CN113225297A - Data hybrid encryption method, device and equipment - Google Patents

Data hybrid encryption method, device and equipment Download PDF

Info

Publication number
CN113225297A
CN113225297A CN202010071628.6A CN202010071628A CN113225297A CN 113225297 A CN113225297 A CN 113225297A CN 202010071628 A CN202010071628 A CN 202010071628A CN 113225297 A CN113225297 A CN 113225297A
Authority
CN
China
Prior art keywords
data
encrypted
data segments
encryption
segments
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010071628.6A
Other languages
Chinese (zh)
Other versions
CN113225297B (en
Inventor
张高旭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Gridsum Technology Co Ltd
Original Assignee
Beijing Gridsum Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Gridsum Technology Co Ltd filed Critical Beijing Gridsum Technology Co Ltd
Priority to CN202010071628.6A priority Critical patent/CN113225297B/en
Publication of CN113225297A publication Critical patent/CN113225297A/en
Application granted granted Critical
Publication of CN113225297B publication Critical patent/CN113225297B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0464Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload using hop-by-hop encryption, i.e. wherein an intermediate entity decrypts the information and re-encrypts it before forwarding it
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention provides a data hybrid encryption method, which comprises the following steps: dividing data to be encrypted into M data segments; selecting N data segments from the M data segments, wherein N is less than or equal to M; encrypting the N data segments into an encrypted text according to a preset second encryption algorithm; assembling the remaining M-N data segments into plaintext data blocks; calculating a signature based on the data information of the N data segments; and combining the encrypted text, the data information, the signature and the plaintext data block to obtain encrypted data. Meanwhile, the embodiment of the invention also provides a corresponding data hybrid encryption device and data hybrid encryption equipment. The embodiment of the invention is suitable for the field of data encryption.

Description

Data hybrid encryption method, device and equipment
Technical Field
The present invention relates to the field of data encryption, and in particular, to a data hybrid encryption method, a data hybrid encryption apparatus, a data hybrid encryption device, and a corresponding storage medium.
Background
In the development process of the internet, more and more applications select an open application development interface, and the possibility of participation is provided for third-party developers. By utilizing the development interface provided by the open platform, a third-party developer can conveniently access own application to the open platform, so that common users can enjoy abundant platform services, the user adhesion of the platform is improved, and the market share is finally enlarged.
The open platform not only needs to provide abundant platform services, but also needs to guarantee the safety of the services, and ensures that the services used by common users are all safe services. The security has to be mentioned, and the data transmission between the application developed by the third-party developer and the open platform often involves important private data, and once the private data is stolen by a "conscious person", the unpredictable effect is caused, and how to ensure the security of the transmitted data becomes the first consideration of the open platform. The current encryption mode has the following defects:
although the message digest algorithm is high in efficiency, the plaintext and the digest information are required to be transmitted together during data transmission, so that important privacy information cannot be hidden, and the message digest algorithm is easy to break through;
although the common encryption algorithm ensures the security and important private data in the data transmission process, when the content of the encrypted data is very large, the encryption and decryption efficiency is obviously reduced, and the time consumption is obviously increased.
Disclosure of Invention
The embodiment of the invention aims to provide a data hybrid encryption method and a data hybrid encryption device, which are used for at least solving the problem of low encryption efficiency in the prior art.
In order to achieve the above object, the present invention provides a data hybrid encryption method, including:
dividing data to be encrypted into M data segments;
selecting N data segments from the M data segments, wherein N is less than or equal to M;
encrypting the N data segments into an encrypted text according to a preset second encryption algorithm; assembling the remaining M-N data segments into plaintext data blocks; calculating a signature based on the data information of the N data segments;
and combining the encrypted text, the data information, the signature and the plaintext data block to obtain encrypted data.
Optionally, before dividing the data to be encrypted into M data segments, the encryption method further includes:
acquiring the file size of the data to be encrypted;
judging whether the size of the file is smaller than a set threshold value or not;
if the file size is smaller than the set threshold, encrypting the data to be encrypted according to a preset first encryption algorithm, and not executing subsequent steps; otherwise, executing the step of dividing the data to be encrypted.
Optionally, the encrypting the N data segments into an encrypted text includes:
adding the offset of the data segment corresponding to each data segment to the front part of each data segment in the N data segments to obtain N new data blocks;
and encrypting the N new data blocks by using a second encryption algorithm to obtain the encrypted text.
Optionally, the calculating a signature based on the data information of the segmented data to be encrypted includes:
calculating the signature according to data information based on the segmented data to be encrypted by using a message digest algorithm; the data information comprises a key of the second encryption algorithm and at least one of the following:
the data segment comprises N data segment lengths corresponding to the N data segments, N data segment initial values corresponding to the N data segments, and offsets of N data segments corresponding to the N data segments.
Optionally, the assembling the remaining M-N unencrypted data segments into a plaintext data block includes:
and assembling the remaining M-N unencrypted data segments according to the offset of each data segment to obtain the plaintext data block.
Optionally, before dividing the data to be encrypted into M data segments, the encryption method further includes:
the value of M is randomly generated, and the value of N is randomly generated within the range of [1, M ].
Optionally, before dividing the data to be encrypted into M data segments, the encryption method further includes:
acquiring an M value input by a user, and displaying the M value to the user, wherein the serial numbers of the M icons are different from each other;
acquiring the selection of the M icons by the user, and acquiring the number N of the icons selected by the user and the respective serial numbers of the N icons;
and the respective serial numbers of the N icons correspond to the serial numbers of the data segments needing to be encrypted.
In a second aspect of the present invention, there is also provided a data hybrid encryption apparatus, including:
the segmentation module is used for segmenting data to be encrypted into M data segments;
the selection module is used for selecting N data segments from the M data segments to encrypt, wherein N is less than or equal to M;
the encryption module is used for encrypting the N data segments into an encrypted text according to a preset second encryption algorithm;
the signature calculation module is used for calculating a signature based on the data information of the segmented data to be encrypted;
the plaintext module is used for assembling the remaining M-N unencrypted data segments into plaintext data blocks;
and the combination module is used for combining the encrypted text, the data information, the signature and the plaintext data block to obtain encrypted data.
In a third aspect of the present invention, there is also provided a data hybrid encryption device, including at least one processor, and at least one memory and a bus connected to the processor; the processor and the memory complete mutual communication through the bus; the processor is used for calling the program instructions in the memory to execute the data hybrid encryption method.
In a fourth aspect of the present invention, there is also provided a storage medium having stored thereon computer program instructions which, when executed by a processor, implement the aforementioned data hybrid encryption method.
According to the technical scheme, the encryption of the whole data is avoided, the whole data is divided into different data segments according to a certain rule, and the marked data segments are encrypted, so that the encryption and decryption efficiency is improved, the encryption and decryption time is reduced, and the flexibility of parameter setting in the encryption and decryption is improved.
Additional features and advantages of embodiments of the invention will be set forth in the detailed description which follows.
Drawings
The accompanying drawings, which are included to provide a further understanding of the embodiments of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the embodiments of the invention without limiting the embodiments of the invention. In the drawings:
FIG. 1 is a schematic diagram of a data hybrid encryption method according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a hybrid data encryption device provided in an embodiment of the present invention;
fig. 3 is a schematic diagram of a data hybrid encryption device according to an embodiment of the present invention.
Detailed Description
The following detailed description of embodiments of the invention refers to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the present invention, are given by way of illustration and explanation only, not limitation.
In the embodiments of the present invention, unless otherwise specified, the use of directional terms such as "upper, lower, top, and bottom" is generally used with respect to the orientation shown in the drawings or the positional relationship of the components with respect to each other in the vertical, or gravitational direction.
Fig. 1 is a schematic diagram of a data hybrid encryption method according to an embodiment of the present invention, and as shown in fig. 1, the data hybrid encryption method includes: (ii) a
Dividing data to be encrypted into M data segments;
selecting N data segments from the M data segments, wherein N is not more than M, and N, M are positive integers;
encrypting the N data segments into an encrypted text according to a preset second encryption algorithm; assembling the remaining M-N data segments into plaintext data blocks; calculating a signature based on the data information of the N data segments;
and combining the encrypted text, the data information, the signature and the plaintext data block to obtain encrypted data.
Therefore, the problems of long encryption time and low encryption efficiency caused by integral encryption of large data to be encrypted can be solved, and the method is suitable for various encryption occasions; meanwhile, the user-defined encryption rule can be provided for the party needing encryption to select.
Specifically, in the present embodiment, the data to be encrypted is divided into a plurality of segments, and the segments may be equal or different in size, and may be segmented according to a fixed size or randomly generated segment size value. And encrypting N sections in the divided M sections, wherein N is less than or equal to M, and when N is equal to M, the N is encrypted completely. And encrypting the selected N sections of data by using a preset encryption mode to obtain an encrypted text. After the data to be encrypted is divided into M segments, each segment has its own data segment length L, data segment initial value I and data segment offset O, which are important for data recovery of the original plaintext data at the receiving side, and therefore need to be sent to the receiving end. In order to prevent the above information from being tampered during transmission, its signature needs to be calculated for verification by the receiving party. And for the remaining M-N sections of unencrypted data, directly transmitting the data in a plaintext mode. The calculation sequence of the encrypted text, the data information, the signature and the plaintext data block is not limited by the description sequence of the characters, and the encrypted text, the data information, the signature and the plaintext data block can be acquired in parallel or exchanged according to the actually completed flow. And combining the signature, the encrypted text and the plaintext data block into encrypted data, so as to finish the encryption process.
In one embodiment provided by the present invention, before dividing the data to be encrypted into M segments, the encryption method further includes: acquiring the file size of the data to be encrypted; judging whether the size of the file is smaller than a set threshold value or not; if the file size is smaller than the set threshold, encrypting the data to be encrypted according to a preset first encryption algorithm; otherwise, executing the step of dividing the data to be encrypted. The present embodiment includes determining the encryption/decryption efficiency threshold value before performing the encryption method described above. The encryption/decryption efficiency threshold here is a threshold above which the data encryption/decryption efficiency is reduced. The encryption and decryption efficiency boundary value is an experiment acquisition value, the encryption and decryption calculation is carried out on texts with different file sizes for multiple times, the time consumption of encryption and decryption of each time is recorded, and the obvious encryption and decryption time consumption of text data exceeding a certain file size is found to be longer and longer. And taking the certain file size obtained here as an encryption and decryption efficiency boundary value. When the size of the file of the data to be encrypted is smaller than the encryption/decryption efficiency threshold, the data to be encrypted is encrypted by adopting a preset first encryption algorithm, and the data to be encrypted is not divided into M data and subsequent steps. The first Encryption algorithm herein includes a message digest algorithm HMAC and a symmetric Encryption algorithm such as AES (Advanced Encryption Standard). The whole data to be encrypted is encrypted by using the encryption key, and the encrypted data is decrypted by adopting the same decryption mode on the decryption side. According to the embodiment, through the judgment step of setting the pre-set encryption and decryption efficiency boundary value, a simple encryption algorithm is adopted for the small data to be encrypted, and the segmented encryption mode is adopted for the large data to be encrypted, so that the encryption complexity of the small file is avoided, and the whole encryption efficiency is favorably improved.
In an embodiment provided by the present invention, the encrypting the N data segments into an encrypted text according to a preset second encryption algorithm includes: adding the offset of the data segment corresponding to each data segment to the front part of each data segment in the N data segments to obtain N new data blocks; and encrypting the N new data blocks by using a second encryption algorithm to obtain the encrypted text. The method specifically comprises the following steps: the data segments and their corresponding offsets are first combined, i.e., F (O)1,D1),F(O2,D2),…,F(ON,DN) And obtaining N new data blocks, wherein O represents the offset of the data segment, D represents the data segment, and encrypting the N data blocks by adopting a second encryption algorithm, wherein the second encryption algorithm is preferably a symmetric encryption algorithm, such as AES. The encrypted text thus obtained not only contains the encrypted data, but also contains the offsets (equivalent to serial numbers) of the respective data segments corresponding to the encrypted data, so that the receiving party can combine the received multiple data segments in sequence to obtain complete transmitted data.
In an embodiment of the present invention, the calculating a signature based on data information of the divided data to be encrypted includes: calculating the signature based on the data information of the segmented data to be encrypted by using a message digest algorithm; the data information includes a key of the second encryption algorithm and at least one of: and the length of N data segments corresponding to the N data segments, the initial value of the N data segments and the offset of the N data segments. In the transmission of encrypted data, it is necessary to verify whether the data is tampered or not, as well as to ensure the restoration of the received data at the receiving end, and therefore, the signature verification of the data information is also necessary at the receiving end. And generating the data signature at the transmitting end by adopting a message digest algorithm and generating the signature according to the data information. The message digest algorithm is preferably a HASH algorithm, and the data information includes: and the key of the second encryption algorithm, and at least one of the length of N data segments corresponding to the N segments of data, the initial value of the N data segments and the offset of the N data segments. The signature may be calculated, for example, using the following algorithm: HASH (O)1,O2,…ONKey) to obtain a signature SIGN, wherein: o is the offset of the data segment, and key is the key of the second encryption algorithm. Or obtaining the signature SIGN by HASH (L, I, O, key), where L is the length of the data segment and I is the initial value of the data segment, and each includes N values, i.e. L1—LNAnd I1—IN. Because the rest M-N data is sent in clear text, only the information of N sections of data (the length of the data section, the initial value of the data section and the offset of the data section) is needed to be sent, so that the receiving end can be ensuredAnd (6) restoring data. The user can also select to abstract the information of the M sections of data according to the requirement.
In an embodiment provided by the present invention, the assembling the remaining M-N data segments into a plaintext data block includes: and assembling the residual M-N data segments according to the offset of each data segment to obtain the plaintext data block. For the remaining M-N unselected data segments, i.e. plaintext data segments, to be reassembled into plaintext data blocks according to the offset of the data segments, in order to recover the plaintext data at the receiving end, the sequence of the plaintext data is crucial, so the offset O of the data segment, i.e. the aforementioned O, needs to be added to the front of the segmented data segments1、O2、···、ON(ii) a The assembly here can be carried out by means of the aforementioned F (O, D). The offset O of the data segment reflects the sequence of each data segment, and the original plaintext of the data to be encrypted can be restored at the receiving end by the offset of the decrypted encrypted data segment and the offset of the data segment of the plaintext field.
In one embodiment provided by the present invention, before dividing the data to be encrypted into M data segments, the encryption method further includes: the value of M is randomly generated, and the value of N is randomly generated within the range of [1, M ]. When the third-party developer selects encryption according to the rule set by the open platform, the values of M and N do not need to be set by itself, and the values of M and N are automatically generated within a preset range, which may be a numerical range, for example: setting the range of M to be 3 to 10, obtaining a value through a random number generation algorithm, and then generating a value of N, wherein the value of N ranges from 1 to M. Through the implementation mode, not only can the dynamic changes of M and N be realized, the encryption rules are enriched, but also the cracking probability can be reduced.
In one embodiment provided by the present invention, before dividing the data to be encrypted into M data segments, the encryption method further includes: acquiring an M value input by a user, and displaying the M value to the user, wherein the serial numbers of the M icons are different from each other; acquiring the selection of the M icons by the user, and acquiring the number N of the icons selected by the user and the respective serial numbers of the N icons; and the respective serial numbers of the N icons correspond to the serial numbers of the data segments needing to be encrypted. As an alternative to the previous embodiment, when the third-party developer selects encryption according to the rule set by the open platform, a selection interface may be provided for the user to select, and obtain M selected by the user, where M is the number of data segments to be divided, where the obtaining may be performed by obtaining through an input device, and then displaying M icons to the user for the user to select, and the user selects the above graphs on the user interface, where the icons have different serial numbers, and the user selects the data segments to be encrypted through the user graphical interface, that is, obtains the selection of the user on the M icons, thereby obtaining the number N of the icons selected by the user, and the serial numbers of the N icons, that is, the serial numbers of the data segments to be encrypted, and then applies the aforementioned encryption method to process the selected N data segments, and generating corresponding signature, encrypted text and plaintext data block to finish encryption. Through the embodiment, encryption is carried out according to M and N defined by the user, and the personalized requirements of the user are met.
Fig. 2 is a schematic diagram of a data hybrid encryption device according to an embodiment of the present invention, and as shown in fig. 2, in an embodiment of the present invention, there is also provided a data hybrid encryption device, where the encryption device includes:
the segmentation module is used for segmenting data to be encrypted into M data segments;
the selection module is used for selecting N data segments in the M data segments, wherein N is less than or equal to M;
the encryption module is used for encrypting the N data segments into an encrypted text according to a preset second encryption algorithm;
the signature calculation module is used for calculating a signature based on the data information of the segmented data to be encrypted;
the plaintext module is used for assembling the remaining M-N data segments into plaintext data blocks;
and the combination module is used for combining the encrypted text, the data information, the signature and the plaintext data block to obtain encrypted data.
The modules and methods in the above devices correspond to each other, and the technical details and advantageous effects thereof are not described herein again.
Fig. 3 is a schematic diagram of a data hybrid encryption device according to an embodiment of the present invention, as shown in fig. 3, in an embodiment of the present invention, a data hybrid encryption device is further provided, which includes at least one processor, and at least one memory and a bus connected to the processor; the processor and the memory complete mutual communication through the bus; the processor is used for calling the program instructions in the memory to execute the data hybrid encryption method. The processor may include, but is not limited to, a general purpose processor, a special purpose processor, a conventional processor, a plurality of microprocessors, a controller, a microcontroller, an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) circuit, any other type of Integrated Circuit (IC), a state machine, and the like. In a common scenario, the device is preferably a server.
In one embodiment of the present invention, computer program instructions are stored thereon, which when executed by a processor implement the steps of the aforementioned data hybrid encryption method.
The decryption method according to the embodiment of the present invention is provided corresponding to the encryption method described above, and the specific steps thereof are roughly as follows: after receiving L (data information), I (data information), O (data information), SIGN (SIGNATURE), CIPHERTEXT (encrypted text) and MTEXT (plaintext data block), the receiver uses the same data information, data information sequence and key as those of the encryptor to obtain SIGNATURE through HASH (L, I, O, key), compares SIGNATUE with SIGN, and if the two are equal, the verification SIGN is passed; obtaining a data block plaintext D through AES (SIGN, CIPHERTEXT, key) after the signature passes1、D2…DNSince the first 4 bytes of each data block are all O1、O2…ONAnd the following bytes are actual data blocks, and the actual data blocks and the plaintext data blocks MTEXT are restored into original data in sequence, so that original plaintext is obtained.
According to the technical scheme, based on the existing encryption mode, the encryption of the whole data is avoided, the complete data is divided into different data sections according to a certain rule, and the marked data sections are encrypted, so that the encryption and decryption efficiency is improved, the encryption and decryption time is reduced, the flexibility of parameter setting in the encryption and decryption is improved, and the method has good practicability.
While the embodiments of the present invention have been described in detail with reference to the accompanying drawings, the embodiments of the present invention are not limited to the details of the above embodiments, and various simple modifications can be made to the technical solution of the embodiments of the present invention within the technical idea of the embodiments of the present invention, and the simple modifications are within the scope of the embodiments of the present invention.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a device includes one or more processors (CPUs), memory, and a bus. The device may also include input/output interfaces, network interfaces, and the like.
By the technical scheme, the importing rules among the column data can be flexibly configured, the flexibility of data importing is improved, and the importing of unstructured data can be completed.
While the embodiments of the present invention have been described in detail with reference to the accompanying drawings, the embodiments of the present invention are not limited to the details of the above embodiments, and various simple modifications can be made to the technical solution of the embodiments of the present invention within the technical idea of the embodiments of the present invention, and the simple modifications are within the scope of the embodiments of the present invention.
It should be noted that the various features described in the above embodiments may be combined in any suitable manner without departing from the scope of the invention. In order to avoid unnecessary repetition, the embodiments of the present invention will not be described separately for the various possible combinations.
Those skilled in the art will appreciate that all or part of the steps in the method for implementing the above embodiments may be implemented by a program, which is stored in a storage medium and includes several instructions to enable a single chip, a chip, or a processor (processor) to execute all or part of the steps in the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
In addition, any combination of the various embodiments of the present invention is also possible, and the same should be considered as disclosed in the embodiments of the present invention as long as it does not depart from the spirit of the embodiments of the present invention.

Claims (10)

1. A hybrid encryption method for data, the encryption method comprising:
dividing data to be encrypted into M data segments;
selecting N data segments from the M data segments, wherein N is less than or equal to M;
encrypting the N data segments into an encrypted text according to a preset second encryption algorithm; assembling the remaining M-N data segments into plaintext data blocks; calculating a signature based on the data information of the N data segments;
and combining the encrypted text, the plaintext data block, the data information and the signature to obtain encrypted data.
2. The encryption method according to claim 1, wherein before dividing the data to be encrypted into M data segments, the encryption method further comprises:
acquiring the file size of the data to be encrypted;
judging whether the size of the file is smaller than a set threshold value or not;
if the file size is smaller than the set threshold, encrypting the data to be encrypted according to a preset first encryption algorithm; otherwise, executing the step of dividing the data to be encrypted into M data segments and the subsequent steps.
3. The encryption method according to claim 1, wherein the encrypting the N data segments into encrypted text according to a preset second encryption algorithm comprises:
adding the offset of the data segment corresponding to each data segment to the front part of each data segment in the N data segments to obtain N new data blocks;
and encrypting the N new data blocks by using the second encryption algorithm to obtain the encrypted text.
4. The encryption method of claim 3, wherein said computing a signature based on the data information of the N data segments comprises:
calculating the signature based on the data information of the N data segments by using a message digest algorithm; the data information includes a key of the second encryption algorithm and at least one of:
n data segments corresponding to the N data segments,
n data segment initial values corresponding to the N data segments,
and the offsets of the N data segments corresponding to the N data segments.
5. The encryption method of claim 1, wherein said assembling the remaining M-N data segments into a plaintext data block comprises:
and assembling the residual M-N data segments according to the offset of each data segment to obtain the plaintext data block.
6. The encryption method according to any one of claims 1 to 5, wherein before dividing the data to be encrypted into M data segments, the encryption method further comprises:
the value of M is randomly generated, and the value of N is randomly generated within the range of [1, M ].
7. The encryption method according to any one of claims 1 to 5, wherein before dividing the data to be encrypted into M data segments, the encryption method further comprises:
acquiring an M value input by a user, and displaying the M value to the user, wherein the serial numbers of the M icons are different from each other;
acquiring the selection of the M icons by the user, and acquiring the number N of the icons selected by the user and the respective serial numbers of the N icons;
and the respective serial numbers of the N icons correspond to the serial numbers of the data segments needing to be encrypted.
8. A hybrid data encryption device, the encryption device comprising:
the segmentation module is used for segmenting data to be encrypted into M data segments;
the selection module is used for selecting N data segments in the M data segments, wherein N is less than or equal to M;
the encryption module is used for encrypting the N data segments into an encrypted text according to a preset second encryption algorithm;
the plaintext module is used for assembling the remaining M-N data segments into plaintext data blocks;
the signature calculation module is used for calculating a signature based on the data information of the N data segments;
and the combination module is used for combining the encrypted text, the data information, the signature and the plaintext data block to obtain encrypted data.
9. The data hybrid encryption equipment is characterized by comprising at least one processor, at least one memory and a bus, wherein the memory and the bus are connected with the processor; the processor and the memory complete mutual communication through the bus; the processor is configured to call program instructions in the memory to perform the data hybrid encryption method of any one of claims 1 to 7.
10. A storage medium having computer program instructions stored thereon, wherein the computer program instructions, when executed by a processor, implement the data hybrid encryption method of any one of claims 1 to 7.
CN202010071628.6A 2020-01-21 2020-01-21 Data hybrid encryption method, device and equipment Active CN113225297B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010071628.6A CN113225297B (en) 2020-01-21 2020-01-21 Data hybrid encryption method, device and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010071628.6A CN113225297B (en) 2020-01-21 2020-01-21 Data hybrid encryption method, device and equipment

Publications (2)

Publication Number Publication Date
CN113225297A true CN113225297A (en) 2021-08-06
CN113225297B CN113225297B (en) 2023-02-17

Family

ID=77085311

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010071628.6A Active CN113225297B (en) 2020-01-21 2020-01-21 Data hybrid encryption method, device and equipment

Country Status (1)

Country Link
CN (1) CN113225297B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113660234A (en) * 2021-08-10 2021-11-16 中和易茂科技服务(北京)有限公司 Data encryption transmission and decryption method, memory and processor
CN114679254A (en) * 2022-05-30 2022-06-28 深圳联友科技有限公司 Plaintext processing method and device and terminal equipment
CN115378590A (en) * 2022-10-27 2022-11-22 国网浙江义乌市供电有限公司 Energy data safe storage method and system based on block chain
CN117135624A (en) * 2023-10-27 2023-11-28 中国铁道科学研究院集团有限公司通信信号研究所 Vehicle-mounted data wireless downloading method and system based on hybrid encryption and decryption algorithm

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101882995A (en) * 2009-05-06 2010-11-10 中兴通讯股份有限公司 Data sending, receiving and transmitting method and device thereof
CN103345609A (en) * 2013-06-06 2013-10-09 深圳市大成天下信息技术有限公司 Method and device for text encryption and decryption
WO2016202089A1 (en) * 2015-06-19 2016-12-22 中兴通讯股份有限公司 Method, apparatus, and system for encrypting data of remote storage device
CN107193686A (en) * 2016-03-15 2017-09-22 伊姆西公司 Method and apparatus for data backup
CN107733904A (en) * 2017-10-24 2018-02-23 郑州云海信息技术有限公司 A kind of method, apparatus and platform of virtual-machine data encryption and decryption
CN109784071A (en) * 2018-12-28 2019-05-21 易票联支付有限公司 A kind of encryption method of picture, decryption method and processing system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101882995A (en) * 2009-05-06 2010-11-10 中兴通讯股份有限公司 Data sending, receiving and transmitting method and device thereof
CN103345609A (en) * 2013-06-06 2013-10-09 深圳市大成天下信息技术有限公司 Method and device for text encryption and decryption
WO2016202089A1 (en) * 2015-06-19 2016-12-22 中兴通讯股份有限公司 Method, apparatus, and system for encrypting data of remote storage device
CN107193686A (en) * 2016-03-15 2017-09-22 伊姆西公司 Method and apparatus for data backup
CN107733904A (en) * 2017-10-24 2018-02-23 郑州云海信息技术有限公司 A kind of method, apparatus and platform of virtual-machine data encryption and decryption
CN109784071A (en) * 2018-12-28 2019-05-21 易票联支付有限公司 A kind of encryption method of picture, decryption method and processing system

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113660234A (en) * 2021-08-10 2021-11-16 中和易茂科技服务(北京)有限公司 Data encryption transmission and decryption method, memory and processor
CN114679254A (en) * 2022-05-30 2022-06-28 深圳联友科技有限公司 Plaintext processing method and device and terminal equipment
CN115378590A (en) * 2022-10-27 2022-11-22 国网浙江义乌市供电有限公司 Energy data safe storage method and system based on block chain
CN115378590B (en) * 2022-10-27 2023-02-07 国网浙江义乌市供电有限公司 Energy data safe storage method and system based on block chain
CN117135624A (en) * 2023-10-27 2023-11-28 中国铁道科学研究院集团有限公司通信信号研究所 Vehicle-mounted data wireless downloading method and system based on hybrid encryption and decryption algorithm

Also Published As

Publication number Publication date
CN113225297B (en) 2023-02-17

Similar Documents

Publication Publication Date Title
CN113225297B (en) Data hybrid encryption method, device and equipment
CN108809646B (en) Secure shared key sharing system
CN109510703B (en) Data encryption and decryption method and device
CN105812366B (en) Server, anti-crawler system and anti-crawler verification method
CN107078899B (en) Method of obfuscating data
WO2021239059A1 (en) Key rotation method, device, electronic apparatus, and medium
CN109543434B (en) Block chain information encryption method, decryption method, storage method and device
CN110324321B (en) Data processing method and device
CN111404952B (en) Transformer substation data encryption transmission method and device, computer equipment and storage medium
CN108199847B (en) Digital security processing method, computer device, and storage medium
CN112804133B (en) Encryption group chat method and system based on blockchain technology
CN117240625B (en) Tamper-resistant data processing method and device and electronic equipment
JPWO2020165932A1 (en) Information processing equipment, secret calculation method and program
CN111404892B (en) Data supervision method and device and server
CN115883052A (en) Data encryption method, data decryption method, device and storage medium
CN114417364A (en) Data encryption method, federal modeling method, apparatus and computer device
CN111246407B (en) Data encryption and decryption method and device for short message transmission
CN113688399A (en) Firmware digital signature protection method and device, computer equipment and storage medium
CN108234466A (en) Information encryption communication method, device, computing device and storage medium
CN117201120A (en) Information encryption method, device, computer equipment and storage medium
CN108964899B (en) Method and device for timing encryption of dynamic formula and multiple synchronous dynamic passwords
CN113542187A (en) File uploading and downloading method and device, computer device and medium
CN111949996A (en) Generation method, encryption method, system, device and medium of security private key
CN115758402A (en) Artificial intelligence model federal learning method combining homomorphic encryption and model watermarking
CN114553557A (en) Key calling method, key calling device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant