CN111666580A - File encryption method, file decryption method and file encryption device - Google Patents

File encryption method, file decryption method and file encryption device Download PDF

Info

Publication number
CN111666580A
CN111666580A CN202010594052.1A CN202010594052A CN111666580A CN 111666580 A CN111666580 A CN 111666580A CN 202010594052 A CN202010594052 A CN 202010594052A CN 111666580 A CN111666580 A CN 111666580A
Authority
CN
China
Prior art keywords
file
information
encrypted
value
client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010594052.1A
Other languages
Chinese (zh)
Other versions
CN111666580B (en
Inventor
孙梦亚
黄长波
汪明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Aerospace Data Co ltd
Original Assignee
Beijing Aerospace Data Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Aerospace Data Co ltd filed Critical Beijing Aerospace Data Co ltd
Priority to CN202010594052.1A priority Critical patent/CN111666580B/en
Publication of CN111666580A publication Critical patent/CN111666580A/en
Application granted granted Critical
Publication of CN111666580B publication Critical patent/CN111666580B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Power Engineering (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a file encryption method, a file decryption method and a file decryption device, which comprise the following steps: receiving a data stream sent by a client, wherein the data stream comprises file attribute information; encrypting the data stream to obtain a file content ciphertext; generating a first file according to a preset rule, and writing a file content ciphertext into the first file; encrypting file path information and file attribute information corresponding to a first file written with a file content ciphertext to obtain encrypted file downloading information; calculating a first MD5 value according to the encrypted file downloading information; encoding the encrypted file downloading information and the first MD5 value to obtain encoding information, and sending the encoding information to the client; the first file is an empty file which does not store file information, the file path is encrypted, leakage of a file structure in the server is reduced, the safety of the file is improved, the database does not need to be relied on, and the cost is low.

Description

File encryption method, file decryption method and file encryption device
Technical Field
The present invention relates to the field of information technologies, and in particular, to a file encryption method, a file decryption method, and a file decryption apparatus.
Background
With the development of the internet, a server becomes an important choice for storing network files. The real information of the file is usually stored in a database of the server and converted into url (Uniform Resource Locator) for file operation.
The method needs to rely on a database, is high in cost, stores the real information of the file in a fixed path of the server, and most people can find the file through the fixed path.
Disclosure of Invention
In view of this, the present invention provides a file encryption method, a file decryption method, and a file decryption apparatus, which encrypt a file path, reduce leakage of a file structure in a server, improve file security, and do not need to rely on a database, and are low in cost.
In a first aspect, an embodiment of the present invention provides a file encryption method, which is applied to a server, and the method includes:
receiving a data stream sent by a client, wherein the data stream comprises file attribute information;
encrypting the data stream to obtain a file content ciphertext;
generating a first file according to a preset rule, and writing the file content ciphertext into the first file;
encrypting file path information corresponding to the first file written in the file content ciphertext and the file attribute information to obtain encrypted file downloading information;
calculating a first MD5 value according to the encrypted file downloading information;
encoding the encrypted file downloading information and the first MD5 value to obtain encoding information, and sending the encoding information to the client;
the first file is an empty file which does not store file information.
Further, the method further comprises:
receiving upload request information sent by the client, wherein the upload request information comprises a user name and a password;
matching the user name with a pre-stored user name and the password with a pre-stored password;
and if the user name is consistent with the pre-stored user name and the password is consistent with the pre-stored password, sending first prompt information which passes the verification to the client.
Further, the upload request information further includes an authorization code, and the method further includes:
when the user successfully logs in the client through the user name and the password, verifying the authorization code;
and if the authorization code is consistent with the pre-stored authorization code, sending second prompt information of passing verification to the client.
Further, the encrypting the data stream to obtain a file content ciphertext includes:
and encrypting the data stream by adopting a symmetric encryption algorithm or an asymmetric encryption algorithm to obtain the file content ciphertext.
In a second aspect, an embodiment of the present invention provides a file decryption method, which is applied to a server, and the method includes:
receiving downloading request information sent by a client, wherein the downloading request information comprises coding information;
decoding the coding information to obtain encrypted file downloading information and a first MD5 value;
verifying the encrypted file downloading information according to the encrypted file downloading information and the first MD5 value;
if the verification is passed, decrypting the encrypted file downloading information to obtain file path information and file attribute information;
writing the file attribute information into a response head, and reading a file content ciphertext according to the file path information;
decrypting the file content ciphertext to obtain a file content plaintext;
and sending response information comprising the plaintext of the file content to the client.
Further, the verifying the encrypted file download information according to the encrypted file download information and the first MD5 value includes:
obtaining a second MD5 value according to the encrypted file downloading information;
matching the first MD5 value with the second MD5 value;
if the first MD5 value is the same as the second MD5 value, the encrypted file downloading information is not tampered;
and if the value of the first MD5 is not the same as the value of the second MD5, the encrypted file downloading information is tampered.
In a third aspect, an embodiment of the present invention provides an apparatus for encrypting a file, where the apparatus is applied to a server, and the apparatus includes:
the data stream receiving unit is used for receiving a data stream sent by a client, and the data stream comprises file attribute information;
the encryption processing unit is used for carrying out encryption processing on the data stream to obtain a file content ciphertext;
the first file generating unit is used for generating a first file according to a preset rule and writing the file content ciphertext into the first file;
the encryption unit is used for encrypting the file path information corresponding to the first file written with the file content ciphertext and the file attribute information to obtain encrypted file downloading information;
the computing unit is used for computing a first MD5 value according to the encrypted file downloading information;
the encoding unit is used for encoding the encrypted file downloading information and the first MD5 value to obtain encoding information and sending the encoding information to the client;
the first file is an empty file which does not store file information.
In a fourth aspect, an embodiment of the present invention provides a file decryption apparatus, which is applied to a server, and includes:
a download request information receiving unit, configured to receive download request information sent by a client, where the download request information includes encoding information;
the decoding unit is used for decoding the coding information to obtain encrypted file downloading information and a first MD5 value;
the verification unit is used for verifying the encrypted file downloading information according to the encrypted file downloading information and the first MD5 value;
the first decryption unit is used for decrypting the encrypted file downloading information under the condition that the verification is passed to obtain file path information and file attribute information;
the writing unit is used for writing the file attribute information into a response head and reading a file content ciphertext according to the file path information;
the second decryption unit is used for decrypting the file content ciphertext to obtain a file content plaintext;
and the sending unit is used for sending response information comprising the plaintext of the file content to the client.
In a fifth aspect, an embodiment of the present invention provides an electronic device, including a memory and a processor, where the memory stores a computer program operable on the processor, and the processor implements the method described above when executing the computer program.
In a sixth aspect, embodiments of the invention provide a computer readable medium having non-volatile program code executable by a processor, the program code causing the processor to perform the method as described above.
The embodiment of the invention provides a file encryption method, a file decryption method and a file decryption device, wherein the file encryption method, the file decryption method and the file decryption device comprise the following steps: receiving a data stream sent by a client, wherein the data stream comprises file attribute information; encrypting the data stream to obtain a file content ciphertext; generating a first file according to a preset rule, and writing a file content ciphertext into the first file; encrypting file path information and file attribute information corresponding to a first file written with a file content ciphertext to obtain encrypted file downloading information; calculating a first MD5 value according to the encrypted file downloading information; encoding the encrypted file downloading information and the first MD5 value to obtain encoding information, and sending the encoding information to the client; the first file is an empty file which does not store file information, the file path is encrypted, leakage of a file structure in the server is reduced, the safety of the file is improved, the database does not need to be relied on, and the cost is low.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
In order to make the aforementioned and other objects, features and advantages of the present invention comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a flowchart of a file encryption method according to an embodiment of the present invention;
FIG. 2 is a flowchart of a file decryption method according to a second embodiment of the present invention;
fig. 3 is a schematic diagram of a file encryption apparatus according to a third embodiment of the present invention;
fig. 4 is a schematic diagram of a file decryption apparatus according to a fourth embodiment of the present invention.
Icon:
1-a data stream receiving unit; 2-an encryption processing unit; 3-a first file generation unit; 4-an encryption unit; 5-a calculation unit; 6-a coding unit; 7-download request information receiving unit; 8-a decoding unit; 9-a verification unit; 10-a first decryption unit; 11-a write unit; 12-a second decryption unit; 13-transmitting unit.
Detailed Description
To make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
For the understanding of the present embodiment, the following detailed description will be given of the embodiment of the present invention.
The first embodiment is as follows:
fig. 1 is a flowchart of a file encryption method according to an embodiment of the present invention.
Referring to fig. 1, the execution subject is a server, and the method includes the steps of:
step S101, receiving a data stream sent by a client, wherein the data stream comprises file attribute information;
here, the file attribute information includes, but is not limited to, a file name, a file size, and a file format.
Step S102, encrypting the data stream to obtain a file content ciphertext;
here, the server encrypts the data stream, usually using a reversible encryption algorithm, where the reversible encryption algorithm includes a symmetric encryption algorithm and an asymmetric encryption algorithm, and the symmetric encryption algorithm or the asymmetric encryption algorithm is used to encrypt the data stream, so as to obtain a file content ciphertext.
Step S103, generating a first file according to a preset rule, and writing a file content ciphertext into the first file;
specifically, the preset rule may be a random generation algorithm, and a randomly named first file is generated in a specified file path according to the random generation algorithm, where the first file is an empty file that does not store file information, that is, the size of the first file is 0.
Step S104, encrypting file path information and file attribute information corresponding to the first file written with the file content ciphertext to obtain encrypted file downloading information;
specifically, when a first file of the designated path is generated according to a random generation algorithm, the file content ciphertext is written into the first file, and at this time, the size of the first file is not 0. And when the first file is an empty file, the corresponding file path information is the same as the file path information corresponding to the first file written with the file content ciphertext.
And encrypting the file path information and the file attribute information corresponding to the first file written with the file content ciphertext, namely encapsulating the file path information and the file attribute information corresponding to the first file written with the file content ciphertext together and then encrypting. For example, the file path information is 'E: \ computer data \ backup', the file attribute information is 'neural network + PDF +32 bit', and the file path information is 'E: \ computer data \ backup + neural network + PDF +32 bit' after encapsulation. The file path information and the file attribute information corresponding to the first file written with the file content ciphertext are encrypted to obtain the encrypted file downloading information, so that the risk of exposing the server file can be reduced, malicious attacks can be reduced, and the file security can be improved. In the encryption process, a database is not needed for storage, so that the cost can be reduced.
Step S105, calculating a first MD5 value according to the encrypted file downloading information;
and step S106, encoding the encrypted file downloading information and the first MD5 value to obtain encoding information, and sending the encoding information to the client.
Here, since the encrypted file download information and the first MD5 value are both in binary format, the encoded information obtained by encoding the encrypted file download information and the first MD5 value is in a character string format.
Further, the method comprises the following steps:
step S201, receiving upload request information sent by a client, wherein the upload request information comprises a user name and a password;
step S202, matching the user name with a pre-stored user name, and matching the password with a pre-stored password;
step S203, if the user name is consistent with the pre-stored user name and the password is consistent with the pre-stored password, first prompt information that the verification is passed is sent to the client.
Further, the upload request information further includes an authorization code, and the method further includes the following steps:
step S301, when the user successfully logs in the client through the user name and the password, the authorization code is verified;
step S302, if the authorization code is consistent with the pre-stored authorization code, second prompt information that the verification is passed is sent to the client.
Specifically, when the client sends the upload request information to the server, the server needs to perform permission verification on the client, and the permission verification includes two modes.
The first mode is as follows: the uploading request information comprises a user name and a password, the server matches the user name with the pre-stored user name and the password with the pre-stored password, if the user name is consistent with the pre-stored user name and the password is consistent with the pre-stored password, the client side accords with the authority of uploading files, and at the moment, the server sends first prompt information that the verification is passed to the client side. If the user name is consistent with the pre-stored user name and the password is inconsistent with the pre-stored password, the verification is not passed at the moment; if the user name is not consistent with the pre-stored user name and the password is consistent with the pre-stored password, the verification is not passed at the moment; if the user name is not consistent with the pre-stored user name and the password is not consistent with the pre-stored password, the verification is not passed at the moment. And under the condition that the verification is not passed, the client cannot upload the file.
The second way is: when a user inputs a user name and a password on a client and login is successful, a server generally distributes an authorization code for the client, at the moment, the client sends the authorization code to the server, the server matches the authorization code with a pre-stored authorization code, and if the authorization code is consistent with the pre-stored authorization code, the server sends second prompt information that verification is passed to the client.
Further, step S102 includes:
and encrypting the data stream by adopting a symmetric encryption algorithm or an asymmetric encryption algorithm to obtain a file content ciphertext.
The file encryption method provided by the embodiment comprises the following steps: receiving a data stream sent by a client, wherein the data stream comprises file attribute information; encrypting the data stream to obtain a file content ciphertext; generating a first file according to a preset rule, and writing a file content ciphertext into the first file; encrypting file path information and file attribute information corresponding to a first file written with a file content ciphertext to obtain encrypted file downloading information; calculating a first MD5 value according to the encrypted file downloading information; encoding the encrypted file downloading information and the first MD5 value to obtain encoding information, and sending the encoding information to the client; the first file is an empty file which does not store file information, the file path is encrypted, leakage of a file structure in the server is reduced, the safety of the file is improved, the database does not need to be relied on, and the cost is low.
Example two:
fig. 2 is a flowchart of a file decryption method according to a second embodiment of the present invention.
Referring to fig. 2, the execution subject is a server, and the method includes the steps of:
step S401, receiving downloading request information sent by a client, wherein the downloading request information comprises coding information;
here, after receiving the download request information sent by the client, the server needs to verify the user name, the password, and the authorization code in the download request information, and a specific verification process is similar to the encryption process and is not described herein again. Wherein the encoded information is obtained by an encryption method.
Step S402, decoding the coded information to obtain encrypted file downloading information and a first MD5 value;
step S403, verifying the encrypted file downloading information according to the encrypted file downloading information and the first MD5 value;
step S404, if the verification is passed, decrypting the encrypted file downloading information to obtain file path information and file attribute information;
here, the process of decrypting the encrypted file download information corresponds to the encryption process.
Step S405, writing the file attribute information into the response head, and reading the file content ciphertext according to the file path information;
specifically, the data stream includes a response header, and after the file attribute information is written into the response header, the client can create a file by the file name in the response header since the file attribute information includes the file name. For example, when the file name is "123" and the file format is "PDF", the browser calls the file name "123. PDF" from the response header after the user clicks the download link on the client.
Step S406, decrypting the file content ciphertext to obtain a file content plaintext;
here, the decryption process corresponds to a symmetric encryption algorithm or an asymmetric encryption algorithm in the encryption process.
Step S407, sending response information including the plaintext of the file content to the client.
Further, step S403 includes the steps of:
step S501, obtaining a second MD5 value according to the encrypted file downloading information;
step S502, matching the first MD5 value with the second MD5 value; if the first MD5 value is the same as the second MD5 value, then step S503 is performed; if the first MD5 value is not the same as the second MD5 value, perform step S504;
step S503, the encrypted file downloading information is not tampered;
in step S504, the encrypted file download information is tampered.
Specifically, when the client sends the download request information to the server, the server needs to check the encrypted file download information included in the download request information to determine whether the encrypted file download information is tampered.
The file decryption method provided by the embodiment comprises the following steps: receiving downloading request information sent by a client, wherein the downloading request information comprises coding information; decoding the coded information to obtain encrypted file downloading information and a first MD5 value; verifying the encrypted file downloading information according to the encrypted file downloading information and the first MD5 value; if the verification is passed, decrypting the encrypted file downloading information to obtain file path information and file attribute information; writing the file attribute information into the response head, and reading the file content ciphertext according to the file path information; decrypting the file content ciphertext to obtain a file content plaintext; the response information including the file content plaintext is sent to the client, the file path can be decrypted, leakage of a file structure in the server is reduced, the file safety is improved, dependence on a database is not needed, and the cost is low.
Example three:
fig. 3 is a schematic diagram of a file encryption apparatus according to a third embodiment of the present invention.
Referring to fig. 3, the apparatus, applied to a server, includes:
the data stream receiving unit 1 is used for receiving a data stream sent by a client, wherein the data stream comprises file attribute information;
the encryption processing unit 2 is used for encrypting the data stream to obtain a file content ciphertext;
the first file generating unit 3 is used for generating a first file according to a preset rule and writing a file content ciphertext into the first file;
the encryption unit 4 is used for encrypting file path information and file attribute information corresponding to a first file written with a file content ciphertext to obtain encrypted file downloading information;
a calculating unit 5, configured to calculate a first MD5 value according to the encrypted file download information;
the encoding unit 6 is used for encoding the encrypted file downloading information and the first MD5 value to obtain encoding information and sending the encoding information to the client; the first file is an empty file which does not store file information.
The file encryption device provided by the embodiment comprises: receiving a data stream sent by a client, wherein the data stream comprises file attribute information; encrypting the data stream to obtain a file content ciphertext; generating a first file according to a preset rule, and writing a file content ciphertext into the first file; encrypting file path information and file attribute information corresponding to a first file written with a file content ciphertext to obtain encrypted file downloading information; calculating a first MD5 value according to the encrypted file downloading information; encoding the encrypted file downloading information and the first MD5 value to obtain encoding information, and sending the encoding information to the client; the first file is an empty file which does not store file information, the file path is encrypted, leakage of a file structure in the server is reduced, the safety of the file is improved, the database does not need to be relied on, and the cost is low.
Example four:
fig. 4 is a schematic diagram of a file decryption apparatus according to a fourth embodiment of the present invention.
Referring to fig. 4, the apparatus, applied to a server, includes:
a download request information receiving unit 7, configured to receive download request information sent by a client, where the download request information includes coding information;
the decoding unit 8 is used for decoding the encoded information to obtain encrypted file downloading information and a first MD5 value;
the verification unit 9 is configured to verify the encrypted file download information according to the encrypted file download information and the first MD5 value;
a first decryption unit 10, configured to decrypt the encrypted file download information to obtain file path information and file attribute information when the verification passes;
a writing unit 11, configured to write the file attribute information into the response header, and read the file content ciphertext according to the file path information;
the second decryption unit 12 is configured to decrypt the file content ciphertext to obtain a file content plaintext;
a sending unit 13, configured to send response information including plaintext of the file content to the client.
The file decryption apparatus provided in this embodiment includes: receiving downloading request information sent by a client, wherein the downloading request information comprises coding information; decoding the coded information to obtain encrypted file downloading information and a first MD5 value; verifying the encrypted file downloading information according to the encrypted file downloading information and the first MD5 value; if the verification is passed, decrypting the encrypted file downloading information to obtain file path information and file attribute information; writing the file attribute information into the response head, and reading the file content ciphertext according to the file path information; decrypting the file content ciphertext to obtain a file content plaintext; the response information including the file content plaintext is sent to the client, the file path can be decrypted, leakage of a file structure in the server is reduced, the file safety is improved, dependence on a database is not needed, and the cost is low.
The embodiment of the present invention further provides an electronic device, which includes a memory, a processor, and a computer program that is stored in the memory and can be run on the processor, and when the processor executes the computer program, the steps of the file encryption method and the file decryption method provided in the foregoing embodiments are implemented.
The embodiment of the present invention further provides a computer readable medium having a non-volatile program code executable by a processor, where a computer program is stored on the computer readable medium, and when the computer program is executed by the processor, the computer program performs the steps of the file encryption method and the file decryption method of the above embodiments.
The computer program product provided in the embodiment of the present invention includes a computer-readable storage medium storing a program code, where instructions included in the program code may be used to execute the method described in the foregoing method embodiment, and specific implementation may refer to the method embodiment, which is not described herein again.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the system and the apparatus described above may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In addition, in the description of the embodiments of the present invention, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
In the description of the present invention, it should be noted that the terms "center", "upper", "lower", "left", "right", "vertical", "horizontal", "inner", "outer", etc., indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, and are only for convenience of description and simplicity of description, but do not indicate or imply that the device or element being referred to must have a particular orientation, be constructed and operated in a particular orientation, and thus, should not be construed as limiting the present invention. Furthermore, the terms "first," "second," and "third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
Finally, it should be noted that: the above-mentioned embodiments are only specific embodiments of the present invention, which are used for illustrating the technical solutions of the present invention and not for limiting the same, and the protection scope of the present invention is not limited thereto, although the present invention is described in detail with reference to the foregoing embodiments, those skilled in the art should understand that: any person skilled in the art can modify or easily conceive the technical solutions described in the foregoing embodiments or equivalent substitutes for some technical features within the technical scope of the present disclosure; such modifications, changes or substitutions do not depart from the spirit and scope of the embodiments of the present invention, and they should be construed as being included therein. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.

Claims (10)

1. A file encryption method is applied to a server, and comprises the following steps:
receiving a data stream sent by a client, wherein the data stream comprises file attribute information;
encrypting the data stream to obtain a file content ciphertext;
generating a first file according to a preset rule, and writing the file content ciphertext into the first file;
encrypting file path information corresponding to the first file written in the file content ciphertext and the file attribute information to obtain encrypted file downloading information;
calculating a first MD5 value according to the encrypted file downloading information;
encoding the encrypted file downloading information and the first MD5 value to obtain encoding information, and sending the encoding information to the client;
the first file is an empty file which does not store file information.
2. The method for encrypting the file according to claim 1, further comprising:
receiving upload request information sent by the client, wherein the upload request information comprises a user name and a password;
matching the user name with a pre-stored user name and the password with a pre-stored password;
and if the user name is consistent with the pre-stored user name and the password is consistent with the pre-stored password, sending first prompt information which passes the verification to the client.
3. The method of encrypting the file according to claim 2, wherein the upload request information further includes an authorization code, the method further comprising:
when the user successfully logs in the client through the user name and the password, verifying the authorization code;
and if the authorization code is consistent with the pre-stored authorization code, sending second prompt information of passing verification to the client.
4. The method for encrypting the file according to claim 1, wherein the encrypting the data stream to obtain the file content ciphertext comprises:
and encrypting the data stream by adopting a symmetric encryption algorithm or an asymmetric encryption algorithm to obtain the file content ciphertext.
5. A method for decrypting a file, applied to a server, the method comprising:
receiving downloading request information sent by a client, wherein the downloading request information comprises coding information;
decoding the coding information to obtain encrypted file downloading information and a first MD5 value;
verifying the encrypted file downloading information according to the encrypted file downloading information and the first MD5 value;
if the verification is passed, decrypting the encrypted file downloading information to obtain file path information and file attribute information;
writing the file attribute information into a response head, and reading a file content ciphertext according to the file path information;
decrypting the file content ciphertext to obtain a file content plaintext;
and sending response information comprising the plaintext of the file content to the client.
6. The method for decrypting the file according to claim 5, wherein the verifying the encrypted file download information according to the encrypted file download information and the value of the first MD5 comprises:
obtaining a second MD5 value according to the encrypted file downloading information;
matching the first MD5 value with the second MD5 value;
if the first MD5 value is the same as the second MD5 value, the encrypted file downloading information is not tampered;
and if the value of the first MD5 is not the same as the value of the second MD5, the encrypted file downloading information is tampered.
7. An apparatus for encrypting a file, applied to a server, the apparatus comprising:
the data stream receiving unit is used for receiving a data stream sent by a client, and the data stream comprises file attribute information;
the encryption processing unit is used for carrying out encryption processing on the data stream to obtain a file content ciphertext;
the first file generating unit is used for generating a first file according to a preset rule and writing the file content ciphertext into the first file;
the encryption unit is used for encrypting the file path information corresponding to the first file written with the file content ciphertext and the file attribute information to obtain encrypted file downloading information;
the computing unit is used for computing a first MD5 value according to the encrypted file downloading information;
the encoding unit is used for encoding the encrypted file downloading information and the first MD5 value to obtain encoding information and sending the encoding information to the client;
the first file is an empty file which does not store file information.
8. An apparatus for decrypting a file, applied to a server, the apparatus comprising:
a download request information receiving unit, configured to receive download request information sent by a client, where the download request information includes encoding information;
the decoding unit is used for decoding the coding information to obtain encrypted file downloading information and a first MD5 value;
the verification unit is used for verifying the encrypted file downloading information according to the encrypted file downloading information and the first MD5 value;
the first decryption unit is used for decrypting the encrypted file downloading information under the condition that the verification is passed to obtain file path information and file attribute information;
the writing unit is used for writing the file attribute information into a response head and reading a file content ciphertext according to the file path information;
the second decryption unit is used for decrypting the file content ciphertext to obtain a file content plaintext;
and the sending unit is used for sending response information comprising the plaintext of the file content to the client.
9. An electronic device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of any of claims 1-6 when executing the computer program.
10. A computer-readable medium having non-volatile program code executable by a processor, wherein the program code causes the processor to perform the method of any of claims 1-6.
CN202010594052.1A 2020-06-24 2020-06-24 File encryption method, file decryption method and file encryption device Active CN111666580B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010594052.1A CN111666580B (en) 2020-06-24 2020-06-24 File encryption method, file decryption method and file encryption device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010594052.1A CN111666580B (en) 2020-06-24 2020-06-24 File encryption method, file decryption method and file encryption device

Publications (2)

Publication Number Publication Date
CN111666580A true CN111666580A (en) 2020-09-15
CN111666580B CN111666580B (en) 2022-11-04

Family

ID=72389861

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010594052.1A Active CN111666580B (en) 2020-06-24 2020-06-24 File encryption method, file decryption method and file encryption device

Country Status (1)

Country Link
CN (1) CN111666580B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009093670A (en) * 2003-10-31 2009-04-30 Multinet Kk File security management system, authentication server, client device, program and recording medium
WO2015184834A1 (en) * 2014-12-18 2015-12-10 中兴通讯股份有限公司 Encryption/decryption method and device for file of embedded type storage device, and terminal
CN106130951A (en) * 2016-05-31 2016-11-16 努比亚技术有限公司 A kind of application store service management method and device
CN106850522A (en) * 2016-05-24 2017-06-13 中国科学院信息工程研究所 The implementation method of Group file encrypted transmission in a kind of instant messaging
CN107196907A (en) * 2017-03-31 2017-09-22 武汉斗鱼网络科技有限公司 A kind of guard method of Android SO files and device
CN107959660A (en) * 2016-10-17 2018-04-24 中兴通讯股份有限公司 A kind of static file access method and device based on Nginx

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009093670A (en) * 2003-10-31 2009-04-30 Multinet Kk File security management system, authentication server, client device, program and recording medium
WO2015184834A1 (en) * 2014-12-18 2015-12-10 中兴通讯股份有限公司 Encryption/decryption method and device for file of embedded type storage device, and terminal
CN106850522A (en) * 2016-05-24 2017-06-13 中国科学院信息工程研究所 The implementation method of Group file encrypted transmission in a kind of instant messaging
CN106130951A (en) * 2016-05-31 2016-11-16 努比亚技术有限公司 A kind of application store service management method and device
CN107959660A (en) * 2016-10-17 2018-04-24 中兴通讯股份有限公司 A kind of static file access method and device based on Nginx
CN107196907A (en) * 2017-03-31 2017-09-22 武汉斗鱼网络科技有限公司 A kind of guard method of Android SO files and device

Also Published As

Publication number Publication date
CN111666580B (en) 2022-11-04

Similar Documents

Publication Publication Date Title
US10567394B2 (en) Data integrity verification
CN111079128B (en) Data processing method and device, electronic equipment and storage medium
TWI288552B (en) Method for implementing new password and computer readable medium for performing the method
JP4668619B2 (en) Device key
EP1696360B1 (en) Apparatus and system for remotely verifying integrity of memory for mobile platform, and method therefor
US8565436B2 (en) Secure self managed data (SSMD)
CN110868287B (en) Authentication encryption ciphertext coding method, system, device and storage medium
CN110264354B (en) Method and device for creating block chain account and verifying block chain transaction
CN108768963B (en) Communication method and system of trusted application and secure element
CN110611670A (en) API request encryption method and device
CN112241527B (en) Secret key generation method and system of terminal equipment of Internet of things and electronic equipment
CN111294203A (en) Information transmission method
CN104125064A (en) Dynamic password authentication method, client and authentication system
US20120017086A1 (en) Information security transmission system
CN114430346A (en) Login method and device and electronic equipment
CN111666580B (en) File encryption method, file decryption method and file encryption device
CN112199730A (en) Method and device for processing application data on terminal and electronic equipment
CN114679299B (en) Communication protocol encryption method, device, computer equipment and storage medium
CN114401117A (en) Account login verification system based on block chain
CN115935379A (en) Service processing method, device, equipment and computer readable storage medium
KR101379854B1 (en) Apparatus and method for protecting authenticated certificate password
JP5057270B2 (en) Information verification method, information verification apparatus, and information verification system
CN116911988B (en) Transaction data processing method, system, computer equipment and storage medium
KR20190029513A (en) A user authentication method, an evaluation device, a program, and a user authentication system
US11218472B2 (en) Methods and systems to facilitate establishing a connection between an access-seeking device and an access granting device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant