CN114155885A - File encryption method, recording method, decryption method, device and computing equipment - Google Patents

Abstract

The invention discloses a file encryption method, a recording method, a decryption device and computing equipment. The file encryption method comprises the following steps: the method comprises the steps of obtaining a first user secret key, calculating a file name abstract of each file to be encrypted according to a first preset encryption algorithm to serve as a public key, encrypting the file by utilizing the public key and according to a second preset encryption algorithm, and packaging all encrypted files to obtain an encrypted data packet to be recorded, wherein the encrypted data packet comprises a corresponding optical disc file system, an encryption identifier is stored in a first preset field of the encrypted data packet, and the first user secret key is stored in one or more second preset fields. The burning method burns the encrypted data packet to be burnt to the optical disc, and decrypts the encrypted data packet through the decryption method.

Description

File encryption method, recording method, decryption method, device and computing equipment

Technical Field

The invention relates to the technical field of file management, in particular to a file encryption method, a recording method, a decryption method, a device and computing equipment.

Background

In modern operating systems, the organization and access of data in storage media need to be operated by a file system, and the organization and access of data in optical Disc media are operated by an optical Disc file system, wherein the optical Disc file system includes two optical Disc file systems, ISO9660 and UDF (Universal Disc file system).

In operating system platforms such as Linux, some applications for disk encryption exist at present. For example, a safe of a UOS (unified Operating System) file manager, the application is to divide an original file into a plurality of blocks, encrypt the blocks, and mount the blocks on the System through an encrypted file System such as cryfs, so as to complete the encryption process of the file; in addition, the file decryption process is also performed in the encrypted file system. However, at present, in some operating system platforms such as Linux, no application for encrypting a data optical disc is available.

Disclosure of Invention

To this end, the present invention provides a file encryption method, a burning method, a decryption method, apparatuses and a computing device in an attempt to solve or at least alleviate at least one of the above problems.

According to an aspect of the present invention, there is provided a file encryption method for optical disc recording, including: acquiring a first user key; calculating a file name abstract according to a first preset encryption algorithm for each file to be encrypted to serve as a public key of the file to be encrypted, and encrypting the file to be encrypted by using the public key of the file to be encrypted and according to a second preset encryption algorithm to obtain a corresponding encrypted file; and packaging all the encrypted files to obtain an encrypted data packet to be recorded, wherein the encrypted data packet comprises a corresponding optical disc file system, an encrypted identifier is stored in a first preset field of the optical disc file system, and the first user key is stored in one or more second preset fields of the optical disc file system.

Optionally, in the file encryption method according to the present invention, before the step of calculating the file name digest according to the first predetermined encryption algorithm, the method further includes: adding salt to the file name; the salt is calculated from the first user key.

Optionally, in the file encryption method according to the present invention, a file name of each encrypted file in the encrypted data packet is not encrypted.

Optionally, in the file encryption method according to the present invention, the first preset field of the optical disc file system is a corresponding field of a first query volume descriptor key pointer of the optical disc file system; the one or more second preset fields of the optical disc file system include: and the corresponding field of the second inquiring volume descriptor key pointer and/or the third inquiring volume descriptor key pointer of the optical disc file system.

According to another aspect of the present invention, there is also provided a file encryption recording method, including: encrypting the file to be encrypted by using the file encryption method to obtain an encrypted data packet to be recorded; and burning the encrypted data packet to be burnt into the accessed optical disc.

According to another aspect of the present invention, there is provided a file decryption method for an encrypted optical disc, where the encrypted optical disc is recorded by the above-mentioned file encryption recording method, the file decryption method includes: reading data of a first preset field of an optical disc file system accessed to an optical disc in response to a received optical disc access signal, and judging whether the optical disc is an encrypted optical disc or not based on the data of the first preset field; prompting the user to input a second user key under the condition that the optical disk is judged to be the encrypted optical disk; judging whether the second user key is consistent with a first user key corresponding to the optical disc, wherein the first user key is obtained according to data of one or more second preset fields of an optical disc file system; under the condition that the second user key is judged to be consistent with the first user key, responding to a file reading request of a user, calculating a file name abstract corresponding to the file reading request according to a first preset encryption algorithm to be used as a public key of an encrypted file corresponding to the file reading request, and decrypting the encrypted file according to a second preset encryption algorithm and by using the public key of the encrypted file corresponding to the file reading request so as to present the decrypted file content to the user.

Optionally, in the file decryption method according to the present invention, the decrypted file content is presented to the user through a user-mode file system implemented based on fuse; the user mode file system is used for mapping the optical disk file list of the encrypted optical disk and forwarding an input/output request through the kernel virtual file system module; in response to a file reading request of a user, a file manager redirects a file corresponding to the file reading request to the user-mode file system through a url, and after the user-mode file system obtains the url of the file corresponding to the file reading request, the user-mode file system decrypts an encrypted file corresponding to the encrypted optical disc and then transfers the encrypted file to an application program for presentation.

According to another aspect of the present invention, there is also provided an encrypted optical disc file processing method, including: in response to the received encryption packaging request, encrypting the file to be encrypted by using the file encryption method; in response to the received encryption burning request, carrying out encryption burning on the file to be encrypted by using the file encryption burning method; in response to the received optical disc access signal, the accessed encrypted optical disc is decrypted and read by using the file decryption method as described above.

According to another aspect of the present invention, there is also provided a file encryption apparatus for optical disc recording, including: an acquisition unit configured to acquire a first user key; the encryption unit is used for calculating a file name abstract according to a first preset encryption algorithm for each file to be encrypted to serve as a public key of the file to be encrypted, and encrypting the file to be encrypted by using the public key of the file to be encrypted and according to a second preset encryption algorithm to obtain a corresponding encrypted file; and the packaging unit is used for packaging all the encrypted files to obtain an encrypted data packet to be recorded, and enabling the encrypted data packet to contain a corresponding optical disc file system, wherein an encrypted identifier is stored in a first preset field of the optical disc file system, and the first user key is stored in one or more second preset fields of the optical disc file system.

According to another aspect of the present invention, there is also provided a file encryption recording apparatus, including: the file encryption device is used for encrypting a file to be encrypted to obtain an encrypted data packet to be recorded; and a recording unit, configured to record the encrypted data packet to be recorded into an accessed optical disc.

According to another aspect of the present invention, there is provided a file decryption apparatus for an encrypted optical disc, the encrypted optical disc being recorded by the file encryption recording apparatus, the file decryption apparatus comprising: a first judging unit, configured to read data of a first preset field of an optical disc file system accessed to an optical disc in response to a received optical disc access signal, and judge whether the optical disc is an encrypted optical disc based on the data of the first preset field; a second determining unit, configured to prompt a user to input a second user key when the optical disc is determined to be an encrypted optical disc, and determine whether the second user key is consistent with a first user key corresponding to the optical disc, where the first user key is obtained according to data of one or more second preset fields of an optical disc file system; and the decryption unit is used for responding to a file reading request of a user under the condition that the second user key is judged to be consistent with the first user key, calculating a file name abstract corresponding to the file reading request according to a first preset encryption algorithm to be used as a public key of an encrypted file corresponding to the file reading request, and decrypting the encrypted file according to a second preset encryption algorithm and by using the public key of the encrypted file corresponding to the file reading request so as to present the decrypted file content to the user.

According to another aspect of the present invention, there is also provided an encrypted optical disc file processing apparatus, including the file encryption recording apparatus as described above and the file decryption apparatus as described above; the file encryption recording device is triggered to execute operation to complete the encryption processing of the file to be encrypted in response to the received encryption packaging request; responding to the received encryption recording request, triggering the file encryption recording device to execute operation so as to complete the encryption recording processing of the file to be encrypted; and triggering the file decryption device to execute operation in response to the received optical disc access signal so as to finish data decryption and reading processing of the accessed encrypted optical disc.

According to yet another aspect of the present invention, there is also provided a computing device comprising: at least one processor and a memory storing program instructions; when read and executed by the processor, cause the computing device to perform the file encryption method as described above, the file encryption burning method as described above, the file decryption method as described above, or the encrypted optical disc file processing method as described above.

According to still another aspect of the present invention, there is also provided a readable storage medium storing program instructions, which, when read and executed by a computing device, cause the computing device to execute the file encryption method as described above, the file encryption burning method as described above, the file decryption method as described above, or the encrypted optical disc file processing method as described above.

According to the file encryption method, the file encryption recording method, the file decryption method, the encrypted optical disc file processing method, the devices and the computing equipment, at least one of the following beneficial effects can be realized: realizing the data encryption and/or encryption recording of the optical disc under an operating system such as linux; the decryption of the optical disc data under an operating system such as linux is realized; the method realizes the complete closed-loop data encryption and decryption process and fills the blank of the encryption and decryption functions of the UDF optical disc file system in the Linux system.

Drawings

To the accomplishment of the foregoing and related ends, certain illustrative aspects are described herein in connection with the following description and the annexed drawings, which are indicative of various ways in which the principles disclosed herein may be practiced, and all aspects and equivalents thereof are intended to be within the scope of the claimed subject matter. The above and other objects, features and advantages of the present disclosure will become more apparent from the following detailed description read in conjunction with the accompanying drawings. Throughout this disclosure, like reference numerals generally refer to like parts or elements.

Fig. 1 is a schematic diagram illustrating a storage structure of data in an optical disc;

FIG. 2 shows a schematic of a use interface of a UOS File manager safe;

fig. 3 is a schematic diagram illustrating an example of an application scenario of a file encryption method for optical disc recording according to an embodiment of the present invention;

fig. 4 is a schematic diagram illustrating another application scenario example of a file encryption method for optical disc recording according to an embodiment of the present invention;

FIG. 5 shows a schematic diagram of a computing device according to an embodiment of the invention;

FIG. 6 is a flow chart illustrating an exemplary process of a file encryption method for optical disc recording according to an embodiment of the present invention;

FIG. 7 is a flowchart illustrating an exemplary process of a method for encrypting a file according to an embodiment of the present invention;

FIG. 8 is a flowchart illustrating another exemplary process of the file encryption recording method of FIG. 7;

fig. 9 is a flowchart illustrating an exemplary process of a file decryption method for an encrypted optical disc according to an embodiment of the present invention;

FIG. 10 is a diagram illustrating a case where an optical disc contains both encrypted sections and unencrypted sections;

FIG. 11 is a flowchart illustrating one example of a process for an application to open an encrypted file;

fig. 12 is a diagram showing an exemplary structure of a file encryption apparatus according to an embodiment of the present invention;

FIG. 13 is a diagram showing an exemplary structure of a file encryption recording apparatus according to an embodiment of the present invention;

fig. 14 is a diagram showing an exemplary structure of a file decryption apparatus according to an embodiment of the present invention;

fig. 15 is a diagram showing an exemplary structure of an encrypted optical disc file processing apparatus according to an embodiment of the present invention.

Detailed Description

Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.

In the following, embodiments of the present invention are described by taking a Linux operating system as an example, but it should be understood that the embodiments of the present invention are not limited thereto, and are also applicable to other operating systems to which the method/apparatus of the embodiments of the present invention can be applied, such as a Linux kernel-based operating system like a unified UOS, or other operating systems that are not Linux kernels.

In the prior art, for example, on a Linux platform, when data is written into a common disk (such as a hard disk) it is only necessary to call a write command through a system; the optical disc is a read-only device to a certain extent, and if data is to be written into the optical disc, the writing is performed in a recording manner.

Recording refers to a process of writing data from outside the optical disc (such as a local disc) to inside the optical disc, and the process may be completed by a system call ioctl plus a series of device commands, for example, a WRITE _10 command may be used to WRITE data to the optical disc. Unlike the process of writing data into a normal magnetic disk, when a file is written into an optical disk, a data structure called session (abstract structure for recording information of each writing of the optical disk) is created in the optical disk every writing, and each session has a complete optical disk file system (such as ISO9660 or UDF). Thus, a series of files recorded each time are stored in the session recorded this time, that is, several sessions are created in the optical disc after several recordings. Meanwhile, the session in the optical disc has a front-back reference relationship, and a schematic diagram of data storage in the optical disc is shown in fig. 1.

For a disk, file encryption can be implemented by, for example, modifying information of a hard disk partition table (the hard disk partition table is an essential element for starting a hard disk, and part of fields are completely fixed, and the purpose that the hard disk is not recognized by other users can be achieved by modifying the part of information), or adding a password to the start of the hard disk (which is equivalent to requiring a user to input a password first to use a computer, but detaching the hard disk to use other non-encrypted computers), or implementing user encryption management on the hard disk (a specific user has an access right to a specific partition), or implementing write protection on a certain logical disk (to limit the user to write data), or implementing data encryption on a disk sector (to encrypt data and then write the data into the disk), and the like.

For example, in the Linux platform, when a safe in the UOS file manager is used to encrypt and decrypt a disk file, a data segment in a specific directory in a physical disk is mapped through cryfs in the process, as shown in fig. 2, after the safe is unlocked, through a system mount command, it can be seen that a fuse. mount is a command under Linux that can mount a partition under a folder in the Linux system, thereby associating the partition with the directory, and thus accessing this folder is equivalent to accessing the partition. In addition, mount is not limited to Linux system, and at present, mount is applied more and more widely in Windows system. The safe service of the file manager encrypts the files stored in the safe in sections and stores the files in a specific folder in a disk, wherein the encrypted specific folder organizes a file structure by cryfs, which is also called an encrypted file system. When a user accesses the safe box, the system mounts cryfs (the cryfs is also a file system realized based on fuse), after mounting, the data in the encryption area is decoded and recombined, and then the data is presented to an upper application.

However, no optical disc encryption technology suitable for operating systems such as Linux exists. To solve this problem, the present invention provides a file encryption method for optical disc recording, and fig. 3 shows a possible application scenario of the file encryption method.

As shown in fig. 3, when a user inserts an optical disc, a file to be encrypted may be selected. After the file to be encrypted is selected, the file is encrypted by adopting the file encryption method of the invention, and an encrypted data packet is obtained after encryption. Then, the encrypted data packet is recorded into the inserted optical disc to obtain an encrypted optical disc. That is, in the scenario shown in fig. 3, the process from the encryption of the file selected to be encrypted to the recording corresponding to the scenario can be implemented by a device, such a device is equivalent to an encryption recording device, such as a file encryption recording apparatus described below.

Of course, the above file encryption method of the present invention may also be applicable to other application scenarios, as shown in fig. 4, for example, a file to be encrypted may be selected or received on one device (e.g., the encryption device 310 shown in fig. 4, which is equivalent to a file encryption apparatus for optical disc recording to be described later), and after the file encryption method of the present invention is used to encrypt the file, the obtained encrypted data packet is sent to another device (e.g., the recording device 320 shown in fig. 4, which is equivalent to a common recording device in the prior art, such as a device capable of implementing UDF recording under Linux platform) to record, so as to obtain an encrypted optical disc. That is, in the scenario shown in fig. 4, the encryption process and the recording process can be implemented separately by two different devices, and the communication between the two devices can be wired or wireless.

The file encryption method for optical disc recording of the present invention comprises: acquiring a first user key; calculating a file name abstract according to a first preset encryption algorithm for each file to be encrypted to serve as a public key of the file to be encrypted, and encrypting the file to be encrypted by using the public key of the file to be encrypted and according to a second preset encryption algorithm to obtain a corresponding encrypted file; and packaging all the encrypted files to obtain an encrypted data packet to be recorded, wherein the encrypted data packet comprises a corresponding optical disc file system, an encrypted identifier is stored in a first preset field of the optical disc file system, and the first user key is stored in one or more second preset fields of the optical disc file system.

Therefore, by the file encryption method for optical disc burning, the file to be encrypted can be encrypted to obtain a corresponding encrypted data packet, and optical disc encryption suitable for operating systems such as Linux and the like is realized.

The file encryption method, the file encryption recording method, the file decryption method and the encrypted optical disc file processing method are executed in the computing equipment. The computing device may be any device with storage and computing capabilities, and may be implemented as, for example, a server, a workstation, or the like, or may be implemented as a personal computer such as a desktop computer or a notebook computer, or may be implemented as a terminal device such as a mobile phone, a tablet computer, a smart wearable device, or an internet of things device, but is not limited thereto.

FIG. 5 shows a schematic diagram of a computing device 500, according to one embodiment of the invention. It should be noted that the computing device 500 shown in fig. 5 is only an example, and in practice, the computing device for implementing the file encryption method, the file encryption recording method, the file decryption method, and the encrypted optical disc file processing method of the present invention may be any type of device, and the hardware configuration thereof may be the same as the computing device 500 shown in fig. 5 or different from the computing device 500 shown in fig. 5. In practice, the computing device implementing the file encryption method, the file encryption recording method, the file decryption method, and the encrypted optical disc file processing method of the present invention may add or delete hardware components of the computing device 500 shown in fig. 5, and the present invention does not limit the specific hardware configuration of the computing device.

As shown in FIG. 5, in a basic configuration 502, the computing device 500 typically includes a system memory 506 and one or more processors 504. A memory bus 508 may be used for communicating between the processor 504 and the system memory 506.

Depending on the desired configuration, the processor 504 may be any type of processing, including but not limited to: a microprocessor (μ P), a microcontroller (μ C), a digital information processor (DSP), or any combination thereof. Processor 504 may include one or more levels of cache, such as a level one cache 510 and a level two cache 512, a processor core 514, and registers 516. Example processor cores 514 may include an Arithmetic Logic Unit (ALU), a Floating Point Unit (FPU), a digital signal processing core (DSP core), or any combination thereof. The example memory controller 518 may be used with the processor 504, or in some implementations the memory controller 518 may be an internal part of the processor 504.

Depending on the desired configuration, system memory 506 may be any type of memory, including but not limited to: volatile memory (such as RAM), non-volatile memory (such as ROM, flash memory, etc.), or any combination thereof. The physical memory in the computing device is often referred to as volatile memory RAM, and data in the disk needs to be loaded into the physical memory before it can be read by the processor 504. System memory 506 may include an operating system 520, one or more applications 522, and program data 524. In some implementations, the application 522 can be arranged to execute instructions on the operating system with the program data 524 by the one or more processors 504. Operating system 520 may be, for example, Linux, Windows, or the like, which includes program instructions for handling basic system services and for performing hardware dependent tasks. The application 522 includes program instructions for implementing various user-desired functions, and the application 522 may be, for example, but not limited to, a browser, instant messenger, a software development tool (e.g., an integrated development environment IDE, a compiler, etc.), and the like. When the application 522 is installed into the computing device 500, a driver module may be added to the operating system 520.

When computing device 500 is started, processor 504 reads program instructions for operating system 520 from system memory 506 and executes them. Applications 522 run on top of operating system 520 and utilize interfaces provided by operating system 520 and the underlying hardware to implement various user-desired functions. When a user launches application 522, application 522 is loaded into system memory 506 and processor 504 reads and executes the program instructions of application 522 from system memory 506.

The computing device 500 also includes a storage device 532, the storage device 532 including removable storage 536 and non-removable storage 538, each of the removable storage 536 and non-removable storage 538 being connected to the storage interface bus 534.

Computing device 500 may also include an interface bus 540 that facilitates communication from various interface devices (e.g., output devices 542, peripheral interfaces 544, and communication devices 546) to the basic configuration 502 via the bus/interface controller 530. The exemplary output device 542 includes an image processing unit 548 and an audio processing unit 550. They may be configured to facilitate communications with various external devices, such as a display or speakers, via the one or more a/V ports 552. Example peripheral interfaces 544 may include a serial interface controller 554 and a parallel interface controller 556, which may be configured to facilitate communications with external devices such as input devices (e.g., keyboard, mouse, pen, voice input device, touch input device) or other peripherals (e.g., printer, scanner, etc.) via one or more I/O ports 558. An example communication device 546 may include a network controller 560, which may be arranged to facilitate communications with one or more other computing devices 562 over a network communication link via one or more communication ports 564.

A network communication link may be one example of a communication medium. Communication media may typically be embodied by computer readable instructions, data structures, program modules, and may include any information delivery media, such as carrier waves or other transport mechanisms, in a modulated data signal. A "modulated data signal" may be a signal that has one or more of its data set or its changes made in such a manner as to encode information in the signal. By way of non-limiting example, communication media may include wired media such as a wired network or private-wired network, and various wireless media such as acoustic, Radio Frequency (RF), microwave, Infrared (IR), or other wireless media. The term computer readable media as used herein may include both storage media and communication media.

In the computing device 500 according to the present invention, the application 522 includes instructions for executing the file encryption method, the file encryption recording method, the file decryption method, and the encrypted optical disc file processing method of the present invention, which can instruct the processor 504 to execute the above file encryption method, the file encryption recording method, the file decryption method, and the encrypted optical disc file processing method of the present invention, so as to implement the file encryption for optical disc recording, and/or the decryption of the encrypted optical disc, and/or the optical disc encryption recording, etc. suitable for the operating system such as Linux.

Fig. 6 shows a flowchart of a file encryption method 600 for optical disc recording according to an embodiment of the present invention. The file encryption method 600 is executed in a computing device (e.g., the computing device 500), and the file encryption method 600 of the present invention encrypts a file to be encrypted to obtain a corresponding encrypted data packet, so as to implement optical disc encryption suitable for an operating system such as Linux. As shown in fig. 6, the file encryption method 600 may include steps S610 to S630.

In step S610, a first user key is acquired. It should be noted that the first user key mentioned here is a key input by the user at the time of first encryption, and the second user key mentioned below is a key input by the subsequent user (possibly the user, and possibly other users) at the time of decryption.

For example, when the user clicks the recording button of the file manager, the popup box asks the user whether to obtain the first user key when encrypting, that is, if the user confirms to encrypt, the key input by the user at this time is used as the first user key.

Next, in step S620, for each of all files to be encrypted: and encrypting the file to be encrypted by using the public key of the file to be encrypted and according to a second preset encryption algorithm to obtain a corresponding encrypted file.

Then, in step S630, all the encrypted files are packaged to obtain an encrypted data packet to be recorded.

When packaging all encrypted files, the purpose is to package all files into an ISO image (as an example of an encrypted data package) containing a complete optical disc file system (e.g. an optical disc file system in UDF format, hereinafter referred to as UDF file system), whose internal data contains a complete Session. That is, the encrypted data packet includes a corresponding optical disc file system.

Before packaging, a preset encryption identifier is stored in a first preset field of a UDF file system (as an example of an optical disc file system), the encryption identifier may be, for example and without limitation, a custom character string such as cryudf, and furthermore, the obtained first user key is stored in one or more second preset fields of the optical disc file system.

In the following, embodiments of the present invention are described with the UDF file system as an example of an optical disc file system, but it should be understood that embodiments of the present invention are not limited thereto, and may be other types of optical disc file systems that can be applied to the present invention.

According to an embodiment of the present invention, for example, a corresponding field of a first AVDP (Anchor Volume Descriptor Pointer) of the UDF file system may be selected as the first preset field, and a corresponding field of a second AVDP and/or a third AVDP of the UDF file system may be selected as the one or more second preset fields.

