CN114499836A - Key management method, key management device, computer equipment and readable storage medium - Google Patents
Key management method, key management device, computer equipment and readable storage medium Download PDFInfo
- Publication number
- CN114499836A CN114499836A CN202111638127.2A CN202111638127A CN114499836A CN 114499836 A CN114499836 A CN 114499836A CN 202111638127 A CN202111638127 A CN 202111638127A CN 114499836 A CN114499836 A CN 114499836A
- Authority
- CN
- China
- Prior art keywords
- key
- client
- server
- public key
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
Abstract
The embodiment of the application discloses a key management method, a key management device, computer equipment and a readable storage medium. The key management method is applied to a server and comprises the following steps: generating a target public key and a target private key according to the received key information, wherein the key information comprises a server and a server ID; receiving a client public key; receiving a key acquisition request sent by a first client, wherein the key acquisition request comprises a key to be acquired by the first client, and the key comprises the target private key or the target public key; acquiring a key file corresponding to the key acquisition request, and encrypting the key file by using the client public key to generate an encrypted key file; and sending the encryption key file to the first client. The key management method provided by the embodiment of the application can generate and issue the key while reducing the system memory.
Description
Technical Field
The present application relates to the field of information security management technologies, and in particular, to a key management method and apparatus, a computer device, and a readable storage medium.
Background
In the prior art, a user sends a key request instruction to a server through a client. And when receiving the key sending request command, the server generates a corresponding key and sends the key to the client. When a plurality of different clients obtain the same key from the server, the same key needs to be generated for a plurality of times, and the system memory is occupied. Therefore, how to generate and issue the key while reducing the system memory is a technical problem that needs to be solved urgently.
Disclosure of Invention
An objective of the present application is to provide a method and an apparatus for key management, a computer device, and a readable storage medium, so as to solve the problem of how to generate and issue a key while reducing a system memory.
In a first aspect, an embodiment of the present application provides a key management method, applied to a server, including:
generating a target public key and a target private key according to the received key information, wherein the key information comprises a server and a server ID;
receiving a client public key;
receiving a key acquisition request sent by a first client, wherein the key acquisition request comprises a key to be acquired by the first client, and the key comprises the target private key or the target public key;
acquiring a key file corresponding to the key acquisition request, and encrypting the key file by using the client public key to generate an encrypted key file;
and sending the encryption key file to the first client.
In an optional implementation manner, the server prestores a server public key, and before receiving the key acquisition request sent by the first client, the method further includes:
receiving a first client IP address;
judging whether the first client IP address is in a white list or not, wherein the white list comprises a plurality of first client IP addresses with the authority of obtaining a server public key;
and if the IP address of the first client is in the white list, encrypting the server public key by using the client public key, and generating and sending first feedback information to the first client.
In an optional implementation manner, after determining whether the first client IP address is in a white list, the method further includes:
and if the IP address of the first client is not in the white list, encrypting error information by using the public key of the client, generating and sending second feedback information to the first client, and disconnecting the first client from the client.
In an optional implementation manner, after the server prestores the server private key, generates and sends the first feedback information to the first client, the method further includes:
receiving an IP preparation request sent by the first client, wherein the IP preparation request comprises at least one encrypted IP address of a second client to be added into the white list;
decrypting the encrypted IP address of the second client by using the server private key to obtain the IP address of the second client;
and adding the second client IP address into the white list.
In an optional embodiment, the method further comprises:
adding a third client IP address into the white list according to the received white list adding request;
and deleting the IP address of the fourth client in the white list according to the received white list deletion request.
In an optional embodiment, the method further comprises:
according to the received key downloading request, sending the target public key or the target private key to the first client so that the first client downloads the target public key or the target private key;
and deleting the target key according to the received key deletion request.
In an optional embodiment, the method further comprises:
adding a user according to the received user adding request;
and deleting the user according to the received user deletion request.
In a second aspect, an embodiment of the present application provides a key management apparatus, applied to a server, including:
the generation module is used for generating a target public key and a target private key according to the received key information, wherein the key information comprises a server and a server ID;
the public key receiving module is used for receiving a client public key;
a request receiving module, configured to receive a key obtaining request sent by a first client, where the key obtaining request includes a key to be obtained by the first client, and the key includes the target private key or the target public key;
the encryption module is used for acquiring a key file corresponding to the key acquisition request, encrypting the key file by using the client public key and generating an encrypted key file;
and the sending module is used for sending the encryption key file to the first client.
In a third aspect, an embodiment of the present application provides a computer device, where the computer device includes a memory and a processor, the memory stores a computer program, and the computer program, when executed by the processor, implements the key management method according to the first aspect.
In a fourth aspect, an embodiment of the present application provides a computer-readable storage medium, where a computer program is stored, and when the computer program is executed by a processor, the computer program implements the key management method according to the first aspect.
The key management method provided by the embodiment of the application is applied to a server and comprises the following steps: generating a target public key and a target private key according to the received key information, wherein the key information comprises a server and a server ID; receiving a client public key; receiving a key acquisition request sent by a first client, wherein the key acquisition request comprises a key to be acquired by the first client, and the key comprises the target private key or the target public key; acquiring a key file corresponding to the key acquisition request, and encrypting the key file by using the client public key to generate an encrypted key file; and sending the encryption key file to the first client. And generating a target public key and a target private key through the received key information before the key acquisition request sent by the first client. When a key obtaining request sent by a first client is received, a server obtains a target public key or a target private key corresponding to the key obtaining request and sends the target public key or the target private key to the first client.
Drawings
In order to more clearly explain the technical solutions of the present application, the drawings needed to be used in the embodiments are briefly introduced below, and it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope of protection of the present application. Like components are numbered similarly in the various figures.
FIG. 1 is a schematic block diagram illustrating a flow of steps of a key management method according to an embodiment of the present application;
FIG. 2 is a schematic diagram of a first management interface provided by an embodiment of the present application;
FIG. 3 is a diagram illustrating a second management interface provided by an embodiment of the application;
FIG. 4 is a schematic diagram illustrating a third management interface provided by an embodiment of the application;
FIG. 5 is a schematic diagram illustrating a fourth management interface provided by an embodiment of the present application;
FIG. 6 is a schematic diagram illustrating a fifth management interface provided by an embodiment of the present application;
FIG. 7 is a diagram illustrating a sixth management interface provided by an embodiment of the present application;
FIG. 8 is a schematic diagram illustrating a seventh management interface provided by an embodiment of the present application;
fig. 9 is a block diagram schematically illustrating a structure of a key management device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments.
The components of the embodiments of the present application, generally described and illustrated in the figures herein, can be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present application, presented in the accompanying drawings, is not intended to limit the scope of the claimed application, but is merely representative of selected embodiments of the application. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present application without making any creative effort, shall fall within the protection scope of the present application.
Hereinafter, the terms "including", "having", and their derivatives, which may be used in various embodiments of the present application, are intended to indicate only specific features, numbers, steps, operations, elements, components, or combinations of the foregoing, and should not be construed as first excluding the existence of, or adding to, one or more other features, numbers, steps, operations, elements, components, or combinations of the foregoing.
Furthermore, the terms "first," "second," "third," and the like are used solely to distinguish one from another and are not to be construed as indicating or implying relative importance.
Unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which the various embodiments of the present application belong. The terms (such as those defined in commonly used dictionaries) should be interpreted as having a meaning that is consistent with their contextual meaning in the relevant art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein in various embodiments.
Example 1
Referring to fig. 1, fig. 1 is a schematic block diagram illustrating a flow of steps of a key management method according to an embodiment of the present application.
As shown in fig. 1, a key management method provided in this embodiment of the present application may be applied to a server, and the method includes S110 to S150.
S110: and generating a target public key and a target private key according to the received key information, wherein the key information comprises the server and the server ID.
In this embodiment, the key is a parameter input in an algorithm for converting plaintext into ciphertext or converting ciphertext into plaintext. Keys are divided into symmetric keys and asymmetric keys. Referring to fig. 2, fig. 2 is a schematic diagram illustrating a first management interface according to an embodiment of the present disclosure. An administrator logs in the key management system through url (Uniform Resource Locator), wherein in the key management system, the user name of the administrator is stored in plain text, and the user password is stored in md5(message-digest algorithm) for encryption. The administrator enters key information including a server 210 and a server ID (identification) 220 at the management interface 200 of the first client and clicks a submit option 230. And the first client responds to the submission operation of the administrator and sends the key information to the server. And the server receives the key information and generates a target public key and a target private key according to the key information.
It can be understood that fig. 2 is an example of generating a target public key and a target private key corresponding to one server, and in actual implementation, two or more target public keys and target private keys may be generated according to two or more server and server IDs input by an administrator, so as to implement mass production of the target public keys and the target private keys.
S120: a client public key is received.
In this embodiment, in response to a user's operation on the first client, the first client locally creates an rsa (Rivest-Shamir-Adleman) key pair including a client key and a client public key, encrypts a public key of the rsa key pair using aes (Advanced Encryption Standard), and transmits the encrypted client public key to the server. And the server receives a client public key sent by the first client. It can be understood that, in this embodiment, the first client communicates with the server through a tcp (Transmission Control Protocol) Protocol.
In an optional implementation manner, the server prestores a server public key, and before receiving the key acquisition request sent by the first client, the method further includes:
receiving a first client IP address;
judging whether the first client IP address is in a white list or not, wherein the white list comprises a plurality of first client IP addresses with the authority of obtaining a server public key;
and if the IP address of the first client is in the white list, encrypting the server public key by using the client public key, and generating and sending first feedback information to the first client.
Specifically, the first client sends the encrypted client public key to the server, and also sends a first client IP (Internet Protocol) address to the server. After receiving the client public key and the first client IP address, the server judges whether the first client IP address is in a white list by inquiring whether the first client IP address is in the white list, wherein the white list comprises a plurality of first client addresses with the authority of obtaining the server public key. If the first client IP address can be inquired in the white list, the first client IP address is indicated to be in the white list, the server public key is encrypted by the client public key, first feedback information comprising the encrypted server public key is generated, and the first feedback information is sent to the first client. And when the first client receives the first feedback information, decrypting the first feedback information by using a client private key to obtain the server public key, and storing the server public key.
In an optional implementation manner, the server prestores a server private key, and after generating and sending the first feedback information to the first client, the method further includes:
receiving an IP preparation request sent by the first client, wherein the IP preparation request comprises at least one encrypted IP address of a second client to be added into the white list;
decrypting the encrypted IP address of the second client by using the server private key to obtain the IP address of the second client;
and adding the second client IP address into the white list.
In this embodiment, in response to an IP provisioning operation of a user, an IP address of at least one second client to be added to the white list is encrypted by using a server public key to obtain an encrypted IP address, and an IP provisioning request including the encrypted IP address is sent to the server. And after receiving the IP registration request, the server decrypts the encrypted IP address by using a server private key to obtain an IP address of a second client, and adds the IP address of the second client into the white list so that the IP address of the second client obtains the authority of obtaining a server public key.
Further, if the first client IP address is not in the white list, the client public key is used to encrypt error information, generate and send second feedback information to the client, and disconnect the client.
Specifically, if the first client IP address cannot be queried in the white list, which indicates that the first client IP address is not in the white list, the client public key is used to encrypt error information, generate second feedback information including an encrypted error, and send the second feedback information to the first client. And when the first client receives the second feedback information, decrypting the second feedback information by using a client private key to obtain error information, outputting an error log, and disconnecting the server. Illustratively, the error information is "error, no acquisition right".
S130: receiving a key obtaining request sent by a first client, wherein the key obtaining request comprises a key to be obtained by the first client, and the key comprises the target private key or the target public key.
In this embodiment of the present application, the first client sends, to the server, a key acquisition request including a target private key or a target public key to be acquired by the first client in response to a key acquisition operation performed by a user on the first client. And the server receives the key acquisition request.
S140: and acquiring a key file corresponding to the key acquisition request, and encrypting the key file by using the client public key to generate an encrypted key file.
In this embodiment of the application, if the key obtaining request includes a target private key to be obtained by the first client, the server obtains a target private key file corresponding to the target private key, and encrypts the target private key file with the client public key to generate an encrypted target private key file. And if the key acquisition request comprises a target public key to be acquired by the first client, the server acquires a target public key file corresponding to the target public key, encrypts the target public key file by using the client public key and generates an encrypted target public key file.
S150: and sending the encryption key file to the first client.
In this embodiment, if the encrypted target private key file is generated in step 140, the server sends the encrypted target private key file to the first client terminal. If the encrypted target public key file is generated in step 140, the server sends the encrypted target public key file to the first client terminal. And the first client receives and uses a client private key to decrypt the encrypted target public key file or the encrypted target private key file sent by the server to obtain a target public key file or a target private key file. And the first client stores the target public key file or the target private key file and then disconnects the connection with the server.
In an optional embodiment, to implement the addition and deletion of the client IP address in the white list, the method further comprises:
adding a third client IP address into the white list according to the received white list adding request;
and deleting the IP address of the fourth client in the white list according to the received white list deletion request.
Specifically, the administrator clicks a white list adding option on the first client, and the first client responds to the operation of clicking the white list adding option of the administrator and displays a management interface. As shown in fig. 3, fig. 3 is a schematic diagram illustrating a second management interface provided in an embodiment of the present application. The administrator inputs the IP address of the third client to be added to the white list on the input box 240 of the management interface 200 of the first client, and clicks the add option. And the first client responds to the operation of an administrator and sends a white list adding request comprising the IP address of the third client to be added into the white list to the server. And after receiving the white list adding request, the server adds a third client IP address into the white list according to the white list adding request, so that the third client IP address is added into the white list.
Further, the administrator clicks a delete key option on the first client, and the first client responds to the operation of clicking the delete key option of the administrator and displays a management interface. As shown in fig. 4, fig. 4 is a schematic view illustrating a third management interface provided in the embodiment of the present application. The administrator displays all the IP addresses 260 in the white list and the deletion options 270 corresponding to the IP addresses 260 in the management interface 200 of the first client. The administrator clicks on the delete option 270 corresponding to at least one IP address 260, depending on the actual situation. And the first client responds to the operation of clicking the deletion option 270 by the administrator and sends a white list deletion request comprising the IP address of the fourth client to be deleted to the server. And after receiving the white list deleting request, the server deletes the fourth client IP address in the white list according to the white list deleting request, so that the fourth client IP address is deleted in the white list.
In an optional embodiment, to implement the downloading and deleting of the key, the method further comprises:
according to the received key downloading request, sending the target public key or the target private key to the first client so that the first client downloads the target public key or the target private key;
and deleting the target key according to the received key deletion request.
Specifically, the administrator clicks a download key option on the first client, and the first client responds to the operation of clicking the download key option by the administrator to display a management interface. As shown in fig. 5, fig. 5 is a schematic diagram illustrating a fourth management interface provided in the embodiment of the present application. The administrator displays all public keys 280, all private keys 290 and a plurality of download options 300 in the white list at the first client's management interface 200. The administrator clicks on the download option 300 corresponding to at least one of the public key 280 or the private key 290 according to the actual situation. The first client sends a key download request including a target public key or a target private key to the server in response to an operation of clicking the download option 300 by an administrator. And after receiving the key downloading request, the server sends the target public key or the target private key to the first client according to the key downloading request so that the first client downloads the target public key or the target private key. In this way, the downloading of the key is achieved.
Further, the administrator clicks a delete key option on the first client, and the first client responds to the operation of clicking the delete key option of the administrator and displays a management interface. As shown in fig. 6, fig. 6 shows a fifth management interface schematic diagram provided in the embodiment of the present application. The administrator displays all public keys 280, all private keys 290 and a plurality of deletion options 270 in the white list at the first client's management interface 200. The administrator clicks on the deletion option 270 corresponding to at least one of the public key 280 and/or the private key 290 according to the actual situation. The first client sends a key deletion request including a target public key and/or a target private key to the server in response to the operation of clicking a deletion option 270 by the administrator. And after receiving the key deletion request, the server deletes the target public key and/or the target private key according to the key deletion request. In this way, deletion of the key is achieved.
In an optional embodiment, to implement the addition and deletion of the user, the method further comprises:
adding a user according to the received user adding request;
and deleting the user according to the received user deletion request.
Specifically, the administrator clicks a user management option on the first client, and the first client responds to the operation of clicking the user management option by the administrator and displays a management interface. As shown in fig. 7, fig. 7 is a schematic diagram illustrating a sixth management interface provided in an embodiment of the present application. The administrator displays all user information 310 in the white list in the first client's management interface 200, add option 250 and delete option 270. If the administrator selects at least one user information 310 and clicks the deletion option 270, the first client sends a user deletion request including a first username and a first password to the server in response to the operation of the administrator clicking the deletion option 270. And after receiving the user deleting request, the server deletes the user corresponding to the first username and the first password according to the user deleting request, thereby realizing the purpose. In this way, deletion of the user is achieved.
Further, referring to fig. 8 together, fig. 8 shows a schematic diagram of a seventh management interface provided in the embodiment of the present application, and if the administrator clicks the add option 250, the management interface 200 displays a user name input box 320, a password input box 330, and a submit option 230. After the administrator completes filling in the corresponding information in the user name input box 320 and the password input box 330 and clicks the submission option 230, the first client sends a user adding request including a second user name and a second password to the server in response to the operation of clicking the submission option 230 by the administrator. And after receiving the user adding request, the server adds a user corresponding to a second user name and a second password according to the user adding request. In this way, user addition is achieved.
In an alternative embodiment, the format of the data sent during the interaction between the first client and the server is shown in table 1 below.
TABLE 1
| Data size | Network data exchange rules | Data of | Cyclic redundancy code checking |
Specifically, the header has a data size (datasize) of 4 bytes, and is used to store a network data exchange rule (protocol) and a size of a usage space of data (data). The size of the network data exchange rule (protocol) is 2 bytes, wherein 14 bits are requests such as an IP provisioning request, the next 2 bits are in a data format, 0 represents that data is transmitted in binary, 1 represents that data is transmitted in a string format, and 2 represents that data is transmitted in a json (JavaScript Object Notation) format. The data is data combined by data to be transmitted and aes keys, wherein the data to be transmitted is encrypted by the aes keys, and the aes keys are encrypted by rsa client public keys or rsa server public keys. The aes key is dynamic, the generation mode is to intercept and save the preset digit from the data sent this time, and the saved preset digit is used as the aes key used for encrypting the data next time.
The key management method provided by the embodiment of the application is applied to a server and comprises the following steps: generating a target public key and a target private key according to the received key information, wherein the key information comprises a server and a server ID; receiving a public key of a client; receiving a key acquisition request sent by a first client, wherein the key acquisition request comprises a key to be acquired by the first client, and the key comprises the target private key or the target public key; acquiring a key file corresponding to the key acquisition request, and encrypting the key file by using the client public key to generate an encrypted key file; and sending the encryption key file to the first client. And generating a target public key and a target private key through the received key information before the key acquisition request sent by the first client. When a key obtaining request sent by a first client is received, a server obtains a target public key or a target private key corresponding to the key obtaining request and sends the target public key or the target private key to the first client.
Example 2
Referring to fig. 9, fig. 9 is a block diagram schematically illustrating a structure of a key management device according to an embodiment of the present application. The key management apparatus 500 may be applied to a server, and includes a generation module 510, a public key reception module 520, a request reception module 530, an encryption module 540, and a transmission module 550.
The generating module 510 is configured to generate a target public key and a target private key according to the received key information, where the key information includes a server and a server ID;
the public key receiving module 520 is configured to receive a client public key;
the request receiving module 530 is configured to receive a key obtaining request sent by a first client, where the key obtaining request includes a key to be obtained by the first client, and the key includes the target private key or the target public key;
the encryption module 540 is configured to obtain a key file corresponding to the key obtaining request, encrypt the key file with the client public key, and generate an encrypted key file;
the sending module 550 is configured to send the encryption key file to the first client.
The above device is used for executing the method provided in embodiment 1, and the implementation principle and technical effect are similar, which are not described herein again.
The embodiment of the application also discloses a computer device, which comprises a memory and a processor, wherein the memory stores a computer program, and the computer program realizes the key management method according to the embodiment 1 when the processor executes the computer program.
The embodiment of the application also discloses a computer readable storage medium, wherein a computer program is stored on the computer readable storage medium, and when the computer program is executed by a processor, the key management method is realized according to the embodiment 1.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method can be implemented in other ways. The apparatus embodiments described above are merely illustrative and, for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, each functional module or unit in each embodiment of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a smart phone, a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application.
Claims (10)
1. A key management method is applied to a server and comprises the following steps:
generating a target public key and a target private key according to the received key information, wherein the key information comprises a server and a server ID;
receiving a client public key;
receiving a key acquisition request sent by a first client, wherein the key acquisition request comprises a key to be acquired by the first client, and the key comprises the target private key or the target public key;
acquiring a key file corresponding to the key acquisition request, and encrypting the key file by using the client public key to generate an encrypted key file;
and sending the encryption key file to the first client.
2. The method according to claim 1, wherein the server has a server public key stored in advance, and before receiving the key acquisition request sent by the first client, the method further comprises:
receiving a first client IP address;
judging whether the first client IP address is in a white list or not, wherein the white list comprises a plurality of first client IP addresses with the authority of obtaining a server public key;
and if the IP address of the first client is in the white list, encrypting the server public key by using the client public key, and generating and sending first feedback information to the first client.
3. The method of claim 2, wherein after determining whether the first client IP address is in a white list, further comprising:
and if the IP address of the first client is not in the white list, encrypting error information by using the public key of the client, generating and sending second feedback information to the first client, and disconnecting the first client from the client.
4. The method of claim 2, wherein the server has a server private key stored in advance, and after the generating and sending the first feedback information to the first client, the method further comprises:
receiving an IP preparation request sent by the first client, wherein the IP preparation request comprises at least one encrypted IP address of a second client to be added into the white list;
decrypting the encrypted IP address of the second client by using the server private key to obtain the IP address of the second client;
and adding the second client IP address into the white list.
5. The method of claim 1, further comprising:
adding a third client IP address into the white list according to the received white list adding request;
and deleting the IP address of the fourth client in the white list according to the received white list deletion request.
6. The method of claim 1, further comprising:
according to the received key downloading request, sending the target public key or the target private key to the first client so that the first client downloads the target public key or the target private key;
and deleting the target key according to the received key deletion request.
7. The method of claim 1, further comprising:
adding a user according to the received user adding request;
and deleting the user according to the received user deletion request.
8. A key management device, applied to a server, includes:
the generation module is used for generating a target public key and a target private key according to the received key information, wherein the key information comprises a server and a server ID;
the public key receiving module is used for receiving a client public key;
a request receiving module, configured to receive a key obtaining request sent by a first client, where the key obtaining request includes a key to be obtained by the first client, and the key includes the target private key or the target public key;
the encryption module is used for acquiring a key file corresponding to the key acquisition request, encrypting the file by using the client public key and generating an encrypted file;
and the sending module is used for sending the encrypted file to the first client.
9. A computer device, characterized in that the computer device comprises a memory and a processor, the memory storing a computer program which, when executed by the processor, implements the key management method according to any one of claims 1 to 7.
10. A computer-readable storage medium, having stored thereon a computer program which, when executed by a processor, implements a key management method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111638127.2A CN114499836A (en) | 2021-12-29 | 2021-12-29 | Key management method, key management device, computer equipment and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111638127.2A CN114499836A (en) | 2021-12-29 | 2021-12-29 | Key management method, key management device, computer equipment and readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114499836A true CN114499836A (en) | 2022-05-13 |
Family
ID=81507996
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111638127.2A Pending CN114499836A (en) | 2021-12-29 | 2021-12-29 | Key management method, key management device, computer equipment and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114499836A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116011000A (en) * | 2023-03-27 | 2023-04-25 | 北京信安世纪科技股份有限公司 | Access method, device and computing equipment |
| CN116208428A (en) * | 2023-04-27 | 2023-06-02 | 中科信工创新技术(北京)有限公司 | Method, system, device, storage medium and electronic equipment for transmitting file |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106712932A (en) * | 2016-07-20 | 2017-05-24 | 腾讯科技(深圳)有限公司 | Secret key management method, device and system |
| CN106982186A (en) * | 2016-01-16 | 2017-07-25 | 周念东 | A kind of online safe key guard method and system |
| CN107786328A (en) * | 2017-09-01 | 2018-03-09 | 深圳市金立通信设备有限公司 | A kind of method, service node device and computer-readable medium for generating key |
| CN110855434A (en) * | 2019-11-14 | 2020-02-28 | Oppo广东移动通信有限公司 | Key processing method, device, terminal equipment and storage medium |
| CN111565107A (en) * | 2020-07-14 | 2020-08-21 | 腾讯科技(深圳)有限公司 | Key processing method and device based on cloud service platform and computer equipment |
| CN112685786A (en) * | 2021-01-27 | 2021-04-20 | 永辉云金科技有限公司 | Financial data encryption and decryption method, system, equipment and storage medium |
| CN113411345A (en) * | 2021-06-29 | 2021-09-17 | 中国农业银行股份有限公司 | Method and device for secure session |
| CN113572604A (en) * | 2021-07-22 | 2021-10-29 | 航天信息股份有限公司 | Method, device and system for sending secret key and electronic equipment |
| CN113691502A (en) * | 2021-08-02 | 2021-11-23 | 上海浦东发展银行股份有限公司 | Communication method, communication device, gateway server, client and storage medium |
-
2021
- 2021-12-29 CN CN202111638127.2A patent/CN114499836A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106982186A (en) * | 2016-01-16 | 2017-07-25 | 周念东 | A kind of online safe key guard method and system |
| CN106712932A (en) * | 2016-07-20 | 2017-05-24 | 腾讯科技(深圳)有限公司 | Secret key management method, device and system |
| CN107786328A (en) * | 2017-09-01 | 2018-03-09 | 深圳市金立通信设备有限公司 | A kind of method, service node device and computer-readable medium for generating key |
| CN110855434A (en) * | 2019-11-14 | 2020-02-28 | Oppo广东移动通信有限公司 | Key processing method, device, terminal equipment and storage medium |
| CN111565107A (en) * | 2020-07-14 | 2020-08-21 | 腾讯科技(深圳)有限公司 | Key processing method and device based on cloud service platform and computer equipment |
| CN112685786A (en) * | 2021-01-27 | 2021-04-20 | 永辉云金科技有限公司 | Financial data encryption and decryption method, system, equipment and storage medium |
| CN113411345A (en) * | 2021-06-29 | 2021-09-17 | 中国农业银行股份有限公司 | Method and device for secure session |
| CN113572604A (en) * | 2021-07-22 | 2021-10-29 | 航天信息股份有限公司 | Method, device and system for sending secret key and electronic equipment |
| CN113691502A (en) * | 2021-08-02 | 2021-11-23 | 上海浦东发展银行股份有限公司 | Communication method, communication device, gateway server, client and storage medium |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116011000A (en) * | 2023-03-27 | 2023-04-25 | 北京信安世纪科技股份有限公司 | Access method, device and computing equipment |
| CN116208428A (en) * | 2023-04-27 | 2023-06-02 | 中科信工创新技术(北京)有限公司 | Method, system, device, storage medium and electronic equipment for transmitting file |
| CN116208428B (en) * | 2023-04-27 | 2023-07-18 | 中科信工创新技术(北京)有限公司 | Method, system, device, storage medium and electronic equipment for transmitting file |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8938074B2 (en) | Systems and methods for secure communication using a communication encryption bios based upon a message specific identifier | |
| JP6326173B1 (en) | Data transmission / reception system and data transmission / reception method | |
| WO2015180666A1 (en) | Wireless network connection method, apparatus, and system | |
| CN109359472B (en) | Data encryption and decryption processing method and device and related equipment | |
| US20150229621A1 (en) | One-time-pad data encryption in communication channels | |
| CN114499836A (en) | Key management method, key management device, computer equipment and readable storage medium | |
| EP3614292A1 (en) | File transfer system comprising an upload, storage and download device | |
| CN110635912A (en) | Data processing method and device | |
| CN113890730A (en) | Data transmission method and system | |
| CN114443718A (en) | Data query method and system | |
| WO2020085151A1 (en) | Server device, communication terminal, communication system, and program | |
| CN113300999A (en) | Information processing method, electronic device, and readable storage medium | |
| CN112115461B (en) | Equipment authentication method and device, computer equipment and storage medium | |
| CN110213346B (en) | Encrypted information transmission method and device | |
| US20170034132A1 (en) | System and method for optimizing the transmission of data associated to an impersonal identifier of the receiver | |
| US20160241524A1 (en) | Widely distributed parameterization | |
| CN115834113A (en) | OT communication method, OT communication device, electronic device, and storage medium | |
| CN104363584B (en) | A kind of method, apparatus and terminal of short message Encrypt and Decrypt | |
| CN113779629A (en) | Key file sharing method and device, processor chip and server | |
| CN112468291A (en) | Method, device and system for synchronizing sensitive data, computer equipment and computer readable storage medium | |
| CN107547251B (en) | Equipment management method, device and system | |
| CN109743307A (en) | Method, server unit and the client terminal device of cloud data protection | |
| CN116866029B (en) | Random number encryption data transmission method, device, computer equipment and storage medium | |
| CN112187462B (en) | Data processing method and device, electronic equipment and computer readable medium | |
| JP2014017763A (en) | Encryption update system, encryption update request device, encryption update device, decryption device, encryption update method, and computer program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |