CN113098679A - Root key generation method and device and electronic equipment - Google Patents
Root key generation method and device and electronic equipment Download PDFInfo
- Publication number
- CN113098679A CN113098679A CN202010023300.7A CN202010023300A CN113098679A CN 113098679 A CN113098679 A CN 113098679A CN 202010023300 A CN202010023300 A CN 202010023300A CN 113098679 A CN113098679 A CN 113098679A
- Authority
- CN
- China
- Prior art keywords
- root key
- key component
- component
- root
- storage medium
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 45
- 239000000463 material Substances 0.000 claims abstract description 98
- 238000011161 development Methods 0.000 claims abstract description 17
- 230000002194 synthesizing effect Effects 0.000 claims abstract description 17
- 238000004422 calculation algorithm Methods 0.000 claims description 35
- 150000003839 salts Chemical class 0.000 claims description 31
- 230000015572 biosynthetic process Effects 0.000 claims description 2
- 238000003786 synthesis reaction Methods 0.000 claims description 2
- 238000012545 processing Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 238000013478 data encryption standard Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
- 230000006835 compression Effects 0.000 description 1
- 238000007906 compression Methods 0.000 description 1
- 238000009795 derivation Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
Abstract
The application provides a root key generation method, a root key generation device and electronic equipment, wherein the method comprises the following steps: when generating a root key, acquiring a first root key component written in a compiled root key generation program, and acquiring a second root key component stored in a storage medium; the first root key component is generated in a first root key component stage, the first root key component stage is one of development stages of the root key generation program, the second root key component is generated in a second root key component stage, and the second root key component stage is one of operation stages of the root key generation program; synthesizing the first root key component and the second root key component to obtain a root key material; and encrypting the root key material, and determining the encrypted root key material as a root key. By using the method provided by the application, the safety of the generation of the root key can be improved.
Description
Technical Field
The present application relates to the field of computer communications, and in particular, to a root key generation method, an apparatus, and an electronic device.
Background
Key security management typically divides keys into multiple levels of keys, with upper level keys providing security protection for lower level keys. In a multi-level key hierarchy, the top-most key is the root key. Since the root key is the root source of all the lower layer key protection, the root key plays an important role in a multi-layer key system, and once the root key is stolen, huge loss is generated.
Therefore, it is important to improve the security of the root key.
Disclosure of Invention
In view of the above, the present application provides a root key generation method, apparatus, electronic device and storage medium, which are used to improve the security of root key generation.
Specifically, the method is realized through the following technical scheme:
according to a first aspect of the present application, there is provided a root key generation method, the method including:
when generating a root key, acquiring a first root key component written in a compiled root key generation program, and acquiring a second root key component stored in a storage medium; the first root key component is generated in a first root key component stage, the first root key component stage is one of development stages of the root key generation program, the second root key component is generated in a second root key component stage, and the second root key component stage is one of operation stages of the root key generation program;
synthesizing the first root key component and the second root key component to obtain a root key material;
and encrypting the root key material, and determining the encrypted root key material as a root key.
Optionally, the first root key component phase is a program encoding phase in a development phase of the root key generation program.
Optionally, the second root key component stage is an initialization stage when the root key generation program runs for the first time after deployment is completed;
the obtaining a second root key component stored in a storage medium includes:
and acquiring the second root key component from the storage medium by calling the root key generation program according to an input/output (IO) operation mode, wherein the storage medium is a storage medium on the electronic equipment.
Optionally, the encrypting the root key material includes:
encrypting the root key material based on a preset encryption algorithm and a key to obtain an encrypted root key material;
alternatively, the first and second electrodes may be,
and calling an API (application programming interface) of the dongle, and sending the root key material to the dongle through the API so that the dongle encrypts the root key material based on an encryption algorithm and a key which are arranged in the dongle to obtain the encrypted root key material.
Optionally, the synthesizing the first root key component and the second root key component to obtain a root key material includes:
performing XOR operation on the first root key component and the second root key component to obtain a root key material;
alternatively, the first and second electrodes may be,
and calculating a first hash value of the first root key component, calculating a second hash value of the second root key component, and splicing the first hash value and the second hash value to obtain a root key material.
Optionally, the synthesizing the first root key component and the second root key component to obtain a root key material includes:
using one root key component of the first root key component and the second root key component as a Password pass and the other root key component as a Salt value Salt, inputting the pass and the Salt into a preset PBKDF2 model, and performing iterative hash operation on the pass and the Salt for preset times by using the PBKDF2 model to obtain a root key material;
and acquiring the root key material output by the PBKDF2 model.
According to a second aspect of the present application, there is provided a root key generation apparatus, which is applied to an electronic device, the apparatus including:
an acquisition unit configured to acquire a first root key component written in a compiled root key generation program and acquire a second root key component stored in a storage medium when a root key is generated; the first root key component is generated in a first root key component stage, the first root key component stage is one of development stages of the root key generation program, the second root key component is generated in a second root key component stage, and the second root key component stage is one of operation stages of the root key generation program;
the synthesis unit is used for synthesizing the first root key component and the second root key component to obtain a root key material;
and the encryption unit is used for encrypting the root key material and determining the encrypted root key material as a root key.
Optionally, the first root key component phase is a program encoding phase in a development phase of the root key generation program.
Optionally, the second root key component stage is an initialization stage when the root key generation program runs for the first time after deployment is completed;
the obtaining unit, when obtaining a second root key component stored in a storage medium, is specifically configured to obtain the second root key component from the storage medium by calling the root key generation program according to an input/output (IO) operation mode, where the storage medium is a storage medium on the electronic device.
Optionally, the encrypting unit is specifically configured to encrypt the root key material based on a preset encryption algorithm and a preset key to obtain an encrypted root key material when encrypting the root key material; or calling an API (application program interface) of the dongle, and sending the root key material to the dongle through the API so that the dongle encrypts the root key material based on an encryption algorithm and a key which are arranged in the dongle to obtain the encrypted root key material.
Optionally, the synthesizing unit is specifically configured to perform an exclusive or operation on the first root key component and the second root key component to obtain a root key material; or, calculating a first hash value of the first root key component, calculating a second hash value of the second root key component, and splicing the first hash value and the second hash value to obtain a root key material.
Optionally, the synthesizing unit is specifically configured to use one root key component of the first root key component and the second root key component as a Password, use the other root key component as a Salt value Salt, input the Password and the Salt into a preset PBKDF2 model, and perform iterative hash operation on the Password and the Salt for a preset number of times by using the PBKDF2 model to obtain a root key material; and acquiring the root key material output by the PBKDF2 model.
According to a third aspect of the present application, there is provided an electronic device comprising a processor and a machine-readable storage medium storing machine-executable instructions executable by the processor, the processor being caused by the machine-executable instructions to perform the above-described root key generation method.
As can be seen from the above description, the first root key component and the second root key component of the present application have different generation stages, so that the difficulty for an attacker to obtain the two root keys is increased, the security of the two root key components is greatly improved, and the security of the root keys is further improved.
Drawings
FIG. 1 is a flow chart illustrating a method for root key generation in accordance with an exemplary embodiment of the present application;
FIG. 2 is a diagram illustrating a hardware configuration of an electronic device according to an exemplary embodiment of the present application;
fig. 3 is a block diagram of a root key generation apparatus according to an exemplary embodiment of the present application.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
The following description is provided to illustrate the concepts to which the present application is directed.
When an application in the electronic device needs to use the root key, the application may issue a root key request.
When the electronic device detects the root key request, the electronic device may execute the root key generation logic to generate a root key and return the generated root key to the application. The application may utilize the root key for business processing. For example, the application may generate a lower layer key based on the root key and encrypt data to be encrypted by the application with the lower layer key, etc.
In the existing manner of generating a root key by an electronic device, the electronic device may encrypt a preset key by using an encryption algorithm to generate the root key. The preset encryption algorithm may include: the encryption algorithm, the white-box cryptographic algorithm, the encryption algorithm deployed in the hardware encryption module, and the like in the security mechanism (such as DPAPI of windos) of the operating system of the electronic device are merely exemplary and are not limited in particular.
However, once the attacker steals the encryption algorithm, the attacker can easily acquire the root key, which seriously affects the security of the root key.
In view of the above, the present application provides a method for generating a root key, which is used to improve the security of the root key. In generating the root key, the electronic device may obtain a first root key component written in the compiled root key generation program and obtain a second root key component stored in the storage medium. Then, the electronic device may synthesize the first root key component and the second root key component to obtain a root key material, encrypt the root key material, and determine the encrypted root key material as a root key.
Furthermore, the first root key component in the present application is generated in one of the development phases of the root key generation program, while the second root key component in the present application is generated in one of the runtime phases of the root key generation program.
Because the first root key component and the second root key component of the method are generated in different stages and different in storage positions, the difficulty of an attacker in acquiring the two root keys is increased, the safety of the two root key components is greatly improved, and the safety of the root keys is further improved.
Before introducing the root key generation method provided by the present application, the concepts related to the present application will be introduced.
The root key generation program refers to a program corresponding to the root key generation method provided in the present application. The electronic device may run the root key generation program to execute the root key generation method.
In order to prevent the root key generation program from being stolen and improve the security of the root key generation program, after the root key program is developed, the root key program can be subjected to shell processing, and the root key program subjected to shell processing can be directly operated.
The shell processing refers to operations such as compression and encryption on the original code of the root key program by using a special algorithm, so that the root key generation program is converted into another executable program. The purpose of shell processing the root key generation program is as follows: the original code of the root key generation program is prevented from being acquired by operations such as disassembling the root key generation program by an external program or an attacker.
Referring to fig. 1, fig. 1 is a flowchart illustrating a root key generation method according to an exemplary embodiment of the present application. The method can be applied to electronic equipment and can comprise the following methods.
It should be noted that, when the electronic device detects that the application program in the device needs to call the root key, the electronic device may run the root key generation program and execute the root key generation method.
Of course, in order to improve the security of the root key, the electronic device may also periodically run the root key generation program, execute the root key generation method, and generate different root keys at different periods.
Here, the trigger timing of the root key generation method is merely described as an example, and is not particularly limited.
Step 101: when generating a root key, the electronic device acquires a first root key component written in a compiled root key generation program and acquires a second root key component stored in a storage medium; the first root key component is generated in a first root key component stage, the first root key component stage is one of development stages of the root key generation program, the second root key component is generated in a second root key component stage, and the second root key component stage is one of operation stages of the root key generation program.
Wherein the first root key component and the second root key component are generated at different stages.
For example, the first root key component is generated at any one of the development stages in the root key generator. The second root key component is generated at any one of the run-time phases of the root key generation program.
Wherein any of the development phases may be: a programming stage, a program coding stage, or a program testing stage, etc. Any of the operational phases may be: an initialization stage of the root key generation program or an execution stage of the root key generation program after the initialization. Here, the "any one of the development phases" and the "any one of the operation phases" are merely exemplified and not particularly limited.
In a preferred implementation, the first root key component phase is a program encoding phase in the root key program development phase described above.
Specifically, a program encoding stage in a development stage in the root key generation program may generate a random number as the first root key component. The developer may hard-code the first root key component into the root key generation program. It should be noted that the number of bits of the first root key component is not specifically limited, for example, in practical applications, the number of bits of the first root key component is 32 bits.
The second root key component phase is an initialization phase when the root key generation program runs for the first time after deployment is completed.
Specifically, after the root key program deployment is completed, the electronic device may initialize the root key program. During initialization of the root key program, a specified number of bits of random numbers may be generated as a second root key component. The electronic device may then store the second root key component in the storage medium in accordance with the root key generation program. For example, the second root key program may be stored in a storage medium within the electronic device.
When generating the root key, the electronic device may obtain a first root key component and a second root key component.
When the first root key component is acquired, the electronic device may directly read the first root key component written in the root key generation program.
When obtaining the second root key component, the electronic device may obtain the second root key component from the storage medium by calling the root key generation program and according to an IO (Input Output) operation manner.
The number of the designated bits may be set according to actual requirements, for example, the number of the designated bits may be 32 bits, and here, the number of the designated bits is only exemplarily described and is not specifically limited.
Among other things, a storage medium within an electronic device may include: a hard disk, FLASH (FLASH disk), etc., and the specific storage medium is exemplified here and not particularly limited.
As can be seen from the above description, the first root key component is encoded and written into the root key generation program at the encoding stage of the root key generation program, and the shell processing is also performed on the root key generation program, so that an external program or an attacker cannot acquire the root key program in the shell, and further cannot acquire the first root key component, thereby improving the security of the first root key component.
The second root key component is randomly generated in an initialization stage after the program deployment is completed, so that different devices obtain different second root key components when the root key generation method provided by the application is adopted, the security of the second root key component is improved, and the security of the root key is further improved.
Step 103: and the electronic equipment synthesizes the first root key component and the second root key component to obtain a root key material.
Several ways of implementing step 103 are described below.
The first method is as follows: the electronic device may use an exclusive-or algorithm to obtain the root key component.
When the root key component is realized, the electronic equipment can perform exclusive or operation on the first root key component and the second root key component to obtain a root key material.
The second method comprises the following steps: the electronic device obtains a root key component using a hash algorithm.
During implementation, the electronic device may calculate a hash value of the first root key component by using a preset hash algorithm to obtain a first hash value. The electronic device may calculate a hash value of the second root key component by using a preset hash algorithm to obtain a second hash value. Then, the electronic device may splice the first hash value of the first root key component and the second hash value of the second root key component to obtain a root key material.
Wherein, the hash algorithm may include: MD2(Message Digest Algorithm 2), MD4(Message Digest Algorithm 4), MD5(Message Digest Algorithm 5, Message Digest Algorithm 5), and SHA-1(Secure Hash Algorithm 1, first Secure Hash Algorithm). The hash algorithm is merely exemplary and not particularly limited.
The third method comprises the following steps: the electronic device obtains a root Key component by using a PBKDF2(Password-Based Key Derivation Function 2) model.
The PBKDF2 model is a model built based on the PBKDF2 algorithm. PBKDF2 relates to two parameters, Password (Password) and Salt (Salt), respectively.
The electronic device may use either one of the first root key share and the second root key share as a Password and the other as a Salt, and then enter the Password and the Salt into a pre-set PBKDF2 model.
The PBKDF2 model may perform a preset number of iterative hash operations on the password and the salt value to obtain a root key component. For example, assuming that the number of iterations is N, the PBKDF2 model may hash the password and the salt to obtain a hash value. Then, the PBKDF2 model may update the value of the salt value to the hash value obtained by the calculation, then perform hash operation using the password and the updated salt value to obtain a new hash value, then update the value of the salt value to the new hash value, and so on until N iterative hash operations are satisfied.
The electronic device may then retrieve the root key component output by PBKDF 2.
It should be noted that, the electronic device may use the first root key component as the Password, and the second root key component as the Salt. Of course, the electronic device may also use the second root key component as the Password and the first root key component as the Salt. And is not particularly limited herein.
It should be noted that, the above description is only exemplary of "synthesizing the first root key component and the second root key component to obtain root key material", and the manner of obtaining the root key material is not specifically limited. In practical applications, the electronic device may also adopt other methods to synthesize the first root key component and the second root key component into root key material. It is not particularly limited herein.
Step 104: and the electronic equipment encrypts the root key material and determines the encrypted root key material as a root key.
In an alternative implementation manner, the electronic device may encrypt the root key material by using a locally preset encryption algorithm and a key, and use the encrypted root key material as a root key.
For example, the electronic device may use a locally preset DES (Data Encryption Standard) algorithm, an MD5 algorithm, or the like to encrypt the root key material. The encryption algorithm is only exemplified here and is not particularly limited.
In another alternative implementation, the electronic device may encrypt the root key material using a dongle.
The dongle is a dedicated encryption and decryption device, and is also called a dongle. The 'dongle' is a hardware and software combined encrypted product inserted into a parallel port of an electronic device (the novel dongle also has a usb port). The electronic equipment encrypts data to be encrypted by the dongle.
When the dongle is used for encrypting the root key material, the electronic equipment calls an API (application programming interface) of the dongle, transmits the root key material to the dongle through the API, so that the dongle encrypts the root key material based on an encryption algorithm and a key which are arranged in the dongle, and then returns the encrypted root key material to the electronic equipment.
The electronic equipment can receive the encrypted root key material returned by the dongle as the root key.
The above is merely an exemplary illustration of the electronic device encrypting the root key material, and is not specifically limited thereto.
As can be seen from the above description, in the present application, the first root key component is hard-coded into the root key generator in the program coding stage, and the second root key component is generated and stored in the storage medium in the root key generator initialization stage. When generating the root key, the electronic device may obtain a first root key component in a root key generation program, and obtain a second root key component in the storage medium through IO operation. The electronic device may synthesize the first root key component and the second root key component to obtain a root key material, encrypt the root key material, and determine the encrypted root key material as a root key.
On one hand, the first root key component and the second root key component are generated in different stages and different storage positions, so that the difficulty of an attacker for acquiring the two root keys is increased, and the safety of the two root key components is greatly improved.
On the other hand, after the root key material is generated based on the first root key component and the second root key component, the electronic device can encrypt the root key material to obtain the root key, so that the obtained root key is safer.
In a third aspect, in the present application, the first root key component is encoded and written into the root key generation program at a root key generation program encoding stage, and the root key generation program is also subjected to shell adding processing, so that an external program or an attacker cannot acquire the root key program in the shell and further cannot acquire the first root key component, thereby improving the security of the first root key component.
In a fourth aspect, the second root key component is randomly generated in an initialization stage after the program deployment is completed, so that the root key components on different devices are different, and thus the security of the second root key component is improved, and further the security of the root key is improved.
Based on the above four aspects, the root key generation method provided by the present application can greatly improve the security of the root key.
Referring to fig. 2, fig. 2 is a hardware structure diagram of an electronic device according to an exemplary embodiment of the present application.
The electronic device includes: a communication interface 201, a processor 202, a machine-readable storage medium 203, and a bus 204; wherein the communication interface 201, the processor 202 and the machine-readable storage medium 203 communicate with each other via a bus 204. The processor 202 may perform the root key generation method described above by reading and executing machine-executable instructions in the machine-readable storage medium 203 corresponding to the root key generation control logic.
The machine-readable storage medium 203 referred to herein may be any electronic, magnetic, optical, or other physical storage device that can contain or store information such as executable instructions, data, and the like. For example, the machine-readable storage medium may be: volatile memory, non-volatile memory, or similar storage media. In particular, the machine-readable storage medium 203 may be a RAM (random Access Memory), a flash Memory, a storage drive (e.g., a hard drive), a solid state drive, any type of storage disk (e.g., a compact disk, a DVD, etc.), or similar storage medium, or a combination thereof.
Referring to fig. 3, fig. 3 is a block diagram of a root key generation apparatus according to an exemplary embodiment of the present application. The apparatus may comprise the following elements.
An obtaining unit 301 configured to obtain, when a root key is generated, a first root key component written in a compiled root key generation program, and obtain a second root key component stored in a storage medium; the first root key component is generated in a first root key component stage, the first root key component stage is one of development stages of the root key generation program, the second root key component is generated in a second root key component stage, and the second root key component stage is one of operation stages of the root key generation program;
a synthesizing unit 302, configured to synthesize the first root key component and the second root key component to obtain a root key material;
an encrypting unit 303, configured to encrypt the root key material, and determine the encrypted root key material as a root key.
Optionally, the first root key component phase is a program encoding phase in a development phase of the root key generation program.
Optionally, the second root key component stage is an initialization stage when the root key generation program runs for the first time after deployment is completed;
the obtaining unit 301, when obtaining a second root key component stored in a storage medium, is specifically configured to obtain the second root key component from the storage medium by calling the root key generation program according to an input/output IO operation manner, where the storage medium is a storage medium on the electronic device.
Optionally, the encrypting unit 303 is specifically configured to encrypt the root key material based on a preset encryption algorithm and a preset key to obtain an encrypted root key material when encrypting the root key material; or calling an API (application program interface) of the dongle, and sending the root key material to the dongle through the API so that the dongle encrypts the root key material based on an encryption algorithm and a key which are arranged in the dongle to obtain the encrypted root key material.
Optionally, the synthesizing unit 302 is specifically configured to perform an exclusive or operation on the first root key component and the second root key component to obtain a root key material; or, calculating a first hash value of the first root key component, calculating a second hash value of the second root key component, and splicing the first hash value and the second hash value to obtain a root key material.
Optionally, the synthesizing unit 302 is specifically configured to use one root key component of the first root key component and the second root key component as a Password, use the other key component as a Salt value Salt, input the Password and the Salt into a preset PBKDF2 model, and perform iterative hash operation on the Password and the Salt by the PBKDF2 model for a preset number of times to obtain a root key material; and acquiring the root key material output by the PBKDF2 model.
Further, the present application provides an electronic device comprising a processor and a machine-readable storage medium storing machine-executable instructions executable by the processor, the processor being caused by the machine-executable instructions to perform the root key generation method described above.
Additionally, a machine-readable storage medium is provided that stores machine-executable instructions that, when invoked and executed by a processor, cause the processor to perform the root key generation method described above.
The implementation process of the functions and actions of each unit in the above device is specifically described in the implementation process of the corresponding step in the above method, and is not described herein again.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the application. One of ordinary skill in the art can understand and implement it without inventive effort.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the scope of protection of the present application.
Claims (13)
1. A root key generation method applied to an electronic device includes:
when generating a root key, acquiring a first root key component written in a compiled root key generation program, and acquiring a second root key component stored in a storage medium; the first root key component is generated in a first root key component stage, the first root key component stage is one of development stages of the root key generation program, the second root key component is generated in a second root key component stage, and the second root key component stage is one of operation stages of the root key generation program;
synthesizing the first root key component and the second root key component to obtain a root key material;
and encrypting the root key material, and determining the encrypted root key material as a root key.
2. The method of claim 1, wherein the first root key component phase is a program code phase in a development phase of the root key generation program.
3. The method according to claim 1, wherein the second root key component phase is an initialization phase when the root key generator is run for the first time after deployment is completed;
the obtaining a second root key component stored in a storage medium includes:
and acquiring the second root key component from the storage medium by calling the root key generation program according to an input/output (IO) operation mode, wherein the storage medium is a storage medium on the electronic equipment.
4. A method according to any one of claims 1-3, wherein said encrypting the root key material comprises:
encrypting the root key material based on a preset encryption algorithm and a key to obtain an encrypted root key material;
alternatively, the first and second electrodes may be,
and calling an API (application programming interface) of the dongle, and sending the root key material to the dongle through the API so that the dongle encrypts the root key material based on an encryption algorithm and a key which are arranged in the dongle to obtain the encrypted root key material.
5. A method according to any one of claims 1-3, wherein said synthesizing the first and second root key components to obtain root key material comprises:
performing XOR operation on the first root key component and the second root key component to obtain a root key material;
alternatively, the first and second electrodes may be,
and calculating a first hash value of the first root key component, calculating a second hash value of the second root key component, and splicing the first hash value and the second hash value to obtain a root key material.
6. A method according to any one of claims 1-3, wherein said synthesizing the first and second root key components to obtain root key material comprises:
using one root key component of the first root key component and the second root key component as a Password pass and the other root key component as a Salt value Salt, inputting the pass and the Salt into a preset PBKDF2 model, and performing iterative hash operation on the pass and the Salt for preset times by using the PBKDF2 model to obtain a root key material;
and acquiring the root key material output by the PBKDF2 model.
7. An apparatus for generating a root key, the apparatus being applied to an electronic device, the apparatus comprising:
an acquisition unit configured to acquire a first root key component written in a compiled root key generation program and acquire a second root key component stored in a storage medium when a root key is generated; the first root key component is generated in a first root key component stage, the first root key component stage is one of development stages of the root key generation program, the second root key component is generated in a second root key component stage, and the second root key component stage is one of operation stages of the root key generation program;
the synthesis unit is used for synthesizing the first root key component and the second root key component to obtain a root key material;
and the encryption unit is used for encrypting the root key material and determining the encrypted root key material as a root key.
8. The apparatus of claim 7, wherein the first root key component phase is a program encoding phase in a development phase of the root key generation program.
9. The apparatus according to claim 7, wherein the second root key component stage is an initialization stage when the root key generator is first run after deployment is completed;
the obtaining unit, when obtaining a second root key component stored in a storage medium, is specifically configured to obtain the second root key component from the storage medium by calling the root key generation program according to an input/output (IO) operation mode, where the storage medium is a storage medium on the electronic device.
10. The apparatus according to any of claims 7-9, wherein the encrypting unit, when encrypting the root key material, is specifically configured to encrypt the root key material based on a preset encryption algorithm and a preset key to obtain an encrypted root key material; or calling an API (application program interface) of the dongle, and sending the root key material to the dongle through the API so that the dongle encrypts the root key material based on an encryption algorithm and a key which are arranged in the dongle to obtain the encrypted root key material.
11. The apparatus according to any one of claims 7 to 9, wherein the synthesizing unit is specifically configured to perform an exclusive-or operation on the first root key component and the second root key component to obtain a root key material; or, calculating a first hash value of the first root key component, calculating a second hash value of the second root key component, and splicing the first hash value and the second hash value to obtain a root key material.
12. The apparatus according to any one of claims 7 to 9, wherein the synthesizing unit is specifically configured to use one of the first root key component and the second root key component as a Password, and the other key component as a Salt value Salt, and input the Password and the Salt into a preset PBKDF2 model, so that the PBKDF2 model performs a preset number of iterative hash operations on the Password and the Salt to obtain root key material; and acquiring the root key material output by the PBKDF2 model.
13. An electronic device comprising a processor and a machine-readable storage medium storing machine-executable instructions executable by the processor, the processor being caused by the machine-executable instructions to perform the method of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010023300.7A CN113098679A (en) | 2020-01-09 | 2020-01-09 | Root key generation method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010023300.7A CN113098679A (en) | 2020-01-09 | 2020-01-09 | Root key generation method and device and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113098679A true CN113098679A (en) | 2021-07-09 |
Family
ID=76663557
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010023300.7A Pending CN113098679A (en) | 2020-01-09 | 2020-01-09 | Root key generation method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113098679A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108449178A (en) * | 2018-03-26 | 2018-08-24 | 北京豆荚科技有限公司 | The generation method of root key in a kind of secure and trusted performing environment |
| CN109547201A (en) * | 2018-12-14 | 2019-03-29 | 平安科技(深圳)有限公司 | A kind of encryption method of root key, computer readable storage medium and terminal device |
| CN109560918A (en) * | 2017-09-27 | 2019-04-02 | 华为终端(东莞)有限公司 | A kind of method and terminal device of the generation of NTRU key |
| CN110417544A (en) * | 2019-06-28 | 2019-11-05 | 腾讯科技(深圳)有限公司 | A kind of generation method of root key, device and medium |
| US20190394031A1 (en) * | 2018-01-11 | 2019-12-26 | Beijing Guodian Tong Network Technology Co., Ltd | Method and device for quantum key fusion-based virtual power plant security communication and medium |
-
2020
- 2020-01-09 CN CN202010023300.7A patent/CN113098679A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109560918A (en) * | 2017-09-27 | 2019-04-02 | 华为终端(东莞)有限公司 | A kind of method and terminal device of the generation of NTRU key |
| US20190394031A1 (en) * | 2018-01-11 | 2019-12-26 | Beijing Guodian Tong Network Technology Co., Ltd | Method and device for quantum key fusion-based virtual power plant security communication and medium |
| CN108449178A (en) * | 2018-03-26 | 2018-08-24 | 北京豆荚科技有限公司 | The generation method of root key in a kind of secure and trusted performing environment |
| CN109547201A (en) * | 2018-12-14 | 2019-03-29 | 平安科技(深圳)有限公司 | A kind of encryption method of root key, computer readable storage medium and terminal device |
| CN110417544A (en) * | 2019-06-28 | 2019-11-05 | 腾讯科技(深圳)有限公司 | A kind of generation method of root key, device and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8681976B2 (en) | System and method for device dependent and rate limited key generation | |
| CN105450620A (en) | Information processing method and device | |
| CN111984978B (en) | High-expansibility password encryption storage method | |
| CN103946856A (en) | Encryption and decryption process method, apparatus and device | |
| KR20120061405A (en) | A code encryption and decryption device against reverse engineering based on indexed table and the method thereof | |
| CN111475824A (en) | Data access method, device, equipment and storage medium | |
| WO2011134207A1 (en) | Method for protecting software | |
| CN108134673A (en) | A kind of method and device for generating whitepack library file | |
| CN108183796A (en) | The method and device of encryption and decryption is carried out using whitepack library file and whitepack key file | |
| CN108111622A (en) | A kind of method, apparatus and system for downloading whitepack library file | |
| CN111228819A (en) | Method, device and equipment for protecting Shader | |
| CN107220528A (en) | The protection of java applet and operation method, device and terminal | |
| US8798261B2 (en) | Data protection using distributed security key | |
| CN102270285A (en) | Key authorization information management method and device | |
| CN116455572B (en) | Data encryption method, device and equipment | |
| CN112966229A (en) | Method and device for safely operating SDK | |
| CN116800535A (en) | Method and device for avoiding secret between multiple servers | |
| CN113098679A (en) | Root key generation method and device and electronic equipment | |
| KR101699176B1 (en) | Hadoop Distributed File System Data Encryption and Decryption Method | |
| CN114116059A (en) | Implementation method of multi-stage chained decompression structure cipher machine and cipher computing equipment | |
| US20230058046A1 (en) | Apparatus and Method for Protecting Shared Objects | |
| JP6698775B2 (en) | Security providing apparatus and method for protecting code of shared object, and security executing apparatus and method | |
| CN111291389B (en) | Method and system for protecting full life cycle of computer core program | |
| US9805205B2 (en) | Adaptive system profile | |
| CN114896621B (en) | Application service acquisition method, encryption method, device and computer equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210709 |
|
| RJ01 | Rejection of invention patent application after publication |