CN114329535A - File encryption method and device, electronic equipment and computer readable medium - Google Patents
File encryption method and device, electronic equipment and computer readable medium Download PDFInfo
- Publication number
- CN114329535A CN114329535A CN202111590681.8A CN202111590681A CN114329535A CN 114329535 A CN114329535 A CN 114329535A CN 202111590681 A CN202111590681 A CN 202111590681A CN 114329535 A CN114329535 A CN 114329535A
- Authority
- CN
- China
- Prior art keywords
- file
- encrypted
- ciphertext
- replacing
- encrypting
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a file encryption method, a file encryption device, electronic equipment and a computer readable medium, and relates to the technical field of security services. One embodiment of the method comprises: compressing the static resource file in the file to be encrypted, and mixing up the script file in the compressed static resource file; replacing character string values in the file to be encrypted, and encrypting and deforming class files in the file to be encrypted after the character strings are replaced; encrypting the configuration file in the file to be encrypted; and binding machine codes to the file to be encrypted. The implementation mode can solve the technical problem that the application package is easily decompiled.
Description
Technical Field
The present invention relates to the field of security service technologies, and in particular, to a file encryption method and apparatus, an electronic device, and a computer-readable medium.
Background
At present, the following protection technologies are mainly used for reinforcement and protection: 1) a JAVA obfuscator; 2) JAVA encryption protection; 3) advanced compilation technology (AOT); 4) protecting by using a JNI mode; 5) and the hardware protection is realized by using an encryption lock. However, these techniques still have the problem of being easily decompiled, resulting in insufficient security.
Java is a cross-platform programming language whose source code (. Java file) is compiled into platform independent bytecode (. class file) and then linked dynamically at run-time. In this way, the compiled class file contains the symbol table, so that the application package can be easily decompiled.
Disclosure of Invention
In view of this, embodiments of the present invention provide a file encryption method, apparatus, electronic device, and computer readable medium to solve the technical problem that an application package is easily decompiled.
To achieve the above object, according to an aspect of an embodiment of the present invention, there is provided a file encryption method including:
compressing the static resource file in the file to be encrypted, and mixing up the script file in the compressed static resource file;
replacing character string values in the file to be encrypted, and encrypting and deforming class files in the file to be encrypted after the character strings are replaced;
encrypting the configuration file in the file to be encrypted;
and binding machine codes to the file to be encrypted.
Optionally, the file to be encrypted includes an application package.
Optionally, obfuscating the script file in the compressed static resource file includes:
calculating parameter names in js script files in the compressed static resource files by adopting a first encryption algorithm to obtain a first ciphertext; wherein the parameter names include variable names and/or method names;
replacing the parameter name with the first ciphertext.
Optionally, replacing a character string value in the file to be encrypted, and performing encryption deformation on a class file in the file to be encrypted after the character string is replaced, including:
calculating the character string value in the file to be encrypted by adopting a second encryption algorithm to obtain a second ciphertext;
replacing the string value with the second ciphertext;
and emptying and encrypting the class file in the file to be encrypted after the character string is replaced.
Optionally, emptying and encrypting the class file in the file to be encrypted after replacing the character string, including:
clearing the method body in the class file in the file to be encrypted after replacing the character string, and reserving method parameters and annotations;
calculating the method body by adopting a third encryption algorithm to obtain a third ciphertext;
and storing the third ciphertext to the first directory of the file to be encrypted after replacing the character string.
Optionally, encrypting the configuration file in the file to be encrypted includes:
calculating the configuration information in the configuration file in the file to be encrypted by adopting a fourth encryption algorithm to obtain a fourth ciphertext;
storing the fourth ciphertext to a second directory of the file to be encrypted;
and clearing the configuration information in the configuration file.
Optionally, the machine code is encrypted by at least one of the following feature information:
MAC address, CPU number, CPU serial number, hard disk serial number and mainboard serial number.
Optionally, the method further comprises:
and setting an authorization permission for the file to be encrypted, and configuring permission time.
In addition, according to another aspect of the embodiments of the present invention, there is provided a file encryption apparatus including:
the compression module is used for compressing the static resource files in the files to be encrypted and mixing the script files in the compressed static resource files;
the deformation module is used for replacing character string values in the file to be encrypted and carrying out encryption deformation on class files in the file to be encrypted after the character strings are replaced;
the encryption module is used for encrypting the configuration file in the file to be encrypted;
and the binding module is used for binding the machine code to the file to be encrypted.
Optionally, the file to be encrypted includes an application package.
Optionally, the compression module is further configured to:
calculating parameter names in js script files in the compressed static resource files by adopting a first encryption algorithm to obtain a first ciphertext; wherein the parameter names include variable names and/or method names;
replacing the parameter name with the first ciphertext.
Optionally, the deformation module is further configured to:
calculating the character string value in the file to be encrypted by adopting a second encryption algorithm to obtain a second ciphertext;
replacing the string value with the second ciphertext;
and emptying and encrypting the class file in the file to be encrypted after the character string is replaced.
Optionally, the deformation module is further configured to:
emptying a method body in a class file in the file to be encrypted, and reserving method parameters and annotations;
calculating the method body by adopting a third encryption algorithm to obtain a third ciphertext;
and storing the third ciphertext to the first directory of the file to be encrypted after replacing the character string.
Optionally, the encryption module is further configured to:
calculating the configuration information in the configuration file in the file to be encrypted by adopting a fourth encryption algorithm to obtain a fourth ciphertext;
storing the fourth ciphertext to a second directory of the file to be encrypted;
and clearing the configuration information in the configuration file.
Optionally, the machine code is encrypted by at least one of the following feature information:
MAC address, CPU number, CPU serial number, hard disk serial number and mainboard serial number.
Optionally, the binding module is further configured to:
and setting an authorization permission for the file to be encrypted, and configuring permission time.
According to another aspect of the embodiments of the present invention, there is also provided an electronic device, including:
one or more processors;
a storage device for storing one or more programs,
when the one or more programs are executed by the one or more processors, the one or more processors implement the method of any of the embodiments described above.
According to another aspect of the embodiments of the present invention, there is also provided a computer readable medium, on which a computer program is stored, which when executed by a processor implements the method of any of the above embodiments.
According to another aspect of the embodiments of the present invention, there is also provided a computer program product comprising a computer program which, when executed by a processor, implements the method of any of the above embodiments.
One embodiment of the above invention has the following advantages or benefits: the technical means of compressing and confusing the static resource file, encrypting and deforming the character string value and the class file, encrypting the configuration file and binding the machine code are adopted, so that the technical problem that the application package is easily decompiled in the prior art is solved. The embodiment of the invention can effectively prevent a third party from identifying code content and logic after decompiling or acquiring the file by other means by encrypting, confusing, deforming, authorizing and the like the file to be encrypted, thereby protecting the code safety.
Further effects of the above-mentioned non-conventional alternatives will be described below in connection with the embodiments.
Drawings
The drawings are included to provide a better understanding of the invention and are not to be construed as unduly limiting the invention. Wherein:
fig. 1 is a schematic diagram of a main flow of a file encryption method according to an embodiment of the present invention;
FIG. 2 is a schematic view of a main flow of a file encryption method according to a referential embodiment of the present invention;
FIG. 3 is a schematic view of the main flow of a file encryption method according to another referential embodiment of the present invention;
FIG. 4 is a schematic view of the main flow of a file encryption method according to still another referential embodiment of the present invention;
FIG. 5 is a schematic diagram of the main modules of a file encryption apparatus according to an embodiment of the present invention;
FIG. 6 is an exemplary system architecture diagram in which embodiments of the present invention may be employed;
fig. 7 is a schematic block diagram of a computer system suitable for use in implementing a terminal device or server of an embodiment of the invention.
Detailed Description
Exemplary embodiments of the present invention are described below with reference to the accompanying drawings, in which various details of embodiments of the invention are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the invention. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
According to the technical scheme, the data acquisition, storage, use, processing and the like meet relevant regulations of national laws and regulations.
At present, the following protection technologies are mainly used for reinforcement and protection:
1) JAVA obfuscator
And performing obfuscation processing on the class file and the java source code by using one or more processing modes to generate a new class, so that the obfuscated code is not easy to be decompiled, and the code is difficult to read and understand after being decompiled. There are many and successful obfuscator tools, and the most common Java obfuscation tool progguard is based on this principle. However, the disadvantage of this obfuscator is: although the obfuscated code is not easy to read after being decompiled, for an experienced person, sensitive contents hidden in the code can be found or calculated, and in many applications, not all codes can be obfuscated, so that some key libraries, class names, method names, variable names and the like cannot be obfuscated due to the limitation of use requirements.
2) JAVA encryption protection
And customizing the ClassLoader, encrypting the class file and the related file, decrypting the related file and loading the class by the ClassLoader during operation, customizing a local code actuator for protection, and protecting the custom ClassLoader, the encrypted and decrypted related class and the matched file. The method can effectively protect the java code.
3) Advance compilation technology (AOT)
And statically compiling the java code into a local machine code, and separating from the universal JRE. This way java code can be protected very efficiently and program start is faster than general purpose JVM. Typically, GNU GCJ (GNU Compiler for the Java programming language) can implement completely advanced compilation of Java code, but GCJ has many limitations, such as: versions of JRE 6 and beyond are not fully supported for JRE 5. Due to the complexity of the java platform, it is very difficult to support the latest java version and the complete just-in-time compilation of the JRE in time, so the tools are often used in a flexible manner, and the just-in-time compilation place is still required to be used, so that the tools become a mixture of just-in-time compilation and just-in-time compilation. However, this technique also has drawbacks: the use cost is high, the method is not suitable for the web service running in the container, and the java version does not support.
4) Protection using JNI approach
And processing the sensitive method and data in a JNI (Java Native Interface, Interface for JAVA to call C/C + + function) mode. This approach can be viewed as "isolating" code and data that needs to be protected into a dynamic library. Or, through the JVM Tool Interface (JVM Tool Interface), which is a native programming Interface provided by the Java virtual machine, it can probe the internal state of the JVM and control the execution of the JVM application. The functions that can be implemented include, but are not limited to: debugging, monitoring, thread analysis, coverage analysis tools and the like, and the decryption dynamic library (.dll/. so) monitors class loading events, and completes the loading of the class. However, this technique also has drawbacks: memory leakage is easily caused by improper treatment of the JNI in the using process.
5) Hardware protection by encryption lock
The method comprises the steps of using a special program related to hardware to shell a java virtual machine startup program, encrypting a virtual machine matching file and the java program, starting the startup program, establishing a protected operating environment related to the hardware by the shell program, and interacting with a program implanted in an encryption lock for enhancing security. The method uses special hardware equipment, and the safety degree is highest. However, this technique also has drawbacks: the combination of software and hardware has very high technical requirements and higher development cost.
In order to solve the technical problems in the prior art, embodiments of the present invention provide a file encryption method, which can effectively prevent a third party from identifying code content and logic after performing decompilation or acquiring an encrypted file by other means, thereby protecting code security.
Fig. 1 is a schematic diagram of a main flow of a file encryption method according to an embodiment of the present invention. As an embodiment of the present invention, as shown in fig. 1, the file encryption method may include:
step 101, compressing the static resource file in the file to be encrypted, and obfuscating the script file in the compressed static resource file.
Optionally, the file to be encrypted includes an application package, such as a jar package or a war package. In the embodiment of the present invention, the file to be encrypted may include a static resource file, a class file, a configuration file, and the like.
In this step, the static resource file in the file to be encrypted is compressed and obfuscated, wherein the static resource file may be at least one of the following: ftl files, htm files, html files, js script files, css files, and jsp files.
In order to prevent a third party from identifying code content and logic after decompiling or acquiring an encrypted file by other means, the embodiment of the invention compresses the static resource file in the file to be encrypted, and then confuses a js script file in the compressed static resource file, so that the size of the file volume can be reduced by compressing the static file, and the speed of loading the static resource file by a service is improved.
Optionally, obfuscating the script file in the compressed static resource file includes: calculating parameter names in js script files in the compressed static resource files by adopting a first encryption algorithm to obtain a first ciphertext; wherein the parameter names include variable names and/or method names; replacing the parameter name with the first ciphertext. The embodiment of the invention confuses the js script file in the static resource file and uses code logic which is difficult to read and understand. It is noted that the first encryption algorithm is a reversible encryption algorithm.
And 102, replacing character string values in the file to be encrypted, and encrypting and deforming class files in the file to be encrypted after the character strings are replaced.
In the step, all String values and class files in the file to be encrypted are encrypted and deformed, so that the file is difficult to read after being decompiled, and sensitive information is protected in an auxiliary manner.
Optionally, step 102 may comprise: calculating the character string value in the file to be encrypted by adopting a second encryption algorithm to obtain a second ciphertext; replacing the string value with the second ciphertext; and emptying and encrypting the class file in the file to be encrypted after the character string is replaced. In the embodiment of the invention, a second encryption algorithm is adopted to calculate all String values in the Jar packet or the War packet, so as to obtain second ciphertexts of each String value respectively, and then the second ciphertexts are used for replacing the corresponding String values respectively. After the String value is encrypted and deformed, the value of the defined String cannot be visually seen through decompilation, and the actual String value can be obtained only after decryption is carried out by using a decryption method corresponding to a second encryption algorithm. It should be noted that the second encryption algorithm is a reversible encryption algorithm, and the first encryption algorithm and the second encryption algorithm may be the same or different, which is not limited in this embodiment of the present invention.
Optionally, emptying and encrypting the class file in the file to be encrypted after replacing the character string, including: emptying a method body in a class file in the file to be encrypted, and reserving method parameters and annotations; calculating the method body by adopting a third encryption algorithm to obtain a third ciphertext; and storing the third ciphertext to the first directory of the file to be encrypted after replacing the character string. The purpose of the clean-up method body is that the implementation logic of the function is not read directly by decompilation. It should be noted that the method body in the class file is not completely encrypted, but the method body is emptied, and information such as method parameters and annotations is reserved, which is for a framework compatible with scanning annotations such as spring and swagger. After the method body in the class file is emptied, the inverse compiler can only see the method name, the method parameter and the annotation, but cannot see the specific content of the method, and when the class is loaded by the class loader, the real method body can be decrypted and injected.
Optionally, in the embodiment of the present invention, the method may be encrypted by AES or DES adding salt, and repackaged into jar packets or war packets under the mat-INF/. classes directory, and support encryption of dependent jar packets under WEB-INF/lib or BOOT-INF/lib.
It should be noted that the third encryption algorithm is a reversible encryption algorithm, the first encryption algorithm may be the same as or different from the third encryption algorithm, and the second encryption algorithm may be the same as or different from the third encryption algorithm, which is not limited in this embodiment of the present invention.
And 103, encrypting the configuration file in the file to be encrypted.
The embodiment of the invention also encrypts the configuration file in the file to be encrypted so as to protect sensitive data in the configuration file, such as database users, passwords and the like.
Optionally, encrypting the configuration file in the file to be encrypted includes: calculating the configuration information in the configuration file in the file to be encrypted by adopting a fourth encryption algorithm to obtain a fourth ciphertext; storing the fourth ciphertext to a second directory of the file to be encrypted; and clearing the configuration information in the configuration file. In the embodiment of the present invention, a fourth encryption algorithm may be adopted to encrypt the configuration information in the configuration file, repackage the ciphertext into an MATE-INF/. classes directory in the Jar/War package, and clear the configuration information in the configuration file to protect sensitive data in the configuration file. It should be noted that the configuration file is not deleted, but the configuration information in the configuration file is deleted, and the empty configuration file is still stored in the original directory.
It should be noted that the fourth encryption algorithm is a reversible encryption algorithm, the first encryption algorithm may be the same as or different from the fourth encryption algorithm, the second encryption algorithm may be the same as or different from the fourth encryption algorithm, and the third encryption algorithm may be the same as or different from the fourth encryption algorithm, which is not limited in this embodiment of the present invention.
And 104, binding machine codes to the file to be encrypted.
The machine code binding means that the encrypted file can only run on the bound machine, and the abuse and use risk of the file is reduced. After the machine code is bound, the program can only run on the bound machine, otherwise, when the application starts, an error is reported to prompt that the item can not run on the machine! "and exit the routine.
Optionally, the machine code is encrypted by at least one of the following feature information:
MAC address, CPU number, CPU serial number, hard disk serial number and mainboard serial number.
Optionally, the method may further include: and setting an authorization permission for the file to be encrypted, and configuring permission time. If the encrypted file is provided with the authorization permission, the authorization permission file needs to be verified, the permission date is controlled, and the file cannot be used after being expired, so that the security of the file can be further improved.
According to the embodiment of the invention, the files are subjected to confusion, encryption, deformation and other modes, so that the code cannot be directly checked due to error reporting when the decompilation tool is used for checking the code, and the decompilated code is prevented from being directly checked through the decompilation tool.
It can be seen that the embodiments of the present invention have the following advantages:
1) the original project code does not need to be modified, and the compiled application package is encrypted by adopting the method provided by the embodiment of the invention;
2) when the encrypted project is operated, source codes such as tomcat, weblogic, spring and the like do not need to be modified;
3) supporting a common jar package, a springboot jar package and a war package compiled by a common java web project;
4) frames supporting spring frames, swaggers and the like which need to scan annotations or generate byte codes in the starting process are supported;
5) supporting encryption of dependent jar packets under WEB-INF/lib or BOOT-INF/lib;
6) the binding machine is supported, and the project can only run on the binding machine after being encrypted;
7) supporting the configuration file of the encrypted springboot;
8) and supporting the HTTP application project to perform License authorization permission.
According to the various embodiments described above, it can be seen that the technical means of compressing and obfuscating the static resource file, encrypting and transforming the string value and the class file, encrypting the configuration file, and binding the machine code in the embodiments of the present invention solves the technical problem that the application package is easily decompiled in the prior art. The embodiment of the invention can effectively prevent a third party from identifying code content and logic after decompiling or acquiring the file by other means by encrypting, confusing, deforming, authorizing and the like the file to be encrypted, thereby protecting the code safety.
Fig. 2 is a schematic diagram of a main flow of a file encryption method according to a referential embodiment of the present invention. As another embodiment of the present invention, as shown in fig. 2, the file encryption method may include:
step 201, compressing the static resource file in the application package.
Step 202, calculating parameter names in js script files in the compressed static resource files by adopting a first encryption algorithm to obtain a first ciphertext; wherein the parameter name comprises a variable name and/or a method name.
Step 203, replacing the parameter name with the first ciphertext.
And 204, calculating the character string value in the file to be encrypted by adopting a second encryption algorithm to obtain a second ciphertext.
Step 205, replacing the string value with the second ciphertext.
And step 206, emptying and encrypting the class files in the files to be encrypted.
And step 207, encrypting the configuration file in the file to be encrypted.
And step 208, binding machine codes to the file to be encrypted.
In addition, in one embodiment of the present invention, the detailed implementation of the file encryption method is described in detail above, so that the repeated description is not repeated here.
Fig. 3 is a schematic diagram of a main flow of a file encryption method according to another referential embodiment of the present invention. As another embodiment of the present invention, as shown in fig. 3, the file encryption method may include:
step 301, compressing the static resource file in the file to be encrypted, and obfuscating the script file in the compressed static resource file.
Step 302, calculating the character string value in the file to be encrypted by adopting a second encryption algorithm to obtain a second ciphertext.
Step 303, replacing the string value with the second ciphertext.
Step 304, emptying the method body in the class file in the file to be encrypted, and reserving the method parameter and the annotation.
And 305, calculating the method body by adopting a third encryption algorithm to obtain a third ciphertext.
And step 306, storing the third ciphertext to the first directory of the file to be encrypted.
And 308, storing the fourth ciphertext to a second directory of the file to be encrypted.
And step 310, binding machine codes to the file to be encrypted.
In addition, in another embodiment of the present invention, the detailed implementation of the file encryption method is described in detail above, so that the repeated description is not repeated here.
Fig. 4 is a schematic diagram of a main flow of a file encryption method according to still another referential embodiment of the present invention. As still another embodiment of the present invention, as shown in fig. 4, the file encryption method may include:
step 401, compressing the static resource file in the file to be encrypted, and obfuscating the script file in the compressed static resource file.
And 402, calculating the character string value in the file to be encrypted by adopting a second encryption algorithm to obtain a second ciphertext.
Step 403, replacing the string value with the second ciphertext.
Step 404, emptying the method body in the class file in the file to be encrypted, and reserving the method parameter and the annotation.
And 405, calculating the method body by adopting a third encryption algorithm to obtain a third ciphertext.
And step 406, storing the third ciphertext to the first directory of the file to be encrypted.
Step 407, encrypting the configuration file in the file to be encrypted.
And step 408, binding machine codes to the file to be encrypted.
Step 409, setting authorization permission for the file to be encrypted, and configuring permission time.
In addition, in another embodiment of the present invention, the detailed implementation of the file encryption method is described in detail above, so that the repeated description is not repeated here.
Fig. 5 is a schematic diagram of main blocks of a file encryption apparatus according to an embodiment of the present invention. As shown in fig. 5, the file encryption apparatus 500 includes a compression module 501, a transformation module 502, an encryption module 503, and a binding module 504; the compression module 501 is configured to compress a static resource file in a file to be encrypted, and obfuscate a script file in the compressed static resource file; the deformation module 502 is configured to replace a character string value in the file to be encrypted, and encrypt and deform a class file in the file to be encrypted after replacing the character string; the encryption module 503 is configured to encrypt the configuration file in the file to be encrypted; the binding module 504 is configured to bind machine code to the file to be encrypted.
Optionally, the file to be encrypted includes an application package.
Optionally, the compression module 501 is further configured to:
calculating parameter names in js script files in the compressed static resource files by adopting a first encryption algorithm to obtain a first ciphertext; wherein the parameter names include variable names and/or method names;
replacing the parameter name with the first ciphertext.
Optionally, the deformation module 502 is further configured to:
calculating the character string value in the file to be encrypted by adopting a second encryption algorithm to obtain a second ciphertext;
replacing the string value with the second ciphertext;
and emptying and encrypting the class file in the file to be encrypted after the character string is replaced.
Optionally, the deformation module 502 is further configured to:
emptying a method body in a class file in the file to be encrypted, and reserving method parameters and annotations;
calculating the method body by adopting a third encryption algorithm to obtain a third ciphertext;
and storing the third ciphertext to the first directory of the file to be encrypted after replacing the character string.
Optionally, the encryption module 503 is further configured to:
calculating the configuration information in the configuration file in the file to be encrypted by adopting a fourth encryption algorithm to obtain a fourth ciphertext;
storing the fourth ciphertext to a second directory of the file to be encrypted;
and clearing the configuration information in the configuration file.
Optionally, the machine code is encrypted by at least one of the following feature information:
MAC address, CPU number, CPU serial number, hard disk serial number and mainboard serial number.
Optionally, the binding module 504 is further configured to:
and setting an authorization permission for the file to be encrypted, and configuring permission time.
According to the various embodiments described above, it can be seen that the technical means of compressing and obfuscating the static resource file, encrypting and transforming the string value and the class file, encrypting the configuration file, and binding the machine code in the embodiments of the present invention solves the technical problem that the application package is easily decompiled in the prior art. The embodiment of the invention can effectively prevent a third party from identifying code content and logic after decompiling or acquiring the file by other means by encrypting, confusing, deforming, authorizing and the like the file to be encrypted, thereby protecting the code safety.
It should be noted that, in the implementation of the file encryption apparatus of the present invention, the details of the file encryption method are already described in detail, and therefore, the repeated description is not repeated here.
Fig. 6 illustrates an exemplary system architecture 600 to which the file encryption method or the file encryption apparatus of the embodiments of the present invention may be applied.
As shown in fig. 6, the system architecture 600 may include terminal devices 601, 602, 603, a network 604, and a server 605. The network 604 serves to provide a medium for communication links between the terminal devices 601, 602, 603 and the server 605. Network 604 may include various types of connections, such as wire, wireless communication links, or fiber optic cables, to name a few.
A user may use the terminal devices 601, 602, 603 to interact with the server 605 via the network 604 to receive or send messages or the like. The terminal devices 601, 602, 603 may have installed thereon various communication client applications, such as shopping applications, web browser applications, search applications, instant messaging tools, mailbox clients, social platform software, etc. (by way of example only).
The terminal devices 601, 602, 603 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
The server 605 may be a server providing various services, such as a background management server (for example only) providing support for shopping websites browsed by users using the terminal devices 601, 602, 603. The background management server can analyze and process the received data such as the article information query request and feed back the processing result to the terminal equipment.
It should be noted that the file encryption method provided by the embodiment of the present invention is generally executed by the server 605, and accordingly, the file encryption apparatus is generally disposed in the server 605. The file encryption method provided by the embodiment of the present invention may also be executed by the terminal devices 601, 602, and 603, and accordingly, the file encryption apparatus may be disposed in the terminal devices 601, 602, and 603.
It should be understood that the number of terminal devices, networks, and servers in fig. 6 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
Referring now to FIG. 7, shown is a block diagram of a computer system 700 suitable for use with a terminal device implementing an embodiment of the present invention. The terminal device shown in fig. 7 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 7, the computer system 700 includes a Central Processing Unit (CPU)701, which can perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)702 or a program loaded from a storage section 708 into a Random Access Memory (RAM) 703. In the RAM703, various programs and data necessary for the operation of the system 700 are also stored. The CPU 701, the ROM 702, and the RAM703 are connected to each other via a bus 704. An input/output (I/O) interface 705 is also connected to bus 704.
The following components are connected to the I/O interface 705: an input portion 706 including a keyboard, a mouse, and the like; an output section 707 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section 708 including a hard disk and the like; and a communication section 709 including a network interface card such as a LAN card, a modem, or the like. The communication section 709 performs communication processing via a network such as the internet. A drive 710 is also connected to the I/O interface 705 as needed. A removable medium 711 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 710 as necessary, so that a computer program read out therefrom is mounted into the storage section 708 as necessary.
In particular, according to the embodiments of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program can be downloaded and installed from a network through the communication section 709, and/or installed from the removable medium 711. The computer program performs the above-described functions defined in the system of the present invention when executed by the Central Processing Unit (CPU) 701.
It should be noted that the computer readable medium shown in the present invention can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer programs according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules described in the embodiments of the present invention may be implemented by software or hardware. The described modules may also be provided in a processor, which may be described as: a processor includes a compression module, a morphing module, an encryption module, and a binding module, where the names of the modules do not in some cases constitute a limitation on the modules themselves.
As another aspect, the present invention also provides a computer-readable medium that may be contained in the apparatus described in the above embodiments; or may be separate and not incorporated into the device. The computer readable medium carries one or more programs which, when executed by a device, implement the method of: compressing the static resource file in the file to be encrypted, and mixing up the script file in the compressed static resource file; replacing character string values in the file to be encrypted, and encrypting and deforming class files in the file to be encrypted after the character strings are replaced; encrypting the configuration file in the file to be encrypted; and binding machine codes to the file to be encrypted.
As another aspect, an embodiment of the present invention further provides a computer program product, which includes a computer program, and when the computer program is executed by a processor, the computer program implements the method described in any of the above embodiments.
According to the technical scheme of the embodiment of the invention, the technical means of compressing and obfuscating the static resource file, encrypting and transforming the character string value and the class file, encrypting the configuration file and binding the machine code are adopted, so that the technical problem that the application package is easily decompiled in the prior art is solved. The embodiment of the invention can effectively prevent a third party from identifying code content and logic after decompiling or acquiring the file by other means by encrypting, confusing, deforming, authorizing and the like the file to be encrypted, thereby protecting the code safety.
The above-described embodiments should not be construed as limiting the scope of the invention. Those skilled in the art will appreciate that various modifications, combinations, sub-combinations, and substitutions can occur, depending on design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (19)
1. A method for encrypting a file, comprising:
compressing the static resource file in the file to be encrypted, and mixing up the script file in the compressed static resource file;
replacing character string values in the file to be encrypted, and encrypting and deforming class files in the file to be encrypted after the character strings are replaced;
encrypting the configuration file in the file to be encrypted;
and binding machine codes to the file to be encrypted.
2. The method of claim 1, wherein the file to be encrypted comprises an application package.
3. The method of claim 1, wherein obfuscating a script file in the compressed static resource file comprises:
calculating parameter names in js script files in the compressed static resource files by adopting a first encryption algorithm to obtain a first ciphertext; wherein the parameter names include variable names and/or method names;
replacing the parameter name with the first ciphertext.
4. The method according to claim 1, wherein replacing a string value in the file to be encrypted, and performing encryption transformation on a class file in the file to be encrypted after replacing the string value comprises:
calculating the character string value in the file to be encrypted by adopting a second encryption algorithm to obtain a second ciphertext;
replacing the string value with the second ciphertext;
and emptying and encrypting the class file in the file to be encrypted after the character string is replaced.
5. The method according to claim 4, wherein emptying and encrypting the class file in the file to be encrypted after replacing the character string comprises:
clearing the method body in the class file in the file to be encrypted after replacing the character string, and reserving method parameters and annotations;
calculating the method body by adopting a third encryption algorithm to obtain a third ciphertext;
and storing the third ciphertext to the first directory of the file to be encrypted after replacing the character string.
6. The method according to claim 1, wherein encrypting the configuration file in the file to be encrypted comprises:
calculating the configuration information in the configuration file in the file to be encrypted by adopting a fourth encryption algorithm to obtain a fourth ciphertext;
storing the fourth ciphertext to a second directory of the file to be encrypted;
and clearing the configuration information in the configuration file.
7. The method of claim 1, wherein the machine code is encrypted with at least one of the following characteristics:
MAC address, CPU number, CPU serial number, hard disk serial number and mainboard serial number.
8. The method of claim 1, further comprising:
and setting an authorization permission for the file to be encrypted, and configuring permission time.
9. A file encryption apparatus, comprising:
the compression module is used for compressing the static resource files in the files to be encrypted and mixing the script files in the compressed static resource files;
the deformation module is used for replacing character string values in the file to be encrypted and carrying out encryption deformation on class files in the file to be encrypted after the character strings are replaced;
the encryption module is used for encrypting the configuration file in the file to be encrypted;
and the binding module is used for binding the machine code to the file to be encrypted.
10. The apparatus of claim 9, wherein the file to be encrypted comprises an application package.
11. The apparatus of claim 9, wherein the compression module is further configured to:
calculating parameter names in js script files in the compressed static resource files by adopting a first encryption algorithm to obtain a first ciphertext; wherein the parameter names include variable names and/or method names;
replacing the parameter name with the first ciphertext.
12. The apparatus of claim 9, wherein the deformation module is further configured to:
calculating the character string value in the file to be encrypted by adopting a second encryption algorithm to obtain a second ciphertext;
replacing the string value with the second ciphertext;
and emptying and encrypting the class file in the file to be encrypted after the character string is replaced.
13. The apparatus of claim 12, wherein the deformation module is further configured to:
emptying a method body in a class file in the file to be encrypted, and reserving method parameters and annotations;
calculating the method body by adopting a third encryption algorithm to obtain a third ciphertext;
and storing the third ciphertext to the first directory of the file to be encrypted after replacing the character string.
14. The apparatus of claim 9, wherein the encryption module is further configured to:
calculating the configuration information in the configuration file in the file to be encrypted by adopting a fourth encryption algorithm to obtain a fourth ciphertext;
storing the fourth ciphertext to a second directory of the file to be encrypted;
and clearing the configuration information in the configuration file.
15. The apparatus of claim 9, wherein the machine code is encrypted with at least one of the following characteristics:
MAC address, CPU number, CPU serial number, hard disk serial number and mainboard serial number.
16. The apparatus of claim 9, wherein the binding module is further configured to:
and setting an authorization permission for the file to be encrypted, and configuring permission time.
17. An electronic device, comprising:
one or more processors;
a storage device for storing one or more programs,
the one or more programs, when executed by the one or more processors, implement the method of any of claims 1-8.
18. A computer-readable medium, on which a computer program is stored, which, when being executed by a processor, carries out the method according to any one of claims 1-8.
19. A computer program product comprising a computer program, characterized in that the computer program realizes the method according to any of claims 1-8 when executed by a processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111590681.8A CN114329535A (en) | 2021-12-23 | 2021-12-23 | File encryption method and device, electronic equipment and computer readable medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111590681.8A CN114329535A (en) | 2021-12-23 | 2021-12-23 | File encryption method and device, electronic equipment and computer readable medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114329535A true CN114329535A (en) | 2022-04-12 |
Family
ID=81054777
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111590681.8A Pending CN114329535A (en) | 2021-12-23 | 2021-12-23 | File encryption method and device, electronic equipment and computer readable medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114329535A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115129361A (en) * | 2022-08-26 | 2022-09-30 | 北京亿赛通科技发展有限责任公司 | Security reinforcement method and system for Java application program |
-
2021
- 2021-12-23 CN CN202111590681.8A patent/CN114329535A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115129361A (en) * | 2022-08-26 | 2022-09-30 | 北京亿赛通科技发展有限责任公司 | Security reinforcement method and system for Java application program |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8892876B1 (en) | Secured application package files for mobile computing devices | |
| KR101471589B1 (en) | Method for Providing Security for Common Intermediate Language Program | |
| CN111552931A (en) | Method and system for adding shell of java code | |
| CN105227565B (en) | The method and apparatus that anti-reversing for Android system cracks shared object file | |
| JP2016521875A (en) | Data protection | |
| CN110826031B (en) | Encryption method, device, computer equipment and storage medium | |
| CN111679831A (en) | Software development kit processing method, operation monitoring method, device and storage medium | |
| KR20120120686A (en) | Apparatus and method for processing application package in portable terminal | |
| CN111191195A (en) | Method and device for protecting APK | |
| CN113568680B (en) | Dynamic link library protection method, device, equipment and medium for application program | |
| CN106897587A (en) | The method and apparatus of reinforcement application, loading reinforcement application | |
| CN111814166B (en) | Data encryption method and device and electronic equipment | |
| CN112966227A (en) | Code encryption and decryption method and device and storage medium | |
| CN107292132B (en) | Method and device for loading shared object file for android system | |
| CN114329535A (en) | File encryption method and device, electronic equipment and computer readable medium | |
| CN113032741A (en) | Class file encryption method, class file operation method, device, equipment and medium | |
| CN112416395A (en) | Hot repair updating method and device | |
| CN117313046A (en) | Code reinforcement method, code loading method, device and medium | |
| CN109995534B (en) | Method and device for carrying out security authentication on application program | |
| CN106648770B (en) | Generation method, loading method and device of application program installation package | |
| CN115964681A (en) | Generation method of certificate file of target application program | |
| CN111831978A (en) | Method and device for protecting configuration file | |
| CN115033870A (en) | Anti-malicious tampering code method and device based on big data cloud deployment | |
| CN115525902A (en) | Method and device for protecting source code of resource package | |
| CN107403103B (en) | File decryption method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |