CN113347153A - File encryption transmission method combining identity authentication and dynamic key - Google Patents
File encryption transmission method combining identity authentication and dynamic key Download PDFInfo
- Publication number
- CN113347153A CN113347153A CN202110497730.7A CN202110497730A CN113347153A CN 113347153 A CN113347153 A CN 113347153A CN 202110497730 A CN202110497730 A CN 202110497730A CN 113347153 A CN113347153 A CN 113347153A
- Authority
- CN
- China
- Prior art keywords
- file
- encrypted
- key
- symmetric encryption
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 11
- 230000005540 biological transmission Effects 0.000 title claims abstract description 10
- 230000003993 interaction Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a file encryption transmission method combining identity authentication and a dynamic key. The file sender of the invention: dynamically generating a symmetric encryption algorithm and a secret key; encrypting the file content by using the generated symmetric encryption algorithm and the key; encrypting the symmetric encryption algorithm and the key by using a public key of a receiver; and encrypting the symmetric encryption algorithm and the key information after the public key of the receiver is encrypted by using the private key of the sender. The file receiver: decrypting by using the public key of the sender to obtain a symmetric encryption algorithm and key information after the public key of the receiver is encrypted; decrypting the symmetric encryption algorithm and the key information encrypted by the public key of the receiver by using the private key of the receiver to obtain the symmetric encryption algorithm and the key; and decrypting the file content by using a symmetric encryption algorithm and a key to obtain the original data of the file. The invention needs less keys and the key exchange is convenient.
Description
Technical Field
The invention provides a file encryption transmission method combining identity authentication and a dynamic key for point-to-point file security transmission.
Background
In the file interaction between the sender and the receiver, in order to prevent the data in the file from being leaked, the file data needs to be encrypted. The current mode is that a symmetric encryption algorithm is adopted, a sender and a receiver agree on a key, the sender encrypts original data in a file by adopting the encryption algorithm and the appointed key, and then the encrypted file is sent to the receiver; after receiving the file, the receiver decrypts the file by adopting an encryption algorithm and an agreed key to obtain the original data.
This method has the following disadvantages:
the key is many: if N points exist, files need to be transmitted between every two points, a key needs to be generated and maintained for each two points, and at least generation and maintenance are needed in totalA key.
The key exchange is cumbersome: the exchange key cannot be directly transmitted in a public way, and must be transmitted point to point and transmitted in an additional safety mode.
Disclosure of Invention
The invention provides a solution that each file independent algorithm and key are provided for both the file receiving and transmitting parties, and both the receiving party and the transmitting party can verify the identity of the opposite party.
The technical scheme adopted by the invention for solving the technical problems is as follows:
a file encryption transmission method combining identity authentication and a dynamic key is characterized in that a symmetric encryption algorithm and an encryption key are adopted to encrypt and decrypt file contents. The method comprises the following concrete steps:
a sender:
and (1) randomly selecting a symmetric encryption algorithm from a selectable symmetric encryption algorithm list.
And (2) generating a random symmetric encryption key according to the selected symmetric encryption algorithm.
And (3) encrypting the file content plaintext by using a symmetric encryption algorithm and a symmetric encryption key to generate a file content ciphertext.
And (4) signing the file content ciphertext by using a sender private key to generate signature information.
And (5) connecting the symmetric encryption algorithm with the symmetric encryption key to generate encryption information I.
And (6) encrypting the encrypted information I by using the public key of the receiver to generate encrypted information II which can be decrypted by the receiver.
And (7) the signature information and the encrypted information II which can be decrypted by the receiver are used as file header information I.
And (8) encrypting the file header information I by using a private key of the sender to generate encrypted file header information II.
And (9) generating an encrypted file by the encrypted file header information II and the encrypted file content, and sending the encrypted file to a receiving party.
The receiving side:
step 1, after receiving the encrypted file, the receiver obtains encrypted file header information II and encrypted file content.
And 2, decrypting the encrypted file header information II by using the public key of the sender to obtain file header information I, and simultaneously verifying that the file header information I is sent by the sender.
And 3, checking the signature by using the public key of the sender and the signature information and the encrypted file content in the file header information I, and confirming that the encrypted file content is encrypted by using the encryption information I in the file header information I.
Step 4, decrypting the encrypted information II in the file header information I by using a private key of a receiving party to obtain encrypted information I, namely a symmetric encryption algorithm and a symmetric encryption key; . Thereby verifying that the file is addressed to the recipient.
And 5, decrypting the encrypted file content by using a symmetric encryption algorithm and a symmetric encryption key to obtain a file content plaintext.
The invention has the following beneficial effects:
the invention provides a novel file interaction method, wherein each file is encrypted by using a symmetric encryption algorithm and an encryption key which are randomly generated, and then the information of the symmetric encryption algorithm and the encryption key is encrypted by using a public key of a receiver and then transmitted to the receiver along with the file transmission; the receiver decrypts by using the private key to obtain the symmetric encryption algorithm and the symmetric encryption key, and decrypts the content of the file by using the symmetric encryption algorithm and the symmetric encryption key to obtain the original information of the file.
The invention has the following advantages:
1) the number of keys is small: if N points exist, files need to be transmitted pairwise, only 1 public-private key pair needs to be generated and maintained for each point, and keys do not need to be maintained for each two points independently, so that N points only need to maintain N public-private key pairs.
2) The key exchange is convenient: each point can publish its own public key and retain its own private key. When a sender needs to send a file, fixed-point encryption transmission can be realized only by obtaining a public key disclosed by a receiving point.
Drawings
FIG. 1 is a flow chart of a sender according to the present invention.
Fig. 2 is a flow chart of a receiving side according to the present invention.
Detailed Description
The invention is further illustrated by the following figures and examples.
As shown in fig. 1 and fig. 2, a file encryption transmission method combining identity authentication and a dynamic key, which uses a symmetric encryption algorithm and an encryption key to encrypt and decrypt file contents. The method comprises the following concrete steps:
a sender:
and (1) randomly selecting a symmetric encryption algorithm from a selectable symmetric encryption algorithm list.
And (2) generating a random symmetric encryption key according to the selected symmetric encryption algorithm.
And (3) encrypting the file content plaintext by using a symmetric encryption algorithm and a symmetric encryption key to generate a file content ciphertext.
And (4) signing the file content ciphertext by using a sender private key to generate signature information.
And (5) connecting the symmetric encryption algorithm with the symmetric encryption key to generate encryption information I.
And (6) encrypting the encrypted information I by using the public key of the receiver to generate encrypted information II which can be decrypted by the receiver.
And (7) the signature information and the encrypted information II which can be decrypted by the receiver are used as file header information I.
And (8) encrypting the file header information I by using a private key of the sender to generate encrypted file header information II.
And (9) generating an encrypted file by the encrypted file header information II and the encrypted file content, and sending the encrypted file to a receiving party.
The receiving side:
step 1, after receiving the encrypted file, the receiver obtains encrypted file header information II and encrypted file content.
And 2, decrypting the encrypted file header information II by using the public key of the sender to obtain file header information I, and simultaneously verifying that the file header information I is sent by the sender.
And 3, checking the signature by using the public key of the sender and the signature information and the encrypted file content in the file header information I, and confirming that the encrypted file content is encrypted by using the encryption information I in the file header information I.
Step 4, decrypting the encrypted information II in the file header information I by using a private key of a receiving party to obtain encrypted information I, namely a symmetric encryption algorithm and a symmetric encryption key; . Thereby verifying that the file is addressed to the recipient.
And 5, decrypting the encrypted file content by using a symmetric encryption algorithm and a symmetric encryption key to obtain a file content plaintext.
Claims (1)
1. A file encryption transmission method combining identity authentication and dynamic keys is characterized by comprising the following concrete implementation steps:
a sender:
randomly selecting a symmetric encryption algorithm from a selectable symmetric encryption algorithm list;
step (2) generating a random symmetric encryption key according to the selected symmetric encryption algorithm;
encrypting a file content plaintext by using a symmetric encryption algorithm and a symmetric encryption key to generate a file content ciphertext;
step (4) signing the file content ciphertext by using a sender private key to generate signature information;
step (5) connecting the symmetric encryption algorithm with the symmetric encryption key to generate encryption information I;
step (6) encrypting the encrypted information I by using a public key of a receiver to generate encrypted information II which can be decrypted by the receiver;
step (7) the signature information and the encrypted information II which can be decrypted by the receiver are used as file header information I;
step (8) encrypting the file header information I by using a private key of a sender to generate encrypted file header information II;
step (9) generating an encrypted file by the encrypted file header information II and the encrypted file content, and sending the encrypted file to a receiver;
the receiving side:
step 1, after receiving the encrypted file, a receiver obtains encrypted file header information II and encrypted file content;
step 2, decrypting the encrypted file header information II by using a public key of a sender to obtain file header information I, and simultaneously verifying that the file header information I is sent by the sender;
step 3, checking the signature by using the public key of the sender and the signature information and the encrypted file content in the file header information I, and confirming that the encrypted file content is encrypted by using the encryption information I in the file header information I;
step 4, decrypting the encrypted information II in the file header information I by using a private key of a receiving party to obtain encrypted information I, namely a symmetric encryption algorithm and a symmetric encryption key; (ii) a Thereby verifying that the file is addressed to the recipient;
and 5, decrypting the encrypted file content by using a symmetric encryption algorithm and a symmetric encryption key to obtain a file content plaintext.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110497730.7A CN113347153A (en) | 2021-05-07 | 2021-05-07 | File encryption transmission method combining identity authentication and dynamic key |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110497730.7A CN113347153A (en) | 2021-05-07 | 2021-05-07 | File encryption transmission method combining identity authentication and dynamic key |
Publications (1)
Publication Number | Publication Date |
---|---|
CN113347153A true CN113347153A (en) | 2021-09-03 |
Family
ID=77469856
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110497730.7A Pending CN113347153A (en) | 2021-05-07 | 2021-05-07 | File encryption transmission method combining identity authentication and dynamic key |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113347153A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116910790A (en) * | 2023-09-11 | 2023-10-20 | 四川建设网有限责任公司 | Bid file encryption method with self-integrity checking function |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060093150A1 (en) * | 2004-10-29 | 2006-05-04 | Prakash Reddy | Off-loading data re-encryption in encrypted data management systems |
CN101203025A (en) * | 2006-12-15 | 2008-06-18 | 上海晨兴电子科技有限公司 | Method for transmitting and receiving safe mobile message |
CN101442409A (en) * | 2007-11-23 | 2009-05-27 | 东方钢铁电子商务有限公司 | Encipher method and system for B2B data exchange |
CN103198264A (en) * | 2013-03-14 | 2013-07-10 | 厦门市美亚柏科信息股份有限公司 | Method and device for recovering encrypted file system data |
CN105281909A (en) * | 2015-06-26 | 2016-01-27 | 浙江巨联科技股份有限公司 | Encryption and decryption mechanism and internet of things lock system using encryption and decryption mechanism |
CN106557707A (en) * | 2015-09-29 | 2017-04-05 | 苏宁云商集团股份有限公司 | A kind of method and system for processing document data |
CN107342977A (en) * | 2017-05-26 | 2017-11-10 | 芯盾网安(北京)科技发展有限公司 | Suitable for the information security method of point-to-point instant messaging |
-
2021
- 2021-05-07 CN CN202110497730.7A patent/CN113347153A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060093150A1 (en) * | 2004-10-29 | 2006-05-04 | Prakash Reddy | Off-loading data re-encryption in encrypted data management systems |
CN101203025A (en) * | 2006-12-15 | 2008-06-18 | 上海晨兴电子科技有限公司 | Method for transmitting and receiving safe mobile message |
CN101442409A (en) * | 2007-11-23 | 2009-05-27 | 东方钢铁电子商务有限公司 | Encipher method and system for B2B data exchange |
CN103198264A (en) * | 2013-03-14 | 2013-07-10 | 厦门市美亚柏科信息股份有限公司 | Method and device for recovering encrypted file system data |
CN105281909A (en) * | 2015-06-26 | 2016-01-27 | 浙江巨联科技股份有限公司 | Encryption and decryption mechanism and internet of things lock system using encryption and decryption mechanism |
CN106557707A (en) * | 2015-09-29 | 2017-04-05 | 苏宁云商集团股份有限公司 | A kind of method and system for processing document data |
CN107342977A (en) * | 2017-05-26 | 2017-11-10 | 芯盾网安(北京)科技发展有限公司 | Suitable for the information security method of point-to-point instant messaging |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116910790A (en) * | 2023-09-11 | 2023-10-20 | 四川建设网有限责任公司 | Bid file encryption method with self-integrity checking function |
CN116910790B (en) * | 2023-09-11 | 2023-11-24 | 四川建设网有限责任公司 | Bid file encryption method with self-integrity checking function |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109743171B (en) | Key series method for solving multi-party digital signature, timestamp and encryption | |
CN101594228B (en) | Certification encrypting method between certificate public key system and identity public key system | |
CN101262341A (en) | A mixed encryption method in session system | |
US11870891B2 (en) | Certificateless public key encryption using pairings | |
CN102025505A (en) | Advanced encryption standard (AES) algorithm-based encryption/decryption method and device | |
US20210165914A1 (en) | Cryptographic method for verifying data | |
CN110120939A (en) | A kind of encryption method and system of the deniable authentication based on heterogeneous system | |
CN106685969A (en) | Hybrid-encrypted information transmission method and transmission system | |
CN110113150A (en) | The encryption method and system of deniable authentication based on no certificate environment | |
CN104901803A (en) | Data interaction safety protection method based on CPK identity authentication technology | |
Weaver | Secure sockets layer | |
CN106713349B (en) | Inter-group proxy re-encryption method capable of resisting attack of selecting cipher text | |
US20200351100A1 (en) | Cryptographic method for verifying data | |
CN113285959A (en) | Mail encryption method, decryption method and encryption and decryption system | |
CN106533656A (en) | Key multilayer mixed encryption/decryption method based on WSN | |
CN112055022A (en) | High-efficiency and high-security network file transmission double encryption method | |
CN112738133A (en) | RSA authentication method | |
CN112532648A (en) | Security access method and system based on hybrid cryptosystem | |
CA2819211A1 (en) | Data encryption | |
JP2001211154A (en) | Secret key generating method, ciphering method, and cipher communication method | |
CN101964039B (en) | Encryption protection method and system of copyright object | |
US20070183600A1 (en) | Secure Cryptographic Communication System Using Kem-Dem | |
KR20040009766A (en) | Apparatus and method for transmitting and receiving in encryption system | |
CN113347153A (en) | File encryption transmission method combining identity authentication and dynamic key | |
Al-Janabi et al. | for Securing E-Mail |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210903 |
|
RJ01 | Rejection of invention patent application after publication |