AVDP is a kind of metadata, a special structure in UDF file system, through which some key information of UDF file system can be obtained. In one UDF file system, there are 3 AVDP structures in total.

For example, the first AVDP of the UDF file system is modified, that is, a segment of data is extended in the AVDP reserved field for storing a preset encryption identifier, so as to identify the optical disc as an encrypted optical disc. The reserved field refers to an unused field in the file system, and the value of the reserved field is not used in the normal file system parsing process. The first AVDP of the UDF file system, i.e. the one starting from the 256 th block at the beginning of each session.

In the ECMA-167 specification document, AVDP is defined as the following structure:

/* Anchor Volume Descriptor Pointer (ECMA 167r3 3/10.2) */

struct anchorVolDescPtr

{

tag descTag;

extent _ ad mainVolDescSeqExt// record the sector and length of MVDS

extent_ad reserveVolDescSeqExt;

uint8_t reserved[480];

};

With this structure, it can be found that there is one reserved field reserved after three fields, and therefore an encryption identifier, such as a cryudf character string, can be written in the reserved field, so that a decryption flow can be automatically initiated by identifying the encryption identifier in the decryption method described below.

Thus, in the embodiment of the present invention, the first AVDP is used to store the identification of the encrypted optical disc, i.e., the encrypted identifier, and the first user key may be stored by the AVDPs (i.e., the second AVDP and the third AVDP) starting from the other two locations (blocks N and N-256), which may be stored in the two locations by obfuscating the encryption, for example, the encryption process of which is invisible to the outside, and the process is provided only in the file manager interior. Wherein N is the length of the corresponding session, for example, if the length of the currently corresponding session is 500 blocks, N = 500; if the current corresponding session length is 1000 blocks, N =1000, and so on.

In a file system, the file name and the file content are not integral. In the embodiment of the present invention, the file name may not be encrypted in the encryption process, for example, so that the user can easily see the entire file list.

In step S620, when calculating the public key of each file to be encrypted, for example, the file name of the file may be directly calculated according to a first predetermined encryption algorithm, so as to obtain a corresponding file name digest as the public key of the file.

Alternatively, the file name digest may be calculated as the public key of the file by adding salt to the file name and then calculating the file name digest according to the first predetermined encryption algorithm in step S620. Wherein the salt is computationally obtainable from the first user key.

For example, for each file to be encrypted, a file name digest is calculated by the cryptographic algorithm SM3 (as an example of a first predetermined encryption algorithm) after adding salt to the file name of the file, and the digest is used as the public key of the file.

For example, the above-mentioned public key may be calculated with reference to the following formula one.

The formula I is as follows:

file_key = SM3(file_name + salt(user_password))

in formula one, file _ key represents the currently calculated public key of the file to be encrypted, file _ name represents the file name of the file to be encrypted, user _ password represents the first user key input by the user, salt (user _ password) represents the salt calculated according to the user _ password, and SM3 represents the cryptographic algorithm SM 3.

The salt may be obtained by calculation according to the first user key, for example, and the specific process of calculating the salt value may be implemented by using an existing salt value calculation method, which is not described herein again. For example, assuming that the file name of a file to be encrypted is "file", the first user key input by the user is "321", and the string obtained after calculating the salt value according to "321" is abc, the parameter (i.e., the part of file _ name + salt (user _ password)) input into the SM3 algorithm corresponding to the file is "fileabc" (where the string does not contain a quotation mark).

It should be understood that the first predetermined encryption algorithm is not limited to the cryptographic algorithm SM3 in this example, and may be other encryption algorithms, which are not described in detail herein.

In step S620, after the public key of each file to be encrypted is calculated, the content of the file may be group-encrypted by combining the public keys according to the cryptographic algorithms SM2 and SM4 for each file to be encrypted, and if the data length is insufficient, 0 may be complemented. It should be understood that the second predetermined encryption algorithm is not limited to the combined algorithm of the cryptographic algorithms SM2 and SM4 in this example, but may be a separate series of other cryptographic algorithms (or a combination thereof), and will not be described herein.

Of course, it should be understood that other non-national cryptographic series algorithms may be used with embodiments of the present invention, as examples of the first predetermined encryption algorithm and/or the second predetermined encryption algorithm.

In this way, the file names of the files to be encrypted are different, so that the public key of each file to be encrypted obtained through calculation is different, in other words, the public keys for encryption of any two files to be encrypted are different, and therefore the security of the file content can be improved. For example, even if two optical discs are recorded with files (encrypted) with the same file name, the public keys corresponding to the two optical discs are different because the first user keys input respectively are different.

In addition, when the embodiment of the invention is used for encryption, the length of the same file before encryption and after encryption is almost unchanged, so that the size of the space occupied by the file in the optical disc is not influenced.

As can be seen from the above description, by using the file encryption method according to the embodiment of the present invention, an encrypted data packet including an encryption identifier, a readable file name, and encrypted file content can be obtained, thereby completing the process of encrypting the file recorded on the user optical disc.

After the encrypted data packet is obtained, it can optionally be burned to an optical disc. Next, a file encryption recording method is described with reference to fig. 7.

Referring to fig. 7, a flowchart of a method 700 for encrypting a file according to an embodiment of the invention is shown. The file encryption recording method 700 is executed in a computing device (e.g., the computing device 500), and the file encryption recording method 700 of the present invention encrypts a file to be encrypted to obtain a corresponding encrypted data packet, and records the encrypted data packet into an optical disc, thereby realizing the optical disc encryption recording suitable for an operating system such as Linux. As shown in fig. 7, the file encryption method 700 can include steps S710 to S740.

The steps S710 to S730 can perform the same processing as the steps S610 to S630 described above with reference to fig. 6, and can achieve similar functions and effects, which are not described herein again.

The file encryption recording method 700 encrypts the file to be encrypted (which may include one or more files and/or one or more folders) through steps S710 to S730 to obtain an encrypted data packet as an encrypted data packet to be recorded, and then records the encrypted data packet to be recorded into the accessed optical disc in step S740.

In the embodiment of the present invention, the process of burning the data packet (which may be the encrypted data packet) to the optical disc may be completed through, for example, a libudhurn function library provided by the unified UOS 1040 version, or may be implemented through any other existing burning technology that may be used in the present invention, and is not described here again.

Therefore, by the file encryption recording method 700 of the embodiment of the present invention, one or more encrypted optical discs can be obtained, the obtained encrypted optical discs can be identified on a common computer, the file list shows normal, but the file content shows complete messy codes.

In addition, in the embodiment of the present invention, the optical disc used for recording may be a blank optical disc (i.e. an empty disc) or a non-empty disc, where the non-empty disc is, for example, an optical disc that has been encrypted and recorded once or multiple times by using the file encryption recording method 700 in the embodiment of the present invention.

In one example, when the optical disc used for recording is a blank optical disc, the recording can be completed by the process shown in fig. 8. As shown in fig. 8, the accessed optical disc is a blank optical disc, and the user starts the recording operation in step S811. Next, in step S812, the file manager queries whether to perform encryption recording after receiving the recording start signal, in step S813, the box queries whether to perform encryption recording, if the user selects encryption recording, step S814 is executed, the file manager continues to prompt the user to input a password (i.e., a first user key), then in step S815, determines whether the user has input the password, if the user has input the password (corresponding to step S710 in the file encryption recording method 700), the file manager performs encryption packaging on data (i.e., a file to be encrypted) in step S816 (corresponding to steps S720 and S730 in the file encryption recording method 700), and then records the packaged data (i.e., an encrypted data packet to be recorded) onto the blank disc in step S817, and the process ends. In addition, if the user selects whether to encrypt or not (i.e., not encrypt) after the box inquiry of step S813 is made, the file management directly performs normal recording (non-encrypted recording) in step S818, and the process ends.

In another example, when the accessed optical disc is an optical disc that has been encrypted and recorded once or more times by using the file encryption and recording method 700, after the user inserts the optical disc, the user is prompted to input a password, and when the password input by the user is correct (the same as the password in the previous encryption and recording), the optical disc is mounted; if the user inputs the password incorrectly, mounting is not allowed. After mounting, when a user needs to burn at a certain time, a password (i.e. a first user key) can be obtained from a previous session, and then encrypted burning is performed, where the previous session can be any previous session. In this example, since the optical disc is a non-blank optical disc, the encryption recording is an additional recording, which can be implemented by using the additional recording technology mentioned in the patent document with publication number CN113741817A, "automatic verification method and apparatus, optical disc recording method and apparatus, and computing device", or can be implemented by using any other existing additional recording technology that can be used in the present invention, and is not described herein again.

In addition, an embodiment of the present invention further provides a file decryption method for an encrypted optical disc, where the encrypted optical disc is obtained by writing the encrypted optical disc by using the file encryption writing method, and the file decryption method includes: reading data of a first preset field of an optical disc file system accessed to an optical disc in response to a received optical disc access signal, and judging whether the optical disc is an encrypted optical disc or not based on the data of the first preset field; prompting the user to input a second user key under the condition that the optical disk is judged to be the encrypted optical disk; judging whether the second user key is consistent with a first user key corresponding to the optical disc, wherein the first user key is obtained according to data of one or more second preset fields of an optical disc file system; under the condition that the second user key is judged to be consistent with the first user key, responding to a file reading request of a user, calculating a file name abstract corresponding to the file reading request according to a first preset encryption algorithm to be used as a public key of an encrypted file corresponding to the file reading request, and decrypting the encrypted file according to a second preset encryption algorithm and by using the public key of the encrypted file corresponding to the file reading request so as to present the decrypted file content to the user. The above file decryption method is described below with reference to fig. 9.

As shown in fig. 9, a flow chart of a file decryption method 900 for an encrypted optical disc according to an embodiment of the present invention is given. The file decryption method 900 is executed in a computing device (e.g., the computing device 500) and the file decryption method 900 of the present invention presents the decrypted optical disc data to the user by decrypting the encrypted file in the encrypted optical disc. As shown in fig. 9, the file decryption method 900 may include steps S910 to S940.

As shown in fig. 9, in step S910, in response to the received optical disc access signal, data of a first preset field of an optical disc file system accessing the optical disc is read, and whether the optical disc is an encrypted optical disc is determined based on the data of the first preset field. Here, the first preset field may be, for example, the first preset field described above with reference to fig. 6 to 8, and is not described here again.

In step S920, if the optical disc is determined to be an encrypted optical disc, the user is prompted to input a second user key, and in step S930, it is determined whether the second user key is consistent with the first user key corresponding to the optical disc.

Wherein the first user key may be obtained from data of one or more second preset fields of the optical disc file system. As can be seen from the above description, in the encryption packaging process, the password (i.e. the first user key) input by the user during encryption is stored in one or more second preset fields (e.g. the second AVDP and/or the third AVDP corresponding field of the UDF file system).

In one example, if the verification is passed, that is, the second user key input by the user is the same as the first user key, the optical disc is allowed to be mounted. If the verification fails, i.e. the second user key is different from the first user key, the optical disc is not allowed to be mounted. For example, the mounting of the data disc may be implemented by a file manager (e.g., a UOS file manager).

In another example, mount may be allowed when authentication fails, but the user opens the encrypted file in the optical disc to show that the encrypted file is a scratchcode.

When a user requests to read a certain file (e.g., double-clicking on a certain encrypted file), the file is decrypted in response to the user' S file read request in step S940.

In step S940, the file name digest corresponding to the file reading request may be calculated according to a first predetermined encryption algorithm, and is used as the public key of the encrypted file corresponding to the file reading request, and the method for calculating the public key is similar to the process described in the encryption process above, and is not described here again. It should be noted that the algorithm of the decryption process and the encryption process should correspond to each other, for example, if the encryption process does not use a salt adding method when calculating the public key, the salt does not need to be added during the decryption; if the public key is calculated in the encryption process by adopting a salt adding mode, the salt adding calculation is required during decryption, and the details are not repeated.

In addition, the encrypted file is decrypted according to a second preset encryption algorithm and by using the public key of the encrypted file corresponding to the file reading request, so that the decrypted file content is presented to the user.

In the embodiment of the present invention, the decrypted file content may be presented to the user through a user-mode file system (hereinafter, referred to as a decrypted file system) implemented based on fuse (filesystem in userspace), for example; the user mode file system is used for mapping an optical disk file list of the encrypted optical disk and forwarding an input/output request through the kernel virtual file system module; in response to a file reading request of a user, the file manager redirects a file corresponding to the file reading request to the user-mode file system through a url (Uniform Resource Locator, that is, a network address), and after obtaining the url of the file corresponding to the file reading request, the user-mode file system decrypts the corresponding encrypted file in the encrypted optical disc and then transfers the encrypted file to a corresponding application program for presentation. The corresponding application program is, for example, an application installed on the operating system and used for opening the decrypted file type, for example, if the encrypted file is a text file, the corresponding application program may be a text editor; for another example, if the encrypted file is an audio file, the corresponding application program may be an audio player; and so on.

Wherein fuse represents a user-mode file system, puts the implementation of the file system in a user mode, and forwards an I/O (input/output) request through a kernel vfs (virtual file system) module; in other words, in the Linux system, since the access to the file is performed through the kernel interface provided by the vfs layer, such as an open or read operation on the file, the file system implemented based on the fuse also needs to be forwarded through a kernel module. The traditional file system implementation exists in the kernel layer, and the development and debugging of the file system need to be performed in the kernel layer, which is a very high-threshold work for developers, and different file systems exist in independent modules, ko (kernel object), which is similar to the so file in the user state, and are all used for modular programming. In contrast, the fuse is implemented in the user space, which can solve the problem that the kernel space is not easy to encode and debug. The fuse is a memory file system, which not only can be used as a data transmission bridge between a disk and a computer, but also can be accessed by network file transmission protocols such as ftp, smb and the like through the fuse, so that a user can directly access files on remote equipment.

As an example, the above-described decrypted file system may be implemented, for example, as follows: mapping the file list in the optical disc by the decryption file system and binding the file list with the optical disc one to one; when a request of a user for clicking an encrypted file in an optical disc is received, the file manager redirects the file to the decryption file system through the url, so that the decryption file system reads corresponding file content from the optical disc after acquiring the url of the file, and transfers the content of the decrypted file to an application program, thereby achieving the function of decrypting the file in the optical disc. In the process, the decryption file system is equivalent to the role of an agent and is used for processing and forwarding the data stream related in the service flow.

Therefore, by the file encryption method 600 and the file decryption method 900 in the embodiment of the present invention, a closed loop of encryption and decryption of the UDF file system (as an example of an optical disc file system) is realized, and meanwhile, the encryption and decryption process is in a completely black box state, and the outside is hardly perceived, so that the present invention has a better user experience.

As an example, if a file in an optical disc includes both an encrypted file and an unencrypted file, a home zone (session) of the file needs to be acquired during decryption. Such an optical disc may be formed by the following process: for example, if a user additionally writes an encrypted optical disc (for example, additionally writes the encrypted optical disc under another operating system such as the present operating system or windows), the additionally written file is a plaintext file (i.e., a non-encrypted file), and the original file (i.e., the file on the optical disc before the additional writing) is a ciphertext file (i.e., an encrypted file), this time, it is equivalent to that an encrypted segment and a non-encrypted segment exist in one optical disc. For the file positioned in the encryption section, the decryption file system acquires a public key from the section, and provides the data for the application after decryption; for files located in the unencrypted section, the decryption file system provides the original data of the file directly to the calling application.

For example, there may be an encrypted segment (such as session 1-session 6 shown in fig. 10) and an unencrypted segment (such as session7 shown in fig. 10) shown in fig. 10 in an optical disc, at this time, when decrypting, the home segment of each file needs to be obtained, and in conjunction with fig. 1 and fig. 10, it is assumed that a file called by a user through an application is the file of "operating system txt" shown in fig. 1, and by obtaining the home segment of the file, it can be determined that the file belongs to the encrypted segment session3, the decrypted file system needs to obtain a public key from the session3, decrypt the file by using the public key in the manner described above, and provide the decrypted data to the calling application.

A preferred example of the above file decryption method 900 is described below. In the preferred example, after the file manager obtains the signal of disc access through, for example, libudisks2-qt5, it starts to find the descriptor of a specific location in the disc by the system read method, and during the read process, it needs to parse the data structure of the disc. The complete UDF file system starts with a special identification BEA01, when the BEA01 identifier is recognized, the 16 th block of the file system within the disc is read, which is also the beginning of the VRS structure of the UDF; further 240 blocks back, the descriptor of the first AVDP of the UDF file system (as an example of the first preset field), i.e. the one storing the encryption descriptor (i.e. the encryption identifier described above) in the data encryption packaging process described above, can be read. By determining whether the descriptor of the first AVDP contains an encrypted identifier (e.g., cryudf), it can be determined whether the optical disc is an encrypted optical disc.

When the encrypted identifier does exist, the file manager pops up to prompt the user to enter the disc key. After the user has entered the correct key (the original first user key is calculated by reading the extension data in the other two AVDPs and compared with the second user key currently entered by the user), a decrypted file system is started and mounted, which in this preferred example may be referred to as, for example, a fuse. In the preferred example, the file system in the disc is not modified, but the files in the disc are encrypted, and a program is needed to decrypt the files in the disc. This decrypted program needs to support the user opening a file through it, and thus can be done by implementing a file system, in the preferred example, by implementing a specific interface in the fuse file system, and then can be mounted to the current computer in a file system manner (such as the cryudffs file system, as an example of a user-mode file system implemented based on fuse).

In the preferred example, the cryudffs file system is directly bound to the encrypted optical disc in a one-to-one relationship. When the user does not use the files in the optical disc, the file system only reads the file list in the optical disc; when the user actually double-clicks the file to open the file, the file system reads the data of the corresponding file from the optical disc, decrypts the data in the optical disc through the decryption algorithm, and finally informs the upper application of the data through the cryudffs file system.

Fig. 11 shows an example of a process of opening an encrypted file by an application. In this example, APPS denotes an application requesting data, DDE-FILE-MANAGER denotes a FILE MANAGER (e.g., UOS FILE MANAGER), CRYUDFFS denotes an optical disc encryption FILE system (equivalent to the decryption FILE system described above), and UDFFS denotes an optical disc original UDF FILE system.

As shown in fig. 11, the APPS opens the FILE in the optical disc through DDE-FILE-MANAGER (step "access optical disc FILE" shown in fig. 11), for example, by double-clicking or right-clicking, and DDE-FILE-MANAGER receives the request to open the FILE, so as to request the decrypted data of the FILE from the CRYUDFFS (step "open FILE URL" shown in fig. 11), and after receiving the request, the CRYUDFFS requests the original data in the optical disc from the UDFFS (step "read original data" shown in fig. 11); then UDFFS returns the encrypted original data to CRYUDFFS (the "return encrypted original data" step shown in fig. 11) and decrypts it (the "decrypt original data" step shown in fig. 11); next, the CRYUDFFS exposes the decrypted data through DDE-FILE-MANAGER (step "return decrypted data" from CRYUDFFS to DDE-FILE-MANAGER as shown in fig. 11), and then the DDE-FILE-MANAGER returns the decrypted data to the APPS (step "return decrypted data" from DDE-FILE-MANAGER to APPS as shown in fig. 11). Thus, the APPS, i.e., the application program requesting the data, obtains the decrypted file data.

According to another aspect of the present invention, there is also provided an encrypted optical disc file processing method, including: in response to the received encryption packaging request, encrypting the file to be encrypted by using the file encryption method; in response to the received encryption burning request, carrying out encryption burning on the file to be encrypted by using the file encryption burning method; in response to the received optical disc access signal, the accessed encrypted optical disc is decrypted and read by using the file decryption method as described above. And will not be described in detail herein.

In addition, an embodiment of the present invention further provides a file encryption apparatus for optical disc recording, including: an acquisition unit configured to acquire a first user key; the encryption unit is used for calculating a file name abstract according to a first preset encryption algorithm for each file to be encrypted to serve as a public key of the file to be encrypted, and encrypting the file to be encrypted by using the public key of the file to be encrypted and according to a second preset encryption algorithm to obtain a corresponding encrypted file; and the packaging unit is used for packaging all the encrypted files to obtain an encrypted data packet to be recorded, and enabling the encrypted data packet to contain a corresponding optical disc file system, wherein an encrypted identifier is stored in a first preset field of the optical disc file system, and the first user key is stored in one or more second preset fields of the optical disc file system.

Fig. 12 shows an exemplary structure of the file encryption apparatus 1200. As shown in fig. 12, the file encryption apparatus 1200 includes an acquisition unit 1210, an encryption unit 1220, and a packaging unit 1230.

The obtaining unit 1210 is configured to obtain a first user key.

The encryption unit 1220 is configured to calculate, for each of all files to be encrypted, a file name digest according to a first predetermined encryption algorithm as a public key of the file to be encrypted, and encrypt the file to be encrypted by using the public key of the file to be encrypted and according to a second predetermined encryption algorithm to obtain a corresponding encrypted file.

In addition, the packing unit 1230 is configured to pack all the encrypted files to obtain an encrypted data packet to be recorded, and enable the encrypted data packet to include a corresponding optical disc file system, where an encrypted identifier is stored in a first preset field of the optical disc file system, and the first user key is stored in one or more second preset fields of the optical disc file system.

As an example, the encryption unit 1220 may calculate a file name digest according to a first predetermined encryption algorithm by adding salt to the file name; the salt is calculated from the first user key.

As an example, the file name of each encrypted file in the encrypted data packet may not be encrypted.

As an example, the first preset field of the optical disc file system is, for example, a corresponding field of a first query volume descriptor key pointer of the optical disc file system; the one or more second preset fields of the optical disc file system include, for example: and the corresponding field of the second inquiring volume descriptor key pointer and/or the third inquiring volume descriptor key pointer of the optical disc file system.

The file encryption device can execute the same processing as the file encryption method described above with reference to fig. 6, and can achieve similar functions and technical effects, which are not described herein again.

In addition, an embodiment of the present invention further provides a file encryption recording apparatus, including: the file encryption device is used for encrypting a file to be encrypted to obtain an encrypted data packet to be recorded; and a recording unit, configured to record the encrypted data packet to be recorded into an accessed optical disc.

Fig. 13 shows an exemplary structure of the file encryption recording apparatus 1300. As shown in fig. 13, the file encryption recording apparatus 1300 includes an obtaining unit 1310, an encrypting unit 1320, a packaging unit 1330, and a recording unit 1340. The obtaining unit 1310, the encrypting unit 1320, and the packaging unit 1330 may, for example, respectively perform the same processing as the obtaining unit 1210, the encrypting unit 1220, and the packaging unit 1230 in the file encrypting apparatus 1200 described above with reference to fig. 12, and can achieve similar functions and technical effects, which are not described herein again.

In the file encryption recording apparatus 1300, the encryption of the file to be encrypted is completed through the obtaining unit 1310, the encrypting unit 1320, and the packaging unit 1330, so as to obtain the encrypted data packet to be recorded, and then the encrypted data packet to be recorded is recorded into the accessed optical disc through the recording unit 1340.

The file encryption and recording device can perform the same processing as the file encryption and recording method described above with reference to fig. 7, and can achieve similar functions and technical effects, which are not described herein again.

In addition, an embodiment of the present invention further provides a file decryption apparatus for an encrypted optical disc, where the encrypted optical disc is recorded by using the file encryption recording apparatus, and the file decryption apparatus includes: a first judging unit, configured to read data of a first preset field of an optical disc file system accessed to an optical disc in response to a received optical disc access signal, and judge whether the optical disc is an encrypted optical disc based on the data of the first preset field; a second determining unit, configured to prompt a user to input a second user key when the optical disc is determined to be an encrypted optical disc, and determine whether the second user key is consistent with a first user key corresponding to the optical disc, where the first user key is obtained according to data of one or more second preset fields of an optical disc file system; and the decryption unit is used for responding to a file reading request of a user under the condition that the second user key is judged to be consistent with the first user key, calculating a file name abstract corresponding to the file reading request according to a first preset encryption algorithm to be used as a public key of an encrypted file corresponding to the file reading request, and decrypting the encrypted file according to a second preset encryption algorithm and by using the public key of the encrypted file corresponding to the file reading request so as to present the decrypted file content to the user.

Fig. 14 shows an exemplary structure of the file decrypting apparatus 1400. As shown in fig. 14, the file decryption apparatus 1400 includes a first determining unit 1410, a second determining unit 1420, and a decryption unit 1430.

The first determining unit 1410 is configured to, in response to the received optical disc access signal, read data of a first preset field of an optical disc file system accessing the optical disc, and determine whether the optical disc is an encrypted optical disc based on the data of the first preset field.

The second determining unit 1420, when determining that the optical disc is an encrypted optical disc, prompts the user to input a second user key, and determines whether the second user key is consistent with a first user key corresponding to the optical disc, where the first user key is obtained according to data of one or more second preset fields of the optical disc file system.

The decryption unit 1430 is configured to, in response to the file reading request of the user, calculate a file name digest corresponding to the file reading request according to a first predetermined encryption algorithm as a public key of an encrypted file corresponding to the file reading request under the condition that it is determined that the second user key is consistent with the first user key, and decrypt the encrypted file according to the second predetermined encryption algorithm and by using the public key of the encrypted file corresponding to the file reading request, so as to present the decrypted file content to the user.

As an example, the file decryption apparatus presents the decrypted file content to the user through a user-mode file system implemented based on fuse; the user mode file system is used for mapping the optical disk file list of the encrypted optical disk and forwarding an input/output request through the kernel virtual file system module; and in response to a file reading request of a user, the file manager redirects a file corresponding to the file reading request to the user-mode file system through the url, and the user-mode file system decrypts the corresponding encrypted file in the encrypted optical disc and transfers the encrypted file to an application program for presentation after acquiring the url of the file corresponding to the file reading request.

The file decryption apparatus can perform the same processing as the file decryption method described above with reference to fig. 9, and can achieve similar functions and technical effects, which are not described herein again.

In addition, as shown in fig. 15, an embodiment of the present invention further provides an encrypted optical disc file processing apparatus 1500, which includes the file encryption recording apparatus 1300 and the file decryption apparatus 1400; in response to the received encryption and packaging request, triggering the file encryption and recording device 1300 to execute an operation to complete the encryption processing of the file to be encrypted; in response to the received encryption recording request, triggering the file encryption recording device 1300 to execute an operation to complete the encryption recording processing of the file to be encrypted; in response to the received optical disc access signal, the file decryption apparatus 1400 is triggered to perform operations to complete the data decryption and reading processes for the accessed encrypted optical disc.

The encrypted optical disc file processing apparatus can perform the same processing as the encrypted optical disc file processing method described above, and can achieve similar functions and technical effects, which are not described herein again.

Further, an embodiment of the present invention also provides a computing device, including: at least one processor and a memory storing program instructions; when read and executed by the processor, cause the computing device to perform the file encryption method as described above, the file encryption burning method as described above, the file decryption method as described above, or the encrypted optical disc file processing method as described above.

Furthermore, an embodiment of the present invention also provides a readable storage medium storing program instructions, which, when read and executed by a computing device, cause the computing device to execute the file encryption method described above, the file encryption burning method described above, the file decryption method described above, or the encrypted optical disc file processing method described above.

As can be seen from the above description, the above file encryption method, file encryption recording method, file decryption method, encrypted optical disc file processing method, file encryption device, file encryption recording device, file decryption device, and encrypted optical disc file processing device of the present invention implement encryption, recording, or decryption of optical disc data under operating platforms such as Linux, implement a complete closed-loop data encryption and decryption process through encryption (or recording) and decryption, and fill up the blank of the encryption and decryption functions of the UDF optical disc file system in the Linux system.

Therefore, through the complete encryption and decryption method for the files in the optical disc, the encryption and decryption operation of the files in the UDF data optical disc can be realized on a Linux kernel operating system or other non-Linux kernel operating systems such as a domestic operating system UOS, the blank of encryption and decryption of the optical disc of the UDF file system on a domestic operating platform is filled, and the safety of data transfer between the UOS systems by using the UDF optical disc file system is improved.

Compared with the traditional disk encryption mode, the technology of the invention has larger difference compared with the mode of encrypting the disk sector data (encrypting the data first and then writing the data into the disk) described above.

On one hand, disk data encryption needs to monitor data I/O in real time by a process so as to encrypt the data in real time and store the data in a hard disk; the optical disk data encryption in the embodiment of the invention only processes the data before recording, and does not introduce other independent processes to participate in the encryption work, and because the I/O does not need to be monitored in real time, the I/O burden of a computer is reduced.

In addition, since the disk encryption needs to monitor data in real time, and the modified data needs to be encrypted again, the risk of introducing more encryption errors undoubtedly exists in the process of multiple times of encryption; the optical disc encryption of the embodiment of the invention only carries out one-time complete encryption on data before recording, thereby reducing the risk of encryption error to the lowest.

On the other hand, in the conventional disk encryption (such as BitLocker of Windows, FileVault of MacOS, TrueCrypt of a third party, and the like), due to the fixity of the disk (built-in computer), device encryption is usually performed in a drive layer, which results in strong binding between the encrypted disk and specific hardware; or for the mobile hard disk, a partition is arranged in the hard disk and used for storing encryption and decryption software; for the mobile storage media such as the optical disc, the feasibility of encryption on the drive layer is not high, so that the software encryption is used to ensure that the information in the medium can be still read smoothly after the correct key is input on other computers, and no extra space is occupied on the optical disc for storing a decryption tool.

The various techniques described herein may be implemented in connection with hardware or software or, alternatively, with a combination of both. Thus, the methods and apparatus of the present invention, or certain aspects or portions thereof, may take the form of program code (i.e., instructions) embodied in tangible media, such as removable hard drives, U.S. disks, floppy disks, CD-ROMs, or any other machine-readable storage medium, wherein, when the program is loaded into and executed by a machine, such as a computer, the machine becomes an apparatus for practicing the invention.

In the case of program code execution on programmable computers, the computing device will generally include a processor, a storage medium readable by the processor (including volatile and non-volatile memory and/or storage elements), at least one input device, and at least one output device. Wherein the memory is configured to store program code; the processor is configured to perform any of the methods of the present invention according to instructions in the program code stored in the memory.

By way of example, and not limitation, readable media may comprise readable storage media and communication media. Readable storage media store information such as computer readable instructions, data structures, program modules or other data. Communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media. Combinations of any of the above are also included within the scope of readable media.

In the description provided herein, algorithms and displays are not inherently related to any particular computer, virtual system, or other apparatus. Various general purpose systems may also be used with examples of this invention. The required structure for constructing such a system will be apparent from the description above. Moreover, the present invention is not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose preferred embodiments of the invention.

In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.

Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim.

Those skilled in the art will appreciate that the modules or units or components of the devices in the examples disclosed herein may be arranged in a device as described in this embodiment or alternatively may be located in one or more devices different from the devices in this example. The modules in the foregoing examples may be combined into one module or may be further divided into multiple sub-modules.

Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.

Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments.

Furthermore, some of the described embodiments are described herein as a method or combination of method elements that can be performed by a processor of a computer system or by other means of performing the described functions. A processor having the necessary instructions for carrying out the method or method elements thus forms a means for carrying out the method or method elements. Further, the elements of the apparatus embodiments described herein are examples of the following apparatus: the apparatus is used to implement the functions performed by the elements for the purpose of carrying out the invention.

As used herein, unless otherwise specified the use of the ordinal adjectives "first", "second", "third", etc., to describe a common object, merely indicate that different instances of like objects are being referred to, and are not intended to imply that the objects so described must be in a given sequence, either temporally, spatially, in ranking, or in any other manner.

While the invention has been described with respect to a limited number of embodiments, those skilled in the art, having benefit of this description, will appreciate that other embodiments can be devised which do not depart from the scope of the invention as described herein. Furthermore, it should be noted that the language used in the specification has been principally selected for readability and instructional purposes, and may not have been selected to delineate or circumscribe the inventive subject matter.

Claims (14)

1. A file encryption method for optical disc recording, comprising:

acquiring a first user key;

for each of all files to be encrypted, a file name digest is calculated as a public key of the file to be encrypted according to a first predetermined encryption algorithm, an

Encrypting the file to be encrypted by using the public key of the file to be encrypted and according to a second preset encryption algorithm to obtain a corresponding encrypted file;

and packaging all the encrypted files to obtain an encrypted data packet to be recorded, wherein the encrypted data packet comprises a corresponding optical disc file system, an encrypted identifier is stored in a first preset field of the optical disc file system, and the first user key is stored in one or more second preset fields of the optical disc file system.

2. The file encryption method according to claim 1, further comprising, before said step of calculating a file name digest according to a first predetermined encryption algorithm: adding salt to the file name; the salt is calculated from the first user key.

3. The file encryption method according to claim 1 or 2, wherein a file name of each encrypted file in the encrypted data packet is not encrypted.

4. The file encryption method according to claim 1 or 2, characterized in that:

the first preset field of the optical disc file system is a corresponding field of a first query volume descriptor key pointer of the optical disc file system;

the one or more second preset fields of the optical disc file system include: and the corresponding field of the second inquiring volume descriptor key pointer and/or the third inquiring volume descriptor key pointer of the optical disc file system.

5. A file encryption recording method is characterized by comprising the following steps:

encrypting a file to be encrypted by using the file encryption method according to any one of claims 1 to 4 to obtain an encrypted data packet to be recorded; and

and recording the encrypted data packet to be recorded into the accessed optical disc.

6. A file decryption method for an encrypted optical disc, wherein the encrypted optical disc is recorded by the file encryption recording method according to claim 5, the file decryption method comprising:

reading data of a first preset field of an optical disc file system accessed to an optical disc in response to a received optical disc access signal, and judging whether the optical disc is an encrypted optical disc or not based on the data of the first preset field;

prompting the user to input a second user key under the condition that the optical disk is judged to be the encrypted optical disk;

judging whether the second user key is consistent with a first user key corresponding to the optical disc, wherein the first user key is obtained according to data of one or more second preset fields of an optical disc file system;

under the condition that the second user key is judged to be consistent with the first user key, responding to a file reading request of a user, calculating a file name abstract corresponding to the file reading request according to a first preset encryption algorithm to be used as a public key of an encrypted file corresponding to the file reading request, and

and decrypting the encrypted file according to a second preset encryption algorithm and by using the public key of the encrypted file corresponding to the file reading request so as to present the decrypted file content to the user.

7. The file decryption method of claim 6, wherein the decrypted file content is presented to the user through a user-mode file system implemented based on fuse;

the user mode file system is used for mapping the optical disk file list of the encrypted optical disk and forwarding an input/output request through the kernel virtual file system module; in response to a file reading request of a user, a file manager redirects a file corresponding to the file reading request to the user-mode file system through a url, and after the user-mode file system obtains the url of the file corresponding to the file reading request, the user-mode file system decrypts an encrypted file corresponding to the encrypted optical disc and then transfers the encrypted file to an application program for presentation.

8. A method for processing files on an encrypted optical disc, comprising:

encrypting a file to be encrypted by using the file encryption method according to any one of claims 1 to 4 in response to the received encryption packaging request;

in response to the received encryption burning request, the file to be encrypted is encrypted and burned by using the file encryption burning method according to claim 5;

in response to the received optical disc access signal, the accessed encrypted optical disc is decrypted and read by using the file decryption method according to claim 6 or 7.

9. A file encryption apparatus for optical disc recording, comprising:

an acquisition unit configured to acquire a first user key;

the encryption unit is used for calculating a file name abstract according to a first preset encryption algorithm for each file to be encrypted to serve as a public key of the file to be encrypted, and encrypting the file to be encrypted by using the public key of the file to be encrypted and according to a second preset encryption algorithm to obtain a corresponding encrypted file; and

and the packaging unit is used for packaging all the encrypted files to obtain an encrypted data packet to be recorded, and enabling the encrypted data packet to contain a corresponding optical disc file system, wherein an encrypted identifier is stored in a first preset field of the optical disc file system, and the first user key is stored in one or more second preset fields of the optical disc file system.

10. A file encryption recording device is characterized by comprising:

the file encryption device of claim 9, configured to encrypt a file to be encrypted to obtain an encrypted data packet to be recorded; and

and the recording unit is used for recording the encrypted data packet to be recorded into the accessed optical disc.

11. A file decrypting apparatus for an encrypted optical disc recorded by the file encrypting and recording apparatus according to claim 10, the file decrypting apparatus comprising:

a first judging unit, configured to read data of a first preset field of an optical disc file system accessed to an optical disc in response to a received optical disc access signal, and judge whether the optical disc is an encrypted optical disc based on the data of the first preset field;

a second determining unit, configured to prompt a user to input a second user key when the optical disc is determined to be an encrypted optical disc, and determine whether the second user key is consistent with a first user key corresponding to the optical disc, where the first user key is obtained according to data of one or more second preset fields of an optical disc file system;

and the decryption unit is used for responding to a file reading request of a user under the condition that the second user key is judged to be consistent with the first user key, calculating a file name abstract corresponding to the file reading request according to a first preset encryption algorithm to be used as a public key of an encrypted file corresponding to the file reading request, and decrypting the encrypted file according to a second preset encryption algorithm and by using the public key of the encrypted file corresponding to the file reading request so as to present the decrypted file content to the user.

12. A device for processing files on an encrypted optical disc, comprising the device for encrypting and burning files according to claim 10 and the device for decrypting files according to claim 11; wherein the content of the first and second substances,

responding to the received encryption packaging request, triggering the file encryption burning device to execute operation so as to finish the encryption processing of the file to be encrypted;

responding to the received encryption recording request, triggering the file encryption recording device to execute operation so as to complete the encryption recording processing of the file to be encrypted;

and triggering the file decryption device to execute operation in response to the received optical disc access signal so as to finish data decryption and reading processing of the accessed encrypted optical disc.

13. A computing device, comprising:

at least one processor and a memory storing program instructions;

the program instructions, when read and executed by the processor, cause the computing device to perform the file encryption method of any one of claims 1-4, the file encryption method of claim 5, the file decryption method of claim 6 or 7, or the encrypted optical disc file processing method of claim 8.

14. A readable storage medium storing program instructions, which when read and executed by a computing device, cause the computing device to execute the file encryption method according to any one of claims 1 to 4, the file encryption burning method according to claim 5, the file decryption method according to claim 6 or 7, or the encrypted optical disc file processing method according to claim 8.

Images