CN111666580A - File encryption method, file decryption method and file encryption device - Google Patents
File encryption method, file decryption method and file encryption device Download PDFInfo
- Publication number
- CN111666580A CN111666580A CN202010594052.1A CN202010594052A CN111666580A CN 111666580 A CN111666580 A CN 111666580A CN 202010594052 A CN202010594052 A CN 202010594052A CN 111666580 A CN111666580 A CN 111666580A
- Authority
- CN
- China
- Prior art keywords
- file
- information
- encrypted
- value
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Power Engineering (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a file encryption method, a file decryption method and a file decryption device, which comprise the following steps: receiving a data stream sent by a client, wherein the data stream comprises file attribute information; encrypting the data stream to obtain a file content ciphertext; generating a first file according to a preset rule, and writing a file content ciphertext into the first file; encrypting file path information and file attribute information corresponding to a first file written with a file content ciphertext to obtain encrypted file downloading information; calculating a first MD5 value according to the encrypted file downloading information; encoding the encrypted file downloading information and the first MD5 value to obtain encoding information, and sending the encoding information to the client; the first file is an empty file which does not store file information, the file path is encrypted, leakage of a file structure in the server is reduced, the safety of the file is improved, the database does not need to be relied on, and the cost is low.
Description
Technical Field
The present invention relates to the field of information technologies, and in particular, to a file encryption method, a file decryption method, and a file decryption apparatus.
Background
With the development of the internet, a server becomes an important choice for storing network files. The real information of the file is usually stored in a database of the server and converted into url (Uniform Resource Locator) for file operation.
The method needs to rely on a database, is high in cost, stores the real information of the file in a fixed path of the server, and most people can find the file through the fixed path.
Disclosure of Invention
In view of this, the present invention provides a file encryption method, a file decryption method, and a file decryption apparatus, which encrypt a file path, reduce leakage of a file structure in a server, improve file security, and do not need to rely on a database, and are low in cost.
In a first aspect, an embodiment of the present invention provides a file encryption method, which is applied to a server, and the method includes:
receiving a data stream sent by a client, wherein the data stream comprises file attribute information;
encrypting the data stream to obtain a file content ciphertext;
generating a first file according to a preset rule, and writing the file content ciphertext into the first file;
encrypting file path information corresponding to the first file written in the file content ciphertext and the file attribute information to obtain encrypted file downloading information;
calculating a first MD5 value according to the encrypted file downloading information;
encoding the encrypted file downloading information and the first MD5 value to obtain encoding information, and sending the encoding information to the client;
the first file is an empty file which does not store file information.
Further, the method further comprises:
receiving upload request information sent by the client, wherein the upload request information comprises a user name and a password;
matching the user name with a pre-stored user name and the password with a pre-stored password;
and if the user name is consistent with the pre-stored user name and the password is consistent with the pre-stored password, sending first prompt information which passes the verification to the client.
Further, the upload request information further includes an authorization code, and the method further includes:
when the user successfully logs in the client through the user name and the password, verifying the authorization code;
and if the authorization code is consistent with the pre-stored authorization code, sending second prompt information of passing verification to the client.
Further, the encrypting the data stream to obtain a file content ciphertext includes:
and encrypting the data stream by adopting a symmetric encryption algorithm or an asymmetric encryption algorithm to obtain the file content ciphertext.
In a second aspect, an embodiment of the present invention provides a file decryption method, which is applied to a server, and the method includes:
receiving downloading request information sent by a client, wherein the downloading request information comprises coding information;
decoding the coding information to obtain encrypted file downloading information and a first MD5 value;
verifying the encrypted file downloading information according to the encrypted file downloading information and the first MD5 value;
if the verification is passed, decrypting the encrypted file downloading information to obtain file path information and file attribute information;
writing the file attribute information into a response head, and reading a file content ciphertext according to the file path information;
decrypting the file content ciphertext to obtain a file content plaintext;
and sending response information comprising the plaintext of the file content to the client.
Further, the verifying the encrypted file download information according to the encrypted file download information and the first MD5 value includes:
obtaining a second MD5 value according to the encrypted file downloading information;
matching the first MD5 value with the second MD5 value;
if the first MD5 value is the same as the second MD5 value, the encrypted file downloading information is not tampered;
and if the value of the first MD5 is not the same as the value of the second MD5, the encrypted file downloading information is tampered.
In a third aspect, an embodiment of the present invention provides an apparatus for encrypting a file, where the apparatus is applied to a server, and the apparatus includes:
the data stream receiving unit is used for receiving a data stream sent by a client, and the data stream comprises file attribute information;
the encryption processing unit is used for carrying out encryption processing on the data stream to obtain a file content ciphertext;
the first file generating unit is used for generating a first file according to a preset rule and writing the file content ciphertext into the first file;
the encryption unit is used for encrypting the file path information corresponding to the first file written with the file content ciphertext and the file attribute information to obtain encrypted file downloading information;
the computing unit is used for computing a first MD5 value according to the encrypted file downloading information;
the encoding unit is used for encoding the encrypted file downloading information and the first MD5 value to obtain encoding information and sending the encoding information to the client;
the first file is an empty file which does not store file information.
In a fourth aspect, an embodiment of the present invention provides a file decryption apparatus, which is applied to a server, and includes:
a download request information receiving unit, configured to receive download request information sent by a client, where the download request information includes encoding information;
the decoding unit is used for decoding the coding information to obtain encrypted file downloading information and a first MD5 value;
the verification unit is used for verifying the encrypted file downloading information according to the encrypted file downloading information and the first MD5 value;
the first decryption unit is used for decrypting the encrypted file downloading information under the condition that the verification is passed to obtain file path information and file attribute information;
the writing unit is used for writing the file attribute information into a response head and reading a file content ciphertext according to the file path information;
the second decryption unit is used for decrypting the file content ciphertext to obtain a file content plaintext;
and the sending unit is used for sending response information comprising the plaintext of the file content to the client.
In a fifth aspect, an embodiment of the present invention provides an electronic device, including a memory and a processor, where the memory stores a computer program operable on the processor, and the processor implements the method described above when executing the computer program.
In a sixth aspect, embodiments of the invention provide a computer readable medium having non-volatile program code executable by a processor, the program code causing the processor to perform the method as described above.
The embodiment of the invention provides a file encryption method, a file decryption method and a file decryption device, wherein the file encryption method, the file decryption method and the file decryption device comprise the following steps: receiving a data stream sent by a client, wherein the data stream comprises file attribute information; encrypting the data stream to obtain a file content ciphertext; generating a first file according to a preset rule, and writing a file content ciphertext into the first file; encrypting file path information and file attribute information corresponding to a first file written with a file content ciphertext to obtain encrypted file downloading information; calculating a first MD5 value according to the encrypted file downloading information; encoding the encrypted file downloading information and the first MD5 value to obtain encoding information, and sending the encoding information to the client; the first file is an empty file which does not store file information, the file path is encrypted, leakage of a file structure in the server is reduced, the safety of the file is improved, the database does not need to be relied on, and the cost is low.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
In order to make the aforementioned and other objects, features and advantages of the present invention comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a flowchart of a file encryption method according to an embodiment of the present invention;
FIG. 2 is a flowchart of a file decryption method according to a second embodiment of the present invention;
fig. 3 is a schematic diagram of a file encryption apparatus according to a third embodiment of the present invention;
fig. 4 is a schematic diagram of a file decryption apparatus according to a fourth embodiment of the present invention.
Icon:
1-a data stream receiving unit; 2-an encryption processing unit; 3-a first file generation unit; 4-an encryption unit; 5-a calculation unit; 6-a coding unit; 7-download request information receiving unit; 8-a decoding unit; 9-a verification unit; 10-a first decryption unit; 11-a write unit; 12-a second decryption unit; 13-transmitting unit.
Detailed Description
To make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
For the understanding of the present embodiment, the following detailed description will be given of the embodiment of the present invention.
The first embodiment is as follows:
fig. 1 is a flowchart of a file encryption method according to an embodiment of the present invention.
Referring to fig. 1, the execution subject is a server, and the method includes the steps of:
step S101, receiving a data stream sent by a client, wherein the data stream comprises file attribute information;
here, the file attribute information includes, but is not limited to, a file name, a file size, and a file format.
Step S102, encrypting the data stream to obtain a file content ciphertext;
here, the server encrypts the data stream, usually using a reversible encryption algorithm, where the reversible encryption algorithm includes a symmetric encryption algorithm and an asymmetric encryption algorithm, and the symmetric encryption algorithm or the asymmetric encryption algorithm is used to encrypt the data stream, so as to obtain a file content ciphertext.
Step S103, generating a first file according to a preset rule, and writing a file content ciphertext into the first file;
specifically, the preset rule may be a random generation algorithm, and a randomly named first file is generated in a specified file path according to the random generation algorithm, where the first file is an empty file that does not store file information, that is, the size of the first file is 0.
Step S104, encrypting file path information and file attribute information corresponding to the first file written with the file content ciphertext to obtain encrypted file downloading information;
specifically, when a first file of the designated path is generated according to a random generation algorithm, the file content ciphertext is written into the first file, and at this time, the size of the first file is not 0. And when the first file is an empty file, the corresponding file path information is the same as the file path information corresponding to the first file written with the file content ciphertext.
And encrypting the file path information and the file attribute information corresponding to the first file written with the file content ciphertext, namely encapsulating the file path information and the file attribute information corresponding to the first file written with the file content ciphertext together and then encrypting. For example, the file path information is 'E: \ computer data \ backup', the file attribute information is 'neural network + PDF +32 bit', and the file path information is 'E: \ computer data \ backup + neural network + PDF +32 bit' after encapsulation. The file path information and the file attribute information corresponding to the first file written with the file content ciphertext are encrypted to obtain the encrypted file downloading information, so that the risk of exposing the server file can be reduced, malicious attacks can be reduced, and the file security can be improved. In the encryption process, a database is not needed for storage, so that the cost can be reduced.
Step S105, calculating a first MD5 value according to the encrypted file downloading information;
and step S106, encoding the encrypted file downloading information and the first MD5 value to obtain encoding information, and sending the encoding information to the client.
Here, since the encrypted file download information and the first MD5 value are both in binary format, the encoded information obtained by encoding the encrypted file download information and the first MD5 value is in a character string format.
Further, the method comprises the following steps:
step S201, receiving upload request information sent by a client, wherein the upload request information comprises a user name and a password;
step S202, matching the user name with a pre-stored user name, and matching the password with a pre-stored password;
step S203, if the user name is consistent with the pre-stored user name and the password is consistent with the pre-stored password, first prompt information that the verification is passed is sent to the client.
Further, the upload request information further includes an authorization code, and the method further includes the following steps:
step S301, when the user successfully logs in the client through the user name and the password, the authorization code is verified;
step S302, if the authorization code is consistent with the pre-stored authorization code, second prompt information that the verification is passed is sent to the client.
Specifically, when the client sends the upload request information to the server, the server needs to perform permission verification on the client, and the permission verification includes two modes.
The first mode is as follows: the uploading request information comprises a user name and a password, the server matches the user name with the pre-stored user name and the password with the pre-stored password, if the user name is consistent with the pre-stored user name and the password is consistent with the pre-stored password, the client side accords with the authority of uploading files, and at the moment, the server sends first prompt information that the verification is passed to the client side. If the user name is consistent with the pre-stored user name and the password is inconsistent with the pre-stored password, the verification is not passed at the moment; if the user name is not consistent with the pre-stored user name and the password is consistent with the pre-stored password, the verification is not passed at the moment; if the user name is not consistent with the pre-stored user name and the password is not consistent with the pre-stored password, the verification is not passed at the moment. And under the condition that the verification is not passed, the client cannot upload the file.
The second way is: when a user inputs a user name and a password on a client and login is successful, a server generally distributes an authorization code for the client, at the moment, the client sends the authorization code to the server, the server matches the authorization code with a pre-stored authorization code, and if the authorization code is consistent with the pre-stored authorization code, the server sends second prompt information that verification is passed to the client.
Further, step S102 includes:
and encrypting the data stream by adopting a symmetric encryption algorithm or an asymmetric encryption algorithm to obtain a file content ciphertext.
The file encryption method provided by the embodiment comprises the following steps: receiving a data stream sent by a client, wherein the data stream comprises file attribute information; encrypting the data stream to obtain a file content ciphertext; generating a first file according to a preset rule, and writing a file content ciphertext into the first file; encrypting file path information and file attribute information corresponding to a first file written with a file content ciphertext to obtain encrypted file downloading information; calculating a first MD5 value according to the encrypted file downloading information; encoding the encrypted file downloading information and the first MD5 value to obtain encoding information, and sending the encoding information to the client; the first file is an empty file which does not store file information, the file path is encrypted, leakage of a file structure in the server is reduced, the safety of the file is improved, the database does not need to be relied on, and the cost is low.
Example two:
fig. 2 is a flowchart of a file decryption method according to a second embodiment of the present invention.
Referring to fig. 2, the execution subject is a server, and the method includes the steps of:
step S401, receiving downloading request information sent by a client, wherein the downloading request information comprises coding information;
here, after receiving the download request information sent by the client, the server needs to verify the user name, the password, and the authorization code in the download request information, and a specific verification process is similar to the encryption process and is not described herein again. Wherein the encoded information is obtained by an encryption method.
Step S402, decoding the coded information to obtain encrypted file downloading information and a first MD5 value;
step S403, verifying the encrypted file downloading information according to the encrypted file downloading information and the first MD5 value;
step S404, if the verification is passed, decrypting the encrypted file downloading information to obtain file path information and file attribute information;
here, the process of decrypting the encrypted file download information corresponds to the encryption process.
Step S405, writing the file attribute information into the response head, and reading the file content ciphertext according to the file path information;
specifically, the data stream includes a response header, and after the file attribute information is written into the response header, the client can create a file by the file name in the response header since the file attribute information includes the file name. For example, when the file name is "123" and the file format is "PDF", the browser calls the file name "123. PDF" from the response header after the user clicks the download link on the client.
Step S406, decrypting the file content ciphertext to obtain a file content plaintext;
here, the decryption process corresponds to a symmetric encryption algorithm or an asymmetric encryption algorithm in the encryption process.
Step S407, sending response information including the plaintext of the file content to the client.
Further, step S403 includes the steps of:
step S501, obtaining a second MD5 value according to the encrypted file downloading information;
step S502, matching the first MD5 value with the second MD5 value; if the first MD5 value is the same as the second MD5 value, then step S503 is performed; if the first MD5 value is not the same as the second MD5 value, perform step S504;
step S503, the encrypted file downloading information is not tampered;
in step S504, the encrypted file download information is tampered.
Specifically, when the client sends the download request information to the server, the server needs to check the encrypted file download information included in the download request information to determine whether the encrypted file download information is tampered.
The file decryption method provided by the embodiment comprises the following steps: receiving downloading request information sent by a client, wherein the downloading request information comprises coding information; decoding the coded information to obtain encrypted file downloading information and a first MD5 value; verifying the encrypted file downloading information according to the encrypted file downloading information and the first MD5 value; if the verification is passed, decrypting the encrypted file downloading information to obtain file path information and file attribute information; writing the file attribute information into the response head, and reading the file content ciphertext according to the file path information; decrypting the file content ciphertext to obtain a file content plaintext; the response information including the file content plaintext is sent to the client, the file path can be decrypted, leakage of a file structure in the server is reduced, the file safety is improved, dependence on a database is not needed, and the cost is low.
Example three:
fig. 3 is a schematic diagram of a file encryption apparatus according to a third embodiment of the present invention.
Referring to fig. 3, the apparatus, applied to a server, includes:
the data stream receiving unit 1 is used for receiving a data stream sent by a client, wherein the data stream comprises file attribute information;
the encryption processing unit 2 is used for encrypting the data stream to obtain a file content ciphertext;
the first file generating unit 3 is used for generating a first file according to a preset rule and writing a file content ciphertext into the first file;
the encryption unit 4 is used for encrypting file path information and file attribute information corresponding to a first file written with a file content ciphertext to obtain encrypted file downloading information;
a calculating unit 5, configured to calculate a first MD5 value according to the encrypted file download information;
the encoding unit 6 is used for encoding the encrypted file downloading information and the first MD5 value to obtain encoding information and sending the encoding information to the client; the first file is an empty file which does not store file information.
The file encryption device provided by the embodiment comprises: receiving a data stream sent by a client, wherein the data stream comprises file attribute information; encrypting the data stream to obtain a file content ciphertext; generating a first file according to a preset rule, and writing a file content ciphertext into the first file; encrypting file path information and file attribute information corresponding to a first file written with a file content ciphertext to obtain encrypted file downloading information; calculating a first MD5 value according to the encrypted file downloading information; encoding the encrypted file downloading information and the first MD5 value to obtain encoding information, and sending the encoding information to the client; the first file is an empty file which does not store file information, the file path is encrypted, leakage of a file structure in the server is reduced, the safety of the file is improved, the database does not need to be relied on, and the cost is low.
Example four:
fig. 4 is a schematic diagram of a file decryption apparatus according to a fourth embodiment of the present invention.
Referring to fig. 4, the apparatus, applied to a server, includes:
a download request information receiving unit 7, configured to receive download request information sent by a client, where the download request information includes coding information;
the decoding unit 8 is used for decoding the encoded information to obtain encrypted file downloading information and a first MD5 value;
the verification unit 9 is configured to verify the encrypted file download information according to the encrypted file download information and the first MD5 value;
a first decryption unit 10, configured to decrypt the encrypted file download information to obtain file path information and file attribute information when the verification passes;
a writing unit 11, configured to write the file attribute information into the response header, and read the file content ciphertext according to the file path information;
the second decryption unit 12 is configured to decrypt the file content ciphertext to obtain a file content plaintext;
a sending unit 13, configured to send response information including plaintext of the file content to the client.
The file decryption apparatus provided in this embodiment includes: receiving downloading request information sent by a client, wherein the downloading request information comprises coding information; decoding the coded information to obtain encrypted file downloading information and a first MD5 value; verifying the encrypted file downloading information according to the encrypted file downloading information and the first MD5 value; if the verification is passed, decrypting the encrypted file downloading information to obtain file path information and file attribute information; writing the file attribute information into the response head, and reading the file content ciphertext according to the file path information; decrypting the file content ciphertext to obtain a file content plaintext; the response information including the file content plaintext is sent to the client, the file path can be decrypted, leakage of a file structure in the server is reduced, the file safety is improved, dependence on a database is not needed, and the cost is low.
The embodiment of the present invention further provides an electronic device, which includes a memory, a processor, and a computer program that is stored in the memory and can be run on the processor, and when the processor executes the computer program, the steps of the file encryption method and the file decryption method provided in the foregoing embodiments are implemented.
The embodiment of the present invention further provides a computer readable medium having a non-volatile program code executable by a processor, where a computer program is stored on the computer readable medium, and when the computer program is executed by the processor, the computer program performs the steps of the file encryption method and the file decryption method of the above embodiments.
The computer program product provided in the embodiment of the present invention includes a computer-readable storage medium storing a program code, where instructions included in the program code may be used to execute the method described in the foregoing method embodiment, and specific implementation may refer to the method embodiment, which is not described herein again.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the system and the apparatus described above may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In addition, in the description of the embodiments of the present invention, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
In the description of the present invention, it should be noted that the terms "center", "upper", "lower", "left", "right", "vertical", "horizontal", "inner", "outer", etc., indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, and are only for convenience of description and simplicity of description, but do not indicate or imply that the device or element being referred to must have a particular orientation, be constructed and operated in a particular orientation, and thus, should not be construed as limiting the present invention. Furthermore, the terms "first," "second," and "third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
Finally, it should be noted that: the above-mentioned embodiments are only specific embodiments of the present invention, which are used for illustrating the technical solutions of the present invention and not for limiting the same, and the protection scope of the present invention is not limited thereto, although the present invention is described in detail with reference to the foregoing embodiments, those skilled in the art should understand that: any person skilled in the art can modify or easily conceive the technical solutions described in the foregoing embodiments or equivalent substitutes for some technical features within the technical scope of the present disclosure; such modifications, changes or substitutions do not depart from the spirit and scope of the embodiments of the present invention, and they should be construed as being included therein. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.
Claims (10)
1. A file encryption method is applied to a server, and comprises the following steps:
receiving a data stream sent by a client, wherein the data stream comprises file attribute information;
encrypting the data stream to obtain a file content ciphertext;
generating a first file according to a preset rule, and writing the file content ciphertext into the first file;
encrypting file path information corresponding to the first file written in the file content ciphertext and the file attribute information to obtain encrypted file downloading information;
calculating a first MD5 value according to the encrypted file downloading information;
encoding the encrypted file downloading information and the first MD5 value to obtain encoding information, and sending the encoding information to the client;
the first file is an empty file which does not store file information.
2. The method for encrypting the file according to claim 1, further comprising:
receiving upload request information sent by the client, wherein the upload request information comprises a user name and a password;
matching the user name with a pre-stored user name and the password with a pre-stored password;
and if the user name is consistent with the pre-stored user name and the password is consistent with the pre-stored password, sending first prompt information which passes the verification to the client.
3. The method of encrypting the file according to claim 2, wherein the upload request information further includes an authorization code, the method further comprising:
when the user successfully logs in the client through the user name and the password, verifying the authorization code;
and if the authorization code is consistent with the pre-stored authorization code, sending second prompt information of passing verification to the client.
4. The method for encrypting the file according to claim 1, wherein the encrypting the data stream to obtain the file content ciphertext comprises:
and encrypting the data stream by adopting a symmetric encryption algorithm or an asymmetric encryption algorithm to obtain the file content ciphertext.
5. A method for decrypting a file, applied to a server, the method comprising:
receiving downloading request information sent by a client, wherein the downloading request information comprises coding information;
decoding the coding information to obtain encrypted file downloading information and a first MD5 value;
verifying the encrypted file downloading information according to the encrypted file downloading information and the first MD5 value;
if the verification is passed, decrypting the encrypted file downloading information to obtain file path information and file attribute information;
writing the file attribute information into a response head, and reading a file content ciphertext according to the file path information;
decrypting the file content ciphertext to obtain a file content plaintext;
and sending response information comprising the plaintext of the file content to the client.
6. The method for decrypting the file according to claim 5, wherein the verifying the encrypted file download information according to the encrypted file download information and the value of the first MD5 comprises:
obtaining a second MD5 value according to the encrypted file downloading information;
matching the first MD5 value with the second MD5 value;
if the first MD5 value is the same as the second MD5 value, the encrypted file downloading information is not tampered;
and if the value of the first MD5 is not the same as the value of the second MD5, the encrypted file downloading information is tampered.
7. An apparatus for encrypting a file, applied to a server, the apparatus comprising:
the data stream receiving unit is used for receiving a data stream sent by a client, and the data stream comprises file attribute information;
the encryption processing unit is used for carrying out encryption processing on the data stream to obtain a file content ciphertext;
the first file generating unit is used for generating a first file according to a preset rule and writing the file content ciphertext into the first file;
the encryption unit is used for encrypting the file path information corresponding to the first file written with the file content ciphertext and the file attribute information to obtain encrypted file downloading information;
the computing unit is used for computing a first MD5 value according to the encrypted file downloading information;
the encoding unit is used for encoding the encrypted file downloading information and the first MD5 value to obtain encoding information and sending the encoding information to the client;
the first file is an empty file which does not store file information.
8. An apparatus for decrypting a file, applied to a server, the apparatus comprising:
a download request information receiving unit, configured to receive download request information sent by a client, where the download request information includes encoding information;
the decoding unit is used for decoding the coding information to obtain encrypted file downloading information and a first MD5 value;
the verification unit is used for verifying the encrypted file downloading information according to the encrypted file downloading information and the first MD5 value;
the first decryption unit is used for decrypting the encrypted file downloading information under the condition that the verification is passed to obtain file path information and file attribute information;
the writing unit is used for writing the file attribute information into a response head and reading a file content ciphertext according to the file path information;
the second decryption unit is used for decrypting the file content ciphertext to obtain a file content plaintext;
and the sending unit is used for sending response information comprising the plaintext of the file content to the client.
9. An electronic device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of any of claims 1-6 when executing the computer program.
10. A computer-readable medium having non-volatile program code executable by a processor, wherein the program code causes the processor to perform the method of any of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010594052.1A CN111666580B (en) | 2020-06-24 | 2020-06-24 | File encryption method, file decryption method and file encryption device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010594052.1A CN111666580B (en) | 2020-06-24 | 2020-06-24 | File encryption method, file decryption method and file encryption device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111666580A true CN111666580A (en) | 2020-09-15 |
| CN111666580B CN111666580B (en) | 2022-11-04 |
Family
ID=72389861
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010594052.1A Active CN111666580B (en) | 2020-06-24 | 2020-06-24 | File encryption method, file decryption method and file encryption device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111666580B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2009093670A (en) * | 2003-10-31 | 2009-04-30 | Multinet Kk | File security management system, authentication server, client device, program and recording medium |
| WO2015184834A1 (en) * | 2014-12-18 | 2015-12-10 | 中兴通讯股份有限公司 | Encryption/decryption method and device for file of embedded type storage device, and terminal |
| CN106130951A (en) * | 2016-05-31 | 2016-11-16 | 努比亚技术有限公司 | A kind of application store service management method and device |
| CN106850522A (en) * | 2016-05-24 | 2017-06-13 | 中国科学院信息工程研究所 | The implementation method of Group file encrypted transmission in a kind of instant messaging |
| CN107196907A (en) * | 2017-03-31 | 2017-09-22 | 武汉斗鱼网络科技有限公司 | A kind of guard method of Android SO files and device |
| CN107959660A (en) * | 2016-10-17 | 2018-04-24 | 中兴通讯股份有限公司 | A kind of static file access method and device based on Nginx |
-
2020
- 2020-06-24 CN CN202010594052.1A patent/CN111666580B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2009093670A (en) * | 2003-10-31 | 2009-04-30 | Multinet Kk | File security management system, authentication server, client device, program and recording medium |
| WO2015184834A1 (en) * | 2014-12-18 | 2015-12-10 | 中兴通讯股份有限公司 | Encryption/decryption method and device for file of embedded type storage device, and terminal |
| CN106850522A (en) * | 2016-05-24 | 2017-06-13 | 中国科学院信息工程研究所 | The implementation method of Group file encrypted transmission in a kind of instant messaging |
| CN106130951A (en) * | 2016-05-31 | 2016-11-16 | 努比亚技术有限公司 | A kind of application store service management method and device |
| CN107959660A (en) * | 2016-10-17 | 2018-04-24 | 中兴通讯股份有限公司 | A kind of static file access method and device based on Nginx |
| CN107196907A (en) * | 2017-03-31 | 2017-09-22 | 武汉斗鱼网络科技有限公司 | A kind of guard method of Android SO files and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111666580B (en) | 2022-11-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10567394B2 (en) | Data integrity verification | |
| CN111079128B (en) | Data processing method and device, electronic equipment and storage medium | |
| TWI288552B (en) | Method for implementing new password and computer readable medium for performing the method | |
| JP4668619B2 (en) | Device key | |
| EP1696360B1 (en) | Apparatus and system for remotely verifying integrity of memory for mobile platform, and method therefor | |
| US8565436B2 (en) | Secure self managed data (SSMD) | |
| CN110868287B (en) | Authentication encryption ciphertext coding method, system, device and storage medium | |
| CN110264354B (en) | Method and device for creating block chain account and verifying block chain transaction | |
| CN108768963B (en) | Communication method and system of trusted application and secure element | |
| CN110611670A (en) | API request encryption method and device | |
| CN112241527B (en) | Secret key generation method and system of terminal equipment of Internet of things and electronic equipment | |
| CN111294203A (en) | Information transmission method | |
| CN104125064A (en) | Dynamic password authentication method, client and authentication system | |
| US20120017086A1 (en) | Information security transmission system | |
| CN114430346A (en) | Login method and device and electronic equipment | |
| CN111666580B (en) | File encryption method, file decryption method and file encryption device | |
| CN112199730A (en) | Method and device for processing application data on terminal and electronic equipment | |
| CN114679299B (en) | Communication protocol encryption method, device, computer equipment and storage medium | |
| CN114401117A (en) | Account login verification system based on block chain | |
| CN115935379A (en) | Service processing method, device, equipment and computer readable storage medium | |
| KR101379854B1 (en) | Apparatus and method for protecting authenticated certificate password | |
| JP5057270B2 (en) | Information verification method, information verification apparatus, and information verification system | |
| CN116911988B (en) | Transaction data processing method, system, computer equipment and storage medium | |
| KR20190029513A (en) | A user authentication method, an evaluation device, a program, and a user authentication system | |
| US11218472B2 (en) | Methods and systems to facilitate establishing a connection between an access-seeking device and an access granting device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |