CN113032736A - Encryption and decryption method of Docker layered mirror image and related device - Google Patents
Encryption and decryption method of Docker layered mirror image and related device Download PDFInfo
- Publication number
- CN113032736A CN113032736A CN202110246452.8A CN202110246452A CN113032736A CN 113032736 A CN113032736 A CN 113032736A CN 202110246452 A CN202110246452 A CN 202110246452A CN 113032736 A CN113032736 A CN 113032736A
- Authority
- CN
- China
- Prior art keywords
- file
- encrypted
- mirror image
- software program
- processed
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 62
- 238000004891 communication Methods 0.000 claims description 6
- 230000008569 process Effects 0.000 abstract description 12
- 230000005540 biological transmission Effects 0.000 abstract description 3
- 230000007246 mechanism Effects 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 13
- 230000004048 modification Effects 0.000 description 10
- 238000012986 modification Methods 0.000 description 10
- 238000004590 computer program Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 5
- 230000003287 optical effect Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 239000000126 substance Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
Abstract
The application provides an encryption and decryption method and a related device for a Docker layered mirror image, wherein the encryption method comprises the following steps: acquiring a file to be encrypted in a software program to be processed; the file to be encrypted means: at least part of the files different from the lower-layer mirror image of the software program to be processed; encrypting a file to be encrypted to obtain an encrypted file; and taking the mirror image of the encrypted file as the uppermost mirror image of the layered mirror image of the software program to be processed. The method and the device realize encryption of important files in the software program to be processed, and ensure the safety of the software program to be processed. The lower-layer mirror image is not encrypted, so that the lower-layer mirror image can be directly multiplexed under the layered mechanism of the Docker, the space can be saved and the efficiency can be improved during distribution and operation, and the distribution and operation performance of the software program can be improved. According to the method and the device, redundant data in the mirror image of the encrypted file are reduced, so that the transmission space is saved, and the uploading performance in the process of uploading the software program is improved.
Description
Technical Field
The application relates to the field of software, in particular to an encryption and decryption method and a related device for a Docker layered mirror image.
Background
The developed software program can be published in a public warehouse and can also be published in a private warehouse. If the software is released in a public warehouse, the problem of software program safety can be faced, and if the software is released in a private warehouse, the software needs to be erected and maintained independently and is inconvenient to use.
In order to facilitate use and ensure the safety of software programs, at present, the software programs to be issued to a public warehouse are encrypted to obtain the encrypted software programs, and layered mirror images of the software programs and a layer of mirror image generated by the encrypted software programs are uploaded to the public warehouse together. For example, it may be uploaded to Docker's public library.
However, the uploading performance of the process of uploading the software program to the public library and the distribution and operation performance of the uploaded software program are poor.
Disclosure of Invention
The application provides an encryption and decryption method and a related device for a Docker layered mirror image, and aims to solve the problems that the uploading performance of a software program uploading process to a public library and the distribution and running performance of the uploaded software program are poor.
In order to achieve the above object, the present application provides the following technical solutions:
the application provides an encryption method of a Docker layered mirror image, which comprises the following steps:
acquiring a file to be encrypted in a software program to be processed; the file to be encrypted refers to: at least part of files different from the lower-layer mirror image of the software program to be processed;
encrypting the file to be encrypted to obtain an encrypted file;
and taking the mirror image of the encrypted file as the uppermost mirror image of the layered mirror image of the software program to be processed.
Optionally, the obtaining of the file to be encrypted in the software program to be processed includes:
acquiring an upper layer mirror image and a lower layer mirror image of the software program to be processed, which are generated by Docker;
and comparing the file with the lower mirror image, and taking the newly added and changed file in the upper mirror image as the file to be encrypted.
Optionally, the obtaining of the file to be encrypted in the software program to be processed includes:
acquiring preset setting information; the setting information is used for indicating the file to be encrypted;
and acquiring the file to be encrypted in the software program to be processed according to the setting information.
Optionally, the method further includes:
and uploading the mirror image of the encrypted file and the layered mirror image of the software program to be processed to a public library.
The application also provides a decryption method of the Docker layered mirror image, which comprises the following steps:
decrypting the encrypted file under the condition of receiving the image of the encrypted file and the layered image of the software program to be processed to obtain a decrypted file; the encrypted file is obtained by encrypting the file to be encrypted; the file to be encrypted refers to: at least part of files different from the lower-layer mirror image of the software program to be processed;
and processing according to the decrypted file and the layered mirror image of the software program to be processed.
The present application further provides an encryption apparatus for a Docker layered mirror, including:
the acquisition module is used for acquiring a file to be encrypted in a software program to be processed; the file to be encrypted refers to: at least part of files different from the lower-layer mirror image of the software program to be processed;
the encryption module is used for encrypting the file to be encrypted to obtain an encrypted file;
and the execution module is used for taking the mirror image of the encrypted file as the uppermost mirror image of the layered mirror image of the software program to be processed.
The present application further provides a decryption apparatus for a Docker layered mirror, including:
the decryption module is used for decrypting the encrypted file under the condition of receiving the image of the encrypted file and the layered image of the software program to be processed to obtain a decrypted file; the encrypted file is obtained by encrypting the file to be encrypted; the file to be encrypted refers to: at least part of files different from the lower-layer mirror image of the software program to be processed;
and the processing module is used for processing according to the decrypted file and the layered mirror image of the software program to be processed.
The application also provides a storage medium, which comprises a stored program, wherein the program executes any one of the above encryption methods for the Docker layered mirror image.
The application also provides a device, which comprises at least one processor, at least one memory connected with the processor, and a bus; the processor and the memory complete mutual communication through the bus; the processor is used for calling the program instructions in the memory so as to execute any one of the encryption methods of the Docker hierarchical image.
The application also provides a storage medium, wherein the storage medium comprises a stored program, and the program is the decryption method of the Docker layered mirror image.
The application also provides a device, which comprises at least one processor, at least one memory connected with the processor, and a bus; the processor and the memory complete mutual communication through the bus; the processor is used for calling the program instruction in the memory so as to execute the decryption method of the Docker hierarchical image.
The encryption and decryption method and the related device for the Docker layered mirror image acquire a file to be encrypted in a software program to be processed, wherein the file to be encrypted refers to: at least part of the files different from the lower-layer mirror image of the software program to be processed, namely the files to be encrypted are different from the lower-layer mirror image of the software program to be processed, and the lower-layer mirror image of the software program to be processed is an insecure file. And encrypting the file to be encrypted, and taking the mirror image of the encrypted file as the uppermost mirror image of the layered mirror images of the software program to be processed.
On one hand, the encryption of the important files in the software program to be processed is realized, so that the safety of the important files in the software program to be processed is ensured, namely the safety of the software program to be processed is ensured.
On the other hand, after the software program is encrypted (both the upper layer mirror image and the lower layer mirror image are encrypted) in the prior art, the encryption result of the lower layer mirror image is changed compared with the original lower layer mirror image, so that the original lower layer mirror image cannot be reused. The lower-layer mirror image is not encrypted, so that the lower-layer mirror image can be directly multiplexed under the layered mechanism of Docker, and the data of the original lower-layer mirror image can be directly used when the encrypted file runs and is distributed after being decrypted. Therefore, the space can be saved and the efficiency can be improved during distribution and operation, and the distribution and operation performance of the uploaded software program can be improved. In addition, the file to be encrypted does not comprise the lower-layer mirror image of the software program to be processed, namely, redundant data in the mirror image of the encrypted file is reduced, so that the transmission space can be saved, and the uploading performance of the software program to the public library is improved.
In summary, the method and the device can improve the uploading performance in the process of uploading the software program to the public library and improve the distribution and operation performance of the uploaded software program on the premise of ensuring the safety of the software program to be processed.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart of an encryption method for a Docker layered mirror image disclosed in an embodiment of the present application;
FIG. 2(a) is an exemplary diagram of an unencrypted layered image of a pending software program as disclosed in an embodiment of the present application;
FIG. 2(b) is an exemplary diagram of an unencrypted layered image of a to-be-processed software program indicating a file to be encrypted, disclosed in an embodiment of the present application;
FIG. 2(c) is a diagram of another example of an unencrypted layered image of a to-be-processed software program indicating a file to be encrypted, as disclosed in an embodiment of the present application;
fig. 3 is a flowchart of a decryption method for a Docker layered image disclosed in the embodiment of the present application;
fig. 4 is a schematic structural diagram of an encryption apparatus for a Docker layered mirror image disclosed in an embodiment of the present application;
fig. 5 is a schematic structural diagram of an apparatus provided in an embodiment of the present application;
fig. 6 is a schematic structural diagram of a decryption apparatus for a Docker layered image according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of another apparatus disclosed in the embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Fig. 1 is an encryption method for a Docker layered image according to an embodiment of the present application, which may include the following steps:
s101, obtaining a file to be encrypted in a software program to be processed.
In the present embodiment, the software program to be processed refers to a software program to be released.
In this embodiment, the file to be encrypted refers to: at least some of the files that are different from the underlying image of the software program to be processed.
In this embodiment, obtaining the file to be encrypted in the software program to be processed may be implemented in two ways. Wherein the content of the first and second substances,
the first acquisition mode may include the following steps a1 to a 2:
a1, acquiring an upper layer mirror image and a lower layer mirror image of the to-be-processed software program generated by Docker.
And A2, comparing the file with the lower mirror image, and taking the newly added and changed file in the upper mirror image as the file to be encrypted.
To visually illustrate this manner, the present embodiment gives an example of the unencrypted image layering of the software program to be processed shown in fig. 2 (a). The "a content", "B content", "C content", "D content", and "E content" represent third-party content such as a base library. "A modified," "C modified," and "F content" represent the newly added content and associated modified content of the pending software program.
In this acquisition mode, "a modification", "C modification", and "F content" are all files to be encrypted, since "a modification", "C modification", and "F content" represent newly added contents and relevant modified contents of the software program to be processed. As shown in fig. 2(b), it can be seen from fig. 2(b) that "a modification", "C modification", and "F content" are encrypted respectively and are mirrored on the top.
Because the acquisition mode only encrypts newly added and changed contents in the same mirror image layer, the lower mirror image can be reused, therefore, the mode can ensure the safety of products and simultaneously give consideration to the distribution and operation efficiency, and further, the distribution and operation performance is improved.
The second obtaining method may include the following steps B1 to B2:
and B1, acquiring preset setting information.
In this step, the setting information is used to indicate a file to be encrypted.
For example, a portion set as the key content is further encrypted, wherein the setting information indicates the key content.
And B2, acquiring the file to be encrypted in the software program to be processed according to the setting information.
In this step, the file indicated by the setting information is used as the file to be encrypted in the software program to be processed.
Taking the unencrypted layered image of the software program to be processed shown in fig. 2(a) as an example, fig. 2(c) shows an example of a file to be encrypted in the second obtaining mode. In fig. 2(c), the file to be encrypted indicated by the setting information is "F content". Therefore, the "F content" needs to be encrypted.
Because the acquisition mode sets the key content, only encrypts the key content and does not encrypt the lower-layer mirror image, the lower-layer mirror image can be reused, and therefore, the acquisition mode can optimize the performance while ensuring the security of the key content.
It should be noted that, in practice, the obtaining mode of the file to be encrypted may be selected according to the actual situation.
S102, encrypting the file to be encrypted to obtain the encrypted file.
In this embodiment, a specific implementation manner for encrypting a file to be encrypted is the prior art, and details are not described here.
S103, taking the mirror image of the encrypted file as the uppermost mirror image of the layered mirror image of the software program to be processed.
In this embodiment, the image of the encrypted file is at the top layer of the layered image of the software program to be processed.
And S104, uploading the mirror image of the encrypted file and the layered mirror image of the software program to be processed to a public library.
Fig. 3 is a decryption method for a Docker layered image according to an embodiment of the present application, and the decryption method may include the following steps:
s301, under the condition that the mirror image of the encrypted file and the layered mirror image of the software program to be processed are received, the encrypted file is decrypted, and the decrypted file is obtained.
In this embodiment, the encrypted file is a file obtained by encrypting a file to be encrypted. Wherein, the file to be encrypted refers to: at least some of the files that are different from the underlying image of the software program to be processed.
In this embodiment, the decryption process is the reverse process of the encryption process, and the specific implementation manner is not described herein again.
And S302, processing according to the decrypted file and the layered mirror image of the software program to be processed.
In this embodiment, a specific implementation manner of this step is the prior art, and is not described herein again.
Fig. 4 is an encryption apparatus for a Docker layered mirror provided in an embodiment of the present application, and may include: an acquisition module 401, an encryption module 402, and an execution module 403, wherein,
an obtaining module 401, configured to obtain a file to be encrypted in a software program to be processed; the file to be encrypted refers to: at least part of files different from the lower-layer mirror image of the software program to be processed;
an encryption module 402, configured to encrypt the file to be encrypted to obtain an encrypted file;
an executing module 403, configured to use the image of the encrypted file as a top-level image of the layered images of the to-be-processed software program.
Optionally, the obtaining module 401 is configured to use a file to be encrypted in a software program to be processed, and includes:
the obtaining module 401 is specifically configured to obtain an upper layer mirror image and a lower layer mirror image of the to-be-processed software program generated by Docker; and comparing the file with the lower mirror image, and taking the newly added and changed file in the upper mirror image as the file to be encrypted.
Optionally, the obtaining module 401 is configured to use a file to be encrypted in a software program to be processed, and includes:
an obtaining module 401, specifically configured to obtain preset setting information; the setting information is used for indicating the file to be encrypted; and acquiring the file to be encrypted in the software program to be processed according to the setting information.
Optionally, the apparatus may further include:
and the uploading module is used for uploading the mirror image of the encrypted file and the layered mirror image of the software program to be processed to a public library.
The encryption device of the Docker hierarchical image includes a processor and a memory, the obtaining module 401, the encryption module 402, and the executing module 403 are all stored in the memory as program units, and the processor executes the program units stored in the memory to implement corresponding functions.
The processor comprises a kernel, and the kernel calls the corresponding program unit from the memory. The kernel can be set to be one or more than one, and the problems that the uploading performance of the process of uploading the software program to the public library and the distribution and running performance of the uploaded software program are poor are solved by adjusting the kernel parameters.
An embodiment of the present invention provides a storage medium, on which a program is stored, where the program, when executed by a processor, implements the encryption method for a Docker layered mirror.
The embodiment of the invention provides a processor, which is used for running a program, wherein the encryption method of the Docker layered mirror image is executed when the program runs.
An embodiment of the present invention provides an apparatus, as shown in fig. 5, the apparatus includes at least one processor, and at least one memory and a bus connected to the processor; the processor and the memory complete mutual communication through a bus; the processor is used for calling the program instructions in the memory to execute the identification method of the peer. The device herein may be a server, a PC, a PAD, a mobile phone, etc.
The present application further provides a computer program product adapted to perform a program for initializing the following method steps when executed on a data processing device:
acquiring a file to be encrypted in a software program to be processed; the file to be encrypted refers to: at least part of files different from the lower-layer mirror image of the software program to be processed;
encrypting the file to be encrypted to obtain an encrypted file;
and taking the mirror image of the encrypted file as the uppermost mirror image of the layered mirror image of the software program to be processed.
Fig. 6 is a decryption apparatus for a Docker layered image according to an embodiment of the present application, and the decryption apparatus may include: a decryption module 601 and a processing module 602, wherein,
the decryption module 601 is configured to decrypt the encrypted file to obtain a decrypted file when the image of the encrypted file and the layered image of the software program to be processed are received; the encrypted file is obtained by encrypting the file to be encrypted; the file to be encrypted refers to: at least part of files different from the lower-layer mirror image of the software program to be processed;
and the processing module 602 is configured to perform processing according to the decrypted file and the layered image of the to-be-processed software program.
The decryption apparatus of the Docker layered image includes a processor and a memory, where the decryption module 601 and the processing module 602 are both stored in the memory as program units, and the processor executes the program units stored in the memory to implement corresponding functions.
The processor comprises a kernel, and the kernel calls the corresponding program unit from the memory. The kernel can be set to be one or more than one, and the problems that the uploading performance of the process of uploading the software program to the public library and the distribution and running performance of the uploaded software program are poor are solved by adjusting the kernel parameters.
An embodiment of the present invention provides a storage medium, on which a program is stored, where the program, when executed by a processor, implements a decryption method for a Docker layered image.
The embodiment of the invention provides a processor, which is used for running a program, wherein the decryption method of the Docker layered mirror image is executed when the program runs.
An embodiment of the present invention provides an apparatus, as shown in fig. 7, the apparatus includes at least one processor, and at least one memory and a bus connected to the processor; the processor and the memory complete mutual communication through a bus; the processor is used for calling the program instructions in the memory to execute the identification method of the peer. The device herein may be a server, a PC, a PAD, a mobile phone, etc.
The present application further provides a computer program product adapted to perform a program for initializing the following method steps when executed on a data processing device:
decrypting the encrypted file under the condition of receiving the image of the encrypted file and the layered image of the software program to be processed to obtain a decrypted file; the encrypted file is obtained by encrypting the file to be encrypted; the file to be encrypted refers to: at least part of files different from the lower-layer mirror image of the software program to be processed;
and processing according to the decrypted file and the layered mirror image of the software program to be processed.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a device includes one or more processors (CPUs), memory, and a bus. The device may also include input/output interfaces, network interfaces, and the like.
The memory may include volatile memory in a computer readable medium, Random Access Memory (RAM) and/or nonvolatile memory such as Read Only Memory (ROM) or flash memory (flash RAM), and the memory includes at least one memory chip. The memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in the process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The above are merely examples of the present application and are not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.
The functions described in the method of the embodiment of the present application, if implemented in the form of software functional units and sold or used as independent products, may be stored in a storage medium readable by a computing device. Based on such understanding, part of the contribution to the prior art of the embodiments of the present application or part of the technical solution may be embodied in the form of a software product stored in a storage medium and including several instructions for causing a computing device (which may be a personal computer, a server, a mobile computing device or a network device) to execute all or part of the steps of the method described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Features described in the embodiments of the present specification may be replaced with or combined with each other, each embodiment is described with a focus on differences from other embodiments, and the same or similar portions among the embodiments may be referred to each other.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
The functions described in the method of the embodiment of the present application, if implemented in the form of software functional units and sold or used as independent products, may be stored in a storage medium readable by a computing device. Based on such understanding, part of the contribution to the prior art of the embodiments of the present application or part of the technical solution may be embodied in the form of a software product stored in a storage medium and including several instructions for causing a computing device (which may be a personal computer, a server, a mobile computing device or a network device) to execute all or part of the steps of the method described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (11)
1. A method for encrypting a Docker layered mirror image is characterized by comprising the following steps:
acquiring a file to be encrypted in a software program to be processed; the file to be encrypted refers to: at least part of files different from the lower-layer mirror image of the software program to be processed;
encrypting the file to be encrypted to obtain an encrypted file;
and taking the mirror image of the encrypted file as the uppermost mirror image of the layered mirror image of the software program to be processed.
2. The method according to claim 1, wherein the obtaining of the file to be encrypted in the software program to be processed comprises:
acquiring an upper layer mirror image and a lower layer mirror image of the software program to be processed, which are generated by Docker;
and comparing the file with the lower mirror image, and taking the newly added and changed file in the upper mirror image as the file to be encrypted.
3. The method according to claim 1, wherein the obtaining of the file to be encrypted in the software program to be processed comprises:
acquiring preset setting information; the setting information is used for indicating the file to be encrypted;
and acquiring the file to be encrypted in the software program to be processed according to the setting information.
4. The method of claim 1, further comprising:
and uploading the mirror image of the encrypted file and the layered mirror image of the software program to be processed to a public library.
5. A decryption method of a Docker layered image is characterized by comprising the following steps:
decrypting the encrypted file under the condition of receiving the image of the encrypted file and the layered image of the software program to be processed to obtain a decrypted file; the encrypted file is obtained by encrypting the file to be encrypted; the file to be encrypted refers to: at least part of files different from the lower-layer mirror image of the software program to be processed;
and processing according to the decrypted file and the layered mirror image of the software program to be processed.
6. An encryption apparatus for a Docker layered mirror, comprising:
the acquisition module is used for acquiring a file to be encrypted in a software program to be processed; the file to be encrypted refers to: at least part of files different from the lower-layer mirror image of the software program to be processed;
the encryption module is used for encrypting the file to be encrypted to obtain an encrypted file;
and the execution module is used for taking the mirror image of the encrypted file as the uppermost mirror image of the layered mirror image of the software program to be processed.
7. A decryption apparatus for a Docker layered image, comprising:
the decryption module is used for decrypting the encrypted file under the condition of receiving the image of the encrypted file and the layered image of the software program to be processed to obtain a decrypted file; the encrypted file is obtained by encrypting the file to be encrypted; the file to be encrypted refers to: at least part of files different from the lower-layer mirror image of the software program to be processed;
and the processing module is used for processing according to the decrypted file and the layered mirror image of the software program to be processed.
8. A storage medium comprising a stored program, wherein the program executes the encryption method of the Docker layered mirror according to any one of claims 1 to 4.
9. An apparatus comprising at least one processor, and at least one memory, bus connected to the processor; the processor and the memory complete mutual communication through the bus; the processor is used for calling the program instructions in the memory to execute the encryption method of the Docker hierarchical mirror image as claimed in any one of claims 1 to 4.
10. A storage medium characterized by comprising a stored program, wherein the program executes the decryption method of the Docker layered image of claim 5.
11. An apparatus comprising at least one processor, and at least one memory, bus connected to the processor; the processor and the memory complete mutual communication through the bus; the processor is configured to call program instructions in the memory to execute a decryption method of a Docker layered image as claimed in claim 5.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110246452.8A CN113032736A (en) | 2021-03-05 | 2021-03-05 | Encryption and decryption method of Docker layered mirror image and related device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110246452.8A CN113032736A (en) | 2021-03-05 | 2021-03-05 | Encryption and decryption method of Docker layered mirror image and related device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN113032736A true CN113032736A (en) | 2021-06-25 |
Family
ID=76468544
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110246452.8A Pending CN113032736A (en) | 2021-03-05 | 2021-03-05 | Encryption and decryption method of Docker layered mirror image and related device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113032736A (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109190386A (en) * | 2018-04-04 | 2019-01-11 | 中国电子科技网络信息安全有限公司 | Container mirror image layered encryption storage method based on Device Mapper |
CN109901816A (en) * | 2017-12-08 | 2019-06-18 | 中国科学院上海高等研究院 | Co-development method, terminal, medium and the system of protection copyright based on container |
CN110007933A (en) * | 2019-03-26 | 2019-07-12 | 山东超越数控电子股份有限公司 | One kind running terminal and storage medium towards multi-tenant container mirror-image safety configuration method, system |
CN110647740A (en) * | 2018-06-27 | 2020-01-03 | 复旦大学 | TPM-based container trusted boot method and device |
CN110912955A (en) * | 2018-09-17 | 2020-03-24 | 阿里巴巴集团控股有限公司 | Container mirror image downloading and uploading method and device |
WO2021013248A1 (en) * | 2019-07-24 | 2021-01-28 | 中兴通讯股份有限公司 | Container layered shipping method and system |
-
2021
- 2021-03-05 CN CN202110246452.8A patent/CN113032736A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109901816A (en) * | 2017-12-08 | 2019-06-18 | 中国科学院上海高等研究院 | Co-development method, terminal, medium and the system of protection copyright based on container |
CN109190386A (en) * | 2018-04-04 | 2019-01-11 | 中国电子科技网络信息安全有限公司 | Container mirror image layered encryption storage method based on Device Mapper |
CN110647740A (en) * | 2018-06-27 | 2020-01-03 | 复旦大学 | TPM-based container trusted boot method and device |
CN110912955A (en) * | 2018-09-17 | 2020-03-24 | 阿里巴巴集团控股有限公司 | Container mirror image downloading and uploading method and device |
CN110007933A (en) * | 2019-03-26 | 2019-07-12 | 山东超越数控电子股份有限公司 | One kind running terminal and storage medium towards multi-tenant container mirror-image safety configuration method, system |
WO2021013248A1 (en) * | 2019-07-24 | 2021-01-28 | 中兴通讯股份有限公司 | Container layered shipping method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108932297B (en) | Data query method, data sharing method, device and equipment | |
EP2955900B1 (en) | File sharing method and device | |
CN105577379B (en) | Information processing method and device | |
CN108833091B (en) | Encryption method, decryption method and device for log file | |
CN110661748B (en) | Log encryption method, log decryption method and log encryption device | |
CN109450620B (en) | Method for sharing security application in mobile terminal and mobile terminal | |
KR20180094063A (en) | Document processing method and apparatus | |
US20140281499A1 (en) | Method and system for enabling communications between unrelated applications | |
JP2017534971A (en) | Data synchronization method and apparatus | |
CN110188555A (en) | A kind of hard disk data protection method, system and associated component | |
CN113364754A (en) | Data sharing method, device and equipment | |
CN107066346B (en) | Data backup method, data recovery method and device | |
CN112287376A (en) | Method and device for processing private data | |
CN107026730B (en) | Data processing method, device and system | |
CN110753018A (en) | Login authentication method and system | |
CN114338766A (en) | Cross-platform equipment processing method and interconnection system | |
CN111079157A (en) | Secret fragmentation trusteeship platform based on block chain, equipment and medium | |
CN112788151B (en) | Method, device and system for data synchronization | |
CN113032736A (en) | Encryption and decryption method of Docker layered mirror image and related device | |
CN114465720A (en) | Key migration method and device, storage medium and electronic equipment | |
CN105574425A (en) | Method and device for accessing stored data | |
CN110750800A (en) | Data security processing method, device, equipment and storage medium | |
CN106897613B (en) | Operation execution method and device | |
CN113489667B (en) | Verification method, device and medium based on living body detection | |
CN112491838B (en) | Method and system for safely sending message through industrial internet |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |