror image head partition, and if the type information and the number information in the identification code pass the check, finishing the whole mirror image check. In some embodiments, the verifying the mirrored identification code comprises: and reading the type information of the mirror image identification code, and checking whether the type information is correct. In some embodiments, further comprising: and converting the version information in the mirror image identification code to read the version information.
In some embodiments, further comprising: and responding to the correctness of the type information, and calling a corresponding interface based on the type information to perform online upgrade on the chip. And calling different interfaces to carry out online upgrade on the chip according to different mirror image types.
Fig. 4 is a flowchart illustrating an embodiment of an encryption method for image verification according to the present invention. As shown in fig. 4, beginning at block 111 and continuing to block 112, the mirror image compressed package is decrypted using the public key corresponding to the private key, the mirror image compressed package is decompressed, and the mirror image file, the description file and the signature file are found in the decompressed file; then proceed to block 113 where the public key is used to verify the signature file; then, the process proceeds to a block 114, whether the verification of the public key on the signature file is successful is judged, if not, the process is directly finished, if yes, the process proceeds to a block 115, the description file is read to obtain the version information of the mirror image, and the information verification is performed on the mirror image based on the version information; then, the process proceeds to block 116, where it is determined whether the version information is successfully checked against the image information, if not, the process proceeds to block 117, where the image identifier of the first space in the image file is read and checked against the image identifier, and then the process proceeds to block 118, where the process ends.
It should be particularly noted that, the steps in the embodiments of the decryption method for image verification described above may be intersected, replaced, added, or deleted, and therefore, these encryption methods for image verification that are reasonably transformed by permutation and combination should also belong to the scope of the present invention, and should not limit the scope of the present invention to the embodiments.
In view of the above object, a third aspect of the embodiments of the present invention provides a computer device, including: at least one processor; and a memory storing computer instructions executable on the processor, the instructions being executable by the processor to implement the method as above.
Fig. 5 is a schematic hardware structure diagram of an embodiment of the encryption and decryption method for image verification according to the present invention.
Taking the apparatus shown in fig. 5 as an example, the apparatus includes a processor 501 and a memory 502, and may further include: an input device 503 and an output device 504.
The processor 501, the memory 502, the input device 503 and the output device 504 may be connected by a bus or other means, and fig. 5 illustrates the connection by a bus as an example.
The memory 502, which is a non-volatile computer-readable storage medium, may be used to store non-volatile software programs, non-volatile computer-executable programs, and modules, such as program instructions/modules corresponding to the encryption and decryption method for image verification in the embodiments of the present application. The processor 501 executes various functional applications and data processing of the server, namely, an encryption and decryption method for implementing the image verification of the above method embodiment, by running the nonvolatile software program, instructions and modules stored in the memory 502.
The memory 502 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to the use of an encryption/decryption method of the mirror verification, and the like. Further, the memory 502 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some embodiments, memory 502 optionally includes memory located remotely from processor 501, which may be connected to local modules via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The input device 503 may receive information such as a user name and a password that are input. The output device 504 may include a display device such as a display screen.
Program instructions/modules corresponding to one or more image-verified encryption/decryption methods are stored in memory 502 and, when executed by processor 501, perform the image-verified encryption/decryption method of any of the above-described method embodiments.
Any embodiment of the computer device executing the encryption and decryption method of image verification can achieve the same or similar effects as any corresponding embodiment of the method.
The invention also provides a computer readable storage medium storing a computer program which, when executed by a processor, performs the method as above.
Finally, it should be noted that, as one of ordinary skill in the art can appreciate that all or part of the processes of the methods of the above embodiments can be implemented by a computer program to instruct related hardware, and the program of the encryption and decryption method for image verification can be stored in a computer readable storage medium, and when executed, the program can include the processes of the embodiments of the methods as described above. The storage medium of the program may be a magnetic disk, an optical disk, a Read Only Memory (ROM), a Random Access Memory (RAM), or the like. The embodiments of the computer program may achieve the same or similar effects as any of the above-described method embodiments.
Furthermore, the methods disclosed according to embodiments of the present invention may also be implemented as a computer program executed by a processor, which may be stored in a computer-readable storage medium. Which when executed by a processor performs the above-described functions defined in the methods disclosed in embodiments of the invention.
Further, the above method steps and system elements may also be implemented using a controller and a computer readable storage medium for storing a computer program for causing the controller to implement the functions of the above steps or elements.
Further, it should be appreciated that the computer-readable storage media (e.g., memory) herein can be either volatile memory or nonvolatile memory, or can include both volatile and nonvolatile memory. By way of example, and not limitation, nonvolatile memory can include Read Only Memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM), which can act as external cache memory. By way of example and not limitation, RAM is available in a variety of forms such as synchronous RAM (DRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), and Direct Rambus RAM (DRRAM). The storage devices of the disclosed aspects are intended to comprise, without being limited to, these and other suitable types of memory.
Those of skill would further appreciate that the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the disclosure herein may be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate this interchangeability of hardware and software, various illustrative components, blocks, modules, circuits, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as software or hardware depends upon the particular application and design constraints imposed on the overall system. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the disclosed embodiments of the present invention.
The various illustrative logical blocks, modules, and circuits described in connection with the disclosure herein may be implemented or performed with the following components designed to perform the functions herein: a general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination of these components. A general purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing devices, e.g., a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP, and/or any other such configuration.
The steps of a method or algorithm described in connection with the disclosure herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an ASIC. The ASIC may reside in a user terminal. In the alternative, the processor and the storage medium may reside as discrete components in a user terminal.
In one or more exemplary designs, the functions may be implemented in hardware, software, firmware, or any combination thereof. If implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Computer-readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. A storage media may be any available media that can be accessed by a general purpose or special purpose computer. By way of example, and not limitation, such computer-readable media can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a general-purpose or special-purpose computer, or a general-purpose or special-purpose processor. Also, any connection is properly termed a computer-readable medium. For example, if the software is transmitted from a website, server, or other remote source using a coaxial cable, fiber optic cable, twisted pair, Digital Subscriber Line (DSL), or wireless technologies such as infrared, radio, and microwave, then the coaxial cable, fiber optic cable, twisted pair, DSL, or wireless technologies such as infrared, radio, and microwave are included in the definition of medium. Disk and disc, as used herein, includes Compact Disc (CD), laser disc, optical disc, Digital Versatile Disc (DVD), floppy disk, blu-ray disc where disks usually reproduce data magnetically, while discs reproduce data optically with lasers. Combinations of the above should also be included within the scope of computer-readable media.
The foregoing is an exemplary embodiment of the present disclosure, but it should be noted that various changes and modifications could be made herein without departing from the scope of the present disclosure as defined by the appended claims. The functions, steps and/or actions of the method claims in accordance with the disclosed embodiments described herein need not be performed in any particular order. Furthermore, although elements of the disclosed embodiments of the invention may be described or claimed in the singular, the plural is contemplated unless limitation to the singular is explicitly stated.
It should be understood that, as used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly supports the exception. It should also be understood that "and/or" as used herein is meant to include any and all possible combinations of one or more of the associated listed items.
The numbers of the embodiments disclosed in the embodiments of the present invention are merely for description, and do not represent the merits of the embodiments.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, and the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
Those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant to be exemplary only, and is not intended to intimate that the scope of the disclosure, including the claims, of embodiments of the invention is limited to these examples; within the idea of an embodiment of the invention, also technical features in the above embodiment or in different embodiments may be combined and there are many other variations of the different aspects of the embodiments of the invention as described above, which are not provided in detail for the sake of brevity. Therefore, any omissions, modifications, substitutions, improvements, and the like that may be made without departing from the spirit and principles of the embodiments of the present invention are intended to be included within the scope of the embodiments of the present invention.
Claims (10)
1. An encryption method for image verification is characterized by comprising the following steps:
partitioning the mirror image file, and reserving a first space in the first partition;
writing the mirror image content into the mirror image file according to the partition, and writing the mirror image identification code into the first space to generate a mirror image head self-signature;
generating a corresponding description file based on the mirror image file;
encrypting the description file by using a preset private key to generate a signature file corresponding to the description file; and
and compressing and packaging the mirror image file, the description file and the signature file, and asymmetrically encrypting the compressed package through the private key.
2. The encryption method according to claim 1, further comprising:
and detecting the self-signature of the mirror image head so as to identify the mirror image category and update the mirror image of the chip corresponding to the category.
3. The encryption method according to claim 2, further comprising:
and converting the version information to encrypt, and writing the encrypted version information into the mirror image identification code.
4. The encryption method of claim 3, wherein generating the corresponding description file based on the image file comprises:
and generating a description file corresponding to the image file based on the image category and the version information.
5. A decryption method for image verification, comprising:
decrypting the image compression packet by using a public key corresponding to a private key, decompressing the image compression packet, and finding an image file, a description file and a signature file in a decompressed file;
verifying the signature file by using the public key;
responding to the successful verification of the public key to the signature file, reading the description file to acquire version information of a mirror image, and performing information verification on the mirror image based on the version information; and
and in response to the successful verification of the information of the mirror image, reading the mirror image identification code of the first space in the mirror image file, and verifying the mirror image identification code.
6. The decryption method of claim 5, wherein the verifying the image identifier comprises:
and reading the type information of the mirror image identification code, and checking whether the type information is correct.
7. The decryption method of claim 6, further comprising:
and responding to the correctness of the type information, and calling a corresponding interface based on the type information to perform online upgrade on the chip.
8. The decryption method of claim 7, further comprising:
and converting the version information in the mirror image identification code to read the version information.
9. A computer device, comprising:
at least one processor; and
memory storing computer instructions executable on the processor, the instructions when executed by the processor implementing the steps of the method according to any one of claims 1 to 8.
10. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911153516.9A CN111125725A (en) | 2019-11-22 | 2019-11-22 | Encryption and decryption method, equipment and medium for mirror image verification |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911153516.9A CN111125725A (en) | 2019-11-22 | 2019-11-22 | Encryption and decryption method, equipment and medium for mirror image verification |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111125725A true CN111125725A (en) | 2020-05-08 |
Family
ID=70496219
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911153516.9A Pending CN111125725A (en) | 2019-11-22 | 2019-11-22 | Encryption and decryption method, equipment and medium for mirror image verification |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111125725A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111966972A (en) * | 2020-08-21 | 2020-11-20 | 北京元心科技有限公司 | Program encryption method and device, electronic equipment and computer readable storage medium |
| CN112579112A (en) * | 2021-03-01 | 2021-03-30 | 北京信安世纪科技股份有限公司 | Mirror image security processing and deploying method, device and storage medium |
| CN112596800A (en) * | 2020-12-26 | 2021-04-02 | 苏州浪潮智能科技有限公司 | U-Boot image upgrading and checking method and device and electronic equipment |
| CN112596765A (en) * | 2020-12-22 | 2021-04-02 | 华立科技股份有限公司 | Power equipment upgrading method, system and related device |
| CN112632641A (en) * | 2020-12-31 | 2021-04-09 | 深圳市九洲电器有限公司 | Production software security encryption transmission method and electronic equipment |
| CN113868700A (en) * | 2021-08-30 | 2021-12-31 | 苏州浪潮智能科技有限公司 | BIOS (basic input output System) image offline signature method, system, terminal and storage medium |
Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101578609A (en) * | 2007-01-07 | 2009-11-11 | 苹果公司 | Secure booting a computing device |
| CN103425932A (en) * | 2013-08-09 | 2013-12-04 | 华为终端有限公司 | Signature calibration method and terminal device |
| CN104539432A (en) * | 2014-12-31 | 2015-04-22 | 北京奇虎科技有限公司 | Method and device for signing file |
| CN104573527A (en) * | 2014-12-30 | 2015-04-29 | 北京工业大学 | UEFI system updating method based on updating security mechanism |
| CN105007261A (en) * | 2015-06-02 | 2015-10-28 | 华中科技大学 | Security protection method for image file in virtual environment |
| CN106960155A (en) * | 2017-03-28 | 2017-07-18 | 联想(北京)有限公司 | The update method and device of a kind of basic input output system |
| CN107256168A (en) * | 2017-06-12 | 2017-10-17 | 郑州云海信息技术有限公司 | A kind of design method of UEFI BIOS safety upgrade mechanism |
| CN107786504A (en) * | 2016-08-26 | 2018-03-09 | 腾讯科技(深圳)有限公司 | ELF file publishing methods, ELF file verifications method, server and terminal |
| CN108255505A (en) * | 2018-01-10 | 2018-07-06 | 浪潮(北京)电子信息产业有限公司 | A kind of firmware update, device, equipment and computer readable storage medium |
| CN108304722A (en) * | 2017-12-21 | 2018-07-20 | 广州小鹏汽车科技有限公司 | A kind of software installation packet and its generation method, upgrade method and system |
| CN108830086A (en) * | 2018-06-19 | 2018-11-16 | 郑州云海信息技术有限公司 | A kind of BIOS file upgrade method and relevant apparatus |
| CN109542461A (en) * | 2018-10-16 | 2019-03-29 | 深圳壹账通智能科技有限公司 | Dissemination method, terminal device and the medium of application installation package |
| CN109710315A (en) * | 2017-10-25 | 2019-05-03 | 阿里巴巴集团控股有限公司 | BIOS writes with a brush dipped in Chinese ink the processing method of method and BIOS image file |
| CN109992288A (en) * | 2019-04-12 | 2019-07-09 | 苏州浪潮智能科技有限公司 | A kind of firmware update, device and computer readable storage medium |
| CN110362427A (en) * | 2019-06-26 | 2019-10-22 | 苏州浪潮智能科技有限公司 | A kind of processing method of image file, system, BMC and readable storage medium storing program for executing |
-
2019
- 2019-11-22 CN CN201911153516.9A patent/CN111125725A/en active Pending
Patent Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101578609A (en) * | 2007-01-07 | 2009-11-11 | 苹果公司 | Secure booting a computing device |
| CN103425932A (en) * | 2013-08-09 | 2013-12-04 | 华为终端有限公司 | Signature calibration method and terminal device |
| CN104573527A (en) * | 2014-12-30 | 2015-04-29 | 北京工业大学 | UEFI system updating method based on updating security mechanism |
| CN104539432A (en) * | 2014-12-31 | 2015-04-22 | 北京奇虎科技有限公司 | Method and device for signing file |
| CN105007261A (en) * | 2015-06-02 | 2015-10-28 | 华中科技大学 | Security protection method for image file in virtual environment |
| CN107786504A (en) * | 2016-08-26 | 2018-03-09 | 腾讯科技(深圳)有限公司 | ELF file publishing methods, ELF file verifications method, server and terminal |
| CN106960155A (en) * | 2017-03-28 | 2017-07-18 | 联想(北京)有限公司 | The update method and device of a kind of basic input output system |
| CN107256168A (en) * | 2017-06-12 | 2017-10-17 | 郑州云海信息技术有限公司 | A kind of design method of UEFI BIOS safety upgrade mechanism |
| CN109710315A (en) * | 2017-10-25 | 2019-05-03 | 阿里巴巴集团控股有限公司 | BIOS writes with a brush dipped in Chinese ink the processing method of method and BIOS image file |
| CN108304722A (en) * | 2017-12-21 | 2018-07-20 | 广州小鹏汽车科技有限公司 | A kind of software installation packet and its generation method, upgrade method and system |
| CN108255505A (en) * | 2018-01-10 | 2018-07-06 | 浪潮(北京)电子信息产业有限公司 | A kind of firmware update, device, equipment and computer readable storage medium |
| CN108830086A (en) * | 2018-06-19 | 2018-11-16 | 郑州云海信息技术有限公司 | A kind of BIOS file upgrade method and relevant apparatus |
| CN109542461A (en) * | 2018-10-16 | 2019-03-29 | 深圳壹账通智能科技有限公司 | Dissemination method, terminal device and the medium of application installation package |
| CN109992288A (en) * | 2019-04-12 | 2019-07-09 | 苏州浪潮智能科技有限公司 | A kind of firmware update, device and computer readable storage medium |
| CN110362427A (en) * | 2019-06-26 | 2019-10-22 | 苏州浪潮智能科技有限公司 | A kind of processing method of image file, system, BMC and readable storage medium storing program for executing |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111966972A (en) * | 2020-08-21 | 2020-11-20 | 北京元心科技有限公司 | Program encryption method and device, electronic equipment and computer readable storage medium |
| CN111966972B (en) * | 2020-08-21 | 2023-07-04 | 北京元心科技有限公司 | Program encryption method, device, electronic equipment and computer readable storage medium |
| CN112596765A (en) * | 2020-12-22 | 2021-04-02 | 华立科技股份有限公司 | Power equipment upgrading method, system and related device |
| CN112596800A (en) * | 2020-12-26 | 2021-04-02 | 苏州浪潮智能科技有限公司 | U-Boot image upgrading and checking method and device and electronic equipment |
| CN112632641A (en) * | 2020-12-31 | 2021-04-09 | 深圳市九洲电器有限公司 | Production software security encryption transmission method and electronic equipment |
| CN112579112A (en) * | 2021-03-01 | 2021-03-30 | 北京信安世纪科技股份有限公司 | Mirror image security processing and deploying method, device and storage medium |
| CN112579112B (en) * | 2021-03-01 | 2021-08-31 | 北京信安世纪科技股份有限公司 | Mirror image security processing and deploying method, device and storage medium |
| CN113868700A (en) * | 2021-08-30 | 2021-12-31 | 苏州浪潮智能科技有限公司 | BIOS (basic input output System) image offline signature method, system, terminal and storage medium |
| CN113868700B (en) * | 2021-08-30 | 2023-11-03 | 苏州浪潮智能科技有限公司 | BIOS mirror image offline signature method, system, terminal and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111125725A (en) | Encryption and decryption method, equipment and medium for mirror image verification | |
| TWI709056B (en) | Firmware upgrade method and device | |
| US9477848B2 (en) | System and method for managing and diagnosing a computing device equipped with unified extensible firmware interface (UEFI)-compliant firmware | |
| FI114416B (en) | Method for securing the electronic device, the backup system and the electronic device | |
| JP5411122B2 (en) | Information processing device | |
| RU2601862C2 (en) | Method, unit and device for processing encryption and decryption | |
| CN110287654B (en) | Media client device authentication using hardware trust root | |
| US11368299B2 (en) | Self-encryption drive (SED) | |
| WO2009107351A1 (en) | Information security device and information security system | |
| CN105391717A (en) | APK signature authentication method and APK signature authentication system | |
| US20200119929A1 (en) | Securing firmware | |
| TW201516733A (en) | System and method for verifying changes to UEFI authenticated variables | |
| TW202036347A (en) | Method and apparatus for data storage and verification | |
| EP2503482A1 (en) | Electronic device with flash memory component | |
| WO2017045627A1 (en) | Control board secure start method, and software package upgrade method and device | |
| KR20170089352A (en) | Firmware integrity verification for performing the virtualization system | |
| CN108345805B (en) | Method and device for verifying firmware | |
| CN111177709A (en) | Execution method and device of terminal trusted component and computer equipment | |
| CN115879111A (en) | Method, device and system for safe starting | |
| JP2023525576A (en) | Scope of control of authentication keys for software updates | |
| CN116821918A (en) | Online upgrading method, chip device, computer terminal and storage medium | |
| US20220417039A1 (en) | Manufacturer usage description mud file obtaining method and device | |
| CN111709033A (en) | Method, system, device and medium for safely starting server based on PUF | |
| WO2020199177A1 (en) | Method and apparatus for running smart contract | |
| CN115688120A (en) | Secure chip firmware importing method, secure chip and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200508 |