CN113347153A - File encryption transmission method combining identity authentication and dynamic key - Google Patents

File encryption transmission method combining identity authentication and dynamic key Download PDF

Info

Publication number
CN113347153A
CN113347153A CN202110497730.7A CN202110497730A CN113347153A CN 113347153 A CN113347153 A CN 113347153A CN 202110497730 A CN202110497730 A CN 202110497730A CN 113347153 A CN113347153 A CN 113347153A
Authority
CN
China
Prior art keywords
file
encrypted
key
symmetric encryption
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110497730.7A
Other languages
Chinese (zh)
Inventor
蒋骥
方汉林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Baorong Technology Co ltd
Original Assignee
Zhejiang Baorong Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Baorong Technology Co ltd filed Critical Zhejiang Baorong Technology Co ltd
Priority to CN202110497730.7A priority Critical patent/CN113347153A/en
Publication of CN113347153A publication Critical patent/CN113347153A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a file encryption transmission method combining identity authentication and a dynamic key. The file sender of the invention: dynamically generating a symmetric encryption algorithm and a secret key; encrypting the file content by using the generated symmetric encryption algorithm and the key; encrypting the symmetric encryption algorithm and the key by using a public key of a receiver; and encrypting the symmetric encryption algorithm and the key information after the public key of the receiver is encrypted by using the private key of the sender. The file receiver: decrypting by using the public key of the sender to obtain a symmetric encryption algorithm and key information after the public key of the receiver is encrypted; decrypting the symmetric encryption algorithm and the key information encrypted by the public key of the receiver by using the private key of the receiver to obtain the symmetric encryption algorithm and the key; and decrypting the file content by using a symmetric encryption algorithm and a key to obtain the original data of the file. The invention needs less keys and the key exchange is convenient.

Description

File encryption transmission method combining identity authentication and dynamic key
Technical Field
The invention provides a file encryption transmission method combining identity authentication and a dynamic key for point-to-point file security transmission.
Background
In the file interaction between the sender and the receiver, in order to prevent the data in the file from being leaked, the file data needs to be encrypted. The current mode is that a symmetric encryption algorithm is adopted, a sender and a receiver agree on a key, the sender encrypts original data in a file by adopting the encryption algorithm and the appointed key, and then the encrypted file is sent to the receiver; after receiving the file, the receiver decrypts the file by adopting an encryption algorithm and an agreed key to obtain the original data.
This method has the following disadvantages:
the key is many: if N points exist, files need to be transmitted between every two points, a key needs to be generated and maintained for each two points, and at least generation and maintenance are needed in total
Figure RE-GDA0003176028330000011
A key.
The key exchange is cumbersome: the exchange key cannot be directly transmitted in a public way, and must be transmitted point to point and transmitted in an additional safety mode.
Disclosure of Invention
The invention provides a solution that each file independent algorithm and key are provided for both the file receiving and transmitting parties, and both the receiving party and the transmitting party can verify the identity of the opposite party.
The technical scheme adopted by the invention for solving the technical problems is as follows:
a file encryption transmission method combining identity authentication and a dynamic key is characterized in that a symmetric encryption algorithm and an encryption key are adopted to encrypt and decrypt file contents. The method comprises the following concrete steps:
a sender:
and (1) randomly selecting a symmetric encryption algorithm from a selectable symmetric encryption algorithm list.
And (2) generating a random symmetric encryption key according to the selected symmetric encryption algorithm.
And (3) encrypting the file content plaintext by using a symmetric encryption algorithm and a symmetric encryption key to generate a file content ciphertext.
And (4) signing the file content ciphertext by using a sender private key to generate signature information.
And (5) connecting the symmetric encryption algorithm with the symmetric encryption key to generate encryption information I.
And (6) encrypting the encrypted information I by using the public key of the receiver to generate encrypted information II which can be decrypted by the receiver.
And (7) the signature information and the encrypted information II which can be decrypted by the receiver are used as file header information I.
And (8) encrypting the file header information I by using a private key of the sender to generate encrypted file header information II.
And (9) generating an encrypted file by the encrypted file header information II and the encrypted file content, and sending the encrypted file to a receiving party.
The receiving side:
step 1, after receiving the encrypted file, the receiver obtains encrypted file header information II and encrypted file content.
And 2, decrypting the encrypted file header information II by using the public key of the sender to obtain file header information I, and simultaneously verifying that the file header information I is sent by the sender.
And 3, checking the signature by using the public key of the sender and the signature information and the encrypted file content in the file header information I, and confirming that the encrypted file content is encrypted by using the encryption information I in the file header information I.
Step 4, decrypting the encrypted information II in the file header information I by using a private key of a receiving party to obtain encrypted information I, namely a symmetric encryption algorithm and a symmetric encryption key; . Thereby verifying that the file is addressed to the recipient.
And 5, decrypting the encrypted file content by using a symmetric encryption algorithm and a symmetric encryption key to obtain a file content plaintext.
The invention has the following beneficial effects:
the invention provides a novel file interaction method, wherein each file is encrypted by using a symmetric encryption algorithm and an encryption key which are randomly generated, and then the information of the symmetric encryption algorithm and the encryption key is encrypted by using a public key of a receiver and then transmitted to the receiver along with the file transmission; the receiver decrypts by using the private key to obtain the symmetric encryption algorithm and the symmetric encryption key, and decrypts the content of the file by using the symmetric encryption algorithm and the symmetric encryption key to obtain the original information of the file.
The invention has the following advantages:
1) the number of keys is small: if N points exist, files need to be transmitted pairwise, only 1 public-private key pair needs to be generated and maintained for each point, and keys do not need to be maintained for each two points independently, so that N points only need to maintain N public-private key pairs.
2) The key exchange is convenient: each point can publish its own public key and retain its own private key. When a sender needs to send a file, fixed-point encryption transmission can be realized only by obtaining a public key disclosed by a receiving point.
Drawings
FIG. 1 is a flow chart of a sender according to the present invention.
Fig. 2 is a flow chart of a receiving side according to the present invention.
Detailed Description
The invention is further illustrated by the following figures and examples.
As shown in fig. 1 and fig. 2, a file encryption transmission method combining identity authentication and a dynamic key, which uses a symmetric encryption algorithm and an encryption key to encrypt and decrypt file contents. The method comprises the following concrete steps:
a sender:
and (1) randomly selecting a symmetric encryption algorithm from a selectable symmetric encryption algorithm list.
And (2) generating a random symmetric encryption key according to the selected symmetric encryption algorithm.
And (3) encrypting the file content plaintext by using a symmetric encryption algorithm and a symmetric encryption key to generate a file content ciphertext.
And (4) signing the file content ciphertext by using a sender private key to generate signature information.
And (5) connecting the symmetric encryption algorithm with the symmetric encryption key to generate encryption information I.
And (6) encrypting the encrypted information I by using the public key of the receiver to generate encrypted information II which can be decrypted by the receiver.
And (7) the signature information and the encrypted information II which can be decrypted by the receiver are used as file header information I.
And (8) encrypting the file header information I by using a private key of the sender to generate encrypted file header information II.
And (9) generating an encrypted file by the encrypted file header information II and the encrypted file content, and sending the encrypted file to a receiving party.
The receiving side:
step 1, after receiving the encrypted file, the receiver obtains encrypted file header information II and encrypted file content.
And 2, decrypting the encrypted file header information II by using the public key of the sender to obtain file header information I, and simultaneously verifying that the file header information I is sent by the sender.
And 3, checking the signature by using the public key of the sender and the signature information and the encrypted file content in the file header information I, and confirming that the encrypted file content is encrypted by using the encryption information I in the file header information I.
Step 4, decrypting the encrypted information II in the file header information I by using a private key of a receiving party to obtain encrypted information I, namely a symmetric encryption algorithm and a symmetric encryption key; . Thereby verifying that the file is addressed to the recipient.
And 5, decrypting the encrypted file content by using a symmetric encryption algorithm and a symmetric encryption key to obtain a file content plaintext.

Claims (1)

1. A file encryption transmission method combining identity authentication and dynamic keys is characterized by comprising the following concrete implementation steps:
a sender:
randomly selecting a symmetric encryption algorithm from a selectable symmetric encryption algorithm list;
step (2) generating a random symmetric encryption key according to the selected symmetric encryption algorithm;
encrypting a file content plaintext by using a symmetric encryption algorithm and a symmetric encryption key to generate a file content ciphertext;
step (4) signing the file content ciphertext by using a sender private key to generate signature information;
step (5) connecting the symmetric encryption algorithm with the symmetric encryption key to generate encryption information I;
step (6) encrypting the encrypted information I by using a public key of a receiver to generate encrypted information II which can be decrypted by the receiver;
step (7) the signature information and the encrypted information II which can be decrypted by the receiver are used as file header information I;
step (8) encrypting the file header information I by using a private key of a sender to generate encrypted file header information II;
step (9) generating an encrypted file by the encrypted file header information II and the encrypted file content, and sending the encrypted file to a receiver;
the receiving side:
step 1, after receiving the encrypted file, a receiver obtains encrypted file header information II and encrypted file content;
step 2, decrypting the encrypted file header information II by using a public key of a sender to obtain file header information I, and simultaneously verifying that the file header information I is sent by the sender;
step 3, checking the signature by using the public key of the sender and the signature information and the encrypted file content in the file header information I, and confirming that the encrypted file content is encrypted by using the encryption information I in the file header information I;
step 4, decrypting the encrypted information II in the file header information I by using a private key of a receiving party to obtain encrypted information I, namely a symmetric encryption algorithm and a symmetric encryption key; (ii) a Thereby verifying that the file is addressed to the recipient;
and 5, decrypting the encrypted file content by using a symmetric encryption algorithm and a symmetric encryption key to obtain a file content plaintext.
CN202110497730.7A 2021-05-07 2021-05-07 File encryption transmission method combining identity authentication and dynamic key Pending CN113347153A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110497730.7A CN113347153A (en) 2021-05-07 2021-05-07 File encryption transmission method combining identity authentication and dynamic key

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110497730.7A CN113347153A (en) 2021-05-07 2021-05-07 File encryption transmission method combining identity authentication and dynamic key

Publications (1)

Publication Number Publication Date
CN113347153A true CN113347153A (en) 2021-09-03

Family

ID=77469856

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110497730.7A Pending CN113347153A (en) 2021-05-07 2021-05-07 File encryption transmission method combining identity authentication and dynamic key

Country Status (1)

Country Link
CN (1) CN113347153A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116910790A (en) * 2023-09-11 2023-10-20 四川建设网有限责任公司 Bid file encryption method with self-integrity checking function

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060093150A1 (en) * 2004-10-29 2006-05-04 Prakash Reddy Off-loading data re-encryption in encrypted data management systems
CN101203025A (en) * 2006-12-15 2008-06-18 上海晨兴电子科技有限公司 Method for transmitting and receiving safe mobile message
CN101442409A (en) * 2007-11-23 2009-05-27 东方钢铁电子商务有限公司 Encipher method and system for B2B data exchange
CN103198264A (en) * 2013-03-14 2013-07-10 厦门市美亚柏科信息股份有限公司 Method and device for recovering encrypted file system data
CN105281909A (en) * 2015-06-26 2016-01-27 浙江巨联科技股份有限公司 Encryption and decryption mechanism and internet of things lock system using encryption and decryption mechanism
CN106557707A (en) * 2015-09-29 2017-04-05 苏宁云商集团股份有限公司 A kind of method and system for processing document data
CN107342977A (en) * 2017-05-26 2017-11-10 芯盾网安(北京)科技发展有限公司 Suitable for the information security method of point-to-point instant messaging

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060093150A1 (en) * 2004-10-29 2006-05-04 Prakash Reddy Off-loading data re-encryption in encrypted data management systems
CN101203025A (en) * 2006-12-15 2008-06-18 上海晨兴电子科技有限公司 Method for transmitting and receiving safe mobile message
CN101442409A (en) * 2007-11-23 2009-05-27 东方钢铁电子商务有限公司 Encipher method and system for B2B data exchange
CN103198264A (en) * 2013-03-14 2013-07-10 厦门市美亚柏科信息股份有限公司 Method and device for recovering encrypted file system data
CN105281909A (en) * 2015-06-26 2016-01-27 浙江巨联科技股份有限公司 Encryption and decryption mechanism and internet of things lock system using encryption and decryption mechanism
CN106557707A (en) * 2015-09-29 2017-04-05 苏宁云商集团股份有限公司 A kind of method and system for processing document data
CN107342977A (en) * 2017-05-26 2017-11-10 芯盾网安(北京)科技发展有限公司 Suitable for the information security method of point-to-point instant messaging

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116910790A (en) * 2023-09-11 2023-10-20 四川建设网有限责任公司 Bid file encryption method with self-integrity checking function
CN116910790B (en) * 2023-09-11 2023-11-24 四川建设网有限责任公司 Bid file encryption method with self-integrity checking function

Similar Documents

Publication Publication Date Title
CN109743171B (en) Key series method for solving multi-party digital signature, timestamp and encryption
CN101594228B (en) Certification encrypting method between certificate public key system and identity public key system
CN101262341A (en) A mixed encryption method in session system
US11870891B2 (en) Certificateless public key encryption using pairings
CN102025505A (en) Advanced encryption standard (AES) algorithm-based encryption/decryption method and device
US20210165914A1 (en) Cryptographic method for verifying data
CN110120939A (en) A kind of encryption method and system of the deniable authentication based on heterogeneous system
CN106685969A (en) Hybrid-encrypted information transmission method and transmission system
CN110113150A (en) The encryption method and system of deniable authentication based on no certificate environment
CN104901803A (en) Data interaction safety protection method based on CPK identity authentication technology
Weaver Secure sockets layer
CN106713349B (en) Inter-group proxy re-encryption method capable of resisting attack of selecting cipher text
US20200351100A1 (en) Cryptographic method for verifying data
CN113285959A (en) Mail encryption method, decryption method and encryption and decryption system
CN106533656A (en) Key multilayer mixed encryption/decryption method based on WSN
CN112055022A (en) High-efficiency and high-security network file transmission double encryption method
CN112738133A (en) RSA authentication method
CN112532648A (en) Security access method and system based on hybrid cryptosystem
CA2819211A1 (en) Data encryption
JP2001211154A (en) Secret key generating method, ciphering method, and cipher communication method
CN101964039B (en) Encryption protection method and system of copyright object
US20070183600A1 (en) Secure Cryptographic Communication System Using Kem-Dem
KR20040009766A (en) Apparatus and method for transmitting and receiving in encryption system
CN113347153A (en) File encryption transmission method combining identity authentication and dynamic key
Al-Janabi et al. for Securing E-Mail

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20210903

RJ01 Rejection of invention patent application after publication