CN111709038B - File encryption and decryption method, distributed storage system, device and storage medium - Google Patents
File encryption and decryption method, distributed storage system, device and storage medium Download PDFInfo
- Publication number
- CN111709038B CN111709038B CN202010379014.4A CN202010379014A CN111709038B CN 111709038 B CN111709038 B CN 111709038B CN 202010379014 A CN202010379014 A CN 202010379014A CN 111709038 B CN111709038 B CN 111709038B
- Authority
- CN
- China
- Prior art keywords
- file
- encryption
- path
- check code
- compressed
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 70
- 238000004806 packaging method and process Methods 0.000 claims abstract description 7
- 230000015654 memory Effects 0.000 claims description 27
- 239000012634 fragment Substances 0.000 claims description 25
- 238000012795 verification Methods 0.000 claims description 20
- 230000006835 compression Effects 0.000 claims description 9
- 238000007906 compression Methods 0.000 claims description 9
- 238000004891 communication Methods 0.000 description 9
- 238000010586 diagram Methods 0.000 description 7
- 230000008569 process Effects 0.000 description 7
- 230000006870 function Effects 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- 238000003491 array Methods 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 230000002688 persistence Effects 0.000 description 2
- VBMOHECZZWVLFJ-GXTUVTBFSA-N (2s)-2-[[(2s)-6-amino-2-[[(2s)-6-amino-2-[[(2s,3r)-2-[[(2s,3r)-2-[[(2s)-6-amino-2-[[(2s)-2-[[(2s)-6-amino-2-[[(2s)-2-[[(2s)-2-[[(2s)-2,6-diaminohexanoyl]amino]-5-(diaminomethylideneamino)pentanoyl]amino]propanoyl]amino]hexanoyl]amino]propanoyl]amino]hexan Chemical compound NC(N)=NCCC[C@@H](C(O)=O)NC(=O)[C@H](CCCCN)NC(=O)[C@H](CCCCN)NC(=O)[C@H]([C@@H](C)O)NC(=O)[C@H]([C@H](O)C)NC(=O)[C@H](CCCCN)NC(=O)[C@H](C)NC(=O)[C@H](CCCCN)NC(=O)[C@H](C)NC(=O)[C@H](CCCN=C(N)N)NC(=O)[C@@H](N)CCCCN VBMOHECZZWVLFJ-GXTUVTBFSA-N 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000006837 decompression Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 108010068904 lysyl-arginyl-alanyl-lysyl-alanyl-lysyl-threonyl-threonyl-lysyl-lysyl-arginine Proteins 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 238000012856 packing Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/17—Details of further file system functions
- G06F16/174—Redundancy elimination performed by the file system
- G06F16/1744—Redundancy elimination performed by the file system using compression, e.g. sparse files
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Databases & Information Systems (AREA)
- Data Mining & Analysis (AREA)
- Storage Device Security (AREA)
Abstract
The present disclosure provides a file encryption method, including: splitting the target file into a plurality of fragmented files; generating a check code by using an information abstraction algorithm based on each segmented file, and encrypting each segmented file by using the check code; packaging the encrypted plurality of fragmented files into a compressed file package; generating a path of the compressed file package; and encrypting the path using an AES encryption algorithm. The disclosure also provides a file decryption method. The present disclosure also provides a distributed storage system, an electronic device, and a readable storage medium.
Description
Technical Field
The disclosure belongs to the technical field of file storage management, and particularly relates to a file encryption and decryption method, a distributed storage system, equipment and a storage medium.
Background
With further development of networking, in real life, there are a large number of documents belonging to secret level documents of enterprises and institutions, such as contracts, technical schemes, personnel information, and the like.
With more and more network informatization, various hackers flood the network, and data security storage becomes a major concern for enterprise institutions in modern society, and the development of enterprise informatization brings new challenges to the security management of files.
On the other hand, as the encryption algorithm is continuously evolved, more choices are brought to file encryption storage, however, how to effectively manage files by using the encryption algorithm still remains a difficult problem, if the whole file is directly encrypted, particularly a large file, the CPU and memory resources of the server are very occupied, the time consumption is relatively long, the throughput capacity of the server also becomes the bottleneck of the whole system, and how to provide the encryption and decryption efficiency of the file storage is also a very critical problem.
In order to protect enterprise sensitive information, enterprises generally deploy firewalls at network outlets, detect network inflow and outflow, use network security means such as intrusion detection and the like, and ensure document security based on physical isolation, token signature mechanisms, user authorization or mechanisms based on regulations.
However, the traditional file security storage management scheme only pays attention to protection against illegal theft, the storage security of the file is ignored, the file storage in the prior art mostly adopts a distributed file system, hidden danger in the aspect of data security is left when the storage capacity and the data backup are solved, and the whole disc leakage of sensitive data is easily caused by direct copying of the data backup by internal personnel.
For example, in a file encryption method in the prior art, a package file to be encrypted is cut according to file feature information to form file fragments, the file fragments are combined into a disordered file after being disordered, and the disordered file is packaged to form a packaged file. The file encryption method makes the acquisition of the encrypted package file in the package file more complex, and increases the difficulty of acquiring the file content in the package file. The method is to cut the file in fragments according to the file characteristic information, and only the file block sequence is disturbed, so that the file characteristic cannot be completely eliminated, and therefore, a malicious third party is easy to recover part or even all valuable information.
For another example, in the prior art, when a user issues a data persistence request to a cloud service system, the service system transmits the data persistence request to a cloud storage platform, and a data encryption software module encrypts data to end data storage; when a user issues a data access request to a cloud service system, the service system transmits the data access request to a cloud storage platform, a data access control software module performs access control on access data to judge whether the data access request is allowed or not, and if so, decrypted data can be accessed; and if the access is allowed, ending the access to ensure the security of the data distributed and stored in the cloud storage platform by the user. According to the method, on one hand, whether access is allowed is judged through a secure access control module, on the other hand, data is decrypted through an elliptic encryption algorithm according to national standards by using a private key of a service system, and finally whether the data access request is allowed is judged by comparing a hash value of the decrypted data with a hash value of the data before decryption.
Disclosure of Invention
In order to solve at least one of the above technical problems, the present disclosure provides a file encryption and decryption method, a distributed storage system, a device, and a storage medium.
According to one aspect of the present disclosure, there is provided a file encryption method including: splitting the target file into a plurality of fragmented files; generating a check code by using an information abstraction algorithm based on each segmented file, and encrypting each segmented file by using the check code; packaging the encrypted plurality of fragmented files into a compressed file package; generating a path of the compressed file package; and encrypting the path using an AES encryption algorithm.
According to the file encryption method of at least one embodiment of the present disclosure, before splitting a target file into a plurality of fragmented files, signature verification is performed on the target file, and the target file that passes the signature verification is split.
According to a file encryption method of at least one embodiment of the present disclosure, a check code is generated using an information digest algorithm based on each of the fragmented files, and each of the fragmented files is encrypted using the check code, respectively, including: taking the last N bytes of each fragment file, sequentially combining, and encoding by using an information abstract algorithm to generate a check code; AES encryption is performed on the first N bytes of each fragment file using a check code as an encryption password.
According to the file encryption method of at least one embodiment of the present disclosure, the remaining file contents other than the first N bytes of each fragmented file are subjected to an anti-code operation.
According to the file encryption method of at least one embodiment of the present disclosure, when the encrypted plurality of fragmented files are packaged into a compressed file package, a check code is used as a compressed password.
According to the file encryption method of at least one embodiment of the present disclosure, the last N bytes are the last 100 bytes, and the first N bytes are the first 100 bytes.
According to the file encryption method of at least one embodiment of the present disclosure, a target file in the form of a compressed file packet after path encryption is stored to a distributed storage system.
According to the file encryption method of at least one embodiment of the present disclosure, a path of a target file in the form of a compressed file packet and a check code are combined to obtain a combined string, and AES encryption is performed on the combined string to generate an encrypted combined string.
According to the file encrypting method of at least one embodiment of the present disclosure, the path of the target file is a relative path.
According to another aspect of the present disclosure, there is provided a file decrypting method for decrypting a target file encrypted using any of the above file encrypting methods, including: decrypting the path of the target file; locating the target file based on the decrypted path of the target file; decompressing the target file by using the check code to obtain a plurality of fragmented files; decrypting each fragment file; and merging the decrypted plurality of fragmented files into a complete file to obtain the decrypted target file.
According to yet another aspect of the present disclosure, there is provided a distributed storage system including: the file splitting module splits the target file; the verification code generation module is used for generating a verification code by using an information abstract algorithm based on each fragment file; the system comprises a segmented file encryption module, a verification code and a storage module, wherein the segmented file encryption module is used for encrypting each segmented file respectively by using the verification code; the compression module packages the encrypted plurality of fragmented files into a compressed file packet; the path generation module generates a path of the compressed file packet; and a path encryption module that encrypts the path using an AES encryption algorithm.
The distributed storage system according to at least one embodiment of the present disclosure further includes a combined string generation module that combines the path of the target file in the form of the compressed file packet and the check code to obtain a combined string, and AES encrypts the combined string to generate an encrypted combined string.
The distributed storage system according to at least one embodiment of the present disclosure further includes a verification module that performs signature verification on the target file, and the file splitting module splits the target file that is signature-verified by the verification module.
According to still another aspect of the present disclosure, there is provided an electronic apparatus including: a memory storing execution instructions; and a processor executing the execution instructions stored in the memory, so that the processor executes the file encryption method.
According to still another aspect of the present disclosure, there is provided a readable storage medium having stored therein execution instructions which when executed by a processor are configured to implement the file encryption method of any one of the above.
Drawings
The accompanying drawings, which are included to provide a further understanding of the disclosure and are incorporated in and constitute a part of this specification, illustrate exemplary embodiments of the disclosure and together with the description serve to explain the principles of the disclosure.
Fig. 1 is a flow chart illustrating a file decryption method according to one embodiment of the present disclosure.
Fig. 2 is a flow chart illustrating a file decrypting method according to still another embodiment of the present disclosure.
Fig. 3 is an exemplary diagram of fragmented file encryption.
Fig. 4 is a flowchart illustrating a file encryption method according to another embodiment of the present disclosure.
Fig. 5 is a flowchart illustrating a file decryption method according to an embodiment of the present disclosure.
Fig. 6 is a block diagram of a distributed storage system according to one embodiment of the present disclosure.
Fig. 7 is a block diagram of a distributed storage system according to yet another embodiment of the present disclosure.
Fig. 8 is a block diagram of a distributed storage system according to yet another embodiment of the present disclosure.
Fig. 9 is a schematic view of an electronic device according to one embodiment of the present disclosure.
Detailed Description
The present disclosure is described in further detail below with reference to the drawings and the embodiments. It is to be understood that the specific embodiments described herein are merely illustrative of the relevant content and not limiting of the present disclosure. It should be further noted that, for convenience of description, only a portion relevant to the present disclosure is shown in the drawings.
In addition, embodiments of the present disclosure and features of the embodiments may be combined with each other without conflict. The present disclosure will be described in detail below with reference to the accompanying drawings in conjunction with embodiments.
Fig. 1 is a flow chart illustrating a file encryption method according to an embodiment of the present disclosure.
As shown in fig. 1, the file encryption method includes the steps of:
s11, splitting the target file into a plurality of fragmented files;
s12, generating a check code by using a message digest algorithm based on each fragment file;
s13, encrypting each fragment file by using a check code;
s14, packaging the encrypted plurality of fragmented files into a compressed file packet;
s15, generating a path of the compressed file package; and
s16 encrypts the path using the AES encryption algorithm.
The file encryption method of the present embodiment performs double-layer encryption in the encryption process.
The first layer encryption A comprises S11 of splitting a target file into a plurality of fragmented files; s12, generating a check code by using a message digest algorithm based on each fragment file; s13, encrypting each fragment file by using a check code; and S14, packaging the encrypted plurality of fragmented files into a compressed file package.
The first layer encryption B includes S15 a path for generating a compressed file packet; and S16, encrypting the path by using an AES encryption algorithm.
Fig. 2 is a flow chart illustrating a file encrypting method according to another embodiment of the present disclosure.
As shown in fig. 2, the file encryption method includes the steps of:
s10, performing signature verification on the target file;
s11, splitting the target file passing the signature verification into a plurality of fragmented files;
s12, generating a check code by using a message digest algorithm based on each fragment file;
s13, encrypting each fragment file by using a check code;
s14, packaging the encrypted plurality of fragmented files into a compressed file packet;
s15, generating a path of the compressed file package; and
s16 encrypts the path using the AES encryption algorithm.
The file encryption method of the present embodiment also performs A, B double-layer encryption during encryption.
For example, in an application scenario of this embodiment, a user needs to store a target file in a distributed storage system, needs to request that the link carries signature information, and when the distributed storage system verifies the signature information, the target file is allowed to be uploaded to the distributed storage system.
The AES encryption technology used in the present disclosure is a symmetric block encryption technology, uses 128-bit block encrypted data, the length of the key may use 128 bits, 192 bits or 256 bits, the block encryption has ECB, CBC, CFB, OFB, CTR five encryption modes, the encrypted bytes need to be multiples of 16, so the insufficient bits need to be complemented, and the AES supports multiple filling modes: noPadding, PKCS5, ISO10126Padding, zerosPadding, PKCS, packing, and AES key vector again increase the difficulty of decryption, so that even if the user gets the key, it is very difficult to decrypt the encrypted path without knowing the encryption process.
Preferably, in the above embodiment, S12 generates a check code using an information digest algorithm based on each of the fragmented files, S13 encrypts each of the fragmented files using the check code, and includes: taking the last N bytes of each fragment file, sequentially combining, and encoding by using an information abstract algorithm to generate a check code; AES encryption is performed on the first N bytes of each fragment file using a check code as an encryption password.
For example, the target file is just 1M and divided into 4 parts (4 segmented files), each part is 250KB, the last 100 bytes of each segmented file are sequentially combined, the check code is obtained after MD5 encoding, the check code is also used as an AES encrypted cipher, the first 100 bytes of each segmented file are AES encrypted, and after encryption, each segmented file obtains a 2-bit ciphertext length mark+ciphertext value+the content of the remaining file.
More preferably, step 12 and step 13 further comprise performing an anti-coding operation on the remaining file contents of each fragmented file except the first N bytes. Fig. 3 shows an example of the encryption of a fragmented file.
For example, the rest file content of each segmented file is subjected to code reversing operation, and the encrypted segmented file is obtained by splicing the 2-bit ciphertext length mark, the ciphertext value and the rest file content code reversing content, wherein the code reversing aim is to make the segmented file take any blocks and cannot see the original content.
Preferably, in the above embodiment, when the encrypted plurality of fragmented files are packaged into a compressed file package, a check code is used as the compressed password.
In the above embodiment, the target file in the form of the compressed package of files after the path encryption is stored in the distributed storage system.
Fig. 4 is a flowchart illustrating a file encryption method according to another embodiment of the present disclosure.
As shown in fig. 4, the file encryption method includes the steps of:
s11, splitting the target file into a plurality of fragmented files;
s12, generating a check code by using a message digest algorithm based on each fragment file;
s13, encrypting each fragment file by using a check code;
s14, packaging the encrypted plurality of fragmented files into a compressed file packet;
s15, generating a path of the compressed file package;
s16, encrypting the path by using an AES encryption algorithm; and
s17, combining the paths of the target file in the compressed file packet form and the check code to obtain a combined character string, and performing AES encryption on the combined character string to generate an encrypted combined character string.
The file encryption method of the present embodiment performs A, B double-layer encryption in the encryption process.
Preferably, the path of the document in the above embodiment is a relative path of the document.
For example, the file relative path and the file check code obtained in step S12 are combined: for example, the file path is file/sample. Zip, and the check code is 202CB962AC59075B964B07152D234B70, so as to obtain the combined character string [ "file/sample. Zip", "202CB962AC59075B964B07152D234B70" ].
And carrying out AES encryption on the combined character string, and returning the obtained character string to the user.
Fig. 5 is a flowchart of a file decrypting method according to an embodiment of the present disclosure, which decrypts a target file encrypted by using the file encrypting method of the present disclosure.
As shown in fig. 5, the file decryption method includes:
s21, decrypting the path of the target file;
s22, positioning the target file based on the decrypted path of the target file;
s23, decompressing the target file by using the check code to obtain a plurality of fragmented files;
s24, decrypting each fragment file; and
s25, merging the decrypted plurality of fragmented files into a complete file, and obtaining the decrypted target file.
The file decryption method of the present embodiment performs C, D double-layer decryption during decryption.
The file decryption method of the present embodiment will be described below with more detailed examples.
When a user needs to request to download a target file stored before from the distributed storage system, encryption path information and signature information need to be carried in a request link, and when the distributed storage system verifies the signature information, the request is accepted.
The distributed storage system obtains encryption path information in the request link of the user, and AES decryption is performed by the public key. And positioning the target file based on the decrypted path of the target file.
For example, the AES decryption is converted into JSON to obtain a path and a check code similar to [ "file/sample. Zip ]," 202CB962AC59075B964B07152D234B70"], and the target file in the distributed storage system is searched according to the path.
The file obtained by positioning is a real file, the file belongs to an encryption compression state and cannot be normally and directly opened, and the verification code is used for decompression.
And decompressing the target file by using the check code to obtain a plurality of segmented files, and obtaining a plurality of blocks of each segmented file, wherein the blocks are directly ordered according to nature. The first 2-bit byte ciphertext length tag is read, and the ciphertext value (a) and the residual content (b) are read according to the length sequence.
Each sharded file is decrypted. And decrypting the ciphertext value (a) by using the check code, and splicing the decrypted bytes and the residual content (b) after the check code is reversed to obtain the completely decrypted fragmented file.
Until all the fragmented files are decrypted, care is taken not to disturb the order of the original fragmented files.
And sequentially splicing all the finally obtained fragmented files to obtain a finished target file, wherein the target file is the final file to be downloaded by the user, and transferring the file into a temporary directory, wherein the effective time of the temporary file is set to be 30 minutes (adjustable), so that the aim of reducing the pressure of a server is achieved if the user repeatedly reads within 30 minutes and does not walk through the whole decryption process.
The present disclosure also provides a distributed storage system 100.
Fig. 6 is a block diagram of a distributed storage system 100 according to one embodiment of the present disclosure.
As shown in fig. 6, the distributed storage system 100 includes: a file splitting module 101, the file splitting module 101 splitting the target file; the check code generation module 102, the check code generation module 102 generates a check code by using an information abstract algorithm based on each fragment file; the segmented file encryption module 103, wherein the segmented file encryption module 103 uses check codes to encrypt each segmented file respectively; the compression module 104, the compression module 104 packs the multiple encrypted fragmented files into a compressed file packet; a path generation module 105, the path generation module 105 generating a path of the compressed file packet; and a path encryption module 106, the path encryption module 106 encrypting the path using an AES encryption algorithm.
Fig. 7 is a block diagram of a distributed storage system 100 according to yet another embodiment of the present disclosure.
As shown in fig. 7, the distributed storage system 100 includes: a file splitting module 101, the file splitting module 101 splitting the target file; the check code generation module 102, the check code generation module 102 generates a check code by using an information abstract algorithm based on each fragment file; the segmented file encryption module 103, wherein the segmented file encryption module 103 uses check codes to encrypt each segmented file respectively; the compression module 104, the compression module 104 packs the multiple encrypted fragmented files into a compressed file packet; a path generation module 105, the path generation module 105 generating a path of the compressed file packet; the path encryption module 106, the path encryption module 106 encrypts the path using an AES encryption algorithm, and the combined string generation module 107, the combined string generation module 107 combines the path of the target file in the form of a compressed file packet and the check code to obtain a combined string, AES encrypts the combined string, and generates an encrypted combined string.
Fig. 8 is a block diagram of a distributed storage system 100 according to yet another embodiment of the present disclosure.
The distributed storage system 100 includes: a file splitting module 101, the file splitting module 101 splitting the target file; the check code generation module 102, the check code generation module 102 generates a check code by using an information abstract algorithm based on each fragment file; the segmented file encryption module 103, wherein the segmented file encryption module 103 uses check codes to encrypt each segmented file respectively; the compression module 104, the compression module 104 packs the multiple encrypted fragmented files into a compressed file packet; a path generation module 105, the path generation module 105 generating a path of the compressed file packet; and a path encryption module 106, the path encryption module 106 encrypting the path using an AES encryption algorithm.
The distributed storage system 100 further includes a verification module 108, the verification module 108 performs signature verification on the target file, and the file splitting module 101 splits the target file that is signature verified by the verification module 108.
The file encryption method and the file decryption method are oriented to system developers, are easy to understand, are easy to realize, a common user cannot access a non-authority file, cannot find the corresponding file position only through a database, cannot decrypt to obtain file path information even if a key is obtained, cannot directly read part of content information even if actual file content information is obtained because file characteristics are completely eliminated, and are rapid in encryption and decryption processes, for example, AES (advanced encryption standard) encryption time is even less than 1 millisecond for 100 bytes, and transcoding is not more than 20 milliseconds for 15M files. The technical scheme of the method adopts double encryption of file database storage and file content information storage, has extremely high safety, and is difficult to crack even if operation and maintenance personnel in a company.
The present disclosure also provides an electronic device, as shown in fig. 9, including: a communication interface 1000, a memory 2000 and a processor 3000. The communication interface 1000 is used for communicating with external devices for data interactive transmission. A computer program executable on the processor 3000 is stored in the memory 2000. The processor 3000 implements the method in the above embodiment when executing the computer program. The number of the memories 2000 and the processors 3000 may be one or more.
The memory 2000 may include a high-speed RAM memory or may further include a non-volatile memory (non-volatile memory), such as at least one magnetic disk memory.
If the communication interface 1000, the memory 2000 and the processor 3000 are implemented independently, the communication interface 1000, the memory 2000 and the processor 3000 may be connected to each other through a bus and perform communication with each other. The bus may be an industry standard architecture (ISA, industry Standard Architecture) bus, a peripheral component interconnect (PCI, peripheral Component) bus, or an extended industry standard architecture (EISA, extended Industry Standard Component) bus, among others. The buses may be classified as address buses, data buses, control buses, etc. For ease of illustration, only one thick line is shown in the figure, but not only one bus or one type of bus.
Alternatively, in a specific implementation, if the communication interface 1000, the memory 2000, and the processor 3000 are integrated on a chip, the communication interface 1000, the memory 2000, and the processor 3000 may perform communication with each other through internal interfaces.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and further implementations are included within the scope of the preferred embodiment of the present disclosure in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the embodiments of the present disclosure. The processor performs the various methods and processes described above. For example, method embodiments in the present disclosure may be implemented as a software program tangibly embodied on a machine-readable medium, such as a memory. In some embodiments, part or all of the software program may be loaded and/or installed via memory and/or a communication interface. One or more of the steps of the methods described above may be performed when a software program is loaded into memory and executed by a processor. Alternatively, in other embodiments, the processor may be configured to perform one of the methods described above in any other suitable manner (e.g., by means of firmware).
Logic and/or steps represented in the flowcharts or otherwise described herein may be embodied in any readable storage medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions.
For the purposes of this description, a "readable storage medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable read-only memory (CDROM). In addition, the readable storage medium may even be paper or other suitable medium on which the program can be printed, as the program can be electronically captured, via, for instance, optical scanning of the paper or other medium, then compiled, interpreted, or otherwise processed in a suitable manner if necessary, and then stored in a memory.
It should be understood that portions of the present disclosure may be implemented in hardware, software, or a combination thereof. In the above-described embodiments, the various steps or methods may be implemented in software stored in a memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, may be implemented using any one or combination of the following techniques, as is well known in the art: discrete logic circuits having logic gates for implementing logic functions on data signals, application specific integrated circuits having suitable combinational logic gates, programmable Gate Arrays (PGAs), field Programmable Gate Arrays (FPGAs), and the like.
Those of ordinary skill in the art will appreciate that all or part of the steps implementing the method of the above embodiments may be implemented by a program to instruct related hardware, and the program may be stored in a readable storage medium, where the program includes one or a combination of the steps of the method embodiment when executed.
Furthermore, each functional unit in each embodiment of the present disclosure may be integrated into one processing module, or each unit may exist alone physically, or two or more units may be integrated into one module. The integrated modules may be implemented in hardware or in software functional modules. The integrated modules may also be stored in a readable storage medium if implemented in the form of software functional modules and sold or used as a stand-alone product. The storage medium may be a read-only memory, a magnetic or optical disk, or the like.
In the description of the present specification, reference to the terms "one embodiment/mode," "some embodiments/modes," "examples," "specific examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment/mode or example is included in at least one embodiment/mode or example of the present application. In this specification, schematic representations of the above terms are not necessarily directed to the same embodiment/manner or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments/modes or examples. Furthermore, the various embodiments/implementations or examples described in this specification and the features of the various embodiments/implementations or examples may be combined and combined by persons skilled in the art without contradiction.
Furthermore, the terms "first," "second," and the like, are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include at least one such feature. In the description of the present application, the meaning of "plurality" is at least two, such as two, three, etc., unless explicitly defined otherwise.
It will be appreciated by those skilled in the art that the above-described embodiments are merely for clarity of illustration of the disclosure, and are not intended to limit the scope of the disclosure. Other variations or modifications will be apparent to persons skilled in the art from the foregoing disclosure, and such variations or modifications are intended to be within the scope of the present disclosure.
Claims (9)
1. A method of encrypting a file, comprising:
splitting the target file into a plurality of fragmented files;
generating a check code by using an information abstraction algorithm based on each segmented file, and encrypting each segmented file by using the check code;
packaging the encrypted plurality of fragmented files into a compressed file package;
generating a path of the compressed file package; and
encrypting the path using an AES encryption algorithm;
when the encrypted plurality of fragmented files are packed into a compressed file packet, a check code is used as a compressed password;
wherein encrypting the path using an AES encryption algorithm comprises: and combining the path of the target file in the form of the compressed file packet and the check code to obtain a combined character string, and performing AES encryption on the combined character string to generate an encrypted combined character string.
2. The file encryption method according to claim 1, wherein the signature verification is performed on the target file before splitting the target file into the plurality of fragmented files, and the target file that has passed the signature verification is split.
3. The file encryption method according to claim 1, wherein based on each of the fragmented files, a check code is generated using a message digest algorithm, each of the fragmented files is individually encrypted using the check code, comprising:
taking the last N bytes of each fragment file, sequentially combining, and encoding by using an information abstract algorithm to generate the check code;
AES encryption is performed on the first N bytes of each fragment file using the check code as an encryption password.
4. A file encryption method according to claim 3, wherein the remaining file contents other than the first N bytes of each fragmented file are subjected to an anti-code operation.
5. A file encryption method according to claim 1 or 2, characterized in that the object file in the form of a compressed package of files after path encryption is stored in the distributed storage system.
6. A file decrypting method, characterized by decrypting a target file encrypted using the file encrypting method according to any one of claims 1 to 5, comprising:
decrypting the path of the target file;
locating the target file based on the decrypted path of the target file;
decompressing the target file by using a check code to obtain a plurality of fragmented files;
decrypting each fragment file; and
and merging the decrypted plurality of fragmented files into a complete file to obtain the decrypted target file.
7. A distributed storage system, comprising:
the file splitting module splits the target file;
the verification code generation module is used for generating a verification code by using an information abstract algorithm based on each fragment file;
the segmented file encryption module is used for encrypting each segmented file by using the check codes;
the compression module packages the encrypted plurality of fragmented files into a compressed file packet;
the path generation module generates a path of the compressed file packet; and
a path encryption module that encrypts the path using an AES encryption algorithm;
when the encrypted plurality of fragmented files are packed into a compressed file packet, a check code is used as a compressed password;
the distributed storage system further includes:
and the combined character string generation module is used for combining the path of the target file in the form of the compressed file packet and the check code to obtain a combined character string, performing AES (advanced encryption standard) encryption on the combined character string and generating an encrypted combined character string.
8. An electronic device, comprising:
a memory storing execution instructions; and
a processor executing the execution instructions stored in the memory, causing the processor to perform the file encryption method according to any one of claims 1 to 5.
9. A readable storage medium, wherein executable instructions are stored in the readable storage medium, which when executed by a processor are adapted to implement the file encryption method according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010379014.4A CN111709038B (en) | 2020-05-07 | 2020-05-07 | File encryption and decryption method, distributed storage system, device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010379014.4A CN111709038B (en) | 2020-05-07 | 2020-05-07 | File encryption and decryption method, distributed storage system, device and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111709038A CN111709038A (en) | 2020-09-25 |
| CN111709038B true CN111709038B (en) | 2024-04-12 |
Family
ID=72536550
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010379014.4A Active CN111709038B (en) | 2020-05-07 | 2020-05-07 | File encryption and decryption method, distributed storage system, device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111709038B (en) |
Families Citing this family (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112311865B (en) * | 2020-10-23 | 2023-02-28 | 苏州浪潮智能科技有限公司 | File encryption transmission method and device |
| CN112306412A (en) * | 2020-10-30 | 2021-02-02 | 广东小天才科技有限公司 | Encryption and decryption method, equipment and medium based on Ubifs system |
| CN112379905B (en) * | 2020-11-20 | 2024-06-28 | 惠州Tcl移动通信有限公司 | Kernel upgrading method, device, terminal and storage medium |
| CN112584155B (en) * | 2020-12-11 | 2022-11-04 | 南京中兴力维软件有限公司 | Video data processing method and device |
| CN112734361B (en) * | 2020-12-29 | 2021-12-07 | 卡乐电子(苏州)有限责任公司 | Distributed cooperative office data processing method and system |
| CN112866415B (en) * | 2021-02-24 | 2023-07-28 | 上海泰宇信息技术股份有限公司 | Data backup private cloud storage and downloading method |
| CN113095042B (en) * | 2021-03-23 | 2023-12-19 | 广州零端科技有限公司 | Character string encryption method, system, device and storage medium |
| CN113407492B (en) * | 2021-06-18 | 2024-03-26 | 中国人民银行清算总中心 | Method and device for storing file fragments and reorganizing file fragments and file protection system |
| CN113536309A (en) * | 2021-07-07 | 2021-10-22 | 浙江中控技术股份有限公司 | Software integrity detection method and device, electronic device and storage medium |
| CN113609510B (en) * | 2021-09-28 | 2021-12-24 | 武汉泰乐奇信息科技有限公司 | Big data encryption transmission method and device based on distributed storage |
| CN114281379A (en) * | 2021-12-21 | 2022-04-05 | 上海银基信息安全技术股份有限公司 | Software updating method and device based on OTA, equipment terminal, server terminal and storage medium |
| CN114969831B (en) * | 2022-07-28 | 2022-10-25 | 天津天迅达科技有限公司 | Financial data real-time analysis device and method |
| CN116383896B (en) * | 2023-06-07 | 2023-11-03 | 中航金网(北京)电子商务有限公司 | File integrity verification method, cloud platform starting method, device and equipment |
| CN116610485B (en) * | 2023-07-21 | 2024-04-30 | 深圳市城市交通规划设计研究中心股份有限公司 | Isolation gateway data verification method, electronic equipment and storage medium |
| CN118573672A (en) * | 2024-07-30 | 2024-08-30 | 杭州光芯科技有限公司 | File transmission method, device, medium and equipment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101667162A (en) * | 2008-09-02 | 2010-03-10 | 英业达股份有限公司 | System and method for encrypting and decrypting file |
| CN105760764A (en) * | 2014-12-18 | 2016-07-13 | 中兴通讯股份有限公司 | Encryption and decryption methods and devices for embedded storage device file and terminal |
| CN109510700A (en) * | 2018-12-20 | 2019-03-22 | 滨州学院 | A kind of data transmission system based on chaos encryption |
| CN110958211A (en) * | 2018-09-27 | 2020-04-03 | 北京云雾链网络科技有限公司 | Data processing system and method based on block chain |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107153794B (en) * | 2016-03-03 | 2020-07-21 | 腾讯科技(深圳)有限公司 | File encryption method and device and file decryption method and device |
-
2020
- 2020-05-07 CN CN202010379014.4A patent/CN111709038B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101667162A (en) * | 2008-09-02 | 2010-03-10 | 英业达股份有限公司 | System and method for encrypting and decrypting file |
| CN105760764A (en) * | 2014-12-18 | 2016-07-13 | 中兴通讯股份有限公司 | Encryption and decryption methods and devices for embedded storage device file and terminal |
| CN110958211A (en) * | 2018-09-27 | 2020-04-03 | 北京云雾链网络科技有限公司 | Data processing system and method based on block chain |
| CN109510700A (en) * | 2018-12-20 | 2019-03-22 | 滨州学院 | A kind of data transmission system based on chaos encryption |
Non-Patent Citations (1)
| Title |
|---|
| 一种采用多种加密算法的文件加密方法;姚峰;何成万;胡宏银;;计算机应用与软件(11);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111709038A (en) | 2020-09-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111709038B (en) | File encryption and decryption method, distributed storage system, device and storage medium | |
| CN101430747B (en) | Movable equipment based on credible embedded platform and its security storage method | |
| CN112800450B (en) | Data storage method, system, device, equipment and storage medium | |
| CN109067814B (en) | Media data encryption method, system, device and storage medium | |
| US11755499B2 (en) | Locally-stored remote block data integrity | |
| WO2016019790A1 (en) | Verification method, client, server and system for installation package | |
| US20130290731A1 (en) | Systems and methods for storing and verifying security information | |
| CN108170461B (en) | Differential upgrade package generation method, differential upgrade method and device | |
| CN107508801A (en) | A kind of file tamper-proof method and device | |
| CN111159757A (en) | File encryption method, file decryption method and corresponding devices | |
| CN109510702A (en) | A method of it key storage based on computer characteristic code and uses | |
| CN105337722A (en) | Data encryption method and apparatus | |
| CN114285551A (en) | Quantum key distribution method and device, readable storage medium and electronic equipment | |
| CN117061126A (en) | System and method for managing encryption and decryption of cloud disk files | |
| CN105871858A (en) | Method and system for ensuring high data safety | |
| CN103902922A (en) | Method and system for preventing file from being stolen | |
| CN114942729A (en) | Data safety storage and reading method for computer system | |
| CN107257282A (en) | A kind of full bag encryption method of code based on RC4 algorithms | |
| US20130290732A1 (en) | Systems and methods for storing and verifying security information | |
| Brož et al. | Practical cryptographic data integrity protection with full disk encryption | |
| US11991293B2 (en) | Authorized secure data movement | |
| CN108242997B (en) | Method and apparatus for secure communication | |
| GB2605676A (en) | Key block enhanced wrapping | |
| CN113111990A (en) | Data processing method and system for OFD electronic file | |
| CN102647428A (en) | Encrypting and decrypting system and method adopting trusteeship control based on communication network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |